Untitled

#!/bin/sh

# lock_acq - acquire lock by creating lockfile
# arguments:
#   lockfile - name of lockfile
#   retrysleep - how long (in seconds) to sleep before trying to
#                acquire the lock again
#   retries - how many times to try to acquire the lock
#
# if the lock is not acquired, this function terminates the shell
#
lock_acq() {
	local ALOCKFILE ARETRYSLEEP ARETRIES LUID LCOUNT LSTARTTIME LDONETIME SUGGESTSLEEP
	ALOCKFILE="$1"
	ARETRYSLEEP="$2"
	ARETRIES="$3"
	shift 3

	LUID="`whoami` $$ `date`"
	LSTARTTIME=`date +%s`
	LCOUNT=0
	while [ "${LCOUNT}" -lt "${ARETRIES}" ];
	do
		if ln -s "${LUID}" "${ALOCKFILE}"; then
			break
		fi
		sleep ${ARETRYSLEEP}
		LCOUNT=`expr ${LCOUNT} + 1`
	done
	if [ "${LCOUNT}" -ge "${ARETRIES}" ]; then
		echo "${TLA} can't acquire lock ${ALOCKFILE} after ${ARETRIES} tries... giving up" 1>&2
		return 1
	fi
	if [ "${LCOUNT}" -gt 0 ]; then
		LDONETIME=`date +%s`
		SUGGESTSLEEP=`expr ${LDONETIME} - ${LSTARTTIME}`
		echo "${TLA} increase lock sleep time (suggest ${SUGGESTSLEEP})" 1>&2
	fi
}

# lock_rel - release lock
#
lock_rel() {
	local ALOCKFILE
	ALOCKFILE="$1"

	rm -f ${ALOCKFILE}
}

# ndc_lock_acq - acquire [r]ndc lock by creating lockfile
# arguments:
#   retrysleep - how long (in seconds) to sleep before trying to
#                acquire the lock again
#   retries - how many times to try to acquire the lock
#
# if the lock is not acquired, this function terminates the shell
#
ndc_lock_acq() {
	lock_acq /tmp/ndc.lock "$1" "$2"
}

# ndc_lock_rel - release [r]ndc lock
#
ndc_lock_rel() {
	lock_rel /tmp/ndc.lock
}

# reload_zone - tells named to reload the zone (after the new
# zonefile is put in place)
#
reload_zone() {
	local AZONE ASERIAL ARELOADSLEEP ARETRYSLEEP ARETRIES LCOUNT LSOA RELSTARTTIME RELDONETIME SUGGESTSLEEP RETRYWARNCOUNT
	AZONE="$1"
	ASERIAL="$2"
	ARELOADSLEEP="$3"
	ARETRYSLEEP="$4"
	ARETRIES="$5"
	shift 5

	${MAPSBIN}/runndc "${AZONE}"

	RELSTARTTIME=`date +%s`
	sleep ${ARELOADSLEEP}	# wait for a while for the zone to reload
	LCOUNT=0
	while [ "${LCOUNT}" -lt "${ARETRIES}" ]
	do
		LSOA=`${HOST} -t soa ${AZONE}. 127.0.0.1 |
			fgrep "${AZONE}" | awk ' { print $7; }'`
		if [ "${LSOA}" = "${ASERIAL}" ]
		then
			break
		fi
		sleep ${ARETRYSLEEP}	# snooze
		LCOUNT=`expr ${LCOUNT} + 1`
	done
	if [ "${LCOUNT}" -ge "${ARETRIES}" ]; then
		echo "${TLA} ${AZONE} can't verify reload after ${ARETRIES} tries... giving up" 1>&2
		return 1
	fi
	RETRYWARNCOUNT=0
	if [ "${ARETRIES}" -gt 3 ]; then
		RETRYWARNCOUNT=`expr "${ARETRIES}" - 3`
	fi
	if [ "${LCOUNT}" -ge "${RETRYWARNCOUNT}" ]; then
		RELDONETIME=`date +%s`
		SUGGESTSLEEP=`expr ${RELDONETIME} - ${RELSTARTTIME}`
		echo "${TLA} ${AZONE} increase reload sleep time (suggest ${SUGGESTSLEEP})" 1>&2
	fi
}

