From cefd8a09c4b867cf4a235d7f892c7a8584689dea Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Wed, 9 Oct 2013 20:12:54 -0300 Subject: bind - run named with chroot --- config/bind/bind.inc | 66 +++++++++++++++++++++++++++------------------- config/bind/bind.xml | 17 ++++++------ config/bind/bind_zones.xml | 4 +-- config/bind/pkg_bind.inc | 2 +- 4 files changed, 51 insertions(+), 38 deletions(-) (limited to 'config/bind') diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 9d436e4e..d1ff106f 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -38,7 +38,15 @@ require_once('service-utils.inc'); if(!function_exists("filter_configure")) require_once("filter.inc"); -function bind_sync(){ +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('BIND_LOCALBASE', '/usr/pbi/bind-' . php_uname("m")); +else + define('BIND_LOCALBASE','/usr/local'); + +define('CHROOT_LOCALBASE','/conf/named'); + + function bind_sync(){ global $config; @@ -46,7 +54,7 @@ function bind_sync(){ $bind_enable = $bind['enable_bind']; $bind_forwarder = $bind['bind_forwarder']; $forwarder_ips = $bind['bind_forwarder_ips']; - $ram_limit = $bind['bind_ram_limit']; + $ram_limit = ($bind['bind_ram_limit']?$bind['bind_ram_limit']:"256M"); $hide_version = $bind['bind_hide_version']; $bind_notify = $bind['bind_notify']; $custom_options = base64_decode($bind['bind_custom_options']); @@ -225,14 +233,6 @@ EOD; $bind_conf .= "\t\t$zonecustom\n"; $bind_conf .= "\t};\n\n"; - if (!(file_exists("/etc/namedb/$zonetype"))) { - mwexec("mkdir /etc/namedb/$zonetype"); - } - - if (!(file_exists("/etc/namedb/$zonetype/$zoneview"))) { - mwexec("mkdir /etc/namedb/$zonetype/$zoneview"); - } - if ($zonetype == "master"){ $zonetll = $zone['tll']; $zonemail = $zone['mail']; @@ -274,7 +274,7 @@ EOD; $zone_conf .= "\t IN NS \t\t$zonenameserver.\n"; else{ $zone_conf .= "@ \t IN NS \t\t$zonenameserver.\n"; - $zone_conf .= "@ \t IN A \t\t$zoneipns\n"; + $zone_conf .= "@ \t IN A \t\t$zoneipns\n"; } for ($y=0; $y/dev/null sleep 3 - $BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind + {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /conf/named/ fi EOD; @@ -446,13 +458,13 @@ EOD; } function create_log_file(){ - mwexec("touch /var/log/named.log"); - mwexec("chown bind:bind /var/log/named.log"); - mwexec("chmod 755 /var/log/named.log"); + mwexec("touch ".CHROOT_LOCALBASE."/var/log/named.log"); + mwexec("chown bind:bind ".CHROOT_LOCALBASE."/var/log/named.log"); + mwexec("chmod 755 ".CHROOT_LOCALBASE."/var/log/named.log"); } function delete_log_file(){ - mwexec("rm /var/log/named.log"); + mwexec("rm ".CHROOT_LOCALBASE."/var/log/named.log"); } /* Uses XMLRPC to synchronize the changes to a remote node */ function bind_sync_on_changes() { diff --git a/config/bind/bind.xml b/config/bind/bind.xml index d50514e0..a3b9e572 100644 --- a/config/bind/bind.xml +++ b/config/bind/bind.xml @@ -127,7 +127,8 @@ Enable Bind enable_bind - Enable DNS Bind on Server. + + Disable Dns forwarder service on selected interfaces before enabling bind.]]> checkbox @@ -150,12 +151,12 @@ checkbox - Limitar Memory RAM - bind_ram_limit - Limits the use of RAM for the DNS when much use does not exhaust the resources of the machine, recommend 256M - input - 80 - 256M + Limitar Memory RAM + bind_ram_limit + Limits the use of RAM for the DNS when much use does not exhaust the resources of the machine, recommend 256M + input + 10 + 256M listtopic @@ -165,7 +166,7 @@ Listen-on listenon - Enable Named to listen on + interfaces_selection diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index 0656aec7..6b1323a5 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -368,10 +368,10 @@ bind_views_before_form_dest(&$pkg,"bindacls","name","allowquery"); bind_views_before_form_dest(&$pkg,"bindacls","name","allowupdate"); bind_views_before_form_dest(&$pkg,"bindviews","name","view"); - bind_zona_before_form_dest(&$pkg,"bindzone","name","serial"); + bind_zone_before_form_dest(&$pkg,"bindzone","name","serial"); - $_POST['serial']=$_POST['serial']+1; + $_POST['serial']=date("9U"); bind_sync(); diff --git a/config/bind/pkg_bind.inc b/config/bind/pkg_bind.inc index 8c79c900..23daed8e 100644 --- a/config/bind/pkg_bind.inc +++ b/config/bind/pkg_bind.inc @@ -6,6 +6,6 @@ $shortcuts['bind'] = array(); $shortcuts['bind']['main'] = "pkg_edit.php?xml=bind.xml"; $shortcuts['bind']['log'] = "diag_logs.php"; $shortcuts['bind']['status'] = "status_services.php"; -$shortcuts['bind']['service'] = "bind"; +$shortcuts['bind']['service'] = "named"; ?> -- cgit v1.2.3