1. New feature; option to have the script loop until a specified hostname

(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.

3 files changed, 116 insertions, 7 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index f1c3799..71b88a1 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -247,6 +247,7 @@ inetd_flags="-wW -C 60"		# Optional flags to inetd
 #
 named_enable="NO"		# Run named, the DNS server (or NO).
 named_program="/usr/sbin/named" # Path to named, if you want a different one.
+named_conf="/etc/namedb/named.conf" 	# Path to the configuration file
 #named_flags="-c /etc/namedb/named.conf" # Uncomment for named not in /usr/sbin
 named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
 named_uid="bind" 		# User to run named as
@@ -254,6 +255,10 @@ named_chrootdir="/var/named"	# Chroot directory (or "" not to auto-chroot it)
 named_chroot_autoupdate="YES"	# Automatically install/update chrooted
 				# components of named. See /etc/rc.d/named.
 named_symlink_enable="YES"	# Symlink the chrooted pid file
+named_wait="NO" 		# Wait for working name service before exiting
+named_wait_host="localhost" 	# Hostname to check if named_wait is enabled
+named_auto_forward="NO" 	# Set up forwarders from /etc/resolv.conf
+named_auto_forward_only="NO" 	# Do "forward only" instead of "forward first"
 
 #
 # kerberos. Do not run the admin daemons on slave servers
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
index dd2d115..c9b09cb 100644
--- a/etc/namedb/named.conf
+++ b/etc/namedb/named.conf
@@ -31,12 +31,6 @@ options {
 	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 
-// In addition to the "forwarders" clause, you can force your name
-// server to never initiate queries of its own, but always ask its
-// forwarders only, by enabling the following line:
-//
-//	forward only;
-
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
@@ -45,6 +39,20 @@ options {
 		127.0.0.1;
 	};
 */
+
+// If the 'forwarders' clause is not empty the default is to 'forward first'
+// which will fall back to sending a query from your local server if the name
+// servers in 'forwarders' do not have the answer.  Alternatively you can
+// force your name server to never initiate queries of its own by enabling the
+// following line:
+//	forward only;
+
+// If you wish to have forwarding configured automatically based on
+// the entries in /etc/resolv.conf, uncomment the following line and
+// set named_auto_forward=yes in /etc/rc.conf.  You can also enable
+// named_auto_forward_only (the effect of which is described above).
+//	include "/etc/namedb/auto_forward.conf";
+
 	/*
 	   Modern versions of BIND use a random UDP port for each outgoing
 	   query by default in order to dramatically reduce the possibility
diff --git a/etc/rc.d/named b/etc/rc.d/named
index e90fd13..65a13a5 100755
--- a/etc/rc.d/named
+++ b/etc/rc.d/named
@@ -16,7 +16,7 @@ command="/usr/sbin/named"
 extra_commands="reload"
 
 start_precmd="named_precmd"
-start_postcmd="make_symlinks"
+start_postcmd="named_poststart"
 reload_cmd="named_reload"
 stop_cmd="named_stop"
 stop_postcmd="named_poststop"
@@ -97,6 +97,17 @@ make_symlinks()
 	    ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
 }
 
+named_poststart () {
+	make_symlinks
+
+	if checkyesno named_wait; then
+		until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
+			echo "	Waiting for nameserver to resolve $named_wait_host"
+			sleep 1
+		done
+	fi
+}
+
 named_reload()
 {
 	${command%/named}/rndc reload
@@ -135,8 +146,19 @@ named_poststop()
 	fi
 }
 
+create_file () {
+	if [ -e "$1" ]; then
+		unlink $1
+	fi
+	> $1
+	chown root:wheel $1
+	chmod 644 $1
+}
+
 named_precmd()
 {
+	local line nsip firstns
+
 	# Is the user using a sandbox?
 	#
 	if [ -n "$named_chrootdir" ]; then
@@ -161,6 +183,80 @@ named_precmd()
 	else
 		$confgen_command
 	fi
+
+	# Create a forwarder configuration based on /etc/resolv.conf
+	if checkyesno named_auto_forward; then
+		if [ ! -s /etc/resolv.conf ]; then
+			warn "named_auto_forward enabled, but no /etc/resolv.conf"
+
+			# Empty the file in case it is included in named.conf
+			[ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
+			    create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
+
+			${command%/named}/named-checkconf $named_conf ||
+			    err 3 'named-checkconf for $named_conf failed'
+			return
+		fi
+
+		create_file /var/run/naf-resolv.conf
+		create_file /var/run/auto_forward.conf
+
+		echo '	forwarders {' > /var/run/auto_forward.conf
+
+		while read line; do
+			case "$line" in
+			'nameserver '*|'nameserver	'*)
+				nsip=${line##nameserver[         ]}
+
+				if [ -z "$firstns" ]; then
+					if [ ! "$nsip" = '127.0.0.1' ]; then
+						echo 'nameserver 127.0.0.1'
+						echo "		${nsip};" >> /var/run/auto_forward.conf
+					fi
+
+					firstns=1
+				else
+					[ "$nsip" = '127.0.0.1' ] && continue
+					echo "		${nsip};" >> /var/run/auto_forward.conf
+				fi
+				;;
+			esac
+
+			echo $line
+		done < /etc/resolv.conf > /var/run/naf-resolv.conf
+
+		echo '	};' >> /var/run/auto_forward.conf
+		echo '' >> /var/run/auto_forward.conf
+		if checkyesno named_auto_forward_only; then
+			echo "	forward only;" >> /var/run/auto_forward.conf
+		else
+			echo "	forward first;" >> /var/run/auto_forward.conf
+		fi
+
+		if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
+			unlink /var/run/naf-resolv.conf
+		else
+			[ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
+			mv /var/run/naf-resolv.conf /etc/resolv.conf
+		fi
+
+		if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \
+		    /var/run/auto_forward.conf; then
+			unlink /var/run/auto_forward.conf
+		else
+			[ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
+			    unlink ${named_chrootdir}/etc/namedb/auto_forward.conf
+			mv /var/run/auto_forward.conf \
+			    ${named_chrootdir}/etc/namedb/auto_forward.conf
+		fi
+	else
+		# Empty the file in case it is included in named.conf
+		[ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
+		    create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
+	fi
+
+	${command%/named}/named-checkconf $named_conf ||
+	    err 3 'named-checkconf for $named_conf failed'
 }
 
 load_rc_config $name