# and now, the common zone-building code

# if database is down, stop without further processing
if [ -e /proj/maps/etc/database-is-down ]; then
    exit 0
fi

# parse arguments:
#   -d: enable debugging (set DEBUG macro to "-d"; set sh -x)
#   -n: disable signaling named (or other transport) about new
#       zone files (set RUNNDC macro to "NO")
args=`getopt dn $*`
if [ $? != 0 ]
then
    echo "Usage: $0 [-dn]"
    exit 2
fi
set -- $args
for i
do
    case "$i"
    in
	-d)
	    shift
	    DEBUG="-d"
	    set -x
	    ;;
	-n)
	    shift
	    RUNNDC=NO
	    ;;
	--)
	    shift
	    break
	    ;;
    esac
done

# set default *PROCESS* argument lists
if [ "${PROCESSARGS}" = "" ]
then
    PROCESSARGS="-z"
fi

if [ "${PROCESSARGSRBLDNSD}" = "" ]
then
    PROCESSARGSRBLDNSD="-z -r"
fi

# set default RBLDNSD data set type
if [ "${DATASETTYPE}" = "" ]
then
    DATASETTYPE="ip4set"
fi

# set default checksum commands
if [ "${SUMBSD}" = "" ]
then
    SUMBSD="/usr/bin/cksum -o 1"
fi
if [ "${SUMSYSV}" = "" ]
then
    SUMSYSV="/usr/bin/cksum -o 2"
fi
if [ "${CKSUM}" = "" ]
then
    CKSUM="/usr/bin/cksum -o 3"
fi
if [ "${CKSUMPOSIX}" = "" ]
then
    CKSUMPOSIX="/usr/bin/cksum"
fi
if [ "${MD5}" = "" ]
then
    MD5="/sbin/md5"
fi

# lock the listfile
if ! lock_acq ${LISTLOCKFILE} 30 20
then
    RC=$?
    echo "${TLA} list build failed to acquire lock ${LISTLOCKFILE}" 1>&2
    exit ${RC}
fi

# clean up new temporary listfile on signals
trap "rm -f ${LISTFILE}.$$" 0 1 2 3

# we don't yet have a new listfile
rm -f ${LISTFILE}.$$
NEWLISTFILE=NO

# get the list contents into the new listfile
if ! listfunc > ${LISTFILE}.$$
then
    RC=$?
    echo "${TLA} rc ${RC} getting list contents -- failed" 1>&2
    rm -f ${LISTFILE}.$$
    lock_rel ${LISTLOCKFILE}
    exit ${RC}
fi

# compare new listfile with old listfile; keep new if different
cmp -s ${LISTFILE} ${LISTFILE}.$$
case $? in
0)
    # identical content -- flush new listfile
    rm -f ${LISTFILE}.$$
    ;;
*)
    # new listfile differs, flush old and replace with new
    if mv -f ${LISTFILE}.$$ ${LISTFILE}
    then
	:
    else
	rm -f ${LISTFILE} && mv ${LISTFILE}.$$ ${LISTFILE}
	RC=$?
	if [ ${RC} != 0 ]
	then
	    # can't move new into place, complain and exit
	    echo "${TLA} rc ${RC} saving listfile ${LISTFILE}" 1>&2
	    rm -f ${LISTFILE}.$$
	    lock_rel ${LISTLOCKFILE}
	    exit ${RC}
	fi
    fi
    NEWLISTFILE=YES
esac

# done building listfile, release lock
lock_rel ${LISTLOCKFILE}

if [ "${NEWLISTFILE}" = "YES" ]
then

    # get a clean start
    rm -f ${LISTFILE}-bind
    rm -f ${LISTFILE}-rbldnsd

    if [ "${POSTPROCESS}" != "" ]
    then
	# reformat the list file entries into BIND zone file entries
	if ! ${PROCESS} ${PROCESSARGS} < ${LISTFILE} |
	    ${POSTPROCESS} ${POSTPROCESSARGS} > ${LISTFILE}-bind
	then
	    RC=$?
	    echo "${TLA} rc ${RC} on list conversion -- skipping BIND-format zone files" 1>&2
	    rm -f ${LISTFILE}-bind
	fi
    fi

