components/network/bind/patches/02-man-named.patch

   1 --- bind-9.18.28/doc/man/named.8in.orig 2024-07-08 17:22:50.522668771 +0200
   2 +++ bind-9.18.28/doc/man/named.8in      2024-07-31 22:01:07.556991781 +0200
   3 @@ -236,13 +236,11 @@
   4  \fBNOTE:\fP
   5  .INDENT 0.0
   6  .INDENT 3.5
   7 -On Linux, \fBnamed\fP uses the kernel\(aqs capability mechanism to drop
   8 -all root privileges except the ability to \fBbind\fP to a
   9 -privileged port and set process resource limits. Unfortunately,
  10 -this means that the \fI\%\-u\fP option only works when \fBnamed\fP is run
  11 -on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since
  12 -previous kernels did not allow privileges to be retained after
  13 -\fBsetuid\fP\&.
  14 +On illumos-based distributions, including OpenIndiana, \fBnamed\fP
  15 +uses the kernel\(aqs capability mechanism to drop
  16 +all root privileges.
  17 +The method script adds the privileges to \fBbind\fP to a privileged port.
  18 +Basic privileges are still retained after \fBsetuid\fP\&.
  19  .UNINDENT
  20  .UNINDENT
  21  .INDENT 0.0
  22 @@ -264,6 +262,100 @@
  23  Use of this option overrides the \fBlock\-file\fP option in
  24  \X'tty: link #std-iscman-named.conf'\fI\%named.conf\fP\X'tty: link'\&. If set to \fBnone\fP, the lock file check is disabled.
  25  .UNINDENT
  26 +.SH AUTOMATIC SERVICE MANAGEMENT (SMF)
  27 +.sp
  28 +The \fBDNS\fP service is managed by the service management facility, \fBsmf\fP(7), under the service identifier:
  29 +.INDENT 0.0
  30 +.INDENT 3.5
  31 +.sp
  32 +.nf
  33 +.ft C
  34 +svc:/network/dns/server:default
  35 +.ft P
  36 +.fi
  37 +.UNINDENT
  38 +.UNINDENT
  39 +.LP
  40 +Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using \fBsvcadm\fP(8). The service's status can
  41 +be queried using the \fBsvcs\fP(1) command.
  42 +.LP
  43 +\fBDNS\fP on illumos is managed via the service management facility described in
  44 +\fBsmf\fP(7). There are several options controlled by services properties which
  45 +can be set by the system administrator. The available options can be listed by
  46 +executing the following command:
  47 +.INDENT 0.0
  48 +.INDENT 3.5
  49 +.sp
  50 +.nf
  51 +.ft C
  52 +svccfg -s svc:/network/dns/server:default listprop options
  53 +.ft P
  54 +.fi
  55 +.UNINDENT
  56 +.UNINDENT
  57 +.sp
  58 +Each of these properties can be set using this command:
  59 +.INDENT 0.0
  60 +.INDENT 3.5
  61 +.sp
  62 +.nf
  63 +.ft C
  64 +svccfg -s  svc:/network/dns/server:default setprop \fIpropname\fP = \fIvalue\fP
  65 +.ft P
  66 +.fi
  67 +.UNINDENT
  68 +.UNINDENT
  69 +.sp
  70 +The available options and their meanings are as follows:
  71 +.TP
  72 +.BR options/server
  73 +A string that specifies an alternative server command.  If
  74 +not specified the default /usr/sbin/named is used.
  75 +.TP
  76 +.BR options/configuration_file
  77 +A string that specifies an alternative
  78 +configuration file to be used. The property is similar
  79 +to named(8) command line option '-c <string>.
  80 +.TP
  81 +.BR options/ip_interfaces
  82 +A string that specifies which IP transport BIND will
  83 +transmit on. Possible values are 'IPv4' or 'IPv6'. Any
  84 +other setting assumes 'all', the default.
  85 +Equivalent to command line option '-4' or '-6'.
  86 +.TP
  87 +.BR options/listen_on_port
  88 +An integer that specifies the default UDP and TCP port
  89 +which will be used to listen for DNS requests.
  90 +If not specified, the server listens on port 53.
  91 +Equivalent to command line option '-p <integer>'.
  92 +.TP
  93 +.BR options/debug_level
  94 +An integer that specifies the default debug level.  The
  95 +default is 0; no debugging. The higher the number the
  96 +more verbose debug information becomes.
  97 +Equivalent to command line option '-d <integer>'.
  98 +.TP
  99 +.BR options/threads
 100 +An integer that specifies the number of cpu worker threads to
 101 +create.  The default of 0 causes named to try to
 102 +determine the number of CPUs present and create one
 103 +thread per CPU.
 104 +Equivalent to command line option '-n <integer>'.
 105 +.TP
 106 +.BR options/chroot_dir
 107 +Change the root directory using chroot(2)
 108 +to pathname after processing the command line
 109 +arguments, but before reading the configuration file.
 110 +The working directory must be below chroot_dir.
 111 +This option should be used in conjunction with the user option.
 112 +Equivalent to command line option '-t <pathname>'.
 113 +.TP
 114 +.BR options/user
 115 +Change to user after completing privileged operations, such as
 116 +creating sockets that listen on privileged ports.
 117 +The default user is 'named'.
 118 +The working directory must be writable by this user.
 119 +Equivalent to command line option '-u user'.
 120  .SH SIGNALS
 121  .sp
 122  In routine operation, signals should not be used to control the