# Generated by etckeeper. Do not edit.
-mkdir -p './bind'
mkdir -p './ca-certificates/update.d'
mkdir -p './courier-imap/shared'
mkdir -p './courier-imap/shared.tmp'
maybe chmod 0755 './bash_completion.d'
maybe chown named './bind'
maybe chmod 0755 './bind'
+maybe chgrp named './bind/bind.keys'
+maybe chmod 0640 './bind/bind.keys'
+maybe chgrp named './bind/named.conf'
+maybe chmod 0640 './bind/named.conf'
maybe chmod 0755 './ca-certificates'
maybe chmod 0644 './ca-certificates.conf'
maybe chmod 0755 './ca-certificates/update.d'
maybe chmod 0644 './conf.d/modules'
maybe chmod 0644 './conf.d/mysql'
maybe chmod 0644 './conf.d/nagios'
+maybe chmod 0644 './conf.d/named'
maybe chmod 0644 './conf.d/net'
maybe chmod 0644 './conf.d/network'
maybe chmod 0644 './conf.d/ntp-client'
maybe chmod 0644 './env.d/05binutils'
maybe chmod 0644 './env.d/05gcc-x86_64-pc-linux-gnu'
maybe chmod 0644 './env.d/09sandbox'
+maybe chmod 0644 './env.d/10bind'
maybe chmod 0644 './env.d/20java-config'
maybe chmod 0644 './env.d/20php5.3'
maybe chmod 0644 './env.d/30gnupg'
maybe chmod 0755 './init.d/mtab'
maybe chmod 0755 './init.d/mysql'
maybe chmod 0755 './init.d/nagios'
+maybe chmod 0755 './init.d/named'
maybe chmod 0755 './init.d/net.lo'
maybe chmod 0755 './init.d/netmount'
maybe chmod 0755 './init.d/network'
--- /dev/null
+/* $Id: bind.keys,v 1.5.42.3 2011-03-25 17:46:40 each Exp $ */
+# The bind.keys file is used to override built-in DNSSEC trust anchors
+# which are included as part of BIND 9. As of the current release (BIND
+# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
+# Lookaside Validation zone ("dlv.isc.org"). Trust anchors for any other
+# zones MUST be configured elsewhere; if they are configured here, they
+# will not be recognized or used by named.
+#
+# This file also contains a copy of the trust anchor for the DNS root zone
+# ("."). However, named does not use it; it is provided here for
+# informational purposes only. To switch on DNSSEC validation at the
+# root, the root key below can be copied into named.conf.
+#
+# The built-in DLV trust anchor in this file is used directly by named.
+# However, it is not activated unless specifically switched on. To use
+# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
+# Without this option being set, the key in this file is ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011. If any key fails to
+# initialize correctly, it may have expired. In that event you should
+# replace this file with a current version. The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+ # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+ # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+ # in named.conf.
+ dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+ brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+ ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+ Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+ QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+ TDN0YUuWrBNh";
+
+ # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+ # for current trust anchor information.
+ # NOTE: This key not active; to use it, copy it into a managed-keys
+ # statement in named.conf
+ . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+ FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+ bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+ X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+ W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+ Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+ QxA+Uk1ihz0=";
+};
--- /dev/null
+/var/bind/dyn
\ No newline at end of file
--- /dev/null
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-9 for more details.
+ * Online versions of the documentation can be found here:
+ * http://www.isc.org/software/bind/documentation
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+acl "xfer" {
+ /* Deny transfers by default except for the listed hosts.
+ * If we have other name servers, place them here.
+ */
+ none;
+};
+
+/*
+ * You might put in here some ips which are allowed to use the cache or
+ * recursive queries
+ */
+acl "trusted" {
+ 127.0.0.0/8;
+ ::1/128;
+};
+
+options {
+ directory "/var/bind";
+ pid-file "/var/run/named/named.pid";
+
+ /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+ //bindkeys-file "/etc/bind/bind.keys";
+
+ listen-on-v6 { ::1; };
+ listen-on { 127.0.0.1; };
+
+ allow-query {
+ /*
+ * Accept queries from our "trusted" ACL. We will
+ * allow anyone to query our master zones below.
+ * This prevents us from becoming a free DNS server
+ * to the masses.
+ */
+ trusted;
+ };
+
+ allow-query-cache {
+ /* Use the cache for the "trusted" ACL. */
+ trusted;
+ };
+
+ allow-recursion {
+ /* Only trusted addresses are allowed to use recursion. */
+ trusted;
+ };
+
+ allow-transfer {
+ /* Zone tranfers are denied by default. */
+ none;
+ };
+
+ allow-update {
+ /* Don't allow updates, e.g. via nsupdate. */
+ none;
+ };
+
+ /*
+ * If you've got a DNS server around at your upstream provider, enter its
+ * IP address here, and enable the line below. This will make you benefit
+ * from its cache, thus reduce overall DNS traffic in the Internet.