    if [ "${POSTPROCESSRBLDNSD}" != "" ]
    then
	# reformat the list file entries into RBLDNSD zone file entries
	if ! ${PROCESS} ${PROCESSARGSRBLDNSD} < ${LISTFILE} |
	    ${POSTPROCESSRBLDNSD} ${POSTPROCESSARGS} > ${LISTFILE}-rbldnsd
	then
	    RC=$?
	    echo "${TLA} rc ${RC} on list conversion -- skipping RBLDNSD-format zone files" 1>&2
	    rm -f ${LISTFILE}-rbldnsd
	fi
    fi

fi

# now figure out what zones we can build for this tla
TLAQ=\'${TLA}\'
ZONES=`${PSQL} -U ${DBUSER} -h ${DBHOST} -t -c \
    "select zone from zones where list = ${TLAQ} order by zone;" ${DBNAME}`
RC=$?
if [ ${RC} != 0 ]
then
    echo "${TLA} rc ${RC} getting zone list -- aborting" 1>&2
    exit ${RC}
fi
if [ ! -n "${ZONES}" ]
then
    echo "${TLA} has no zones -- aborting" 1>&2
    exit 1
fi

# for each zone
for ZONE in ${ZONES}
do
    ZONEQ=\'${ZONE}\'
    ZONELOCKFILE=/tmp/${TLA}-${ZONE}-build.lock
    NSLISTFILE=${WORKDIR}/${ZONE}-nslist
    NEWNSLISTFILE=NO
    NEWZBINDFILE=NO
    NEWZBINDGZ=NO
    NEWZBINDTGZ=NO
    NEWZRBLDNSDFILE=NO
    NEWZRBLDNSDGZ=NO
    NEWZRBLDNSDTGZ=NO

    ZNSS=`${PSQL} -U $DBUSER -h $DBHOST -A -t -c \
        "select host from zoneservers where zone = ${ZONEQ} order by host;" $DBNAME`
    RC=$?
    if [ ${RC} != 0 ]
    then
	echo "${TLA} ${ZONE} rc ${RC} getting nameservers -- skipping" 1>&2
	continue
    fi
    if [ ! -n "${ZNSS}" ]
    then
	echo "${TLA} ${ZONE} no nameservers -- skipping" 1>&2
	continue
    fi

    ZBFN=`${PSQL} -U $DBUSER -h $DBHOST -A -t -c \
	"select filebasename from zones where list = ${TLAQ} and zone = ${ZONEQ};" $DBNAME`
    RC=$?
    if [ ${RC} != 0 ]
    then
	echo "${TLA} ${ZONE} rc ${RC} getting filebasename -- skipping" 1>&2
	continue
    fi
    if [ ! -n "${ZBFN}" ]
    then
	echo "${TLA} ${ZONE} no filebasename -- skipping" 1>&2
	continue
    fi

    ZBINDFILE=${WORKDIR}/${ZBFN}-zone-bind
    ZRBLDNSDFILE=${WORKDIR}/${ZBFN}-zone-rbldnsd

    # lock the zone file(s)
    if ! lock_acq ${ZONELOCKFILE} 30 20
    then
	echo "${TLA} ${ZONE} zone build failed to acquire lock ${ZONELOCKFILE}" 1>&2
	continue
    fi

    # clean up new temporary nameserver listfile on signals
    trap "rm -f ${NSLISTFILE}.$$" 0 1 2 3

    rm -f ${NSLISTFILE}.$$
    for NS in ${ZNSS}
    do
	echo ${NS} >> ${NSLISTFILE}.$$
    done

    # compare new nameserver list with old; keep new if different
    cmp -s ${NSLISTFILE}.$$ ${NSLISTFILE}
    case $? in
    0)
	# identical content -- flush new listfile
	rm -f ${NSLISTFILE}.$$
	;;
    *)
	# new nameserver list differs, flush old file and replace with new
	if mv -f ${NSLISTFILE}.$$ ${NSLISTFILE}
	then
	    :
	else
	    rm -f ${NSLISTFILE} && mv ${NSLISTFILE}.$$ ${NSLISTFILE}
	    RC=$?
	    if [ ${RC} != 0 ]
	    then
		# can't move new into place, complain and exit
		echo "${TLA} ${ZONE} rc ${RC} saving nslist ${NSLISTFILE} -- skipping" 1>&2
		rm -f ${NSLISTFILE}.$$
		lock_rel ${ZONELOCKFILE}
		continue
	    fi
	fi
	NEWNSLISTFILE=YES
    esac

