Add bind-9.7.2_p3-r9.ebuild. Remove bind-9.7.2_p2-r9.ebuild.

net-dns/bind/Manifest

@@ -4,12 +4,12 @@ AUX bind-9.7.2-use_deprecated.patch 274 RMD160 9aacb2dc751048c4fca6cf9ff89731863
 AUX bind-dlzmysql5-reconnect.patch 1842 RMD160 687f6128b6511dbeecdfc81b197520b1afd74005 SHA1 7b9b8e1b85f1344e4b5d8566ab868fcb1e87a049 SHA256 7376ac37c2d3fbcf5d8e886008639bdbe642f44c9021f435af370bddd3f03bd4
 AUX localhost.zone-r3 426 RMD160 b2dfe76923695e6eac49234b7e7f90fef4d1838e SHA1 b84babc535466cacc7001e4c6eb21e22ae11b22d SHA256 3f39e9b5be72435e961cd6f5acdfe396b05640bf370969acf918a939575122bc
 AUX named.cache 2941 RMD160 c29f47291496e67e72c129db488d07172fe244e6 SHA1 b1575428e8b5f513469a90a32cf163e8db46cab5 SHA256 35f7fcf2b177678cf362af7ac942f7f1a1c102c045dc3844991a411fc4c5d277
-AUX named.conf-r4 5288 RMD160 d5b56d46370b0e54e42aefbe41e1ff290df30439 SHA1 945ee47a99d37c2160829b2fdfd9ffbd3293b333 SHA256 852fc5f2100c94834b59ee64566b7414f0ec12b17751900bb572ab2375c8ca50
-AUX named.confd-r4 1293 RMD160 4177cffeef1ff0c8abc1eaba6f5cbeaed5477733 SHA1 89b0c4f4b7dca771bf121e8ce3b00e00bc31ec8c SHA256 2a4b36a7d42b5c8e54b0b4389ac32cba54cfc6187a3fd67c80d90d57434c9dbb
-AUX named.init-r8 4287 RMD160 d7c75206ec3c086dbfb5d1315b8902550a63e2dc SHA1 ad864d07bd0e71856875c8c1e8a58f89a54891bc SHA256 e25aa0f83ff472b087fd1c64a890aafc66d1cc8c9dd03b62677ae595cf0afd36
-DIST bind-9.7.2-P2.tar.gz 7573857 RMD160 dcc8bf34d0e72c53257d9ac61f88fd0f3f039672 SHA1 ad143fa002d16352648c651ac12471258971a0d1 SHA256 e6d5938184066fc793c28ff975e09e9721116aede2a2d6d93b1be5e8654a5c8a
+AUX named.conf-r5 3952 RMD160 e4554204786565b08eefb9d129c7b8e0b3a55454 SHA1 cd5c48aa966760343a807c107839c82ba5b575a0 SHA256 fd1e2cbb7d2b3d00ae658a431c747a2adb35227bf6bc6996db1fe705cf2da943
+AUX named.confd-r5 1224 RMD160 b353a2bd8c73cbc1f967d04339d4f07db840a5ee SHA1 181a57e1b2c0371ad2704bb61f621498e2bfddff SHA256 00f06f96dc0cc7855bd15d31449b492e3a2502938e8038081c9f09e0d0ce7a08
+AUX named.init-r9 4946 RMD160 48cce5a99a8da1eff3492c4896fbae4c1343a675 SHA1 944ed08d22e70ba93625814695535f58feed2083 SHA256 77fd6b4ecb0f7f4baa872d1be1b18d2ea9a913a15f30f63ab904a62ad4325748
+DIST bind-9.7.2-P3.tar.gz 7643996 RMD160 304f362cef1c3e48bece850802a08159ecfd5428 SHA1 ca621a23e79298b4da14a3884690edbccda410d4 SHA256 cd945f4766be664f4528ec065df626ad3624481695316ec8e13ad272f4abfb7e
+DIST bind-geoip-1.3-9.7.2-P2.patch 54084 RMD160 fcc2308bd2832df821f76aeb1ea1c5740fadb6f3 SHA1 786c2fd8dde40f235e292f5bd883094863976580 SHA256 c12c03fc25a679d8d4296142597c698ab934e18cc761113553062a66be2875dd
 DIST bind-geoip-1.3-readme.txt 10040 RMD160 073956324ed4780e0e0cdbf40ae259f85ebef9d2 SHA1 e13ea2f458adfed3f1a20f9fe3eb2bfd484fc0b0 SHA256 380ce89f1a614f46571ad59bddf0f268275691aa2d7a7a7bf1c2a3ef4d26e845
-DIST bind-geoip-1.3.patch 54070 RMD160 5d01a20104b572588507aea4b8f6cbf66f68a973 SHA1 8a465d04d5c2d9c7cb881c3331a64e61077e1e3a SHA256 126db2f6e603f0dbe102b3ddfda85e0243fae314b40bb16dce2fd7d4d4bb93b4
 DIST bind-sdb-ldap-1.1.0.tar.bz2 5883 RMD160 ec2f684f278e5fa72158486a14dfce3005a62602 SHA1 fae539a29615fda56a2dcb55a1e01d335835b980 SHA256 afe9cc6a99c20f1dc1929b0a30ff815b0aac509a6c12f8df432853c856d35754
 DIST dyndns-samples.tbz2 22866 RMD160 27d5b2d0edb8e1ff16b3f980c38d7af33ccf0c7d SHA1 0a62e9458d0e16b67a3a2f63ea485ce969f1fb4d SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8
-EBUILD bind-9.7.2_p2-r9.ebuild 11041 RMD160 2688e190e424bf8cbd6962082da7ed6046902e2a SHA1 3590fa4f0733fec046792c95cdd67aa3faf41c64 SHA256 818de405848be41b22d35d125ff4df3630d04750a7a673ab367eed3625750279
+EBUILD bind-9.7.2_p3-r9.ebuild 11340 RMD160 c50cbe4785052a29f811226ff86e19e6f40567e0 SHA1 b2d843711629de8da586f2971a5a651f6893fb9e SHA256 a05eb29c28bf1b68dc3d5b0cc7552573de653ccc89fbbe1ced64caae4b3f4560

