[ipfire-2.x.git] / src / initscripts / init.d / unbound

#!/bin/sh
# Begin $rc_base/init.d/unbound

# Description : Unbound DNS resolver boot script for IPfire
# Author      : Marcel Lorenz <marcel.lorenz@ipfire.org>
#
# Comment     : This init script additional starts the dhcpd watcher daemon
#               if DNS-Update (RFC2136) in web interface enabled

. /etc/sysconfig/rc
. ${rc_functions}

if [[ ! -d /run/var ]]; then mkdir /run/var; fi;

CONTROL_INTERFACE_FILE=1
CONTROL_ACCESS_FILE=1
USE_CUSTOM_FORWARDS=0
ENABLE_DNSSEC=1

# Unbound daemon pid file
PIDFILE=/var/run/unbound.pid

# Watcher deamon pid file must be the same in unbound main init script
WAPIDFILE=/var/run/unbound_dhcpd.pid

function cidr() {
    local cidr nbits IFS;
    IFS=. read -r i1 i2 i3 i4 <<< ${1}
    IFS=. read -r m1 m2 m3 m4 <<< ${2}
    cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
    nbits=0
    IFS=.
    for dec in $2 ; do
        case $dec in
            255) let nbits+=8;;
            254) let nbits+=7;;
            252) let nbits+=6;;
            248) let nbits+=5;;
            240) let nbits+=4;;
            224) let nbits+=3;;
            192) let nbits+=2;;
            128) let nbits+=1;;
            0);;
            *) echo "Error: $dec is not recognised"; exit 1
        esac
    done
    echo "${cidr}/${nbits}"
}

case "$1" in
	start)

	  if [[ -f ${PIDFILE} ]]; then
	    log_warning_msg "Unbound daemon is running with Process ID $(cat ${PIDFILE})"
	  else
	    eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
	    #ARGS="$CUSTOM_ARGS"
	    #[ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"

	    echo > /var/ipfire/red/resolv.conf # Clear it
	    if [ -e "/var/ipfire/red/dns1" ]; then
	       DNS1=$(cat /var/ipfire/red/dns1 2>/dev/null)
	      if [ ! -z ${DNS1} ]; then
		echo "nameserver ${DNS1}" >> /var/ipfire/red/resolv.conf
		NAMESERVERS="${DNS1} "
	      fi
	    fi
	    if [ -e "/var/ipfire/red/dns2" ]; then
	      DNS2=$(cat /var/ipfire/red/dns2 2>/dev/null)
	      if [ ! -z ${DNS2} ]; then
		echo "nameserver ${DNS2}" >> /var/ipfire/red/resolv.conf
		NAMESERVERS+="${DNS2} "
	      fi
	    fi

	    # create unbound interfaces.conf
	    if [ ${CONTROL_INTERFACE_FILE} = 1 ]; then
		  echo -n > /etc/unbound/interfaces.conf # Clear it
	      if [ ! -z ${GREEN_ADDRESS} ]; then
		echo "interface: ${GREEN_ADDRESS}" >> /etc/unbound/interfaces.conf
	      fi
	      if [ ! -z ${BLUE_ADDRESS} ]; then
		echo "interface: ${BLUE_ADDRESS}" >> /etc/unbound/interfaces.conf
	      fi
		if [ ! -z ${ORANGE_ADDRESS} ]; then
		echo "interface: ${ORANGE_ADDRESS}" >> /etc/unbound/interfaces.conf
	      fi
	    fi

	    # create unbound access.conf
	    if [ ${CONTROL_ACCESS_FILE} = 1 ]; then
	      echo -n > /etc/unbound/access.conf # Clear it
	      if [ ! -z ${GREEN_ADDRESS} ]; then
		echo "access-control: $(cidr ${GREEN_ADDRESS} ${GREEN_NETMASK}) allow" >> /etc/unbound/access.conf
	      fi
	      if [ ! -z ${BLUE_ADDRESS} ]; then
		echo "access-control: $(cidr ${BLUE_ADDRESS} ${BLUE_NETMASK}) allow" >> /etc/unbound/access.conf
	      fi
	      if [ ! -z ${ORANGE_ADDRESS} ]; then
		echo "access-control: $(cidr ${ORANGE_ADDRESS} ${ORANGE_NETMASK}) allow" >> /etc/unbound/access.conf
	      fi
	    fi

	    # create unbound dnssec.conf
	    echo -n > /etc/unbound/dnssec.conf # Clear it
	    if [ ${ENABLE_DNSSEC} = 1 ]; then
	      echo "	# dessec enabled per default" >> /etc/unbound/dnssec.conf
	      echo "	# no necessary config options in this file" >> /etc/unbound/dnssec.conf
	    else
	      echo "	# dnssec now disabled" >> /etc/unbound/dnssec.conf
	      echo "	module-config: iterator" >> /etc/unbound/dnssec.conf
	      echo "	val-permissive-mode: yes" >> /etc/unbound/dnssec.conf
	    fi