    # if we don't have a new listfile, or a new nameserver list file,
    # there's nothing to further to do for the zone, so skip
    if [ "${NEWLISTFILE}" != "YES" -a "${NEWNSLISTFILE}" != "YES" ]
    then
	lock_rel ${ZONELOCKFILE}
	continue
    fi

    # if there's a BIND-format list data file...
    if [ -f ${LISTFILE}-bind ]
    then

	# clean up new temporary BIND-format zonefile on signals
	trap "rm -f ${ZBINDFILE}.$$" 0 1 2 3

	# create a new temporary BIND-format zonefile and write its header
	rm -f ${ZBINDFILE}.$$
	echo "; Autogenerated; do not edit" > ${ZBINDFILE}.$$
	echo '$TTL' "${DEFTTL}" >> ${ZBINDFILE}.$$
	cat >> ${ZBINDFILE}.$$ <<EOF
@	IN	SOA	${SOANSNAME}.	${SOARNAME}. (
			${SOASERIAL} ${SOAREFRESH} ${SOARETRY} ${SOAEXPIRE} ${SOAMINTTL} )
		TXT	"Copyright ${COPYRIGHTYEAR} Trend Micro Incorporated"
	IN	MX	10 mx01.mail-abuse.com.
	IN	MX	10 mx02.mail-abuse.com.
	IN	MX	10 mx03.mail-abuse.com.
	IN	MX	10 mx04.mail-abuse.com.
;
EOF
	for NS in ${ZNSS}
	do
	    printf "\t%s\tNS\t%s.\n" ${NSTTL} ${NS} >> ${ZBINDFILE}.$$
	done

	# copy in the BIND-format list data
	cat ${LISTFILE}-bind >> ${ZBINDFILE}.$$
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} copying BIND format list data -- skipping" 1>&2
	    rm -f ${ZBINDFILE}.$$
	fi

	# if we still have a zone data file, save it
	if [ -f ${ZBINDFILE}.$$ ]
	then
	    if mv -f ${ZBINDFILE}.$$ ${ZBINDFILE}
	    then
		NEWZBINDFILE=YES
	    else
		rm -f ${ZBINDFILE} && mv ${ZBINDFILE}.$$ ${ZBINDFILE}
		RC=$?
		if [ ${RC} != 0 ]
		then
		    echo "${TLA} ${ZONE} rc ${RC} saving BIND zone file ${ZBINDFILE} -- skipping" 1>&2
		    rm -f ${ZBINDFILE}.$$
		else
		    NEWZBINDFILE=YES
		fi
	    fi
	fi

    fi

    # if there's an RBLDNSD-format list data file...
    if [ -f ${LISTFILE}-rbldnsd ]
    then

	# clean up new temporary RBLDNSD-format zonefile on signals
	trap "rm -f ${ZRBLDNSDFILE}.$$" 0 1 2 3

	# create a new temporary RBLDNSD-format zonefile and write its header
	rm -f ${ZRBLDNSDFILE}.$$
	echo "; Autogenerated; do not edit" > ${ZRBLDNSDFILE}.$$
	echo '$TTL' "${DEFTTL}" >> ${ZRBLDNSDFILE}.$$
	echo '$SOA' "${DEFTTL} ${SOANSNAME} ${SOARNAME} ${SOASERIAL} ${SOAREFRESH} ${SOARETRY} ${SOAEXPIRE} ${SOAMINTTL}" >> ${ZRBLDNSDFILE}.$$
	echo -n '$NS' "${NSTTL}" >> ${ZRBLDNSDFILE}.$$
	for NS in ${ZNSS}
	do
	    echo -n ' ' ${NS} >> ${ZRBLDNSDFILE}.$$
	done
	echo >> ${ZRBLDNSDFILE}.$$
	echo '$DATASET' "generic @" >> ${ZRBLDNSDFILE}.$$
	cat  >> ${ZRBLDNSDFILE}.$$ <<EOF
@ TXT "Copyright ${COPYRIGHTYEAR} Trend Micro Incorporated"
@ MX 10 mx01.mail-abuse.com
@ MX 10 mx02.mail-abuse.com
@ MX 10 mx03.mail-abuse.com
@ MX 10 mx04.mail-abuse.com
EOF
	echo '$DATASET' "${DATASETTYPE} @" >> ${ZRBLDNSDFILE}.$$