net-dns/bind/bind-9.7.2_p3-r9.ebuild

@@ -1,6 +1,6 @@
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.7.2_p2.ebuild,v 1.1 2010/10/05 10:43:52 idl0r Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.7.2_p3-r3.ebuild,v 1.1 2011/01/07 23:37:37 robbat2 Exp $
 
 EAPI="3"
 
@@ -12,15 +12,19 @@ MY_P="${PN}-${MY_PV}"
 SDB_LDAP_VER="1.1.0"
 
 GEOIP_PV=1.3
-GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
+#GEOIP_PV_AGAINST="${MY_PV}"
+GEOIP_PV_AGAINST="9.7.2-P2"
 GEOIP_P="bind-geoip-${GEOIP_PV}"
+GEOIP_PATCH_A="${GEOIP_P}-${GEOIP_PV_AGAINST}.patch"
+GEOIP_DOC_A="${GEOIP_P}-readme.txt"
+GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
 
 DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
 HOMEPAGE="http://www.isc.org/software/bind"
 SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
 	doc? ( mirror://gentoo/dyndns-samples.tbz2 )
-	geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_P}-readme.txt
-			 ${GEOIP_SRC_URI_BASE}/files/${GEOIP_P}.patch )
+	geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
+			 ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
 	sdb-ldap? ( mirror://gentoo/bind-sdb-ldap-${SDB_LDAP_VER}.tar.bz2 )"
 