	    # create zone file for internal ipfire domain 
	    unbound-zone

	    boot_mesg "Starting Unbound DNS proxy..."
	    unbound-anchor
	    loadproc /usr/sbin/unbound

	    # start dhcpd watcher daemon if DNS-Update (RFC2136) activated
	    eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
	    if [[ ${DNS_UPDATE_ENABLED} = on && ! -f ${WAPIDFILE} ]]; then
	      /etc/rc.d/init.d/unbound-dhcpd start
	    fi

	    # use setup configured DNS servers 
	    if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then
	       unbound-control forward_add +i . ${NAMESERVERS} &> /dev/null
	    fi;

	    FORWADRS=$(unbound-control list_forwards |sed 's|. IN forward ||g'|sed 's|+i ||g')
	    if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then
	      boot_mesg "Using DNS server(s): ${FORWADRS}"
	    else
	      boot_mesg "Using custom DNS server(s): ${FORWADRS}"
	    fi
	    if [ ${ENABLE_DNSSEC} = 1 ]; then
	      boot_mesg "DNSSEC is enabled!"
	    else
	      boot_mesg "DNSSEC is disabled!"
	    fi
	  fi 
	  ;;

	stop)

	  if [[ -f ${PIDFILE} ]]; then
	    # stop dhcpd watcher daemon if activted
	    if [[ -f ${WAPIDFILE} ]]; then
	      /etc/rc.d/init.d/unbound-dhcpd stop
	    fi
	    # stop Unbound daemon
	    boot_mesg "Stopping Unbound DNS proxy..."
	    killproc -p "/var/run/unbound.pid" /usr/sbin/unbound
	  else
	    log_warning_msg "Unbound daemon is not running..."
	  fi
	  ;;

	restart)
	  $0 stop
	  sleep 1
	  $0 start
	  ;;

	status)
	  statusproc /usr/sbin/unbound
	  ;;