	# if there are default A and TXT values, build up a defaults string
	if [ "${DEFAVALUE}" != "" ]
	then
	    ZRBLDNSDEFS=":${DEFAVALUE}"
	    if [ "${DEFTXTVALUE}" != "" ]
	    then
		ZRBLDNSDEFS="${ZRBLDNSDEFS}:${DEFTXTVALUE}"
	    fi
	fi

	# if there's a defaults string, write it to the file
	if [ "${ZRBLDNSDEFS}" != "" ]
	then
	    echo "${ZRBLDNSDEFS}" >> ${ZRBLDNSDFILE}.$$
	fi

	# copy in the RBLDNSD-format list data
	cat ${LISTFILE}-rbldnsd >> ${ZRBLDNSDFILE}.$$
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} copying RBLDNSD format list data -- skipping" 1>&2
	    rm -f ${ZRBLDNSDFILE}.$$
	fi

	# if we (still) have a new RBLDNSD-format zonefile, save it
	if [ -f ${ZRBLDNSDFILE}.$$ ]
	then
	    if mv -f ${ZRBLDNSDFILE}.$$ ${ZRBLDNSDFILE}
	    then
		NEWZRBLDNSDFILE=YES
	    else
		rm -f ${ZRBLDNSDFILE} && mv ${ZRBLDNSDFILE}.$$ ${ZRBLDNSDFILE}
		RC=$?
		if [ ${RC} != 0 ]
		then
		    echo "${TLA} ${ZONE} rc $RC saving RBLDNSD zone file ${ZRBLDNSDFILE} -- skipping" 1>&2
		    rm -f ${ZRBLDNSDFILE}.$$
		else
		    NEWZRBLDNSDFILE=YES
		fi
	    fi
	fi

    fi

    # if we built a new BIND-format zonefile, invalidate the old cksum files
    if [ "${NEWZBINDFILE}" = "YES" ]
    then
	rm -f ${ZBINDFILE}.sum-bsd
	rm -f ${ZBINDFILE}.sum-sysv
	rm -f ${ZBINDFILE}.cksum
	rm -f ${ZBINDFILE}.md5
    fi

    # if we built a new BIND-format zonefile, make new cksum files
    if [ "${NEWZBINDFILE}" = "YES" ]
    then
	${SUMBSD} <${ZBINDFILE} >${ZBINDFILE}.sum-bsd
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${SUMBSD} ${ZBINDFILE}" 1>&2
	    rm -f ${ZBINDFILE}.sum-bsd
	fi
	${SUMSYSV} <${ZBINDFILE} >${ZBINDFILE}.sum-sysv
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${SUMSYSV} ${ZBINDFILE}" 1>&2
	    rm -f ${ZBINDFILE}.sum-sysv
	fi
	${CKSUM} <${ZBINDFILE} >${ZBINDFILE}.cksum
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${CKSUM} ${ZBINDFILE}" 1>&2
	    rm -f ${ZBINDFILE}.cksum
	fi
	${CKSUMPOSIX} <${ZBINDFILE} >${ZBINDFILE}.cksumposix
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${CKSUMPOSIX} ${ZBINDFILE}" 1>&2
	    rm -f ${ZBINDFILE}.cksumposix
	fi
	${MD5} <${ZBINDFILE} >${ZBINDFILE}.md5
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${MD5} ${ZBINDFILE}" 1>&2
	    rm -f ${ZBINDFILE}.md5
	fi
    fi

    # if we built a new RBLDNSD-format zonefile, build a tarball and a gzip
    if [ "${NEWZBINDFILE}" = "YES" ]
    then
	SAVEDIR=`pwd`
	BINDDIR=`dirname ${ZBINDFILE}`
	cd ${BINDDIR}
	tar cf - `basename ${ZBINDFILE}` `basename ${ZBINDFILE}.cksum` `basename ${ZBINDFILE}.md5` `basename ${ZBINDFILE}.sum-bsd` `basename ${ZBINDFILE}.sum-sysv` | gzip >${ZBINDFILE}.tar.gz
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} creating ${ZBINDFILE}.tar.gz" 1>&2
	else
	    NEWZBINDTGZ=YES
	fi
	cd "${SAVEDIR}"
    fi

