--- bind-9.3.2b2/lib/dns/rbt.c.dbus	2005-06-17 21:03:24.000000000 -0400

+++ bind-9.3.2b2/lib/dns/rbt.c	2005-11-15 12:45:05.000000000 -0500

@@ -2172,6 +2172,47 @@

 	dns_rbt_printtree(rbt->root, NULL, 0);

 }

+static void

+dns_rbt_traverse_tree(dns_rbtnode_t *root,  dns_rbt_traverse_callback_t cb, void *cb_arg1, void *cb_arg2 ) {

+/*

+ * This is used ONLY to traverse the forward table by dbus_mgr at the moment.

+ * Since the forward table is not likely to be large, this can be recursive.

+ */

+	dns_name_t name;

+	dns_offsets_t offsets;

+	char buf[DNS_NAME_MAXWIRE];

+	isc_buffer_t buffer;

+

+	if (root != NULL) {

+

+		if (DOWN(root)) 

+			dns_rbt_traverse_tree(DOWN(root), cb, cb_arg1, cb_arg2);

+

+		if( LEFT(root) != NULL )

+		        dns_rbt_traverse_tree(LEFT(root), cb, cb_arg1, cb_arg2);

+

+		if( RIGHT(root) != NULL )

+		        dns_rbt_traverse_tree(RIGHT(root), cb, cb_arg1, cb_arg2);

+

+		if( DATA(root) == 0L )

+		    return;

+

+		dns_name_init(&name, offsets);

+		isc_buffer_init(&buffer, buf, DNS_NAME_MAXWIRE);

+		dns_name_setbuffer( &name, &buffer);

+		dns_rbt_fullnamefromnode(root, &name);

+		

+		(*cb)(&name, DATA(root), cb_arg1, cb_arg2);		

+	} 

+}

+

+void dns_rbt_traverse( dns_rbt_t *rbt, dns_rbt_traverse_callback_t cb, void *cb_arg1, void *cb_arg2  )

+{

+        REQUIRE(VALID_RBT(rbt));

+

+	dns_rbt_traverse_tree( rbt->root, cb, cb_arg1, cb_arg2 );       

+}

+

 /*

  * Chain Functions

  */

--- bind-9.3.2b2/lib/dns/forward.c.dbus	2005-03-16 22:58:30.000000000 -0500

+++ bind-9.3.2b2/lib/dns/forward.c	2005-11-15 12:45:05.000000000 -0500

@@ -200,3 +200,89 @@

 	}

 	isc_mem_put(fwdtable->mctx, forwarders, sizeof(dns_forwarders_t));

 }

+

+/***

+ *** new D-BUS Dynamic Forwarding Zones functions:

+ ***/

+isc_result_t

+dns_fwdtable_delete(dns_fwdtable_t *fwdtable, dns_name_t *name )

+{

+	isc_result_t result;

+

+	REQUIRE(VALID_FWDTABLE(fwdtable));

+

+	RWLOCK(&fwdtable->rwlock, isc_rwlocktype_write);

+

+	result = dns_rbt_deletename(fwdtable->table, name, ISC_FALSE);

+

+	RWUNLOCK(&fwdtable->rwlock, isc_rwlocktype_write);		    

+

+	return (result);

+}

+

+isc_result_t

+dns_fwdtable_find_closest(dns_fwdtable_t *fwdtable, 

+			  dns_name_t *name, 

+			  dns_name_t *foundname,

+			  dns_forwarders_t **forwardersp)

+{

+	isc_result_t result;

+

+	REQUIRE(VALID_FWDTABLE(fwdtable));

+	

+	RWLOCK(&fwdtable->rwlock, isc_rwlocktype_read);

+

+	result = dns_rbt_findname(fwdtable->table, name, 0, foundname,

+				  (void **)forwardersp);

+	

+	if(result == DNS_R_PARTIALMATCH)

+	    result = ISC_R_SUCCESS;

+

+	RWUNLOCK(&fwdtable->rwlock, isc_rwlocktype_read);

+

+	return (result);

