PREIN
/bin/sh
if [ "$1" -eq 1 ]; then
/usr/sbin/groupadd -g 25 -f -r named >/dev/null 2>&1 || :;
/usr/sbin/useradd -u 25 -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
fi;
:;
PREUN
/bin/sh
if [ "$1" -eq 0 ]; then
/sbin/service named stop >/dev/null 2>&1 || :;
/sbin/chkconfig --del named || :;
fi;
:;
POSTIN
/bin/sh
/sbin/ldconfig
/sbin/chkconfig --add named
if [ "$1" -eq 1 ]; then
if [ ! -e /etc/rndc.key ]; then
/usr/sbin/rndc-confgen -a > /dev/null 2>&1
fi
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
# rndc.key has to have correct perms and ownership, CVE-2007-6283
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
:;
POSTUN
/bin/sh
/sbin/ldconfig
if [ "$1" -ge 1 ]; then
/sbin/service named try-restart >/dev/null 2>&1 || :;
fi;
:;
Triggers
bind <=
32:9.5.0-20.b1
/bin/sh
if [ "$1" -gt 0 ]; then
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
:;
dnssec-conf
/bin/sh
[ -r '/etc/named.conf' ] || exit 0
cp -fp /etc/named.conf /etc/named.conf.rpmsave
if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /etc/named.conf; then
if grep -q 'dlv.isc.org.conf' /etc/named.conf; then
# DLV is configured, reconfigure it to new configuration
sed -i -e 's/.*dnssec-lookaside.*dlv\.isc\.org\..*/dnssec-lookaside auto;\
bindkeys-file "\/etc\/named.iscdlv.key";/' /etc/named.conf
fi
sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \
/etc/named.conf
/sbin/service named try-restart > /dev/null 2>&1 || :;
fi