    # if we built a new BIND-format zonefile, gzip it too
    if [ "${NEWZBINDFILE}" = "YES" ]
    then
	gzip <${ZBINDFILE} >${ZBINDFILE}.gz
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} creating ${ZBINDFILE}.gz" 1>&2
	else
	    NEWZBINDGZ=YES
	fi
	cd "${SAVEDIR}"
    fi

    # if we built a new RBLDNSD-format zonefile, invalidate the old cksum files
    if [ "${NEWZRBLDNSDFILE}" = "YES" ]
    then
	rm -f ${ZRBLDNSDFILE}.sum-bsd
	rm -f ${ZRBLDNSDFILE}.sum-sysv
	rm -f ${ZRBLDNSDFILE}.cksum
	rm -f ${ZRBLDNSDFILE}.cksumpozix
	rm -f ${ZRBLDNSDFILE}.md5
    fi

    # if we built a new RBLDNSD-format zonefile, make new cksum files
    if [ "${NEWZRBLDNSDFILE}" = "YES" ]
    then
	${SUMBSD} <${ZRBLDNSDFILE} >${ZRBLDNSDFILE}.sum-bsd
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${SUMBSD} ${ZRBLDNSDFILE}" 1>&2
	    rm -f ${ZRBLDNSDFILE}.sum-bsd
	fi
	${SUMSYSV} <${ZRBLDNSDFILE} >${ZRBLDNSDFILE}.sum-sysv
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${SUMSYSV} ${ZRBLDNSDFILE}" 1>&2
	    rm -f ${ZRBLDNSDFILE}.sum-sysv
	fi
	${CKSUM} <${ZRBLDNSDFILE} >${ZRBLDNSDFILE}.cksum
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${CKSUM} ${ZRBLDNSDFILE}" 1>&2
	    rm -f ${ZRBLDNSDFILE}.cksum
	fi
	${CKSUMPOSIX} <${ZRBLDNSDFILE} >${ZRBLDNSDFILE}.cksumposix
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${CKSUMPOSIX} ${ZRBLDNSDFILE}" 1>&2
	    rm -f ${ZRBLDNSDFILE}.cksumposix
	fi
	${MD5} <${ZRBLDNSDFILE} >${ZRBLDNSDFILE}.md5
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} on ${MD5} ${ZRBLDNSDFILE}" 1>&2
	    rm -f ${ZRBLDNSDFILE}.md5
	fi
    fi

    # if we built a new RBLDNSD-format zonefile, build a tarball and a gzip
    if [ "${NEWZRBLDNSDFILE}" = "YES" ]
    then
	SAVEDIR=`pwd`
	RBLDNSDIR=`dirname ${ZRBLDNSDFILE}`
	cd ${RBLDNSDIR}
	tar cf - `basename ${ZRBLDNSDFILE}` `basename ${ZRBLDNSDFILE}.cksum` `basename ${ZRBLDNSDFILE}.md5` `basename ${ZRBLDNSDFILE}.sum-bsd` `basename ${ZRBLDNSDFILE}.sum-sysv` | gzip >${ZRBLDNSDFILE}.tar.gz
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} creating ${ZRBLDNSDFILE}.tar.gz" 1>&2
	else
	    NEWZRBLDNSDTGZ=YES
	fi
	cd "${SAVEDIR}"
    fi

    # if we built a new RBLDNSD-format zonefile, gzip it too
    if [ "${NEWZRBLDNSDFILE}" = "YES" ]
    then
	gzip <${ZRBLDNSDFILE} >${ZRBLDNSDFILE}.gz
	RC=$?
	if [ ${RC} != 0 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} creating ${ZRBLDNSDFILE}.gz" 1>&2
	else
	    NEWZRBLDNSDGZ=YES
	fi
	cd "${SAVEDIR}"
    fi