	*)
	  echo "Usage: $0 {start|stop|restart|status}"
	  exit 1
	  ;;
esac

# End $rc_base/init.d/unbound
Commit	Line	Data
d0e5f71f ML	1	#!/bin/sh
	2	# Begin $rc_base/init.d/unbound
	3
	4	# Description : Unbound DNS resolver boot script for IPfire
	5	# Author : Marcel Lorenz <marcel.lorenz@ipfire.org>
	6	#
	7	# Comment : This init script additional starts the dhcpd watcher daemon
	8	# if DNS-Update (RFC2136) in web interface enabled
	9
	10	. /etc/sysconfig/rc
	11	. ${rc_functions}
	12
	13	if [[ ! -d /run/var ]]; then mkdir /run/var; fi;
	14
	15	CONTROL_INTERFACE_FILE=1
	16	CONTROL_ACCESS_FILE=1
	17	USE_CUSTOM_FORWARDS=0
	18	ENABLE_DNSSEC=1
	19
	20	# Unbound daemon pid file
	21	PIDFILE=/var/run/unbound.pid
	22
	23	# Watcher deamon pid file must be the same in unbound main init script
	24	WAPIDFILE=/var/run/unbound_dhcpd.pid
	25
	26	function cidr() {
	27	local cidr nbits IFS;
	28	IFS=. read -r i1 i2 i3 i4 <<< ${1}
	29	IFS=. read -r m1 m2 m3 m4 <<< ${2}
	30	cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
	31	nbits=0
	32	IFS=.
	33	for dec in $2 ; do
	34	case $dec in
	35	255) let nbits+=8;;
	36	254) let nbits+=7;;
	37	252) let nbits+=6;;
	38	248) let nbits+=5;;
	39	240) let nbits+=4;;
	40	224) let nbits+=3;;
	41	192) let nbits+=2;;
	42	128) let nbits+=1;;
	43	0);;
	44	*) echo "Error: $dec is not recognised"; exit 1
	45	esac
	46	done
	47	echo "${cidr}/${nbits}"
	48	}
	49
	50	case "$1" in
	51	start)
	52
	53	if [[ -f ${PIDFILE} ]]; then
	54	log_warning_msg "Unbound daemon is running with Process ID $(cat ${PIDFILE})"
	55	else
	56	eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
	57	#ARGS="$CUSTOM_ARGS"
	58	#[ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"
	59
	60	echo > /var/ipfire/red/resolv.conf # Clear it
	61	if [ -e "/var/ipfire/red/dns1" ]; then
	62	DNS1=$(cat /var/ipfire/red/dns1 2>/dev/null)
	63	if [ ! -z ${DNS1} ]; then
	64	echo "nameserver ${DNS1}" >> /var/ipfire/red/resolv.conf
65	NAMESERVERS="${DNS1} "
66	fi
67	fi
68	if [ -e "/var/ipfire/red/dns2" ]; then
69	DNS2=$(cat /var/ipfire/red/dns2 2>/dev/null)
70	if [ ! -z ${DNS2} ]; then
71	echo "nameserver ${DNS2}" >> /var/ipfire/red/resolv.conf
72	NAMESERVERS+="${DNS2} "
73	fi
74	fi
75
76	# create unbound interfaces.conf
77	if [ ${CONTROL_INTERFACE_FILE} = 1 ]; then
78	echo -n > /etc/unbound/interfaces.conf # Clear it
79	if [ ! -z ${GREEN_ADDRESS} ]; then
80	echo "interface: ${GREEN_ADDRESS}" >> /etc/unbound/interfaces.conf
81	fi
82	if [ ! -z ${BLUE_ADDRESS} ]; then
83	echo "interface: ${BLUE_ADDRESS}" >> /etc/unbound/interfaces.conf
84	fi
85	if [ ! -z ${ORANGE_ADDRESS} ]; then
86	echo "interface: ${ORANGE_ADDRESS}" >> /etc/unbound/interfaces.conf
87	fi
88	fi
89
90	# create unbound access.conf
91	if [ ${CONTROL_ACCESS_FILE} = 1 ]; then
92	echo -n > /etc/unbound/access.conf # Clear it
93	if [ ! -z ${GREEN_ADDRESS} ]; then
94	echo "access-control: $(cidr ${GREEN_ADDRESS} ${GREEN_NETMASK}) allow" >> /etc/unbound/access.conf
95	fi
96	if [ ! -z ${BLUE_ADDRESS} ]; then
97	echo "access-control: $(cidr ${BLUE_ADDRESS} ${BLUE_NETMASK}) allow" >> /etc/unbound/access.conf
98	fi
99	if [ ! -z ${ORANGE_ADDRESS} ]; then
100	echo "access-control: $(cidr ${ORANGE_ADDRESS} ${ORANGE_NETMASK}) allow" >> /etc/unbound/access.conf
101	fi
102	fi
103
104	# create unbound dnssec.conf
105	echo -n > /etc/unbound/dnssec.conf # Clear it
106	if [ ${ENABLE_DNSSEC} = 1 ]; then
107	echo " # dessec enabled per default" >> /etc/unbound/dnssec.conf
108	echo " # no necessary config options in this file" >> /etc/unbound/dnssec.conf
109	else
110	echo " # dnssec now disabled" >> /etc/unbound/dnssec.conf
111	echo " module-config: iterator" >> /etc/unbound/dnssec.conf
112	echo " val-permissive-mode: yes" >> /etc/unbound/dnssec.conf
113	fi
114
115	# create zone file for internal ipfire domain
116	unbound-zone
117
118	boot_mesg "Starting Unbound DNS proxy..."
119	unbound-anchor
120	loadproc /usr/sbin/unbound
121
122	# start dhcpd watcher daemon if DNS-Update (RFC2136) activated
123	eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
124	if [[ ${DNS_UPDATE_ENABLED} = on && ! -f ${WAPIDFILE} ]]; then
125	/etc/rc.d/init.d/unbound-dhcpd start
126	fi
127
128	# use setup configured DNS servers
129	if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then
130	unbound-control forward_add +i . ${NAMESERVERS} &> /dev/null
131	fi;
132
133	FORWADRS=$(unbound-control list_forwards \|sed 's\|. IN forward \|\|g'\|sed 's\|+i \|\|g')
134	if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then
135	boot_mesg "Using DNS server(s): ${FORWADRS}"
136	else
137	boot_mesg "Using custom DNS server(s): ${FORWADRS}"
138	fi
139	if [ ${ENABLE_DNSSEC} = 1 ]; then
140	boot_mesg "DNSSEC is enabled!"
141	else
142	boot_mesg "DNSSEC is disabled!"
143	fi
144	fi
145	;;
146
147	stop)
148
149	if [[ -f ${PIDFILE} ]]; then
150	# stop dhcpd watcher daemon if activted
151	if [[ -f ${WAPIDFILE} ]]; then
152	/etc/rc.d/init.d/unbound-dhcpd stop
153	fi
154	# stop Unbound daemon
155	boot_mesg "Stopping Unbound DNS proxy..."
156	killproc -p "/var/run/unbound.pid" /usr/sbin/unbound
157	else
158	log_warning_msg "Unbound daemon is not running..."
159	fi
160	;;
161
162	restart)
163	$0 stop
164	sleep 1
165	$0 start
166	;;
167
168	status)
169	statusproc /usr/sbin/unbound
170	;;
171
172	*)
173	echo "Usage: $0 {start\|stop\|restart\|status}"
174	exit 1
175	;;
176	esac
177
178	# End $rc_base/init.d/unbound