 LICENSE="as-is"
@@ -90,11 +94,11 @@ src_prepare() {
 	use sdb-ldap && epatch "${FILESDIR}"/bind-9.7.2-use_deprecated.patch
 
 	if use geoip; then
-		cp "${DISTDIR}"/${GEOIP_P}.patch "${S}" || die
-		sed -i -e 's/-RELEASEVER=3/-RELEASEVER=2/' \
-			-e 's/+RELEASEVER=3-geoip-1.3/+RELEASEVER=2-geoip-1.3/' \
-			${GEOIP_P}.patch || die
-		epatch ${GEOIP_P}.patch
+		cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
+		sed -i -e 's/-RELEASEVER=2/-RELEASEVER=3/' \
+			-e 's/+RELEASEVER=2-geoip-1.3/+RELEASEVER=3-geoip-1.3/' \
+			${GEOIP_PATCH_A} || die
+		epatch ${GEOIP_PATCH_A}
 	fi
 
 	# bug #220361
@@ -203,7 +207,7 @@ src_install() {
 	use geoip && dodoc "${DISTDIR}"/${GEOIP_P}-readme.txt
 
 	insinto /etc/bind
-	newins "${FILESDIR}"/named.conf-r4 named.conf || die
+	newins "${FILESDIR}"/named.conf-r5 named.conf || die
 
 	# ftp://ftp.rs.internic.net/domain/named.cache:
 	insinto /var/bind
@@ -213,8 +217,8 @@ src_install() {
 	newins "${FILESDIR}"/127.zone-r1 127.zone || die
 	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone || die
 
-	newinitd "${FILESDIR}"/named.init-r8 named || die
-	newconfd "${FILESDIR}"/named.confd-r4 named || die
+	newinitd "${FILESDIR}"/named.init-r9 named || die
+	newconfd "${FILESDIR}"/named.confd-r5 named || die
 
 	newenvd "${FILESDIR}"/10bind.env 10bind || die
 
@@ -296,6 +300,7 @@ pkg_postinst() {
 pkg_config() {
 	CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
 	CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+	CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
 
 	if [[ -z "${CHROOT}" ]]; then
 		eerror "This config script is designed to automate setting up"
@@ -342,6 +347,10 @@ pkg_config() {
 		cp -a /var/bind ${CHROOT}/var/
 	fi
 
+	if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+		mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
+	fi
+
 	elog "You may need to add the following line to your syslog-ng.conf:"
 	elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
 }

