2 # Begin $rc_base/init.d/unbound
4 # Description : Unbound DNS resolver boot script for IPfire
5 # Author : Marcel Lorenz <marcel.lorenz@ipfire.org>
7 # Comment : This init script additional starts the dhcpd watcher daemon
8 # if DNS-Update (RFC2136) in web interface enabled
13 if [[ ! -d /run
/var
]]; then mkdir
/run
/var
; fi;
15 CONTROL_INTERFACE_FILE
=1
20 # Unbound daemon pid file
21 PIDFILE
=/var
/run
/unbound.pid
23 # Watcher deamon pid file must be the same in unbound main init script
24 WAPIDFILE
=/var
/run
/unbound_dhcpd.pid
28 IFS
=.
read -r i1 i2 i3 i4
<<< ${1}
29 IFS
=.
read -r m1 m2 m3
m4 <<< ${2}
30 cidr
=$
(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
44 *) echo "Error: $dec is not recognised"; exit 1
47 echo "${cidr}/${nbits}"
53 if [[ -f ${PIDFILE} ]]; then
54 log_warning_msg
"Unbound daemon is running with Process ID $(cat ${PIDFILE})"
56 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/ethernet
/settings
)
58 #[ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"
60 echo > /var
/ipfire
/red
/resolv.conf
# Clear it
61 if [ -e "/var/ipfire/red/dns1" ]; then
62 DNS1
=$
(cat /var
/ipfire
/red
/dns1
2>/dev
/null
)
63 if [ ! -z ${DNS1} ]; then
64 echo "nameserver ${DNS1}" >> /var
/ipfire
/red
/resolv.conf
65 NAMESERVERS
="${DNS1} "
68 if [ -e "/var/ipfire/red/dns2" ]; then
69 DNS2
=$
(cat /var
/ipfire
/red
/dns2
2>/dev
/null
)
70 if [ ! -z ${DNS2} ]; then
71 echo "nameserver ${DNS2}" >> /var
/ipfire
/red
/resolv.conf
72 NAMESERVERS
+="${DNS2} "
76 # create unbound interfaces.conf
77 if [ ${CONTROL_INTERFACE_FILE} = 1 ]; then
78 echo -n > /etc
/unbound
/interfaces.conf
# Clear it
79 if [ ! -z ${GREEN_ADDRESS} ]; then
80 echo "interface: ${GREEN_ADDRESS}" >> /etc
/unbound
/interfaces.conf
82 if [ ! -z ${BLUE_ADDRESS} ]; then
83 echo "interface: ${BLUE_ADDRESS}" >> /etc
/unbound
/interfaces.conf
85 if [ ! -z ${ORANGE_ADDRESS} ]; then
86 echo "interface: ${ORANGE_ADDRESS}" >> /etc
/unbound
/interfaces.conf
90 # create unbound access.conf
91 if [ ${CONTROL_ACCESS_FILE} = 1 ]; then
92 echo -n > /etc
/unbound
/access.conf
# Clear it
93 if [ ! -z ${GREEN_ADDRESS} ]; then
94 echo "access-control: $(cidr ${GREEN_ADDRESS} ${GREEN_NETMASK}) allow" >> /etc
/unbound
/access.conf
96 if [ ! -z ${BLUE_ADDRESS} ]; then
97 echo "access-control: $(cidr ${BLUE_ADDRESS} ${BLUE_NETMASK}) allow" >> /etc
/unbound
/access.conf
99 if [ ! -z ${ORANGE_ADDRESS} ]; then
100 echo "access-control: $(cidr ${ORANGE_ADDRESS} ${ORANGE_NETMASK}) allow" >> /etc
/unbound
/access.conf
104 # create unbound dnssec.conf
105 echo -n > /etc
/unbound
/dnssec.conf
# Clear it
106 if [ ${ENABLE_DNSSEC} = 1 ]; then
107 echo " # dessec enabled per default" >> /etc
/unbound
/dnssec.conf
108 echo " # no necessary config options in this file" >> /etc
/unbound
/dnssec.conf
110 echo " # dnssec now disabled" >> /etc
/unbound
/dnssec.conf
111 echo " module-config: iterator" >> /etc
/unbound
/dnssec.conf
112 echo " val-permissive-mode: yes" >> /etc
/unbound
/dnssec.conf
115 # create zone file for internal ipfire domain
118 boot_mesg
"Starting Unbound DNS proxy..."
120 loadproc
/usr
/sbin
/unbound
122 # start dhcpd watcher daemon if DNS-Update (RFC2136) activated
123 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/dhcp
/settings
)
124 if [[ ${DNS_UPDATE_ENABLED} = on
&& ! -f ${WAPIDFILE} ]]; then
125 /etc
/rc.d
/init.d
/unbound-dhcpd start
128 # use setup configured DNS servers
129 if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then
130 unbound-control forward_add
+i .
${NAMESERVERS} &> /dev
/null
133 FORWADRS
=$
(unbound-control list_forwards |
sed 's|. IN forward ||g'|
sed 's|+i ||g')
134 if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then
135 boot_mesg
"Using DNS server(s): ${FORWADRS}"
137 boot_mesg
"Using custom DNS server(s): ${FORWADRS}"
139 if [ ${ENABLE_DNSSEC} = 1 ]; then
140 boot_mesg
"DNSSEC is enabled!"
142 boot_mesg
"DNSSEC is disabled!"
149 if [[ -f ${PIDFILE} ]]; then
150 # stop dhcpd watcher daemon if activted
151 if [[ -f ${WAPIDFILE} ]]; then
152 /etc
/rc.d
/init.d
/unbound-dhcpd stop
154 # stop Unbound daemon
155 boot_mesg
"Stopping Unbound DNS proxy..."
156 killproc
-p "/var/run/unbound.pid" /usr
/sbin
/unbound
158 log_warning_msg
"Unbound daemon is not running..."
169 statusproc
/usr
/sbin
/unbound
173 echo "Usage: $0 {start|stop|restart|status}"
178 # End $rc_base/init.d/unbound