Date: Wed, 24 Apr 2013 09:27:18 -0700 From: Sean Bruno <sean_bruno@yahoo.com> To: Ian FREISLICH <ianf@clue.co.za> Cc: current@freebsd.org Subject: Re: 'service named reload' with non-default system directories. Message-ID: <1366820838.1405.3.camel@localhost> In-Reply-To: <E1UV0nX-0006S1-QK@clue.co.za> References: <E1UV0nX-0006S1-QK@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-wNGJmCJj96NcA6Rbdy4b
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On Wed, 2013-04-24 at 16:35 +0200, Ian FREISLICH wrote:
>=20
> --- /usr/src/etc/rc.d/named 2013-04-15 20:17:58.000000000 +0200
> +++ /etc/rc.d/named 2013-04-24 16:16:52.000000000 +0200
> @@ -109,7 +109,7 @@
> =20
> named_reload()
> {
> - ${command%/named}/rndc reload
> + ${command%/named}/rndc -k ${named_confdir}/rndc.key reload
> }
> =20
> find_pidfile()
<snip>
> So, I 'include "path/to/rndc.key";' in named.conf, add a controls
> section that uses this named key and I use the following rndc.conf:
>=20
> ---named.conf---
> include "/etc/namedb/rndc.key";
>=20
> controls {
> inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
> };
> ---named.conf---
>=20
> ---rndc.conf---
> include "/etc/namedb/rndc.key";
>=20
> options {
> default-server localhost;
> default-key rndc-key;
> };
>=20
> server localhost {
> key rndc-key;
> };
> ---rndc.conf---
>=20
> And the following version of the above patch:
>=20
> --- /usr/src/etc/rc.d/named 2013-04-15 20:17:58.000000000 +0200
> +++ /etc/rc.d/named 2013-04-24 16:16:52.000000000 +0200
> @@ -109,7 +109,7 @@
> =20
> named_reload()
> {
> - ${command%/named}/rndc reload
> + ${command%/named}/rndc -c ${named_confdir}/rndc.conf reload
> }
> =20
> find_pidfile()
>=20
> this will allow the rc system to reload and stop named (without a
> kill) no matter what the configured chroot is.
>=20
> Ian
>=20
Would we need a change to /etc/defaults/rc.conf to set ${named_confdir}
to the default location if not set?
Also, there already appears to be a ${named_conf} that points to
whatever named.conf specified (defaults to /etc/namedb/named.conf). Is
this complementary to what you're poking at?
Sean
--=-wNGJmCJj96NcA6Rbdy4b
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (FreeBSD)
iQEcBAABAgAGBQJReAfeAAoJEBkJRdwI6BaHSAoH/0gj6jo27TgT6JQzDXprrZbT
JMSbN5MDBNW7kaYz0KAz4XqnWw39MML5ZEp2xi12/BaOWlWfj981IoRCGudUFaYX
ydY2ioVX4NQ4u80mnz4ZweNjQUf4XoGJTYUcrvw53QP8/lR8bxC4Wv7CkA6vJszT
9WyD8Y9XSWt8o8vwL0sjPobOWziJe7OCk7o1yAWHp7a5Dz/5MAYXGiq2nQgurNFg
01+8/Q61RKQP64cXO65rouHObVQ22rIG75mHGl9OXRYidKOZvshofsIQJY1w5pLz
f4yrQXA/xvc5DvmGWw9WmMOENG6ztHTbGpEfWNtrLjMnWuz1ydPLoWswBSLmVnw=
=ucAK
-----END PGP SIGNATURE-----
--=-wNGJmCJj96NcA6Rbdy4b--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1366820838.1405.3.camel>