net-dns/bind/files/named.conf-r4

@@ -1,216 +0,0 @@
-/*
- * Refer to the named.conf(5) and named(8) man pages, and the documentation
- * in /usr/share/doc/bind-9 for more details.
- * Online versions of the documentation can be found here:
- * http://www.isc.org/software/bind/documentation
- *
- * If you are going to set up an authoritative server, make sure you
- * understand the hairy details of how DNS works. Even with simple mistakes,
- * you can break connectivity for affected parties, or cause huge amounts of
- * useless Internet traffic.
- */
-
-acl "xfer" {
-	/* Allow no transfers. If we have other name servers, place them here. */
-	//127.0.0.1/32;
-	//::1/128;
-	"none";
-};
-
-/* 
- * You might put in here some ips which are allowed to use the cache or
- * recursive queries
- */
-acl "trusted" {
-	127.0.0.0/8;
-	::1/128;
-};
-
-options {
-	directory "/var/bind";
-	pid-file "/var/run/named/named.pid";
-
-	/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
-	// bindkeys-file "/etc/bind/bind.keys";
-
-	listen-on-v6 { ::1; };
-	listen-on { 127.0.0.1; };
-
-	allow-query {
-		/*
-		 * Accept queries from our "trusted" ACL.  We will
-		 * allow anyone to query our master zones below.
-		 * This prevents us from becoming a free DNS server
-		 * to the masses.
-		 */
-		trusted;
-	};
-
-	allow-query-cache {
-		/* Use the cache for the "trusted" ACL. */
-		trusted;
-	};
-
-	allow-transfer {
-		/*
-		 * Zone tranfers limited to members of the
-		 * "xfer" ACL (e.g. secondary nameserver).
-		 */
-		xfer;
-	};
-
-/*
- * If you've got a DNS server around at your upstream provider, enter its
- * IP address here, and enable the line below. This will make you benefit
- * from its cache, thus reduce overall DNS traffic in the Internet.
- * 
- * Uncomment the following lines to turn on DNS forwarding, and change
- *  and/or update the forwarding ip address(es):
- */
-/*
-	forward first;
-	forwarders {
-	//	123.123.123.123;	// Your ISP NS
-	//	124.124.124.124;	// Your ISP NS
-		4.2.2.1;		// Level3 Public DNS
-		4.2.2.2;		// Level3 Public DNS
-		8.8.8.8;		// Google Open DNS
-		8.8.4.4;		// Google Open DNS
-	};
-
-*/
-
-	// dnssec-enable yes;
-	// dnssec-validation yes;
-
-	/* if you have problems and are behind a firewall: */
-	//query-source address * port 53;
-};
-
-logging {
-	channel default_log {
-		file "/var/log/named/named.log" versions 5 size 50M;
-		print-time yes;
-		print-severity yes;
-		print-category yes;
-	};
-
-	category default { default_log; };
-	category general { default_log; };
-};
-
-include "/etc/bind/rndc.key";
-controls {
-	inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
-};
-
-
-view "internal" in {
-	/*
-	 * Our internal (trusted) view. We permit the internal networks
-	 * to freely access this view. We perform recursion for our
-	 * internal hosts, and retrieve data from the cache for them.
-	 */
-
-	match-clients { trusted; };
-	recursion yes;
-	additional-from-auth yes;
-	additional-from-cache yes;
-
-	zone "." in {
-		type hint;
-		file "/var/bind/root.cache";
-	};
-
-	zone "localhost" IN {
-		type master;
-		file "pri/localhost.zone";
-		allow-update { none; };
-		notify no;
-		allow-query { any; };
-		allow-transfer { none; }; 
-	};
-
-	zone "127.in-addr.arpa" IN {
-		type master;
-		file "pri/127.zone";
-		allow-update { none; };
-		notify no;
-		allow-query { any; };
-		allow-transfer { none; };
-	};
-
-	/*
-	 * NOTE: All zone blocks for "public" view should be listed here in "internal"
-	 * too! Otherwise you'll have trouble to resolv the public zones properly.
-	 * That affects all hosts from the "trusted" ACL.
-	 * A separate config, which contains all zone blocks, might be better in
-	 * this case. Then you can simply add:
-	 * include "/etc/bind/zones.cfg";
-	 * for "internal" and "public" view.
-	 */
-
-	/*
-	 * Briefly, a zone which has been declared delegation-only will be effectively
-	 * limited to containing NS RRs for subdomains, but no actual data beyond its
-	 * own apex (for example, its SOA RR and apex NS RRset). This can be used to
-	 * filter out "wildcard" or "synthesized" data from NAT boxes or from
-	 * authoritative name servers whose undelegated (in-zone) data is of no
-	 * interest.
-	 * See http://www.isc.org/software/bind/delegation-only for more info
-	 */
-
-	//zone "COM" { type delegation-only; };
-	//zone "NET" { type delegation-only; };
-};
-
-view "public" in {
-	/*
-	 * Our external (untrusted) view. We permit any client to access
-	 * portions of this view. We do not perform recursion or cache
-	 * access for hosts using this view.
-	 */
-
-	match-clients { any; };
-	recursion no;
-	additional-from-auth no;
-	additional-from-cache no;
-
-	zone "." in {
-		type hint;
-		file "/var/bind/root.cache";
-	};
-
-	//zone "YOUR-DOMAIN.TLD" {
-	//	type master;
-	//	file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
-	//	allow-query { any; };
-	//	allow-transfer { xfer; };
-	//};
-
-	//zone "YOUR-SLAVE.TLD" {
-	//	type slave;
-	//	file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
-	//	masters { <MASTER>; };
-
-	//	/* Anybody is allowed to query but transfer should be controlled by the master. */
-	//	allow-query { any; };
-	//	allow-transfer { none; };
-
-	//	/* The master should be the only one who notifies the slaves, shouldn't it? */
-	//	allow-notify { <MASTER>; };
-	//	notify no;
-	//};
-};
-
-/* Hide the bind version */
-/*
-view "chaos" chaos {
-	match-clients { any; };
-	allow-query { none; };
-	zone "." {
-		type hint;
-		file "/dev/null";  // or any empty file
-	};
-};
-*/

