]>
Commit | Line | Data |
---|---|---|
d0e5f71f ML |
1 | #!/bin/sh |
2 | # Begin $rc_base/init.d/unbound | |
3 | ||
4 | # Description : Unbound DNS resolver boot script for IPfire | |
5 | # Author : Marcel Lorenz <marcel.lorenz@ipfire.org> | |
6 | # | |
7 | # Comment : This init script additional starts the dhcpd watcher daemon | |
8 | # if DNS-Update (RFC2136) in web interface enabled | |
9 | ||
10 | . /etc/sysconfig/rc | |
11 | . ${rc_functions} | |
12 | ||
b8f5eda8 | 13 | USE_FORWARDERS=1 |
d0e5f71f | 14 | |
b8f5eda8 MT |
15 | # Load optional configuration |
16 | [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound | |
d0e5f71f ML |
17 | |
18 | function cidr() { | |
19 | local cidr nbits IFS; | |
20 | IFS=. read -r i1 i2 i3 i4 <<< ${1} | |
21 | IFS=. read -r m1 m2 m3 m4 <<< ${2} | |
22 | cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))") | |
23 | nbits=0 | |
24 | IFS=. | |
25 | for dec in $2 ; do | |
26 | case $dec in | |
27 | 255) let nbits+=8;; | |
28 | 254) let nbits+=7;; | |
29 | 252) let nbits+=6;; | |
30 | 248) let nbits+=5;; | |
31 | 240) let nbits+=4;; | |
32 | 224) let nbits+=3;; | |
33 | 192) let nbits+=2;; | |
34 | 128) let nbits+=1;; | |
35 | 0);; | |
36 | *) echo "Error: $dec is not recognised"; exit 1 | |
37 | esac | |
38 | done | |
39 | echo "${cidr}/${nbits}" | |
40 | } | |
41 | ||
b8f5eda8 MT |
42 | read_name_servers() { |
43 | local i | |
44 | for i in 1 2; do | |
45 | echo "$(</var/ipfire/red/dns${i})" | |
46 | done | xargs echo | |
47 | } | |
48 | ||
49 | config_header() { | |
50 | echo "# This file is automatically generated and any changes" | |
51 | echo "# will be overwritten. DO NOT EDIT!" | |
52 | echo | |
53 | } | |
54 | ||
55 | update_forwarders() { | |
56 | local forwarders="$(read_name_servers)" | |
57 | ||
58 | if [ "${USE_FORWARDERS}" = "1" ] && [ -n "${forwarders}" ]; then | |
59 | boot_mesg "Using Name Server(s): ${forwarders}" | |
60 | boot_mesg_flush | |
61 | ||
62 | unbound-control -q forward ${forwarders} | |
63 | ||
64 | # If forwarders cannot be used we run in recursor mode | |
65 | else | |
66 | unbound-control -q forward off | |
67 | fi | |
68 | } | |
69 | ||
70 | write_interfaces_conf() { | |
71 | ( | |
72 | config_header | |
73 | ||
74 | if [ -n "${GREEN_ADDRESS}" ]; then | |
75 | echo "# GREEN" | |
76 | echo "interface: ${GREEN_ADDRESS}" | |
77 | echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow" | |
78 | fi | |
79 | ||
80 | if [ -n "${BLUE_ADDRESS}" ]; then | |
81 | echo "# BLUE" | |
82 | echo "interface: ${BLUE_ADDRESS}" | |
83 | echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow" | |
84 | fi | |
85 | ) > /etc/unbound/interfaces.conf | |
86 | } | |
87 | ||
88 | write_forward_conf() { | |
89 | ( | |
90 | config_header | |
91 | ||
92 | local enabled zone server remark | |
93 | while IFS="," read -r enabled zone server remark; do | |
94 | # Line must be enabled. | |
95 | [ "${enabled}" = "on" ] || continue | |
96 | ||
97 | echo "forward-zone:" | |
98 | echo " name: ${zone}" | |
99 | echo " forward-addr: ${server}" | |
100 | echo | |
101 | done < /var/ipfire/dnsforward/config | |
102 | ) > /etc/unbound/forward.conf | |
103 | } | |
104 | ||
105 | ||
d0e5f71f ML |
106 | case "$1" in |
107 | start) | |
b8f5eda8 MT |
108 | eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) |
109 | eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings) | |
d0e5f71f | 110 | |
b8f5eda8 MT |
111 | # Create control keys at first run |
112 | if [ ! -r "/etc/unbound/unbound_control.key" ]; then | |
113 | unbound-control-setup -d /etc/unbound &>/dev/null | |
114 | fi | |
115 | ||
116 | # Update configuration files | |
117 | write_interfaces_conf | |
118 | write_forward_conf | |
119 | ||
120 | boot_mesg "Starting Unbound DNS Proxy..." | |
121 | loadproc /usr/sbin/unbound || exit $? | |
122 | ||
123 | # Update any known forwarding name servers | |
124 | update_forwarders | |
125 | ||
126 | # Start Unbound DHCP Lease Bridge unless RFC2136 is used | |
127 | if [ "${DNS_UPDATE_ENABLED}" != on ]; then | |
128 | boot_mesg "Starting Unbound DHCP Leases Bridge..." | |
129 | loadproc /usr/sbin/unbound-dhcp-leases-bridge -d | |
130 | fi | |
131 | ;; | |
d0e5f71f ML |
132 | |
133 | stop) | |
b8f5eda8 MT |
134 | boot_mesg "Stopping Unbound DHCP Leases Bridge..." |
135 | killproc /usr/sbin/unbound-dhcp-leases-bridge | |
d0e5f71f | 136 | |
b8f5eda8 MT |
137 | boot_mesg "Stopping Unbound DNS Proxy..." |
138 | killproc /usr/sbin/unbound | |
139 | ;; | |
d0e5f71f ML |
140 | |
141 | restart) | |
b8f5eda8 MT |
142 | $0 stop |
143 | sleep 1 | |
144 | $0 start | |
145 | ;; | |
d0e5f71f ML |
146 | |
147 | status) | |
b8f5eda8 MT |
148 | statusproc /usr/sbin/unbound |
149 | statusproc /usr/sbin/unbound-dhcp-leases-bridge | |
150 | ;; | |
151 | ||
152 | update-forwarders) | |
153 | update_forwarders | |
154 | ;; | |
d0e5f71f ML |
155 | |
156 | *) | |
b8f5eda8 MT |
157 | echo "Usage: $0 {start|stop|restart|status|update-forwarders}" |
158 | exit 1 | |
159 | ;; | |
d0e5f71f ML |
160 | esac |
161 | ||
162 | # End $rc_base/init.d/unbound |