unbound: rework dns-forwader handling

add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.

This also fix the hung at dhcpd shutdown.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index b731a70c1111854cff5a59058b4a15f257a345f1..260a961fef7aa788b27f507342479e0fe8442f38 100644 (file)
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn

diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index b731a70c1111854cff5a59058b4a15f257a345f1..260a961fef7aa788b27f507342479e0fe8442f38 100644 (file)
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn

diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index df4f859f1912ff318677145b7ddca720fdd8603f..88ec789bc38034258f6c5bc9027d20d4110c9951 100644 (file)
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -49,7 +49,7 @@ etc/rc.d/init.d/networking/red.down/10-static-routes
 etc/rc.d/init.d/networking/red.down/20-firewall
 #etc/rc.d/init.d/networking/red.up
 etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
-etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.up/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes

diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index df4f859f1912ff318677145b7ddca720fdd8603f..d74fb743b898e3f56132fc467cda3ec9e1b9122c 100644 (file)
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn

diff --git a/config/rootfiles/core/135/filelists/files b/config/rootfiles/core/135/filelists/files
index 3d868d3249183f31f2d6200910a420556155a4af..d8df9f65b4a8669e3136188c38fcf3110fd40021 100644 (file)
--- a/config/rootfiles/core/135/filelists/files
+++ b/config/rootfiles/core/135/filelists/files
@@ -6,6 +6,7 @@ etc/unbound/root.hints
 etc/rc.d/helper/azure-setup
 etc/rc.d/init.d/cloud-init
 etc/rc.d/init.d/functions
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/partresize
 etc/rc.d/init.d/unbound
 etc/sysctl.conf

diff --git a/config/rootfiles/core/135/update.sh b/config/rootfiles/core/135/update.sh
index 56854d2c95425d6692636a192496df7bf77f99c2..55f72fc4ea2885ddd6695978a2b6b93ba850afb7 100644 (file)
--- a/config/rootfiles/core/135/update.sh
+++ b/config/rootfiles/core/135/update.sh
@@ -35,6 +35,7 @@ done
 rm -vf \
        /etc/rc.d/init.d/aws \
        /etc/rc.d/rcsysinit.d/S74aws
+       /etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
 
 # Stop services
 /etc/init.d/squid stop

diff --git a/src/initscripts/networking/red.down/05-remove-dns-forwarders b/src/initscripts/networking/red.down/05-remove-dns-forwarders
new file mode 100644 (file)
index 0000000..671cca9
--- /dev/null
+++ b/src/initscripts/networking/red.down/05-remove-dns-forwarders
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Remove DNS forwarders for unbound
+exec /etc/init.d/unbound remove-forwarders

diff --git a/src/initscripts/networking/red.down/05-update-dns-forwarders b/src/initscripts/networking/red.down/05-update-dns-forwarders
deleted file mode 100644 (file)
index 7f35696..0000000
--- a/src/initscripts/networking/red.down/05-update-dns-forwarders
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# Update DNS forwarders for unbound
-exec /etc/init.d/unbound update-forwarders

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 5d3c5062ff5accbd8fa13f038d78595282023b1f..dbcfc951f0d83a0e7870c27f32bf2eec6cc287ef 100644 (file)
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -41,6 +41,22 @@ read_name_servers() {
        done 2>/dev/null | xargs echo
 }
 
+check_red_has_carrier_and_ip() {
+       # Interface configured ?
+       [ ! -e "/var/ipfire/red/iface" ] && return 0;
+
+       # Interface present ?
+       [ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0;
+
+       # has carrier ?
+       [ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0;
+
+       # has ip ?
+       [ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0;
+
+       return 1;
+}
+
 config_header() {
        echo "# This file is automatically generated and any changes"
        echo "# will be overwritten. DO NOT EDIT!"
@@ -48,7 +64,8 @@ config_header() {
 }
 
 update_forwarders() {
-       if [ "${USE_FORWARDERS}" = "1" -a -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
+       check_red_has_carrier_and_ip
+       if [ "${USE_FORWARDERS}" = "1" -a "${?}" = "1" ]; then
                local forwarders
                local broken_forwarders
 
@@ -131,6 +148,13 @@ update_forwarders() {
        unbound-control -q forward off
 }
 
+remove_forwarders() {
+       enable_dnssec
+       echo "local recursor" > /var/ipfire/red/dns
+       unbound-control -q forward off
+
+}
+
 own_hostname() {
        local hostname=$(hostname -f)
        # 1.1.1.1 is reserved for unused green, skip this
@@ -473,7 +497,8 @@ disable_dnssec() {
 fix_time_if_dns_fail() {
        # If DNS still not work try to init ntp with
        # hardcoded ntp.ipfire.org (81.3.27.46)
-       if [ -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
+       check_red_has_carrier_and_ip
+       if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then
                host 0.ipfire.pool.ntp.org > /dev/null 2>&1
                if [ "${?}" != "0" ]; then
                        boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
@@ -807,6 +832,19 @@ case "$1" in
                fix_time_if_dns_fail
                ;;
 
+       remove-forwarders)
+               # Do not try updating forwarders when unbound is not running
+               if ! pgrep unbound &>/dev/null; then
+                       exit 0
+               fi
+
+               remove_forwarders
+
+               unbound-control flush_negative > /dev/null
+               unbound-control flush_bogus > /dev/null
+               ;;
+
+
        test-name-server)
                ns=${2}
 
@@ -848,7 +886,7 @@ case "$1" in
                ;;
 
        *)
-               echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}"
+               echo "Usage: $0 {start|stop|restart|status|update-forwarders|remove-forwarders|test-name-server|resolve}"
                exit 1
                ;;
 esac