+}

+

+isc_result_t

+dns_fwdtable_find_exact(dns_fwdtable_t *fwdtable, dns_name_t *name,

+		  dns_forwarders_t **forwardersp)

+{

+	isc_result_t result;

+

+	REQUIRE(VALID_FWDTABLE(fwdtable));

+

+	REQUIRE(forwardersp != 0L);

+

+	RWLOCK(&fwdtable->rwlock, isc_rwlocktype_read);

+

+	result = dns_rbt_findname(fwdtable->table, name, 0, NULL,

+				  (void **)forwardersp);

+	

+	if( result != ISC_R_SUCCESS )

+	    *forwardersp = 0L;

+

+	RWUNLOCK(&fwdtable->rwlock, isc_rwlocktype_read);

+

+	return (result);

+}

+

+static 

+void dns_fwdtable_traverse

+(   

+    dns_name_t *name,

+    void *node_data,

+    void *cbp,

+    void *cb_arg

+)

+{

+    dns_fwdtable_callback_t  cb = (dns_fwdtable_callback_t) cbp;

+    

+    (*cb)( name, node_data, cb_arg);

+}

+

+void dns_fwdtable_foreach(dns_fwdtable_t *fwdtable, dns_fwdtable_callback_t cb, void *cb_arg )

+{

+    REQUIRE(VALID_FWDTABLE(fwdtable));

+

+    dns_rbt_traverse( fwdtable->table, dns_fwdtable_traverse, cb, cb_arg );

+}

--- bind-9.3.2b2/lib/dns/include/dns/forward.h.dbus	2005-03-16 22:58:31.000000000 -0500

+++ bind-9.3.2b2/lib/dns/include/dns/forward.h	2005-11-15 12:45:05.000000000 -0500

@@ -98,6 +98,37 @@

  * 	all memory associated with the forwarding table is freed.

  */

+

+/* These are ONLY used by dbus_mgr :

+ */

+

+isc_result_t

+dns_fwdtable_delete( dns_fwdtable_t *fwdtable, dns_name_t *name );

+/* 

+ * Removes an entry from the forwarding table.

+ */

+

+isc_result_t

+dns_fwdtable_find_exact(dns_fwdtable_t *fwdtable, dns_name_t *name,

+		  dns_forwarders_t **forwardersp);

+/*

+ * Finds an exact match for "name" in the forwarding table.  

+ */

+

+isc_result_t

+dns_fwdtable_find_closest(dns_fwdtable_t *fwdtable, dns_name_t *name, dns_name_t *foundname,

+		  dns_forwarders_t **forwardersp);

+/*

+ * Finds the closest match for "*name" in the forwarding table, returning  

+ * the actual name matching in *name if different to *name passed in. 

+ */

+

+typedef void (*dns_fwdtable_callback_t)( dns_name_t *, dns_forwarders_t *, void *);

+void dns_fwdtable_foreach(dns_fwdtable_t *fwdtable, dns_fwdtable_callback_t cb, void * );

+/* Invoke cb for each member of fwdtable 

+ */

+

+

 ISC_LANG_ENDDECLS

 #endif /* DNS_FORWARD_H */

--- bind-9.3.2b2/lib/dns/include/dns/rbt.h.dbus	2004-10-11 01:55:51.000000000 -0400

+++ bind-9.3.2b2/lib/dns/include/dns/rbt.h	2005-11-15 12:45:05.000000000 -0500

@@ -833,6 +833,17 @@

  *	<something_else>	Any error result from dns_name_concatenate.

