Hi Harald,
Thanks, but I suspect those are the files that come with the default system installation, but not usable (without modifications) if I have compiled it from source. Am I right?

Cheers.

On 19/02/16 12:02, Reindl Harald wrote:


Am 19.02.2016 um 11:45 schrieb Josep Manel Andrés:
I have just compiled bind-9.9.8-P3 on SLES12 and tried to adapt the init
script we where using on SLES11SP3, but it doesn't seem to work, since
the new version of bind needs to get some libraries copied into the
chroot environment, that's why I am trying to adapt the systemd script
that comes with the version from repos on SLES 12 but so far I didn't
get it working.

Does anyone has a systemd or init script that works for bind-9.9.8-P3 ?

What would be the correct procedure to run named as daemon?

Fedora contains systemd-units for a long time now
_______________________________________________________________________

[root@srv-rhsoft:~]$ cat /etc/systemd/system/named.service
[Unit]
Description=DNS Server
After=network.service systemd-networkd.service network-online.target
network-wan-bridge.service network-wlan-bridge.service openvpn.service

[Service]
Type=simple
ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on
ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z
/etc/named.conf
ExecStart=/usr/sbin/named -4 -f -u named -t /var/named/chroot
ExecReload=/usr/bin/kill -HUP $MAINPID
ExecStop=/usr/bin/kill -TERM $MAINPID
ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off
PrivateTmp=yes
PrivateDevices=yes
TimeoutSec=25
Restart=always
RestartSec=1
CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_SYS_ADMIN
CAP_DAC_OVERRIDE CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE
CAP_NET_BROADCAST CAP_NET_RAW CAP_IPC_LOCK CAP_SYS_CHROOT
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
InaccessibleDirectories=-/root
InaccessibleDirectories=-/media
InaccessibleDirectories=-/boot
InaccessibleDirectories=-/home
InaccessibleDirectories=-/run/console
InaccessibleDirectories=-/run/dbus
InaccessibleDirectories=-/run/lock
InaccessibleDirectories=-/run/mount
InaccessibleDirectories=-/run/systemd/generator
InaccessibleDirectories=-/run/systemd/system
InaccessibleDirectories=-/run/systemd/users
InaccessibleDirectories=-/run/udev
InaccessibleDirectories=-/run/user
InaccessibleDirectories=-/var/lib/dbus
InaccessibleDirectories=-/var/lib/rpm
InaccessibleDirectories=-/var/lib/systemd
InaccessibleDirectories=-/var/lib/yum
InaccessibleDirectories=-/var/spool

[Install]
WantedBy=multi-user.target
_______________________________________________________________________

[root@srv-rhsoft:~]$ cat /usr/libexec/setup-named-chroot.sh
#!/bin/bash

ROOTDIR_MOUNT='/etc/localtime /etc/named /etc/pki/dnssec-keys
/etc/named.root.key /etc/named.conf
/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf
/etc/rndc.key
/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /run/named /var/named
/etc/crypto-policies/back-ends/bind.config'

usage()
{
   echo
   echo 'This script setups chroot environment for BIND'
   echo 'Usage: setup-named-chroot.sh ROOTDIR [on|off]'
}

if ! [ "$#" -eq 2 ]; then
   echo 'Wrong number of arguments'
   usage
   exit 1
fi

ROOTDIR="$1"

# Exit if ROOTDIR doesn't exist
if ! [ -d "$ROOTDIR" ]; then
   echo "Root directory $ROOTDIR doesn't exist"
   usage
   exit 1
fi

mount_chroot_conf()
{
   if [ -n "$ROOTDIR" ]; then
     for all in $ROOTDIR_MOUNT; do
       # Skip nonexistant files
       [ -e "$all" ] || continue

       # If mount source is a file
       if ! [ -d "$all" ]; then
         # mount it only if it is not present in chroot or it is empty
         if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"`
-eq 0 ]; then
           touch "$ROOTDIR$all"
           mount --bind "$all" "$ROOTDIR$all"
         fi
       else
         # Mount source is a directory. Mount it only if directory in
chroot is
         # empty.
         if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
           mount --bind --make-private "$all" "$ROOTDIR$all"
         fi
       fi
     done
   fi
}

umount_chroot_conf()
{
   if [ -n "$ROOTDIR" ]; then
     for all in $ROOTDIR_MOUNT; do
       # Check if file is mount target. Do not use /proc/mounts because
detecting
       # of modified mounted files can fail.
       if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
         umount "$ROOTDIR$all"
         # Remove temporary created files
         [ -f "$all" ] && rm -f "$ROOTDIR$all"
       fi
     done
   fi
}

case "$2" in
   on)
     mount_chroot_conf
     ;;
   off)
     umount_chroot_conf
     ;;
   *)
     echo 'Second argument has to be "on" or "off"'
     usage
     exit 1
esac

exit 0



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


--
Josep Manel Andrés (josep.and...@bsc.es)
Operations - Barcelona Supercomputing Center
C/ Jordi Girona, 31  http://www.bsc.es
08034 Barcelona, Spain Tel: +34-93-405 42 14
e-mail: syst...@bsc.es Fax: +34-93-413 77 21
-----------------------------------------------

WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to