+ *
+ * Uncomment the following lines to turn on DNS forwarding, and change
+ * and/or update the forwarding ip address(es):
+ */
+/*
+ forward first;
+ forwarders {
+ // 123.123.123.123; // Your ISP NS
+ // 124.124.124.124; // Your ISP NS
+ // 4.2.2.1; // Level3 Public DNS
+ // 4.2.2.2; // Level3 Public DNS
+ 8.8.8.8; // Google Open DNS
+ 8.8.4.4; // Google Open DNS
+ };
+
+*/
+
+ //dnssec-enable yes;
+ //dnssec-validation yes;
+
+ /*
+ * As of bind 9.8.0:
+ * "If the root key provided has expired,
+ * named will log the expiration and validation will not work."
+ */
+ //dnssec-validation auto;
+
+ /* if you have problems and are behind a firewall: */
+ //query-source address * port 53;
+};
+
+/*
+logging {
+ channel default_log {
+ file "/var/log/named/named.log" versions 5 size 50M;
+ print-time yes;
+ print-severity yes;
+ print-category yes;
+ };
+
+ category default { default_log; };
+ category general { default_log; };
+};
+*/
+
+include "/etc/bind/rndc.key";
+controls {
+ inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
+};
+
+zone "." in {
+ type hint;
+ file "/var/bind/root.cache";
+};
+
+zone "localhost" IN {
+ type master;
+ file "pri/localhost.zone";
+ notify no;
+};
+
+zone "127.in-addr.arpa" IN {
+ type master;
+ file "pri/127.zone";
+ notify no;
+};
+
+/*
+ * Briefly, a zone which has been declared delegation-only will be effectively
+ * limited to containing NS RRs for subdomains, but no actual data beyond its
+ * own apex (for example, its SOA RR and apex NS RRset). This can be used to
+ * filter out "wildcard" or "synthesized" data from NAT boxes or from
+ * authoritative name servers whose undelegated (in-zone) data is of no
+ * interest.
+ * See http://www.isc.org/software/bind/delegation-only for more info
+ */
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+//zone "YOUR-DOMAIN.TLD" {
+// type master;
+// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
+// allow-query { any; };
+// allow-transfer { xfer; };
+//};
+
+//zone "YOUR-SLAVE.TLD" {
+// type slave;
+// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
+// masters { <MASTER>; };
+
+ /* Anybody is allowed to query but transfer should be controlled by the master. */
+// allow-query { any; };
+// allow-transfer { none; };
+
+ /* The master should be the only one who notifies the slaves, shouldn't it? */
+// allow-notify { <MASTER>; };
+// notify no;
+//};
--- /dev/null
+/var/bind/pri
\ No newline at end of file
--- /dev/null
+/var/bind/sec
\ No newline at end of file
--- /dev/null
+# Set various named options here.
+#
+#OPTIONS=""
+
+# Set this to the number of processors you want bind to use.
+# Leave this unchanged if you want bind to automatically detect the number
+#CPU="1"
+
+# If you wish to run bind in a chroot:
+# 1) un-comment the CHROOT= assignment, below. You may use
+# a different chroot directory but MAKE SURE it's empty.
+# 2) run: emerge --config =<bind-version>
+#
+#CHROOT="/chroot/dns"
+
+# Uncomment to enable binmount of /usr/share/GeoIP
+#CHROOT_GEOIP="1"
+
+# Uncomment the line below to avoid that the init script mounts the needed paths
+# into the chroot directory.
+# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
+#CHROOT_NOMOUNT="1"
+
+# Uncomment this option if you have setup your own chroot environment and you
+# don't want/need the chroot consistency check
+#CHROOT_NOCHECK=1
+
+# Default pid file location
+PIDFILE="${CHROOT}/var/run/named/named.pid"
+
+# Scheduling priority: 19 is the lowest and -20 is the highest.
+# Default: 0
+#NAMED_NICELEVEL="0"
+
+# Uncomment rc_named_use/rc_named_after for the database you need.
+# Its necessary to ensure the database backend will be started before named.
+
+# MySQL
+#rc_named_use="mysql"
+#rc_named_after="mysql"
+
+# PostgreSQL
+#rc_named_use="pg_autovacuum postgresql"
+#rc_named_after="pg_autovacuum postgresql"
+
+# LDAP
+#rc_named_use="ldap"
+#rc_named_after="ldap"
--- /dev/null
+CONFIG_PROTECT="/var/bind"
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r11,v 1.3 2011/09/14 15:48:50 idl0r Exp $
+
+extra_commands="checkconfig checkzones"
+extra_started_commands="reload"
+
+depend() {
+ need net
+ use logger
+ provide dns
+}
+
+NAMED_CONF=${CHROOT}/etc/bind/named.conf
+
+OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
+MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
+
+_mount() {
+ local from
+ local to
+ local opts
+ local ret=0
+
+ if [ "${#}" -lt 3 ]; then
+ eerror "_mount(): to few arguments"
+ return 1
+ fi
+
+ from=$1
+ to=$2
+ shift 2
+
+ opts="${*}"
+ shift $#
+
+ if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
+ einfo "mounting ${from} to ${to}"
+ mount ${from} ${to} ${opts}
+ ret=$?