  */

+

+typedef void (*dns_rbt_traverse_callback_t)(  dns_name_t *name,

+					      void *node_data,

+					      void *cb_arg1,

+					      void *cb_arg2);

+

+void dns_rbt_traverse( dns_rbt_t *rbt, dns_rbt_traverse_callback_t cb, void *cb_arg1, void *cb_arg2 );

+/* tree traversal function (only used by D-BUS dynamic forwarding dbus_mgr at

+ * the moment)

+ */

+

 ISC_LANG_ENDDECLS

 #endif /* DNS_RBT_H */

--- bind-9.3.2b2/lib/isc/unix/socket.c.dbus	2005-11-15 12:43:36.000000000 -0500

+++ bind-9.3.2b2/lib/isc/unix/socket.c	2005-11-15 12:45:05.000000000 -0500

@@ -148,6 +148,11 @@

 	ISC_LIST(isc_socketevent_t)		recv_list;

 	ISC_LIST(isc_socket_newconnev_t)	accept_list;

 	isc_socket_connev_t		       *connect_ev;

+        

+        /* these are used only by isc_sockettype_fd sockets:*/

+        isc_socketevent_t      *read_ready_event;

+        isc_socketevent_t      *write_ready_event;

+        isc_socketevent_t      *selected_event;

 	/*

 	 * Internal events.  Posted when a descriptor is readable or

@@ -304,7 +309,7 @@

 static void

 wakeup_socket(isc_socketmgr_t *manager, int fd, int msg) {

-	isc_socket_t *sock;

+	isc_socket_t *sock=0L;

 	/*

 	 * This is a wakeup on a socket.  If the socket is not in the

@@ -1266,6 +1271,9 @@

 	sock->connected = 0;

 	sock->connecting = 0;

 	sock->bound = 0;

+	sock->read_ready_event = 0L;

+	sock->write_ready_event = 0L;

+	sock->selected_event = 0L;

 	/*

 	 * initialize the lock

@@ -1378,13 +1386,16 @@

 	case isc_sockettype_tcp:

 		sock->fd = socket(pf, SOCK_STREAM, IPPROTO_TCP);

 		break;

+

+	case isc_sockettype_fd:

+	        sock->fd = pf;

 	}

 #ifdef F_DUPFD

 	/*

 	 * Leave a space for stdio to work in.

 	 */

-	if (sock->fd >= 0 && sock->fd < 20) {

+	if ( (type != isc_sockettype_fd) && (sock->fd >= 0) && (sock->fd < 20) ) {

 		int new, tmp;

 		new = fcntl(sock->fd, F_DUPFD, 20);

 		tmp = errno;

@@ -1438,7 +1449,7 @@

 		}

 	}

-	if (make_nonblock(sock->fd) != ISC_R_SUCCESS) {

+	if ((type != isc_sockettype_fd) && (make_nonblock(sock->fd) != ISC_R_SUCCESS)) {

 		(void)close(sock->fd);

 		free_socket(&sock);

 		return (ISC_R_UNEXPECTED);

@@ -1706,6 +1717,38 @@

 	isc_task_send(ev->ev_sender, (isc_event_t **)&iev;;

 }

+static

+isc_event_t *dispatch_read_ready(isc_socketmgr_t *manager, isc_socket_t *sock)

+{

+    isc_event_t *dev = (isc_event_t*)sock->read_ready_event, *ev;

+    

+    ev = isc_mem_get(manager->mctx, dev->ev_size);

+    memcpy(ev,dev,dev->ev_size);

+    ISC_LINK_INIT(ev,ev_link);

+    isc_task_send(dev->ev_sender, &ev );

+    return (isc_event_t *)sock->selected_event;

+}

+

+static

+isc_event_t *dispatch_write_ready(isc_socketmgr_t *manager,isc_socket_t *sock)

+{

+    isc_event_t *dev = (isc_event_t*)sock->write_ready_event, *ev;

+    ev = isc_mem_get(manager->mctx, dev->ev_size);

+    memcpy(ev,dev,dev->ev_size);

+    ISC_LINK_INIT(ev,ev_link);

+    isc_task_send(dev->ev_sender, &ev );

+    return (isc_event_t *)sock->selected_event;

+}

+

+static

+void dispatch_selected(isc_socketmgr_t *manager, isc_event_t *dev)

+{   isc_event_t *ev;

+    ev = isc_mem_get(manager->mctx, dev->ev_size);

+    memcpy(ev,dev,dev->ev_size);

+    ISC_LINK_INIT(ev,ev_link);

+    isc_task_send(dev->ev_sender, &ev );

