done
fi
- echo "forward-zone:"
- echo " name: \".\""
+ # Read name servers.
+ nameservers=$(read_name_servers)
- # Force using TLS only
- if [ "${PROTO}" = "TLS" ]; then
- echo " forward-tls-upstream: yes"
+ # Only write forward zones if any nameservers are configured.
+ #
+ # Otherwise fall-back into recursor mode.
+ if [ -n "${nameservers}" ]; then
+
+ echo "forward-zone:"
+ echo " name: \".\""
+
+ # Force using TLS only
+ if [ "${PROTO}" = "TLS" ]; then
+ echo " forward-tls-upstream: yes"
+ fi
+
+ # Add upstream name servers
+ local ns
+ for ns in ${nameservers}; do
+ echo " forward-addr: ${ns}"
+ done
fi
- # Add upstream name servers
- local ns
- for ns in $(read_name_servers); do
- echo " forward-addr: ${ns}"
- done
) > /etc/unbound/forward.conf
}
}
fix_time_if_dns_fails() {
+ # Sometimes the first try fails so do it twice
+ resolve "ping.ipfire.org" &>/dev/null
# If DNS is working, everything is fine
if resolve "ping.ipfire.org" &>/dev/null; then
return 0
resolve() {
local hostname="${1}"
+ local found=1
local answer
for answer in $(dig +short A "${hostname}"); do
# Filter out non-IP addresses
if [[ ! "${answer}" =~ \.$ ]]; then
+ found=0
echo "${answer}"
fi
done
+
+ return ${found}
}
# Sets up Safe Search for various search engines
for domain in ${google_tlds[@]}; do
unbound-control local_zone "${domain}" transparent >/dev/null
for address in ${addresses}; do
- unbound-control local_data: "www.${domain} ${LOCAL_TTL} IN A ${address}"
+ unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}"
done >/dev/null
done
sleep 1
$0 start
;;
- reload|remove-forwarders)
+ reload|remove-forwarders|update-forwarders)
# Update configuration files
write_forward_conf
write_hosts_conf
+ # Call unbound-control and perform the reload
+ /usr/sbin/unbound-control -q reload
+
+ # Dummy Resolve to wait for unbound
+ resolve "ping.ipfire.org" &>/dev/null
+
+ if [ "$1" = "update-forwarders" ]; then
+ # Make sure DNS works at this point
+ fix_time_if_dns_fails
+ fi
+
# Update Safe Search rules if the system is online.
if [ -e "/var/ipfire/red/active" ]; then
update_safe_search
fi
-
- # Call unbound-control and perform the reload
- /usr/sbin/unbound-control -q reload
;;
status)
statusproc /usr/sbin/unbound
;;
- update-forwarders)
- $0 reload
-
# Make sure DNS works at this point
fix_time_if_dns_fails
;;
resolve)
- resolve "${2}"
+ resolve "${2}" || exit $?
;;
*)