+
+ eend $ret
+ return $ret
+ fi
+
+ return 0
+}
+
+_umount() {
+ local dir=$1
+ local ret=0
+
+ if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
+ ebegin "umounting ${dir}"
+ umount ${dir}
+ ret=$?
+
+ eend $ret
+ return $ret
+ fi
+
+ return 0
+}
+
+_get_pidfile() {
+ # as suggested in bug #107724, bug 335398#c17
+ [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
+ /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
+ [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/var/run/named/named.pid
+}
+
+check_chroot() {
+ if [ -n "${CHROOT}" ]; then
+ [ ! -d "${CHROOT}" ] && return 1
+ [ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
+ [ ! -d "${CHROOT}/var/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
+ [ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
+ [ ! -d "${CHROOT}/var/log/named" ] && return 1
+ [ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
+ [ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
+ [ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
+ if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+ if [ -d "/usr/lib64" ]; then
+ [ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
+ elif [ -d "/usr/lib" ]; then
+ [ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
+ fi
+ fi
+ fi
+
+ return 0
+}
+
+checkconfig() {
+ ebegin "Checking named configuration"
+
+ if [ ! -f "${NAMED_CONF}" ] ; then
+ eerror "No ${NAMED_CONF} file exists!"
+ return 1
+ fi
+
+ /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
+ eerror "named-checkconf failed! Please fix your config first."
+ return 1
+ }
+
+ eend 0
+ return 0
+}
+
+checkzones() {
+ ebegin "Checking named configuration and zones"
+ /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
+ eend $?
+}
+
+start() {
+ local piddir
+
+ ebegin "Starting ${CHROOT:+chrooted }named"
+
+ if [ -n "${CHROOT}" ]; then
+ if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+ check_chroot || {
+ eend 1
+ eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+ return 1
+ }
+ fi
+
+ if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+ if [ ! -e /usr/lib/engines/libgost.so ]; then
+ eend 1
+ eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
+ return 1
+ fi
+ cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
+ eend 1
+ eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
+ return 1
+ }
+ fi
+ cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
+
+ if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+ einfo "Mounting chroot dirs"
+ _mount /etc/bind ${CHROOT}/etc/bind -o bind
+ _mount /var/bind ${CHROOT}/var/bind -o bind
+ _mount /var/log/named ${CHROOT}/var/log/named -o bind
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ _mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
+ fi
+ fi
+ fi
+
+ checkconfig || { eend 1; return 1; }
+
+ # create piddir (usually /var/run/named) if necessary, bug 334535
+ _get_pidfile
+ piddir="${PIDFILE%/*}"
+ if [ ! -d "${piddir}" ]; then
+ checkpath -q -d -o root:named -m 0770 "${piddir}" || {
+ eend 1
+ return 1
+ }
+ fi
+
+ # In case someone have $CPU set in /etc/conf.d/named
+ if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
+ CPU="-n ${CPU}"
+ fi
+
+ start-stop-daemon --start --pidfile ${PIDFILE} \
+ --nicelevel ${NAMED_NICELEVEL:-0} \
+ --exec /usr/sbin/named \
+ -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
+ eend $?
+}
+
+stop() {
+ local reported=0
+
+ ebegin "Stopping ${CHROOT:+chrooted }named"
+
+ # Workaround for now, until openrc's restart has been fixed.
+ # openrc doesn't care about a restart() function in init scripts.
+ if [ "${RC_CMD}" = "restart" ]; then
+ if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+ check_chroot || {
+ eend 1
+ eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+ return 1
+ }
+ fi
+
+ checkconfig || { eend 1; return 1; }
+ fi
+
+ # -R 10, bug 335398
+ _get_pidfile
+ start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
+ --exec /usr/sbin/named
+
+ if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+ ebegin "Umounting chroot dirs"
+
+ # just to be sure everything gets clean
+ while fuser -s ${CHROOT} 2>/dev/null; do
+ if [ "${reported}" -eq 0 ]; then
+ einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
+ elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
+ eerror "Waiting until all named processes are stopped failed!"
+ eend 1
+ break
+ fi
+ sleep 1
+ reported=$((reported+1))
+ done
+
+ [ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
+ _umount ${CHROOT}/etc/bind
+ _umount ${CHROOT}/var/log/named
+ _umount ${CHROOT}/var/bind
+ fi
+
+ eend $?
+}
+
+reload() {
+ local ret
+
+ ebegin "Reloading named.conf and zone files"
+
+ checkconfig || { eend 1; return 1; }
+
+ _get_pidfile
+ if [ -n "${PIDFILE}" ]; then
+ start-stop-daemon --pidfile $PIDFILE --signal HUP
+ ret=$?
+ else
+ ewarn "Unable to determine the pidfile... this is"
+ ewarn "a fallback mode. Please check your installation!"
+
+ $RC_SERVICE restart
+ ret=$?
+ fi
+
+ eend $ret
+}
projects / config / uhu1 / etc.git / commitdiff