+}

+

 /*

  * Dequeue an item off the given socket's read queue, set the result code

  * in the done event to the one provided, and send it to the task it was

@@ -2113,6 +2156,7 @@

 	int i;

 	isc_socket_t *sock;

 	isc_boolean_t unlock_sock;

+	isc_event_t *sock_selected = 0L;

 	REQUIRE(maxfd <= (int)FD_SETSIZE);

@@ -2146,11 +2190,15 @@

 			unlock_sock = ISC_TRUE;

 			LOCK(&sock->lock);

 			if (!SOCK_DEAD(sock)) {

+			    if( sock->type != isc_sockettype_fd )

+			    {

 				if (sock->listener)

 					dispatch_accept(sock);

 				else

 					dispatch_recv(sock);

-			}

+			    }else			    

+				sock_selected = dispatch_read_ready(manager,sock);

+			}			    

 			FD_CLR(i, &manager->read_fds);

 		}

 	check_write:

@@ -2164,16 +2212,24 @@

 				LOCK(&sock->lock);

 			}

 			if (!SOCK_DEAD(sock)) {

+			    if( sock->type != isc_sockettype_fd )

+			    {

 				if (sock->connecting)

 					dispatch_connect(sock);

 				else

 					dispatch_send(sock);

+			    }else			   

+				sock_selected =	dispatch_write_ready(manager,sock);

 			}

 			FD_CLR(i, &manager->write_fds);

 		}

 		if (unlock_sock)

 			UNLOCK(&sock->lock);

 	}

+	if( sock_selected != 0L )

+	{

+	    dispatch_selected(manager, sock_selected);

+	}

 }

 #ifdef ISC_PLATFORM_USETHREADS

@@ -2192,7 +2248,7 @@

 	int cc;

 	fd_set readfds;

 	fd_set writefds;

-	int msg, fd;

+	int msg, fd = -1;

 	int maxfd;

 	char strbuf[ISC_STRERRORSIZE];

@@ -3523,3 +3579,55 @@

 	return (ISC_R_SUCCESS);

 }

 #endif /* ISC_PLATFORM_USETHREADS */

+

+isc_socketevent_t*

+isc_socket_fd_handle_reads( isc_socket_t *sock, isc_socketevent_t *dev )

+{    

+    REQUIRE(VALID_SOCKET(sock));   

+    if(dev != 0L) 

+    {

+	sock->references=1;

+	sock->read_ready_event = dev;

+	select_poke(sock->manager, sock->fd, SELECT_POKE_READ);

+    }else

+    {

+	dev = sock->read_ready_event ;

+	sock->read_ready_event = 0L ;

+    }

+    return dev;

+}

+

+isc_socketevent_t*

+isc_socket_fd_handle_writes( isc_socket_t *sock, isc_socketevent_t *dev )

+{

+    REQUIRE(VALID_SOCKET(sock));   

+    if(dev != 0L) 

+    {

+	sock->references=1;

+	sock->write_ready_event = dev;

+	select_poke(sock->manager, sock->fd, SELECT_POKE_WRITE);    

+    }else

+    {

+	dev = sock->write_ready_event;

+	sock->write_ready_event = 0L;

+    }

+    return dev;

+}

+

+isc_socketevent_t*

+isc_socket_fd_handle_selected( isc_socket_t *sock, isc_socketevent_t *dev )

+{

+    REQUIRE(VALID_SOCKET(sock));

+    if(dev != 0L) 

+    {

+	sock->references=1;

+	sock->selected_event = dev;

+    }else

+    {

+	dev = sock->selected_event;

+	sock->selected_event = 0L;

+	sock->references=0;

+	destroy(&sock);

+    }

+    return dev;

+}

--- bind-9.3.2b2/lib/isc/include/isc/socket.h.dbus	2004-03-08 04:04:53.000000000 -0500

+++ bind-9.3.2b2/lib/isc/include/isc/socket.h	2005-11-15 12:45:05.000000000 -0500

@@ -136,6 +136,10 @@

 #define ISC_SOCKEVENT_NEWCONN	(ISC_EVENTCLASS_SOCKET + 3)

 #define ISC_SOCKEVENT_CONNECT	(ISC_EVENTCLASS_SOCKET + 4)

+#define ISC_SOCKEVENT_READ_READY  (ISC_EVENTCLASS_SOCKET + 5)

+#define ISC_SOCKEVENT_WRITE_READY (ISC_EVENTCLASS_SOCKET + 6)

+#define ISC_SOCKEVENT_SELECTED    (ISC_EVENTCLASS_SOCKET + 7)

+

 /*

  * Internal events.