net-dns/bind/files/named.conf-r5

@@ -0,0 +1,165 @@
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-9 for more details.
+ * Online versions of the documentation can be found here:
+ * http://www.isc.org/software/bind/documentation
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+acl "xfer" {
+	/* Deny transfers by default except for the listed hosts.
+	 * If we have other name servers, place them here.
+	 */
+	none;
+};
+
+/*
+ * You might put in here some ips which are allowed to use the cache or
+ * recursive queries
+ */
+acl "trusted" {
+	127.0.0.0/8;
+	::1/128;
+};
+
+options {
+	directory "/var/bind";
+	pid-file "/var/run/named/named.pid";
+
+	/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+	//bindkeys-file "/etc/bind/bind.keys";
+
+	listen-on-v6 { ::1; };
+	listen-on { 127.0.0.1; };
+
+	allow-query {
+		/*
+		 * Accept queries from our "trusted" ACL.  We will
+		 * allow anyone to query our master zones below.
+		 * This prevents us from becoming a free DNS server
+		 * to the masses.
+		 */
+		trusted;
+	};
+
+	allow-query-cache {
+		/* Use the cache for the "trusted" ACL. */
+		trusted;
+	};
+
+	allow-recursion {
+		/* Only trusted addresses are allowed to use recursion. */
+		trusted;
+	};
+
+	allow-transfer {
+		/* Zone tranfers are denied by default. */
+		none;
+	};
+
+	allow-update {
+		/* Don't allow updates, e.g. via nsupdate. */
+		none;
+	};
+
+	/*
+	* If you've got a DNS server around at your upstream provider, enter its
+	* IP address here, and enable the line below. This will make you benefit
+	* from its cache, thus reduce overall DNS traffic in the Internet.
+	*
+	* Uncomment the following lines to turn on DNS forwarding, and change
+	*  and/or update the forwarding ip address(es):
+	*/
+/*
+	forward first;
+	forwarders {
+	//	123.123.123.123;	// Your ISP NS
+	//	124.124.124.124;	// Your ISP NS
+	//	4.2.2.1;		// Level3 Public DNS
+	//	4.2.2.2;		// Level3 Public DNS
+		8.8.8.8;		// Google Open DNS
+		8.8.4.4;		// Google Open DNS
+	};
+
+*/
+
+	//dnssec-enable yes;
+	//dnssec-validation yes;
+
+	/* if you have problems and are behind a firewall: */
+	//query-source address * port 53;
+};
+
+/*
+logging {
+	channel default_log {
+		file "/var/log/named/named.log" versions 5 size 50M;
+		print-time yes;
+		print-severity yes;
+		print-category yes;
+	};
+
+	category default { default_log; };
+	category general { default_log; };
+};
+*/
+
+include "/etc/bind/rndc.key";
+controls {
+	inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
+};
+
+zone "." in {
+	type hint;
+	file "/var/bind/root.cache";
+};
+
+zone "localhost" IN {
+	type master;
+	file "pri/localhost.zone";
+	notify no;
+};
+
+zone "127.in-addr.arpa" IN {
+	type master;
+	file "pri/127.zone";
+	notify no;
+};
+
+/*
+ * Briefly, a zone which has been declared delegation-only will be effectively
+ * limited to containing NS RRs for subdomains, but no actual data beyond its
+ * own apex (for example, its SOA RR and apex NS RRset). This can be used to
+ * filter out "wildcard" or "synthesized" data from NAT boxes or from
+ * authoritative name servers whose undelegated (in-zone) data is of no
+ * interest.
+ * See http://www.isc.org/software/bind/delegation-only for more info
+ */
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+//zone "YOUR-DOMAIN.TLD" {
+//	type master;
+//	file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
+//	allow-query { any; };
+//	allow-transfer { xfer; };
+//};
+
+//zone "YOUR-SLAVE.TLD" {
+//	type slave;
+//	file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
+//	masters { <MASTER>; };
+
+	/* Anybody is allowed to query but transfer should be controlled by the master. */
+//	allow-query { any; };
+//	allow-transfer { none; };
+
+	/* The master should be the only one who notifies the slaves, shouldn't it? */
+//	allow-notify { <MASTER>; };
+//	notify no;
+//};

