diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-09 20:12:54 -0300 |
---|---|---|
committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-09 20:12:54 -0300 |
commit | cefd8a09c4b867cf4a235d7f892c7a8584689dea (patch) | |
tree | 9e2fb81a37db5aabe16ff355b72361f7e6ba960b /config | |
parent | 77cafbd3579c8207d652a56994789e4b060b87e8 (diff) | |
download | pfsense-packages-cefd8a09c4b867cf4a235d7f892c7a8584689dea.tar.gz pfsense-packages-cefd8a09c4b867cf4a235d7f892c7a8584689dea.tar.bz2 pfsense-packages-cefd8a09c4b867cf4a235d7f892c7a8584689dea.zip |
bind - run named with chroot
Diffstat (limited to 'config')
-rw-r--r-- | config/bind/bind.inc | 66 | ||||
-rw-r--r-- | config/bind/bind.xml | 17 | ||||
-rw-r--r-- | config/bind/bind_zones.xml | 4 | ||||
-rw-r--r-- | config/bind/pkg_bind.inc | 2 |
4 files changed, 51 insertions, 38 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 9d436e4e..d1ff106f 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -38,7 +38,15 @@ require_once('service-utils.inc'); if(!function_exists("filter_configure")) require_once("filter.inc"); -function bind_sync(){ +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('BIND_LOCALBASE', '/usr/pbi/bind-' . php_uname("m")); +else + define('BIND_LOCALBASE','/usr/local'); + +define('CHROOT_LOCALBASE','/conf/named'); + + function bind_sync(){ global $config; @@ -46,7 +54,7 @@ function bind_sync(){ $bind_enable = $bind['enable_bind']; $bind_forwarder = $bind['bind_forwarder']; $forwarder_ips = $bind['bind_forwarder_ips']; - $ram_limit = $bind['bind_ram_limit']; + $ram_limit = ($bind['bind_ram_limit']?$bind['bind_ram_limit']:"256M"); $hide_version = $bind['bind_hide_version']; $bind_notify = $bind['bind_notify']; $custom_options = base64_decode($bind['bind_custom_options']); @@ -225,14 +233,6 @@ EOD; $bind_conf .= "\t\t$zonecustom\n"; $bind_conf .= "\t};\n\n"; - if (!(file_exists("/etc/namedb/$zonetype"))) { - mwexec("mkdir /etc/namedb/$zonetype"); - } - - if (!(file_exists("/etc/namedb/$zonetype/$zoneview"))) { - mwexec("mkdir /etc/namedb/$zonetype/$zoneview"); - } - if ($zonetype == "master"){ $zonetll = $zone['tll']; $zonemail = $zone['mail']; @@ -274,7 +274,7 @@ EOD; $zone_conf .= "\t IN NS \t\t$zonenameserver.\n"; else{ $zone_conf .= "@ \t IN NS \t\t$zonenameserver.\n"; - $zone_conf .= "@ \t IN A \t\t$zoneipns\n"; + $zone_conf .= "@ \t IN A \t\t$zoneipns\n"; } for ($y=0; $y<sizeof($zone['row']); $y++) { @@ -285,7 +285,10 @@ EOD; $zone_conf .= "$hostname \t IN $hosttype $hostvalue \t$hostdst\n"; } - file_put_contents("/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf); + if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) { + mkdir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview",0755,true); + } + file_put_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf); #reader file domain zone #reader file host definition @@ -295,11 +298,20 @@ EOD; $bind_conf .= "};\n"; } - if (!is_dir("/etc/namedb")) - mkdir("/etc/namedb",0755); - file_put_contents('/etc/namedb/named.conf', $bind_conf); + $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats"); + foreach ($dirs as $dir){ + if (!is_dir(CHROOT_LOCALBASE .$dir)) + mkdir(CHROOT_LOCALBASE .$dir,0755,true); + } + file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); + if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")){ + $named_root=file_get_contents("http://www.internic.net/domain/named.root"); + file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root",$named_root,LOCK_EX); + } - + bind_write_rcfile(); + chown(CHROOT_LOCALBASE."/var/log","bind"); + chgrp(CHROOT_LOCALBASE."/var/log","bind"); if($bind_enable == "on") mwexec("/usr/local/etc/rc.d/named.sh restart"); else @@ -384,7 +396,7 @@ function bind_views_before_form_dest($pkg,$data_group,$fieldname,$dest) { } } -# Analizador do serial da zona de dns +# check zone serial number # ----------------------------------------------------------------------------- function get_bind_conf_serial($data_group, $fieldname) { @@ -398,10 +410,10 @@ function get_bind_conf_serial($data_group, $fieldname) { return $res; } -# Carregar o campo com os dados da views +# load data into fields # ----------------------------------------------------------------------------- -function bind_zona_before_form_dest($pkg,$data_group,$fieldname,$dest) { +function bind_zone_before_form_dest($pkg,$data_group,$fieldname,$dest) { $destination_items = get_bind_conf_serial($data_group,$fieldname); $i=0; @@ -410,7 +422,7 @@ function bind_zona_before_form_dest($pkg,$data_group,$fieldname,$dest) { # if ($field['fieldname'] == $dest) { $fld = &$pkg['fields']['field'][$i]; - $fld['default_value'] = date("Y")."000000"; + $fld['default_value'] = date("YmdHis"); #$fld['value'] = date("Ymdhms")."boa"; } $i++; @@ -422,7 +434,7 @@ function bind_write_rcfile() { $rc['file'] = 'named.sh'; $rc['start'] = <<<EOD if [ -z "`ps auxw | grep "[n]amed -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then - {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind + {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /conf/named/ fi EOD; @@ -432,11 +444,11 @@ sleep 2 EOD; $rc['restart'] = <<<EOD if [ -z "`ps auxw | grep "[n]amed -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then - {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind + {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /conf/named/ else killall -9 named 2>/dev/null sleep 3 - $BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind + {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /conf/named/ fi EOD; @@ -446,13 +458,13 @@ EOD; } function create_log_file(){ - mwexec("touch /var/log/named.log"); - mwexec("chown bind:bind /var/log/named.log"); - mwexec("chmod 755 /var/log/named.log"); + mwexec("touch ".CHROOT_LOCALBASE."/var/log/named.log"); + mwexec("chown bind:bind ".CHROOT_LOCALBASE."/var/log/named.log"); + mwexec("chmod 755 ".CHROOT_LOCALBASE."/var/log/named.log"); } function delete_log_file(){ - mwexec("rm /var/log/named.log"); + mwexec("rm ".CHROOT_LOCALBASE."/var/log/named.log"); } /* Uses XMLRPC to synchronize the changes to a remote node */ function bind_sync_on_changes() { diff --git a/config/bind/bind.xml b/config/bind/bind.xml index d50514e0..a3b9e572 100644 --- a/config/bind/bind.xml +++ b/config/bind/bind.xml @@ -127,7 +127,8 @@ <field> <fielddescr>Enable Bind</fielddescr> <fieldname>enable_bind</fieldname> - <description>Enable DNS Bind on Server.</description> + <description><![CDATA[Enable DNS Bind on Server<br> + Disable Dns forwarder service on selected interfaces before enabling bind.]]></description> <type>checkbox</type> <required/> </field> @@ -150,12 +151,12 @@ <type>checkbox</type> </field> <field> - <fielddescr>Limitar Memory RAM</fielddescr> - <fieldname>bind_ram_limit</fieldname> - <description>Limits the use of RAM for the DNS when much use does not exhaust the resources of the machine, recommend 256M</description> - <type>input</type> - <size>80</size> - <default_value>256M</default_value> + <fielddescr>Limitar Memory RAM</fielddescr> + <fieldname>bind_ram_limit</fieldname> + <description>Limits the use of RAM for the DNS when much use does not exhaust the resources of the machine, recommend 256M</description> + <type>input</type> + <size>10</size> + <default_value>256M</default_value> </field> <field> <type>listtopic</type> @@ -165,7 +166,7 @@ <field> <fielddescr>Listen-on</fielddescr> <fieldname>listenon</fieldname> - <description>Enable Named to listen on</description> + <description><![CDATA[Enable Named to listen on.]]></description> <type>interfaces_selection</type> <showlistenall/> <showvirtualips/> diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index 0656aec7..6b1323a5 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -368,10 +368,10 @@ bind_views_before_form_dest(&$pkg,"bindacls","name","allowquery"); bind_views_before_form_dest(&$pkg,"bindacls","name","allowupdate"); bind_views_before_form_dest(&$pkg,"bindviews","name","view"); - bind_zona_before_form_dest(&$pkg,"bindzone","name","serial"); + bind_zone_before_form_dest(&$pkg,"bindzone","name","serial"); </custom_php_command_before_form> <custom_php_validation_command> - $_POST['serial']=$_POST['serial']+1; + $_POST['serial']=date("9U"); </custom_php_validation_command> <custom_delete_php_command> bind_sync(); diff --git a/config/bind/pkg_bind.inc b/config/bind/pkg_bind.inc index 8c79c900..23daed8e 100644 --- a/config/bind/pkg_bind.inc +++ b/config/bind/pkg_bind.inc @@ -6,6 +6,6 @@ $shortcuts['bind'] = array(); $shortcuts['bind']['main'] = "pkg_edit.php?xml=bind.xml"; $shortcuts['bind']['log'] = "diag_logs.php"; $shortcuts['bind']['status'] = "status_services.php"; -$shortcuts['bind']['service'] = "bind"; +$shortcuts['bind']['service'] = "named"; ?> |