  */

@@ -144,7 +148,8 @@

 typedef enum {

 	isc_sockettype_udp = 1,

-	isc_sockettype_tcp = 2

+	isc_sockettype_tcp = 2,

+	isc_sockettype_fd  = 8

 } isc_sockettype_t;

 /*

@@ -699,6 +704,30 @@

  *	'sock' is a valid socket.

  */

+isc_socketevent_t*

+isc_socket_fd_handle_reads( isc_socket_t *sock, isc_socketevent_t *dev );

+/* register the "dev" event to be sent when the isc_sockettype_fd sock 

+ * was select()-ed for read. If there is already an event registered, it

+ * is returned, otherwise 0 is returned. If dev is 0, removes any existing

+ * registered event.

+ */

+ 

+isc_socketevent_t*

+isc_socket_fd_handle_writes( isc_socket_t *sock, isc_socketevent_t *dev );

+/* register the "dev" event to be sent when the isc_sockettype_fd sock 

+ * was select()-ed for write. If there is already an event registered, it

+ * is returned, otherwise 0 is returned. If dev is 0, removes any existing

+ * registered event.

+ */

+

+isc_socketevent_t*

+isc_socket_fd_handle_selected( isc_socket_t *sock, isc_socketevent_t *dev );

+/* register the "dev" event to be sent when ALL isc_sockettype_fd sockets 

+ * have been select()-ed . If there is already an event registered, it

+ * is returned, otherwise 0 is returned. If dev is 0, removes any existing

+ * registered event.

+ */

+

 ISC_LANG_ENDDECLS

 #endif /* ISC_SOCKET_H */

--- bind-9.3.2b2/bin/named/log.c.dbus	2005-05-24 19:58:17.000000000 -0400

+++ bind-9.3.2b2/bin/named/log.c	2005-11-15 12:45:05.000000000 -0500

@@ -41,6 +41,7 @@

 	{ "queries",	 		0 },

 	{ "unmatched",	 		0 },

 	{ "update-security",		0 },

+	{ "dbus",                       0 },

 	{ NULL, 			0 }

 };

@@ -60,6 +61,7 @@

 	{ "notify",	 		0 },

 	{ "control",	 		0 },

 	{ "lwresd",	 		0 },

+	{ "dbus",                       0 },

 	{ NULL, 			0 }

 };

--- bind-9.3.2b2/bin/named/Makefile.in.dbus	2005-11-15 12:43:36.000000000 -0500

+++ bind-9.3.2b2/bin/named/Makefile.in	2005-11-15 12:45:05.000000000 -0500

@@ -35,7 +35,8 @@

 		${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \

 		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \

 		${DBDRIVER_INCLUDES}

-

+DBUS_INCLUDES = \

+	-I/usr/lib/dbus-1.0/include -I/usr/include/dbus-1.0

 CDEFINES =

 CWARNINGS =

@@ -52,6 +53,7 @@

 ISCDEPLIBS =	../../lib/isc/libisc.@A@

 LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@

 BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@

+DBUSLIBS=       -ldbus-1

 DEPLIBS =	${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \

 		${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}

@@ -70,7 +72,8 @@

 		tkeyconf.o tsigconf.o update.o xfrout.o \

 		zoneconf.o \

 		lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o \

-		lwdgnba.o lwdgrbn.o lwdnoop.o lwsearch.o \

+		lwdgnba.o lwdgrbn.o lwdnoop.o lwsearch.o  \

+		dbus_service.o dbus_mgr.o \

 		$(DBDRIVER_OBJS)