    # if we built a new RBLDNSD-format zonefile, and a checksum for it,
    # build a checksum'd version
    if [ "${NEWZRBLDNSDFILE}" = "YES" ]
    then
	if [ -f ${ZRBLDNSDFILE}.cksumposix ]
	then
	    cat ${ZRBLDNSDFILE} >${ZRBLDNSDFILE}-cksumd && \
	    echo -n "# CKSUM: " >>${ZRBLDNSDFILE}-cksumd && \
	    cat ${ZRBLDNSDFILE}.cksumposix >>${ZRBLDNSDFILE}-cksumd
	    RC=$?
	    if [ ${RC} != 0 ]
	    then
		echo "${TLA} ${ZONE} rc ${RC} creating ${ZRBLDNSDFILE}-cksumd" 1>&2
		rm -f ${ZRBLDNSDFILE}-cksumd
	    else
		NEWZRBLDNSDCKSUMD=YES
	    fi
	fi
    fi

    # everything's built, release the zone-building lock
    lock_rel ${ZONELOCKFILE}

    # if we haven't been told to not push zones out, and we have zpush...
    if [ "${RUNNDC}" != "NO" -a -d ${ZPUSHNOTIFYDIR} ]
    then

	# find out how/whether we're supposed to push this zone
	PUSHZONEAS=`${PSQL} -U ${DBUSER} -h ${DBHOST} -A -t -c \
	    "select pushzoneas from zones where list = ${TLAQ} and zone = ${ZONEQ} and pushzoneas is not null;" ${DBNAME}`
	RC=$?
	if [ ${RC} -gt 1 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} getting pushzoneas name -- skipping push" 1>&2
	elif [ -n "${PUSHZONEAS}" ]
	then

	    # save the umask and working directory
	    SAVEDUMASK=`umask`
	    umask 002
	    SAVEDIR=`pwd`
	    cd "${ZPUSHNOTIFYDIR}"

	    # if we have a new BIND file...
	    if [ "${NEWZBINDFILE}" = "YES" ]
	    then
		touch ${PUSHZONEAS}-bind-raw
	    fi

	    # if we have a new BIND tarball...
	    if [ "${NEWZBINDTGZ}" = "YES" ]
	    then
		touch ${PUSHZONEAS}-bind-tgz
	    fi

	    # if we have a new BIND tarball...
	    if [ "${NEWZBINDGZ}" = "YES" ]
	    then
		touch ${PUSHZONEAS}-bind-gz
	    fi

	    # if we have a new RBLDNSD file...
	    if [ "${NEWZRBLDNSDFILE}" = "YES" ]
	    then
		touch ${PUSHZONEAS}-rbldnsd-raw
	    fi

	    # if we have a new RBLDNSD tarball...
	    if [ "${NEWZRBLDNSDTGZ}" = "YES" ]
	    then
		touch ${PUSHZONEAS}-rbldnsd-tgz
	    fi

	    # if we have a new RBLDNSD tarball...
	    if [ "${NEWZRBLDNSDGZ}" = "YES" ]
	    then
		touch ${PUSHZONEAS}-rbldnsd-gz
	    fi

	    # if we have a new RBLDNSD cksum'd file...
	    if [ "${NEWZRBLDNSDCKSUMD}" = "YES" ]
	    then
		touch ${PUSHZONEAS}-rbldnsd-cksumd
	    fi

	    # restore the umask and wd
	    cd "${SAVEDIR}"
	    umask ${SAVEDUMASK}

	fi

    fi

    # if we haven't been told to not push zones out, and we have a new
    # BIND-format zone file...
    if [ "${RUNNDC}" != "NO" -a "${NEWZBINDFILE}" = "YES" ]
    then

	# find out how/whether we're supposed to load this zone
	LOADZONEAS=`${PSQL} -U ${DBUSER} -h ${DBHOST} -A -t -c \
	    "select loadzoneas from zones where list = ${TLAQ} and zone = ${ZONEQ} and loadzoneas is not null;" ${DBNAME}`
	RC=$?
	if [ ${RC} -gt 1 ]
	then
	    echo "${TLA} ${ZONE} rc ${RC} getting loadzoneas name -- skipping reload" 1>&2
	elif [ -n "${LOADZONEAS}" ]
	then

	    # grab the ndc lock
	    ndc_lock_acq 30 20

	    # tell named to reload the zone
	    reload_zone ${LOADZONEAS} ${SOASERIAL} ${RELOADSLEEP} ${RELOADRETRYCOUNT} ${RELOADRETRYSLEEP}

	    # release the ndc lock
	    ndc_lock_rel

	fi

    fi

done