2 # Begin $rc_base/init.d/unbound
4 # Description : Unbound DNS resolver boot script for IPfire
5 # Author : Marcel Lorenz <marcel.lorenz@ipfire.org>
12 # Cache any local zones for 60 seconds
15 # Load optional configuration
16 [ -e "/etc/sysconfig/unbound" ] && .
/etc
/sysconfig
/unbound
20 IFS
=.
read -r i1 i2 i3 i4
<<< ${1}
21 IFS
=.
read -r m1 m2 m3
m4 <<< ${2}
22 cidr
=$
(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
36 *) echo "Error: $dec is not recognised"; exit 1
39 echo "${cidr}/${nbits}"
45 echo "$(</var/ipfire/red/dns${i})"
50 echo "# This file is automatically generated and any changes"
51 echo "# will be overwritten. DO NOT EDIT!"
56 local forwarders
="$(read_name_servers)"
58 if [ "${USE_FORWARDERS}" = "1" ] && [ -n "${forwarders}" ]; then
59 boot_mesg
"Using Name Server(s): ${forwarders}"
62 unbound-control
-q forward
${forwarders}
64 # If forwarders cannot be used we run in recursor mode
66 unbound-control
-q forward off
71 local enabled address hostname domainname
73 while IFS
="," read -r enabled address hostname domainname
; do
74 [ "${enabled}" = "on" ] ||
continue
77 local fqdn
="${hostname}.${domainname}"
79 unbound-control
-q local_data
"${fqdn} ${LOCAL_TTL} IN A ${address}"
80 done < /var
/ipfire
/main
/hosts
83 write_interfaces_conf
() {
87 if [ -n "${GREEN_ADDRESS}" ]; then
89 echo "interface: ${GREEN_ADDRESS}"
90 echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow"
93 if [ -n "${BLUE_ADDRESS}" ]; then
95 echo "interface: ${BLUE_ADDRESS}"
96 echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow"
98 ) > /etc
/unbound
/interfaces.conf
101 write_forward_conf
() {
105 local enabled zone server remark
106 while IFS
="," read -r enabled zone server remark
; do
107 # Line must be enabled.
108 [ "${enabled}" = "on" ] ||
continue
111 echo " name: ${zone}"
112 echo " forward-addr: ${server}"
114 done < /var
/ipfire
/dnsforward
/config
115 ) > /etc
/unbound
/forward.conf
118 write_tuning_conf
() {
119 # https://www.unbound.net/documentation/howto_optimise.html
121 # Determine number of online processors
122 local processors
=$
(getconf _NPROCESSORS_ONLN
)
124 # Determine number of slabs
126 while [ ${slabs} -lt ${processors} ]; do
127 slabs
=$
(( ${slabs} * 2 ))
130 # Determine amount of system memory
131 local mem
=$
(get_memory_amount
)
133 # In the worst case scenario, unbound can use double the
134 # amount of memory allocated to a cache due to malloc overhead
136 # Large systems with more than 2GB of RAM
137 if [ ${mem} -ge 2048 ]; then
140 # Small systems with less than 256MB of RAM
141 elif [ ${mem} -le 256 ]; then
152 # We run one thread per processor
153 echo "num-threads: ${processors}"
155 # Adjust number of slabs
156 echo "infra-cache-slabs: ${slabs}"
157 echo "key-cache-slabs: ${slabs}"
158 echo "msg-cache-slabs: ${slabs}"
159 echo "rrset-cache-slabs: ${slabs}"
162 echo "rrset-cache-size: $(( ${mem} / 2 ))m"
163 echo "msg-cache-size: $(( ${mem} / 4 ))m"
164 echo "key-cache-size: $(( ${mem} / 4 ))m"
165 ) > /etc
/unbound
/tuning.conf
168 get_memory_amount
() {
171 while read -r key val unit
; do
175 echo "$(( ${val} / 1024 ))"
184 # Print a nicer messagen when unbound is already running
185 if pidofproc
-s unbound
; then
186 statusproc
/usr
/sbin
/unbound
190 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/ethernet
/settings
)
192 # Create control keys at first run
193 if [ ! -r "/etc/unbound/unbound_control.key" ]; then
194 unbound-control-setup
-d /etc
/unbound
&>/dev
/null
197 # Update configuration files
199 write_interfaces_conf
202 boot_mesg
"Starting Unbound DNS Proxy..."
203 loadproc
/usr
/sbin
/unbound ||
exit $?
205 # Update any known forwarding name servers
213 boot_mesg
"Stopping Unbound DNS Proxy..."
214 killproc
/usr
/sbin
/unbound
224 statusproc
/usr
/sbin
/unbound
232 echo "Usage: $0 {start|stop|restart|status|update-forwarders}"
237 # End $rc_base/init.d/unbound