 UOBJS =		unix/os.o

@@ -83,6 +86,7 @@

 		zoneconf.c \

 		lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \

 		lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \

+	        dbus_service.c dbus_mgr.c \

 		$(DBDRIVER_SRCS)

 MANPAGES =	named.8 lwresd.8 named.conf.5

@@ -111,9 +115,14 @@

 		-DNS_LOCALSTATEDIR=\"${localstatedir}\" \

 		-c ${srcdir}/config.c

+dbus_service.o: dbus_service.c

+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \

+	        ${DBUS_INCLUDES} \

+		-c ${srcdir}/dbus_service.c

+

 named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}

 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \

-	${OBJS} ${UOBJS} ${LIBS}

+	${OBJS} ${UOBJS} ${LIBS} ${DBUSLIBS}

 lwresd@EXEEXT@: named@EXEEXT@

 	rm -f lwresd@EXEEXT@

--- bind-9.3.2b2/bin/named/named.8.dbus	2005-10-12 22:33:46.000000000 -0400

+++ bind-9.3.2b2/bin/named/named.8	2005-11-15 12:48:31.000000000 -0500

@@ -30,7 +30,7 @@

 named \- Internet domain name server

 .SH "SYNOPSIS"

 .HP 6

-\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]

+\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] [\fB\-D\fR]

 .SH "DESCRIPTION"

 .PP

 \fBnamed\fR

@@ -143,6 +143,13 @@

 .B "Warning:"

 This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release.

 .RE

+.sp

+.TP

+\fB\-D\fR

+Enable dynamic management of the forwarding table with D-BUS

+messages. This option is required for Red Hat NetworkManager

+support. See doc/README.DBUS .

+.sp

 .SH "SIGNALS"

 .PP

 In routine operation, signals should not be used to control the nameserver;

@@ -162,6 +169,73 @@

 \fBnamed\fR

 configuration file is too complex to describe in detail here. A complete description is provided in the

 BIND 9 Administrator Reference Manual.

+.PP

+.SH "NOTES"

+.PP

+.TP

+\fBRed Hat SELinux BIND Security Profile:\fR

+.PP

+By default, Red Hat ships BIND with the most secure SELinux policy

+that will not prevent normal BIND operation and will prevent exploitation

+of all known BIND security vulnerabilities . See the selinux(8) man page

+for information about SElinux.

+.PP

+It is not necessary to run named in a chroot environment if the Red Hat

+SELinux policy for named is enabled. When enabled, this policy is far

+more secure than a chroot environment.

+.PP

+With this extra security comes some restrictions:

+.br

+By default, the SELinux policy does not allow named to write any master

+zone database files. Only the root user may create files in the $ROOTDIR/var/named

+zone database file directory (the options { "directory" } option), where

+$ROOTDIR is set in /etc/sysconfig/named.

+.br

+The "named" group must be granted read privelege to 

+these files in order for named to be enabled to read them. 

+.br

+Any file created in the zone database file directory is automatically assigned

+the SELinux file context named_zone_t .

+.br

+By default, SELinux prevents any role from modifying named_zone_t files; this

+means that files in the zone database directory cannot be modified by dynamic

+DNS (DDNS) updates or zone transfers.

+.br

+The Red Hat BIND distribution and SELinux policy creates two directories where

+named is allowed to create and modify files: $ROOTDIR/var/named/slaves and

+$ROOTDIR/var/named/data. By placing files you want named to modify, such as

+slave or DDNS updateable zone files and database / statistics dump files in 

+these directories, named will work normally and no further operator action is

+required. Files in these directories are automatically assigned the 'named_cache_t'

+file context, which SELinux allows named to write.

+.br

+You can enable the named_t domain to write and create named_zone_t files by use

+of the SELinux tunable boolean variable "named_write_master_zones", using the

+setsebool(8) command or the system-config-security GUI . If you do this, you

+must also set the ENABLE_ZONE_WRITE variable in /etc/sysconfig/named to 

+1 / yes to set the ownership of files in the $ROOTDIR/var/named directory

+to named:named in order for named to be allowed to write them. 

