From b42681c4e973fc819a42c36b18cfb59415d0fcba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Mon, 24 Jan 2022 12:13:24 +0100 Subject: [PATCH] Use compile-time paths in the manual pages Replace the hard-coded paths for various BIND 9 files (configuration, pid, etc.) in the man pages and ARM with compile-time values using the sphinx-build replace system. This is more complicated, because the restructured text specification doesn't allow |substitions| inside ``code-blocks``, so for each specific file we had to create own substition which is sub-optimal, but it is only way how to do this without adding Sphinx extension. --- Makefile.docs | 42 ++++++++++++++++++++++++++--------- bin/check/named-checkconf.rst | 4 ++-- bin/confgen/rndc-confgen.rst | 5 ++--- bin/delv/delv.rst | 8 +++---- bin/named/named.conf.rst | 2 +- bin/named/named.rst | 8 +++---- bin/nsupdate/nsupdate.rst | 6 ++--- bin/plugins/filter-a.rst | 2 +- bin/plugins/filter-aaaa.rst | 2 +- bin/rndc/rndc.rst | 4 ++-- doc/arm/conf.py | 14 ++++++++++++ doc/arm/configuration.rst | 11 +++------ doc/arm/reference.rst | 13 +++++------ doc/man/Makefile.am | 4 ++++ doc/man/conf.py | 14 ++++++++++++ doc/man/delv.1in | 8 +++---- doc/man/filter-a.8in | 2 +- doc/man/filter-aaaa.8in | 2 +- doc/man/named-checkconf.1in | 4 ++-- doc/man/named.8in | 8 +++---- doc/man/named.conf.5in | 2 +- doc/man/nsupdate.1in | 6 ++--- doc/man/rndc-confgen.8in | 5 ++--- doc/man/rndc.8in | 4 ++-- doc/misc/rst-options.pl | 2 +- 25 files changed, 114 insertions(+), 68 deletions(-) diff --git a/Makefile.docs b/Makefile.docs index 74650845b1..a6bedbe225 100644 --- a/Makefile.docs +++ b/Makefile.docs @@ -9,6 +9,16 @@ AM_V_SPHINX_0 = @echo " SPHINX $@"; SPHINXBUILDDIR = $(builddir)/_build +LF = \n +RNDC_CONF = .. |rndc_conf| replace:: ``$(sysconfdir)/rndc.conf`` +RNDC_KEY = .. |rndc_key| replace:: ``$(sysconfdir)/rndc.key`` +NAMED_CONF = .. |named_conf| replace:: ``$(sysconfdir)/named.conf`` +BIND_KEYS = .. |bind_keys| replace:: ``$(sysconfdir)/bind.keys`` +NAMED_PID = .. |named_pid| replace:: ``$(runstatedir)/named.pid`` +SESSION_KEY = .. |session_key| replace:: ``$(runstatedir)/session.key`` + +export RST_EPILOG = $(RNDC_CONF)$(LF)$(RNDC_KEY)$(LF)$(NAMED_CONF)$(LF)$(BIND_KEYS)$(LF)$(NAMED_PID)$(LF)$(SESSION_KEY) + common_SPHINXOPTS = \ -W \ -c $(srcdir) \ @@ -17,18 +27,30 @@ common_SPHINXOPTS = \ # The "today" variable set below is not directly used in the ARM, but its value # is implicitly inserted on the title page of the PDF file produced by Sphinx. -ALLSPHINXOPTS = \ - $(common_SPHINXOPTS) \ - -D today="$(RELEASE_DATE)" \ - $(SPHINXOPTS) \ +ALLSPHINXOPTS = \ + $(common_SPHINXOPTS) \ + -D today="$(RELEASE_DATE)" \ + -D rst_epilog="$$(printf "$${RST_EPILOG}")" \ + $(SPHINXOPTS) \ $(srcdir) -man_SPHINXOPTS = \ - $(common_SPHINXOPTS) \ - -D version="@""PACKAGE_VERSION@"\ - -D today="@""RELEASE_DATE@" \ - -D release="@""PACKAGE_VERSION@"\ - $(SPHINXOPTS) \ +_ = @ +man_RNDC_CONF = .. |rndc_conf| replace:: ``$(_)sysconfdir$(_)/rndc.conf`` +man_RNDC_KEY = .. |rndc_key| replace:: ``$(_)sysconfdir$(_)/rndc.key`` +man_NAMED_CONF = .. |named_conf| replace:: ``$(_)sysconfdir$(_)/named.conf`` +man_BIND_KEYS = .. |bind_keys| replace:: ``$(_)sysconfdir$(_)/bind.keys`` +man_NAMED_PID = .. |named_pid| replace:: ``$(_)runstatedir$(_)/named.pid`` +man_SESSION_KEY = .. |session_key| replace:: ``$(_)runstatedir$(_)/session.key`` + +export man_RST_EPILOG = $(man_RNDC_CONF)$(LF)$(man_RNDC_KEY)$(LF)$(man_NAMED_CONF)$(LF)$(man_BIND_KEYS)$(LF)$(man_NAMED_PID)$(LF)$(man_SESSION_KEY) + +man_SPHINXOPTS = \ + $(common_SPHINXOPTS) \ + -D version="@""PACKAGE_VERSION@" \ + -D today="@""RELEASE_DATE@" \ + -D release="@""PACKAGE_VERSION@" \ + -D rst_epilog="$$(printf "$${man_RST_EPILOG}")" \ + $(SPHINXOPTS) \ $(srcdir) AM_V_SED = $(AM_V_SED_@AM_V@) diff --git a/bin/check/named-checkconf.rst b/bin/check/named-checkconf.rst index 3cb7d74a61..882f818c7b 100644 --- a/bin/check/named-checkconf.rst +++ b/bin/check/named-checkconf.rst @@ -27,7 +27,7 @@ Description ``named-checkconf`` checks the syntax, but not the semantics, of a ``named`` configuration file. The file, along with all files included by it, is parsed and checked for syntax errors. If no file is specified, -``/etc/named.conf`` is read by default. +|named_conf| is read by default. Note: files that ``named`` reads in separate parser contexts, such as ``rndc.key`` and ``bind.keys``, are not automatically read by @@ -81,7 +81,7 @@ Options ``filename`` This indicates the name of the configuration file to be checked. If not specified, - it defaults to ``/etc/named.conf``. + it defaults to |named_conf|. Return Values ~~~~~~~~~~~~~ diff --git a/bin/confgen/rndc-confgen.rst b/bin/confgen/rndc-confgen.rst index 889077e2a5..e24cbe2ac6 100644 --- a/bin/confgen/rndc-confgen.rst +++ b/bin/confgen/rndc-confgen.rst @@ -35,9 +35,8 @@ Options ~~~~~~~ ``-a`` - This option sets automatic ``rndc`` configuration, which creates a file ``rndc.key`` - in ``/etc`` (or a different ``sysconfdir`` specified when BIND - was built) that is read by both ``rndc`` and ``named`` on startup. + This option sets automatic ``rndc`` configuration, which creates a file + |rndc_key| that is read by both ``rndc`` and ``named`` on startup. The ``rndc.key`` file defines a default command channel and authentication key allowing ``rndc`` to communicate with ``named`` on the local host with no further configuration. diff --git a/bin/delv/delv.rst b/bin/delv/delv.rst index 0936236b5d..3c1cfa38fe 100644 --- a/bin/delv/delv.rst +++ b/bin/delv/delv.rst @@ -97,7 +97,7 @@ Options ``-a anchor-file`` This option specifies a file from which to read DNSSEC trust anchors. The default - is ``/etc/bind.keys``, which is included with BIND 9 and contains one + is |bind_keys|, which is included with BIND 9 and contains one or more trust anchors for the root zone ("."). Keys that do not match the root zone name are ignored. An alternate @@ -107,8 +107,8 @@ Options ``initial-key``, and ``static-key`` identically. That is, for a managed key, it is the *initial* key that is trusted; :rfc:`5011` key management is not supported. ``delv`` does not consult the managed-keys database maintained by - ``named``, which means that if either of the keys in ``/etc/bind.keys`` is - revoked and rolled over, ``/etc/bind.keys`` must be updated to + ``named``, which means that if either of the keys in |bind_keys| is + revoked and rolled over, |bind_keys| must be updated to use DNSSEC validation in ``delv``. ``-b address`` @@ -316,7 +316,7 @@ assign values to options like the timeout interval. They have the form Files ~~~~~ -``/etc/bind.keys`` +|bind_keys| ``/etc/resolv.conf`` diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index f9278fb09e..def862f844 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -1133,7 +1133,7 @@ ZONE Files ~~~~~ -``/etc/named.conf`` +|named_conf| See Also ~~~~~~~~ diff --git a/bin/named/named.rst b/bin/named/named.rst index 24289222c5..ea440b202b 100644 --- a/bin/named/named.rst +++ b/bin/named/named.rst @@ -29,7 +29,7 @@ distribution from ISC. For more information on the DNS, see :rfc:`1033`, :rfc:`1034`, and :rfc:`1035`. When invoked without arguments, ``named`` reads the default -configuration file ``/etc/named.conf``, reads any initial data, and +configuration file |named_conf|, reads any initial data, and listens for queries. Options @@ -45,7 +45,7 @@ Options ``-c config-file`` This option tells ``named`` to use ``config-file`` as its configuration file instead of the default, - ``/etc/named.conf``. To ensure that the configuration file + |named_conf|. To ensure that the configuration file can be reloaded after the server has changed its working directory due to to a possible ``directory`` option in the configuration file, ``config-file`` should be an absolute pathname. @@ -206,10 +206,10 @@ in the script used to start the ``named`` process. Files ~~~~~ -``/etc/named.conf`` +|named_conf| The default configuration file. -``/var/run/named/named.pid`` +|named_pid| The default process-id file. See Also diff --git a/bin/nsupdate/nsupdate.rst b/bin/nsupdate/nsupdate.rst index fa17c0a251..64865a53f8 100644 --- a/bin/nsupdate/nsupdate.rst +++ b/bin/nsupdate/nsupdate.rst @@ -46,7 +46,7 @@ described in :rfc:`3645`. TSIG relies on a shared secret that should only be known to ``nsupdate`` and the name server. For instance, suitable ``key`` and ``server`` -statements are added to ``/etc/named.conf`` so that the name server +statements are added to |named_conf| so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that is using TSIG authentication. ``ddns-confgen`` can generate suitable @@ -97,7 +97,7 @@ Options This option sets local-host only mode, which sets the server address to localhost (disabling the ``server`` so that the server address cannot be overridden). Connections to the local server use a TSIG key - found in ``/var/run/named/session.key``, which is automatically + found in |session_key|, which is automatically generated by ``named`` if any local ``primary`` zone has set ``update-policy`` to ``local``. The location of this key file can be overridden with the ``-k`` option. @@ -335,7 +335,7 @@ Files ``/etc/resolv.conf`` Used to identify the default name server -``/var/run/named/session.key`` +|session_key| Sets the default TSIG key for use in local-only mode ``K{name}.+157.+{random}.key`` diff --git a/bin/plugins/filter-a.rst b/bin/plugins/filter-a.rst index 8ce78e5f70..31802120f3 100644 --- a/bin/plugins/filter-a.rst +++ b/bin/plugins/filter-a.rst @@ -31,7 +31,7 @@ For example: :: - plugin query "/usr/local/lib/filter-a.so" { + plugin query "filter-a.so" { filter-a-on-v6 yes; filter-a-on-v4 yes; filter-a { 192.0.2.1; 2001:db8:2::1; }; diff --git a/bin/plugins/filter-aaaa.rst b/bin/plugins/filter-aaaa.rst index 1696101b85..8b63f5729b 100644 --- a/bin/plugins/filter-aaaa.rst +++ b/bin/plugins/filter-aaaa.rst @@ -35,7 +35,7 @@ enabled with the ``filter-aaaa`` ACL and the ``filter-aaaa-on-v4`` and :: - plugin query "/usr/local/lib/filter-aaaa.so" { + plugin query "filter-aaaa.so" { filter-aaaa-on-v4 yes; filter-aaaa-on-v6 yes; filter-aaaa { 192.0.2.1; 2001:db8:2::1; }; diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst index 56463f58fc..fbc836a5c2 100644 --- a/bin/rndc/rndc.rst +++ b/bin/rndc/rndc.rst @@ -59,11 +59,11 @@ Options ``-c config-file`` This option indicates ``config-file`` as the configuration file instead of the default, - ``/etc/rndc.conf``. + |rndc_conf|. ``-k key-file`` This option indicates ``key-file`` as the key file instead of the default, - ``/etc/rndc.key``. The key in ``/etc/rndc.key`` is used to + |rndc_key|. The key in |rndc_key| is used to authenticate commands sent to the server if the config-file does not exist. diff --git a/doc/arm/conf.py b/doc/arm/conf.py index 35d8b20de6..1ba4c22b79 100644 --- a/doc/arm/conf.py +++ b/doc/arm/conf.py @@ -178,3 +178,17 @@ latex_documents = [ ] latex_logo = "isc-logo.pdf" + +# +# The rst_epilog will be completely overwritten from the Makefile, +# the definition here is