aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2013-10-09 20:12:54 -0300
committerMarcello Coutinho <marcellocoutinho@gmail.com>2013-10-09 20:12:54 -0300
commitcefd8a09c4b867cf4a235d7f892c7a8584689dea (patch)
tree9e2fb81a37db5aabe16ff355b72361f7e6ba960b /config
parent77cafbd3579c8207d652a56994789e4b060b87e8 (diff)
downloadpfsense-packages-cefd8a09c4b867cf4a235d7f892c7a8584689dea.tar.gz
pfsense-packages-cefd8a09c4b867cf4a235d7f892c7a8584689dea.tar.bz2
pfsense-packages-cefd8a09c4b867cf4a235d7f892c7a8584689dea.zip
bind - run named with chroot
Diffstat (limited to 'config')
-rw-r--r--config/bind/bind.inc66
-rw-r--r--config/bind/bind.xml17
-rw-r--r--config/bind/bind_zones.xml4
-rw-r--r--config/bind/pkg_bind.inc2
4 files changed, 51 insertions, 38 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc
index 9d436e4e..d1ff106f 100644
--- a/config/bind/bind.inc
+++ b/config/bind/bind.inc
@@ -38,7 +38,15 @@ require_once('service-utils.inc');
if(!function_exists("filter_configure"))
require_once("filter.inc");
-function bind_sync(){
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version > 2.0)
+ define('BIND_LOCALBASE', '/usr/pbi/bind-' . php_uname("m"));
+else
+ define('BIND_LOCALBASE','/usr/local');
+
+define('CHROOT_LOCALBASE','/conf/named');
+
+ function bind_sync(){
global $config;
@@ -46,7 +54,7 @@ function bind_sync(){
$bind_enable = $bind['enable_bind'];
$bind_forwarder = $bind['bind_forwarder'];
$forwarder_ips = $bind['bind_forwarder_ips'];
- $ram_limit = $bind['bind_ram_limit'];
+ $ram_limit = ($bind['bind_ram_limit']?$bind['bind_ram_limit']:"256M");
$hide_version = $bind['bind_hide_version'];
$bind_notify = $bind['bind_notify'];
$custom_options = base64_decode($bind['bind_custom_options']);
@@ -225,14 +233,6 @@ EOD;
$bind_conf .= "\t\t$zonecustom\n";
$bind_conf .= "\t};\n\n";
- if (!(file_exists("/etc/namedb/$zonetype"))) {
- mwexec("mkdir /etc/namedb/$zonetype");
- }
-
- if (!(file_exists("/etc/namedb/$zonetype/$zoneview"))) {
- mwexec("mkdir /etc/namedb/$zonetype/$zoneview");
- }
-
if ($zonetype == "master"){
$zonetll = $zone['tll'];
$zonemail = $zone['mail'];
@@ -274,7 +274,7 @@ EOD;
$zone_conf .= "\t IN NS \t\t$zonenameserver.\n";
else{
$zone_conf .= "@ \t IN NS \t\t$zonenameserver.\n";
- $zone_conf .= "@ \t IN A \t\t$zoneipns\n";
+ $zone_conf .= "@ \t IN A \t\t$zoneipns\n";
}
for ($y=0; $y<sizeof($zone['row']); $y++)
{
@@ -285,7 +285,10 @@ EOD;
$zone_conf .= "$hostname \t IN $hosttype $hostvalue \t$hostdst\n";
}
- file_put_contents("/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf);
+ if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) {
+ mkdir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview",0755,true);
+ }
+ file_put_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf);
#reader file domain zone
#reader file host definition
@@ -295,11 +298,20 @@ EOD;
$bind_conf .= "};\n";
}
- if (!is_dir("/etc/namedb"))
- mkdir("/etc/namedb",0755);
- file_put_contents('/etc/namedb/named.conf', $bind_conf);
+ $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats");
+ foreach ($dirs as $dir){
+ if (!is_dir(CHROOT_LOCALBASE .$dir))
+ mkdir(CHROOT_LOCALBASE .$dir,0755,true);
+ }
+ file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf);
+ if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")){
+ $named_root=file_get_contents("http://www.internic.net/domain/named.root");
+ file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root",$named_root,LOCK_EX);
+ }
-
+ bind_write_rcfile();
+ chown(CHROOT_LOCALBASE."/var/log","bind");
+ chgrp(CHROOT_LOCALBASE."/var/log","bind");
if($bind_enable == "on")
mwexec("/usr/local/etc/rc.d/named.sh restart");
else
@@ -384,7 +396,7 @@ function bind_views_before_form_dest($pkg,$data_group,$fieldname,$dest) {
}
}
-# Analizador do serial da zona de dns
+# check zone serial number
# -----------------------------------------------------------------------------
function get_bind_conf_serial($data_group, $fieldname) {
@@ -398,10 +410,10 @@ function get_bind_conf_serial($data_group, $fieldname) {
return $res;
}
-# Carregar o campo com os dados da views
+# load data into fields
# -----------------------------------------------------------------------------
-function bind_zona_before_form_dest($pkg,$data_group,$fieldname,$dest) {
+function bind_zone_before_form_dest($pkg,$data_group,$fieldname,$dest) {
$destination_items = get_bind_conf_serial($data_group,$fieldname);