+.PP

+\fBRed Hat BIND named_sdb SDB support:\fR

+.PP

+Red Hat ships the bind-sdb RPM that provides the /usr/sbin/named_sdb program,

+which is named compiled with the Simplified Database Backend modules that ISC

+provides in the "contrib/sdb" directory.

+.br

+The SDB modules for LDAP, PostGreSQL and DirDB are compiled into named_sdb.

+.br

+To run named_sdb, set the ENABLE_SDB variable in /etc/sysconfig/named to 1 or "yes",

+and then the "service named start" named initscript will run named_sdb instead

+of named .

+.br

+See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .

+.PP

+\fBRed Hat system-config-bind:\fR

+.PP

+Red Hat provides the system-config-bind GUI to configure named.conf and zone

+database files. Run the "system-config-bind" command and access the manual

+by selecting the Help menu.

+.PP

 .SH "FILES"

 .TP

 \fI/etc/named.conf\fR

--- bind-9.3.2b2/bin/named/main.c.dbus	2005-04-28 21:04:47.000000000 -0400

+++ bind-9.3.2b2/bin/named/main.c	2005-11-15 12:45:05.000000000 -0500

@@ -239,7 +239,8 @@

 		"usage: named [-4|-6] [-c conffile] [-d debuglevel] "

 		"[-f|-g] [-n number_of_cpus]\n"

 		"             [-p port] [-s] [-t chrootdir] [-u username]\n"

-		"             [-m {usage|trace|record}]\n");

+		"             [-m {usage|trace|record}]\n"

+	        "             [-D ]\n");

 }

 static void

@@ -345,7 +346,7 @@

 	isc_commandline_errprint = ISC_FALSE;

 	while ((ch = isc_commandline_parse(argc, argv,

-			           "46c:C:d:fgi:lm:n:N:p:P:st:u:vx:")) != -1) {

+			           "46c:C:d:fgi:lm:n:N:p:P:st:u:vx:D")) != -1) {

 		switch (ch) {

 		case '4':

 			if (disable4)

@@ -434,6 +435,9 @@

 		case 'v':

 			printf("BIND %s\n", ns_g_version);

 			exit(0);

+		case 'D':

+		        ns_g_dbus = 1;

+			break;

 		case '?':

 			usage();

 			ns_main_earlyfatal("unknown option '-%c'",

--- bind-9.3.2b2/bin/named/server.c.dbus	2005-07-26 22:53:15.000000000 -0400

+++ bind-9.3.2b2/bin/named/server.c	2005-11-15 12:45:05.000000000 -0500

@@ -86,6 +86,8 @@

 #include <stdlib.h>

 #endif

+#include <named/dbus_mgr.h>

+

 /*

  * Check an operation for failure.  Assumes that the function

  * using it has a 'result' variable and a 'cleanup' label.

@@ -1496,12 +1498,12 @@

 	if (result != ISC_R_SUCCESS) {

 		char namebuf[DNS_NAME_FORMATSIZE];

 		dns_name_format(origin, namebuf, sizeof(namebuf));

-		cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,

-			    "could not set up forwarding for domain '%s': %s",

+		cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_NOTICE,

+			    "setting up forwarding failed for domain '%s': %s",

 			    namebuf, isc_result_totext(result));

 		goto cleanup;

 	}

-

+		

 	result = ISC_R_SUCCESS;

  cleanup:

@@ -2873,6 +2875,20 @@

 	CHECKFATAL(load_zones(server, ISC_FALSE), "loading zones");

+	server->dbus_mgr = 0L;

+	if( ns_g_dbus )	

+	    if( dbus_mgr_create

+	        (  ns_g_mctx, ns_g_taskmgr, ns_g_socketmgr, ns_g_timermgr,

+		   &server->dbus_mgr

+		) != ISC_R_SUCCESS

+	      )

+	    {

+		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,

+			      NS_LOGMODULE_SERVER, ISC_LOG_WARNING,

+			      "dbus_mgr initialization failed. D-BUS service is disabled."

+		             );

+	    }