net-dns/bind/files/named.confd-r5

@@ -1,6 +1,6 @@
 # Set various named options here.
 #
-OPTIONS=""
+#OPTIONS=""
 
 # Set this to the number of processors you want bind to use.
 # Leave this unchanged if you want bind to automatically detect the number
@@ -13,16 +13,14 @@ OPTIONS=""
 #
 #CHROOT="/chroot/dns"
 
+# Uncomment to enable binmount of /usr/share/GeoIP
+#CHROOT_GEOIP="1"
+
 # Uncomment the line below to avoid that the init script mounts the needed paths
 # into the chroot directory.
 # You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
 #CHROOT_NOMOUNT="1"
 
-# RNDC needs to be told what server we're using sometimes.
-#SERVER="-s 127.0.0.1"
-# rndc key to use
-RNDC_KEY="${CHROOT}/etc/bind/rndc.key"
-
 # Default pid file location
 PIDFILE="${CHROOT}/var/run/named/named.pid"
 

net-dns/bind/files/named.init-r9

@@ -1,9 +1,9 @@
 #!/sbin/runscript
 # Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r8,v 1.1 2010/09/23 17:49:44 idl0r Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r9,v 1.2 2010/12/15 23:35:09 idl0r Exp $
 
-opts="start stop reload restart"
+opts="start stop reload restart checkconfig checkzones"
 
 depend() {
 	need net
@@ -30,19 +30,30 @@ _mount() {
 	opts="${*}"
 	shift $#
 
-	if [ -z "$(grep ${to} /proc/mounts)" ]; then
+	if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
 		einfo "mounting ${from} to ${to}"
 		mount ${from} ${to} ${opts} || return 1
 	fi
+
+	return 0
 }
 
 _umount() {
 	local dir=$1
 
-	if [ -n "$(grep ${dir} /proc/mounts)" ]; then
+	if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
 		einfo "umount ${dir}"
-		umount ${dir}
+		umount ${dir} || return 1
 	fi
+
+	return 0
+}
+
+_get_pidfile() {
+	# as suggested in bug #107724, bug 335398#c17
+	[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
+			/usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF/${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
+	[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/var/run/named/named.pid
 }
 
 check_chroot() {
@@ -55,34 +66,35 @@ check_chroot() {
 		[ ! -e "${CHROOT}/etc/localtime" ] && return 1
 		[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
 		[ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
+		[ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
 	fi
 
 	return 0
 }
 
 checkconfig() {
+	ebegin "Checking named configuration"
+
 	if [ ! -f "${NAMED_CONF}" ] ; then
 		eerror "No ${NAMED_CONF} file exists!"
+		return 1
 	fi
 
-	named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF/${CHROOT}} 1>/dev/null || {
+	/usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF/${CHROOT}} || {
 		eerror "named-checkconf failed! Please fix your config first."
 		return 1
 	}
 