provided purely for situations when +# sphinx-build is run by hand. +# +rst_epilog = """ +.. |rndc_conf| replace: ``/etc/rndc.conf`` +.. |rndc_key| replace: ``/etc/rndc.key`` +.. |named_conf| replace: ``/etc/named.conf`` +.. |bind_keys| replace: ``/etc/bind.keys`` +.. |named_pid| replace: ``/run/named.pid`` +.. |session_key| replace: ``/run/session.key`` +""" diff --git a/doc/arm/configuration.rst b/doc/arm/configuration.rst index a5356b554e..266436b10d 100644 --- a/doc/arm/configuration.rst +++ b/doc/arm/configuration.rst @@ -39,9 +39,6 @@ rules. // Two corporate subnets we wish to allow queries from. acl corpnets { 192.168.4.0/24; 192.168.7.0/24; }; options { - // Working directory - directory "/etc/namedb"; - allow-query { corpnets; }; }; // Provide a reverse mapping for the loopback @@ -64,8 +61,6 @@ the primary server for ``example.com`` and a secondary server for the subdomain :: options { - // Working directory - directory "/etc/namedb"; // Do not allow access to cache allow-query-cache { none; }; // This is the default @@ -242,9 +237,9 @@ server. the server is authenticated with digital signatures that rely on a shared secret, and there is no way to provide that secret other than with a configuration file. The default location for the ``rndc`` - configuration file is ``/etc/rndc.conf``, but an alternate location + configuration file is |rndc_conf|, but an alternate location can be specified with the ``-c`` option. If the configuration file is - not found, ``rndc`` also looks in ``/etc/rndc.key`` (or whatever + not found, ``rndc`` also looks in |rndc_key| (or whatever ``sysconfdir`` was defined when the BIND build was configured). The ``rndc.key`` file is generated by running ``rndc-confgen -a`` as described in :ref:`controls_statement_definition_and_usage`. @@ -297,7 +292,7 @@ server. default-key rndc_key; }; - This file, if installed as ``/etc/rndc.conf``, allows the + This file, if installed as |rndc_conf|, allows the command: ``$ rndc reload`` diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 66349ea2f8..483344f1ca 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -404,9 +404,8 @@ If no ``controls`` statement is present, ``named`` sets up a default control channel listening on the loopback address 127.0.0.1 and its IPv6 counterpart, ::1. In this case, and also when the ``controls`` statement is present but does not have a ``keys`` clause, ``named`` attempts -to load the command channel key from the file ``rndc.key`` in ``/etc`` -(or whatever ``sysconfdir`` was specified when BIND was built). To -create an ``rndc.key`` file, run ``rndc-confgen -a``. +to load the command channel key from the file |rndc_key|. +To create an ``rndc.key`` file, run ``rndc-confgen -a``. To disable the command channel, use an empty ``controls`` statement: ``controls { };``. @@ -1247,7 +1246,7 @@ default is used. ``pid-file`` This is the pathname of the file the server writes its process ID in. If not - specified, the default is ``/var/run/named/named.pid``. The PID file + specified, the default is |named_pid|. The PID file is used by programs that send signals to the running name server. Specifying ``pid-file none`` disables the use of a PID file; no file is written and any existing one is removed. Note @@ -1268,7 +1267,7 @@ default is used. ``bindkeys-file`` This is the pathname of a file to override the built-in trusted keys provided by ``named``. See the discussion of ``dnssec-validation`` for - details. If not specified, the default is ``/etc/bind.keys``. + details. If not specified, the default is |bind_keys|. ``secroots-file`` This is the pathname of the file the server dumps security roots to, when @@ -1278,7 +1277,7 @@ default is used. ``session-keyfile`` This is the pathname of the file into which to write a TSIG session key generated by ``named`` for use by ``nsupdate -l``. If not specified, - the default is ``/var/run/named/session.key``. (See :ref:`dynamic_update_policies`, + the default is |session_key|. (See :ref:`dynamic_update_policies`, and in particular the discussion of the ``update-policy`` statement's ``local`` option, for more information about this feature.) @@ -6032,7 +6031,7 @@ A pre-defined ``update-policy`` rule can be switched on with the command generates a TSIG session key when starting and stores it in a file; this key can then be used by local clients to update the zone while ``named`` is running. By default, the session key is stored in the file -``/var/run/named/session.key``, the key name is "local-ddns", and the +|session_key|, the key name is "local-ddns", and the key algorithm is HMAC-SHA256. These values are configurable with the ``session-keyfile``, ``session-keyname``, and ``session-keyalg`` options, respectively. A client running on the local system, if run with diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index 1ca74c140a..e8f8022099 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -132,6 +132,9 @@ man_SUBST = \ $(AM_V_SED)$(SED) \ -e 's,[@]PACKAGE_VERSION@,$(PACKAGE_VERSION),' \ -e 's,[@]RELEASE_DATE@,$(RELEASE_DATE),' \ + -e 's,[@]libdir[@],$(libdir),g' \ + -e 's,[@]runstatedir[@],$(runstatedir),g' \ + -e 's,[@]sysconfdir[@],$(sysconfdir),g' \ $(srcdir)/$@in >$@ .1in.1: @@ -170,6 +173,7 @@ if HAVE_SPHINX_BUILD manpages.stamp: $(MANPAGES_RST) @rm -f manpages.tmp @touch manpages.tmp + echo "${man_RST_EPILOG}" $(AM_V_SPHINX)$(SPHINX_BUILD) -b man -d $(SPHINXBUILDDIR)/.doctrees/man $(man_SPHINXOPTS) $(SPHINXBUILDDIR)/man for f in $(SPHINXBUILDDIR)/man/*; do \ cp -a "$$f" "$(srcdir)/$$(basename $$f)in"; \ diff --git a/doc/man/conf.py b/doc/man/conf.py index ef3ef0957a..929155c07b 100644 --- a/doc/man/conf.py +++ b/doc/man/conf.py @@ -102,3 +102,17 @@ man_pages = [ ('rndc', 'rndc', 'name server control utility', author, 8), ('tsig-keygen', 'tsig-keygen', 'TSIG key generation tool', author, 8), ] + +# +# The rst_epilog will be completely overwritten from the Makefile, +# the definition here is provided purely for situations when +# sphinx-build is run by hand. +# +rst_epilog = """ +.. |rndc_conf| replace: ``@sysconfdir@/rndc.conf`` +.. |rndc_key| replace: ``@sysconfdir@/rndc.key`` +.. |named_conf| replace: ``@sysconfdir@/named.conf`` +.. |bind_keys| replace: ``@sysconfdir@/bind.keys`` +.. |named_pid| replace: ``@runstatedir@/named.pid`` +.. |session_key| replace: ``@runstatedir@/session.key`` +""" diff --git a/doc/man/delv.1in b/doc/man/delv.1in index 021698460b..08e095d04c 100644 --- a/doc/man/delv.1in +++ b/doc/man/delv.1in @@ -113,7 +113,7 @@ supplied, \fBdelv\fP performs a lookup for an A record. .TP .B \fB\-a anchor\-file\fP This option specifies a file from which to read DNSSEC trust anchors. The default -is \fB/etc/bind.keys\fP, which is included with BIND 9 and contains one +is \fB@sysconfdir@/bind.keys\fP, which is included with BIND 9 and contains one or more trust anchors for the root zone ("."). .sp Keys that do not match the root zone name are ignored. An alternate @@ -123,8 +123,8 @@ Note: When reading the trust anchor file, \fBdelv\fP treats \fBtrust\-anchors\fP \fBinitial\-key\fP, and \fBstatic\-key\fP identically. That is, for a managed key, it is the \fIinitial\fP key that is trusted; \fI\%RFC 5011\fP key management is not supported. \fBdelv\fP does not consult the managed\-keys database maintained by -\fBnamed\fP, which means that if either of the keys in \fB/etc/bind.keys\fP is -revoked and rolled over, \fB/etc/bind.keys\fP must be updated to +\fBnamed\fP, which means that if either of the keys in \fB@sysconfdir@/bind.keys\fP is +revoked and rolled over, \fB@sysconfdir@/bind.keys\fP must be updated to use DNSSEC validation in \fBdelv\fP\&. .TP .B \fB\-b address\fP @@ -331,7 +331,7 @@ This option prints response data in YAML format. .UNINDENT .SH FILES .sp -\fB/etc/bind.keys\fP +\fB@sysconfdir@/bind.keys\fP .sp \fB/etc/resolv.conf\fP .SH SEE ALSO diff --git a/doc/man/filter-a.8in b/doc/man/filter-a.8in index 8336ad1012..723585fe85 100644 --- a/doc/man/filter-a.8in +++ b/doc/man/filter-a.8in @@ -44,7 +44,7 @@ For example: .sp .nf .ft C -plugin query "/usr/local/lib/filter\-a.so" { +plugin query "filter\-a.so" { filter\-a\-on\-v6 yes; filter\-a\-on\-v4 yes; filter\-a { 192.0.2.1; 2001:db8:2::1; }; diff --git a/doc/man/filter-aaaa.8in b/doc/man/filter-aaaa.8in index 4074d4806a..93ee7426dc 100644 --- a/doc/man/filter-aaaa.8in +++ b/doc/man/filter-aaaa.8in @@ -48,7 +48,7 @@ enabled with the \fBfilter\-aaaa\fP ACL and the \fBfilter\-aaaa\-on\-v4\fP and .sp .nf .ft C -plugin query "/usr/local/lib/filter\-aaaa.so" { +plugin query "filter\-aaaa.so" { filter\-aaaa\-on\-v4 yes; filter\-aaaa\-on\-v6 yes; filter\-aaaa { 192.0.2.1; 2001:db8:2::1; }; diff --git a/doc/man/named-checkconf.1in b/doc/man/named-checkconf.1in index 8ef1294404..5ff53d45e8 100644 --- a/doc/man/named-checkconf.1in +++ b/doc/man/named-checkconf.1in @@ -38,7 +38,7 @@ named-checkconf \- named configuration file syntax checking tool \fBnamed\-checkconf\fP checks the syntax, but not the semantics, of a \fBnamed\fP configuration file. The file, along with all files included by it, is parsed and checked for syntax errors. If no file is specified, -\fB/etc/named.conf\fP is read by default. +\fB@sysconfdir@/named.conf\fP is read by default. .sp Note: files that \fBnamed\fP reads in separate parser contexts, such as \fBrndc.key\fP and \fBbind.keys\fP, are not automatically read by @@ -91,7 +91,7 @@ This option performs a test load of all zones of type \fBprimary\fP found in \fB .TP .B \fBfilename\fP This indicates the name of the configuration file to be checked. If not specified, -it defaults to \fB/etc/named.conf\fP\&. +it defaults to \fB@sysconfdir@/named.conf\fP\&. .UNINDENT .SH RETURN VALUES .sp diff --git a/doc/man/named.8in b/doc/man/named.8in index d9fa8d17ee..34ef4c4081 100644 --- a/doc/man/named.8in +++ b/doc/man/named.8in @@ -40,7 +40,7 @@ distribution from ISC. For more information on the DNS, see \fI\%RFC 1033\fP, \fI\%RFC 1034\fP, and \fI\%RFC 1035\fP\&. .sp When invoked without arguments, \fBnamed\fP reads the default -configuration file \fB/etc/named.conf\fP, reads any initial data, and +configuration file \fB@sysconfdir@/named.conf\fP, reads any initial data, and listens for queries. .SH OPTIONS .INDENT 0.0 @@ -55,7 +55,7 @@ This option tells \fBnamed\fP to use only IPv6, even if the host machine is capa .TP .B \fB\-c config\-file\fP This option tells \fBnamed\fP to use \fBconfig\-file\fP as its configuration file instead of the default, -\fB/etc/named.conf\fP\&. To ensure that the configuration file +\fB@sysconfdir@/named.conf\fP\&. To ensure that the configuration file can be reloaded after the server has changed its working directory due to to a possible \fBdirectory\fP option in the configuration file, \fBconfig\-file\fP should be an absolute pathname. @@ -234,10 +234,10 @@ in the script used to start the \fBnamed\fP process. .SH FILES .INDENT 0.0 .TP -.B \fB/etc/named.conf\fP +.B \fB@sysconfdir@/named.conf\fP The default configuration file. .TP -.B \fB/var/run/named/named.pid\fP +.B \fB@runstatedir@/named.pid\fP