# pwd
/usr/lib/systemd/system
# cat named-chroot.service
# Don’t forget to add “$AddUnixListenSocket /var/named/chroot/dev/log”
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
# broken when rsyslogd daemon is restarted (due update, for example).
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Requires=named-chroot-setup.service
Before=nss-lookup.target
After=named-chroot-setup.service
After=network.target
[Service]
Type=forking
Environment=NAMEDCONF=/etc/named.conf
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/var/named/chroot/run/named/named.pid
ExecStartPre=/bin/bash -c ‘if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z “$NAMEDCONF”; else echo “Checking of zone files is disabled”; fi’
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS
ExecReload=/bin/sh -c ‘if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi’
ExecStop=/bin/sh -c ‘/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID’
PrivateTmp=false
[Install]
WantedBy=multi-user.target
#
# cat named-chroot-setup.service
[Unit]
Description=Set-up/destroy chroot environment for named (DNS)
BindsTo=named-chroot.service
Wants=named-setup-rndc.service
After=named-setup-rndc.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on /etc/named-chroot.files
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off /etc/named-chroot.files
#
# cat /etc/named-chroot.files
# Configuration of files used in chroot
# Following files are made available after named-chroot.service start
# if they are missing or empty in target directory.
/etc/localtime
/etc/named.root.key
/etc/named.conf
/etc/named.rfc1912.zones
/etc/rndc.conf
/etc/rndc.key
/etc/named.iscdlv.key
/etc/crypto-policies/back-ends/bind.config
/etc/protocols
/etc/services
/etc/named.dnssec.keys
/etc/pki/dnssec-keys
/etc/named
/usr/lib64/bind
/usr/lib/bind
/usr/lib64/named
/usr/lib/named
/usr/share/GeoIP
/run/named
# Warning: the order is important
# If a directory containing $ROOTDIR is listed here,
# it MUST be listed last. (/var/named contains /var/named/chroot)
/var/named
#
# cat named-setup-rndc.service
[Unit]
Description=Generate rndc key for BIND (DNS)
[Service]
Type=oneshot
ExecStart=/usr/libexec/generate-rndc-key.sh
#
コメント