-	# as suggested in bug #107724
-	[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
-		egrep -v \
-			"^([[:cntrl:] ]+(#|//|/\*)|(#|//|/\*))" \
-			${CHROOT}/etc/bind/named.conf \
-				| egrep -o -m1 "pid\-file +\".+\" *;" \
-				| cut -d\" -f2
-	)
-	[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/var/run/named/named.pid
-
+	eend 0
 	return 0
 }
 
+checkzones() {
+	ebegin "Checking named configuration and zones"
+	/usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF/${CHROOT}}
+	eend $?
+}
+
 start() {
 	local piddir
 
@@ -100,15 +112,16 @@ start() {
 			_mount /etc/bind ${CHROOT}/etc/bind -o bind
 			_mount /var/bind ${CHROOT}/var/bind -o bind
 			_mount /var/log/named ${CHROOT}/var/log/named -o bind
+			if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+				_mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
+			fi
 		fi
 	fi
 
-	checkconfig || {
-		eend 1
-		return 1
-	}
+	checkconfig || { eend 1; return 1; }
 
-	# create piddir (usually /var/run/named) if necessary
+	# create piddir (usually /var/run/named) if necessary, bug 334535
+	_get_pidfile
 	piddir="${PIDFILE%/*}"
 	if [ ! -d "${piddir}" ]; then
 		checkpath -q -d -o root:named -m 0770 "${piddir}" || {
@@ -133,20 +146,23 @@ stop() {
 	local reported=0
 
 	ebegin "Stopping ${CHROOT:+chrooted }named"
-	checkconfig || return 2
-	if [ -n "${RNDC_KEY}" ] && [ -f "${RNDC_KEY}" ]; then
-		rndc $SERVER -k $RNDC_KEY stop 1>/dev/null
-	else
-		# -R 10, bug 335398
-		start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
-			--exec /usr/sbin/named
+
+	# Workaround for now, until openrc's restart has been fixed.
+	# openrc doesn't care about a restart() function in init scripts.
+	if [ "${RC_CMD}" = "restart" ]; then
+		checkconfig || { eend 1; return 1; }
 	fi
 
+	# -R 10, bug 335398
+	_get_pidfile
+	start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
+		--exec /usr/sbin/named
+
 	if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
-		einfo "Umounting chroot dirs"
+		ebegin "Umounting chroot dirs"
 
 		# just to be sure everything gets clean
-		while [ -n "$(fuser ${CHROOT} 2>/dev/null)" ]; do
+		while fuser -s ${CHROOT} 2>/dev/null; do
 			if [ "${reported}" -eq 0 ]; then
 				einfo "Waiting until all named processes are stopped"
 				reported=1
@@ -154,6 +170,7 @@ stop() {
 			sleep 1
 		done
 
+		[ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
 		_umount ${CHROOT}/etc/bind
 		_umount ${CHROOT}/var/log/named
 		_umount ${CHROOT}/var/bind
@@ -165,20 +182,19 @@ stop() {
 reload() {
 	local ret
 
-	# checkconf also gives us the pidfile.
-	checkconfig || return 3
-
 	ebegin "Reloading named.conf and zone files"
-	if [ -n "${RNDC_KEY}" ] && [ -f "${RNDC_KEY}" ] ; then
-		rndc $SERVER -k $RNDC_KEY reload 1>/dev/null
-		ret=$?
-	elif [ -n "${PIDFILE}" ]; then
-		start-stop-daemon --pidfile $PIDFILE --signal HUP
+
+	checkconfig || { eend 1; return 1; }
+
+	_get_pidfile
+	if [ -n "${PIDFILE}" ]; then
+		# FIXME: Remove --stop and --oknodo as soon as baselayout-1 has been removed... finally...
+		start-stop-daemon --stop --oknodo --pidfile $PIDFILE --signal HUP --exec /usr/sbin/named
 		ret=$?
 	else
-		ewarn "Neither an rndc key has been specified nor a pidfile... this is"
+		ewarn "Unable to determine the pidfile... this is"
 		ewarn "a fallback mode. Please check your installation!"
-		
+
 		$RC_SERVICE restart
 		ret=$?
 	fi