The default process\-id file. .UNINDENT .SH SEE ALSO diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index bce901e6d0..246c396aa3 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -1231,7 +1231,7 @@ zone string [ class ] { .UNINDENT .SH FILES .sp -\fB/etc/named.conf\fP +\fB@sysconfdir@/named.conf\fP .SH SEE ALSO .sp \fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, \fBtsig\-keygen(8)\fP, BIND 9 Administrator Reference Manual. diff --git a/doc/man/nsupdate.1in b/doc/man/nsupdate.1in index 63f6cd8ef7..b4840b36b3 100644 --- a/doc/man/nsupdate.1in +++ b/doc/man/nsupdate.1in @@ -57,7 +57,7 @@ described in \fI\%RFC 3645\fP\&. .sp TSIG relies on a shared secret that should only be known to \fBnsupdate\fP and the name server. For instance, suitable \fBkey\fP and \fBserver\fP -statements are added to \fB/etc/named.conf\fP so that the name server +statements are added to \fB@sysconfdir@/named.conf\fP so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that is using TSIG authentication. \fBddns\-confgen\fP can generate suitable @@ -107,7 +107,7 @@ the key specified is not an HMAC\-MD5 key. This option sets local\-host only mode, which sets the server address to localhost (disabling the \fBserver\fP so that the server address cannot be overridden). Connections to the local server use a TSIG key -found in \fB/var/run/named/session.key\fP, which is automatically +found in \fB@runstatedir@/session.key\fP, which is automatically generated by \fBnamed\fP if any local \fBprimary\fP zone has set \fBupdate\-policy\fP to \fBlocal\fP\&. The location of this key file can be overridden with the \fB\-k\fP option. @@ -355,7 +355,7 @@ DNSKEY, and NSEC records.) .B \fB/etc/resolv.conf\fP Used to identify the default name server .TP -.B \fB/var/run/named/session.key\fP +.B \fB@runstatedir@/session.key\fP Sets the default TSIG key for use in local\-only mode .TP .B \fBK{name}.+157.+{random}.key\fP diff --git a/doc/man/rndc-confgen.8in b/doc/man/rndc-confgen.8in index 4d83994cba..fa3158722a 100644 --- a/doc/man/rndc-confgen.8in +++ b/doc/man/rndc-confgen.8in @@ -45,9 +45,8 @@ by hand. Alternatively, it can be run with the \fB\-a\fP option to set up a .INDENT 0.0 .TP .B \fB\-a\fP -This option sets automatic \fBrndc\fP configuration, which creates a file \fBrndc.key\fP -in \fB/etc\fP (or a different \fBsysconfdir\fP specified when BIND -was built) that is read by both \fBrndc\fP and \fBnamed\fP on startup. +This option sets automatic \fBrndc\fP configuration, which creates a file +\fB@sysconfdir@/rndc.key\fP that is read by both \fBrndc\fP and \fBnamed\fP on startup. The \fBrndc.key\fP file defines a default command channel and authentication key allowing \fBrndc\fP to communicate with \fBnamed\fP on the local host with no further configuration. diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in index 7025a5db93..3b1d5d2f25 100644 --- a/doc/man/rndc.8in +++ b/doc/man/rndc.8in @@ -69,11 +69,11 @@ IPv4 and IPv6 source addresses. .TP .B \fB\-c config\-file\fP This option indicates \fBconfig\-file\fP as the configuration file instead of the default, -\fB/etc/rndc.conf\fP\&. +\fB@sysconfdir@/rndc.conf\fP\&. .TP .B \fB\-k key\-file\fP This option indicates \fBkey\-file\fP as the key file instead of the default, -\fB/etc/rndc.key\fP\&. The key in \fB/etc/rndc.key\fP is used to +\fB@sysconfdir@/rndc.key\fP\&. The key in \fB@sysconfdir@/rndc.key\fP is used to authenticate commands sent to the server if the config\-file does not exist. .TP diff --git a/doc/misc/rst-options.pl b/doc/misc/rst-options.pl index 8a1badc1b3..695144693b 100644 --- a/doc/misc/rst-options.pl +++ b/doc/misc/rst-options.pl @@ -125,7 +125,7 @@ print <