summaryrefslogtreecommitdiffstats
path: root/source/n/bind/rc.bind
blob: cab751634718d0a273b09f3f8ed06f976483f212 (about) (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#!/bin/sh
# Start/stop/restart the BIND name server daemon (named).

# Start BIND. In the past it was more secure to run BIND as a non-root
# user (for example, with '-u daemon'), but the modern version of BIND
# knows how to use the kernel's capability mechanism to drop all root
# privileges except the ability to bind() to a privileged port and set
# process resource limits, so running as a non-root user is not needed.
# But if you want to run as a non-root user anyway, the command options
# can be set like this in /etc/default/named:
#       NAMED_OPTIONS="-u daemon"
# So you will not have to edit this script.
#
# Please note that if you run BIND as a non-root user, your files in
# /var/named may need to be chowned to this user or else named will
# refuse to start.

# You might also consider running BIND in a "chroot jail",
# a discussion of which may be found in
# /usr/doc/Linux-HOWTOs/Chroot-BIND-HOWTO.
 
# One last note: rndc has a lot of other nice features that it is not
# within the scope of this start/stop/restart script to support.
# For more details, see "man rndc" or just type "rndc" to see the options.

# Load command defaults:
if [ -f /etc/default/named ] ; then . /etc/default/named ; fi
if [ -f /etc/default/rndc ] ; then . /etc/default/rndc ; fi

# Sanity check. If /usr/sbin/named is missing then it
# doesn't make much sense to try to run this script:
if [ ! -x /usr/sbin/named ]; then
  echo "/etc/rc.d/rc.bind:  no /usr/sbin/named found (or not executable); cannot start."
  exit 1
fi

# Function to find the user BIND is running as in $NAMED_OPTIONS:
find_bind_user() {
  if echo $NAMED_OPTIONS | grep -wq "\-u" ; then
    unset BIND_USER USER_FOUND
    echo $NAMED_OPTIONS | tr ' ' '\n' | while read element ; do
      if [ "$USER_FOUND" = "true" ]; then
        BIND_USER="$element"
        echo $BIND_USER
        break
      elif [ "$element" = "-u" ]; then
        USER_FOUND="true"
      fi
    done
  else
    echo "root"
  fi
}

# Start BIND. As many times as you like. ;-)
# Seriously, don't run "rc.bind start" if BIND is already
# running or you'll get more than one copy running.
bind_start() {
  # Make sure /var/run/named exists:
  mkdir -p /var/run/named
  # If we are running as a non-root user, we'll need to be sure that
  # /var/run/named is chowned properly to that user. Your files in
  # /var/named may need to be chowned as well, but that will be up to
  # the sysadmin to do.
  BIND_USER="$(find_bind_user)"
  if [ ! "$BIND_USER" = "root" ]; then
    chown -R $BIND_USER /var/run/named
  else # prevent error if switching back to running as root:
    chown -R root /var/run/named
  fi
  # Start named:
  if [ -x /usr/sbin/named ]; then
    echo "Starting BIND:  /usr/sbin/named $NAMED_OPTIONS"
    /usr/sbin/named $NAMED_OPTIONS
    sleep 1
  fi
  # Make sure that named started:
  if ! ps axc | grep -q named ; then
    echo "WARNING:  named did not start."
    echo "Attempting to start named again:  /usr/sbin/named $NAMED_OPTIONS"
    /usr/sbin/named $NAMED_OPTIONS
    sleep 1
    if ps axc | grep -q named ; then
      echo "SUCCESS:  named started."
    else
      echo "FAILED: Sorry, a second attempt to start named has also failed."
      echo "There may be a configuration error that needs fixing. Good luck!"
    fi
  fi
}

# Stop all running copies of BIND (/usr/sbin/named):
bind_stop() {
  # If you've set up rndc, we can use this to make shutting down BIND faster.
  # If you have /etc/rndc.conf, or you have /etc/rndc.key, or $RNDC_OPTIONS is
  # not empty, we'll try it.
  if [ -r /etc/rndc.conf -o -r /etc/rndc.key -o ! -z "$RNDC_OPTIONS" ]; then
    if [ -z "$RNDC_OPTIONS" ]; then
      echo "Stopping BIND:  /usr/sbin/rndc stop"
    else
      echo "Stopping BIND:  /usr/sbin/rndc $RNDC_OPTIONS stop"
    fi
    /usr/sbin/rndc $RNDC_OPTIONS stop
    # Wait for up to $TIMEOUT seconds before moving on to try killall:
    TIMEOUT=${TIMEOUT:-10}
    while [ "$TIMEOUT" -gt "0" ]; do
      # Exit the timeout loop if there are no named processes:
      if ! ps axco command | grep -q -e "^named$"; then
        break
      fi
      sleep 1
      TIMEOUT=$(expr $TIMEOUT - 1)
    done
  fi
  # Kill named processes if there are any running:
  if ps axco command | grep -q -e "^named$"; then
    echo "Stopping all named processes in this namespace:  /bin/killall -SIGTERM --ns \$\$ named"
    /bin/killall -SIGTERM --ns $$ named 2> /dev/null
  fi
}

# Reload BIND:
bind_reload() {
  /usr/sbin/rndc $RNDC_OPTIONS reload
}

# Restart BIND:
bind_restart() {
  bind_stop
  bind_start
}

# Get BIND status:
bind_status() {
  /usr/sbin/rndc $RNDC_OPTIONS status
}

case "$1" in
'start')
  bind_start
  ;;
'stop')
  bind_stop
  ;;
'reload')
  bind_reload
  ;;
'restart')
  bind_restart
  ;;
'status')
  bind_status
  ;;
*)
  echo "usage $0 start|stop|reload|restart|status"
esac