$i=0;
@@ -410,7 +422,7 @@ function bind_zona_before_form_dest($pkg,$data_group,$fieldname,$dest) {
#
if ($field['fieldname'] == $dest) {
$fld = &$pkg['fields']['field'][$i];
- $fld['default_value'] = date("Y")."000000";
+ $fld['default_value'] = date("YmdHis");
#$fld['value'] = date("Ymdhms")."boa";
}
$i++;
@@ -422,7 +434,7 @@ function bind_write_rcfile() {
$rc['file'] = 'named.sh';
$rc['start'] = <<<EOD
if [ -z "`ps auxw | grep "[n]amed -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then
- {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind
+ {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /conf/named/
fi
EOD;
@@ -432,11 +444,11 @@ sleep 2
EOD;
$rc['restart'] = <<<EOD
if [ -z "`ps auxw | grep "[n]amed -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then
- {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind
+ {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /conf/named/
else
killall -9 named 2>/dev/null
sleep 3
- $BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind
+ {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /conf/named/
fi
EOD;
@@ -446,13 +458,13 @@ EOD;
}
function create_log_file(){
- mwexec("touch /var/log/named.log");
- mwexec("chown bind:bind /var/log/named.log");
- mwexec("chmod 755 /var/log/named.log");
+ mwexec("touch ".CHROOT_LOCALBASE."/var/log/named.log");
+ mwexec("chown bind:bind ".CHROOT_LOCALBASE."/var/log/named.log");
+ mwexec("chmod 755 ".CHROOT_LOCALBASE."/var/log/named.log");
}
function delete_log_file(){
- mwexec("rm /var/log/named.log");
+ mwexec("rm ".CHROOT_LOCALBASE."/var/log/named.log");
}
/* Uses XMLRPC to synchronize the changes to a remote node */
function bind_sync_on_changes() {
diff --git a/config/bind/bind.xml b/config/bind/bind.xml
index d50514e0..a3b9e572 100644
--- a/config/bind/bind.xml
+++ b/config/bind/bind.xml
@@ -127,7 +127,8 @@
<field>
<fielddescr>Enable Bind</fielddescr>
<fieldname>enable_bind</fieldname>
- <description>Enable DNS Bind on Server.</description>
+ <description><![CDATA[Enable DNS Bind on Server<br>
+ Disable Dns forwarder service on selected interfaces before enabling bind.]]></description>
<type>checkbox</type>
<required/>
</field>
@@ -150,12 +151,12 @@
<type>checkbox</type>
</field>
<field>
- <fielddescr>Limitar Memory RAM</fielddescr>
- <fieldname>bind_ram_limit</fieldname>
- <description>Limits the use of RAM for the DNS when much use does not exhaust the resources of the machine, recommend 256M</description>
- <type>input</type>
- <size>80</size>
- <default_value>256M</default_value>
+ <fielddescr>Limitar Memory RAM</fielddescr>
+ <fieldname>bind_ram_limit</fieldname>
+ <description>Limits the use of RAM for the DNS when much use does not exhaust the resources of the machine, recommend 256M</description>
+ <type>input</type>
+ <size>10</size>
+ <default_value>256M</default_value>
</field>
<field>
<type>listtopic</type>
@@ -165,7 +166,7 @@
<field>
<fielddescr>Listen-on</fielddescr>
<fieldname>listenon</fieldname>
- <description>Enable Named to listen on</description>
+ <description><![CDATA[Enable Named to listen on.]]></description>
<type>interfaces_selection</type>
<showlistenall/>
<showvirtualips/>
diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml
index 0656aec7..6b1323a5 100644
--- a/config/bind/bind_zones.xml
+++ b/config/bind/bind_zones.xml
@@ -368,10 +368,10 @@
bind_views_before_form_dest(&amp;$pkg,"bindacls","name","allowquery");
bind_views_before_form_dest(&amp;$pkg,"bindacls","name","allowupdate");
bind_views_before_form_dest(&amp;$pkg,"bindviews","name","view");
- bind_zona_before_form_dest(&amp;$pkg,"bindzone","name","serial");
+ bind_zone_before_form_dest(&amp;$pkg,"bindzone","name","serial");
</custom_php_command_before_form>
<custom_php_validation_command>
- $_POST['serial']=$_POST['serial']+1;
+ $_POST['serial']=date("9U");
</custom_php_validation_command>
<custom_delete_php_command>
bind_sync();
diff --git a/config/bind/pkg_bind.inc b/config/bind/pkg_bind.inc
index 8c79c900..23daed8e 100644
--- a/config/bind/pkg_bind.inc
+++ b/config/bind/pkg_bind.inc
@@ -6,6 +6,6 @@ $shortcuts['bind'] = array();
$shortcuts['bind']['main'] = "pkg_edit.php?xml=bind.xml";
$shortcuts['bind']['log'] = "diag_logs.php";
$shortcuts['bind']['status'] = "status_services.php";
-$shortcuts['bind']['service'] = "bind";
+$shortcuts['bind']['service'] = "named";
?>