]> git.ipfire.org Git - ipfire-2.x.git/blob - src/initscripts/init.d/unbound
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'core105' into next
[ipfire-2.x.git] / src / initscripts / init.d / unbound
1 #!/bin/sh
2 # Begin $rc_base/init.d/unbound
3
4 # Description : Unbound DNS resolver boot script for IPfire
5 # Author : Marcel Lorenz <marcel.lorenz@ipfire.org>
6
7 . /etc/sysconfig/rc
8 . ${rc_functions}
9
10 USE_FORWARDERS=1
11
12 # Cache any local zones for 60 seconds
13 LOCAL_TTL=60
14
15 # Load optional configuration
16 [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
17
18 function cidr() {
19 local cidr nbits IFS;
20 IFS=. read -r i1 i2 i3 i4 <<< ${1}
21 IFS=. read -r m1 m2 m3 m4 <<< ${2}
22 cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
23 nbits=0
24 IFS=.
25 for dec in $2 ; do
26 case $dec in
27 255) let nbits+=8;;
28 254) let nbits+=7;;
29 252) let nbits+=6;;
30 248) let nbits+=5;;
31 240) let nbits+=4;;
32 224) let nbits+=3;;
33 192) let nbits+=2;;
34 128) let nbits+=1;;
35 0);;
36 *) echo "Error: $dec is not recognised"; exit 1
37 esac
38 done
39 echo "${cidr}/${nbits}"
40 }
41
42 read_name_servers() {
43 local i
44 for i in 1 2; do
45 echo "$(</var/ipfire/red/dns${i})"
46 done | xargs echo
47 }
48
49 config_header() {
50 echo "# This file is automatically generated and any changes"
51 echo "# will be overwritten. DO NOT EDIT!"
52 echo
53 }
54
55 update_forwarders() {
56 local forwarders="$(read_name_servers)"
57
58 if [ "${USE_FORWARDERS}" = "1" ] && [ -n "${forwarders}" ]; then
59 boot_mesg "Using Name Server(s): ${forwarders}"
60 boot_mesg_flush
61
62 unbound-control -q forward ${forwarders}
63
64 # If forwarders cannot be used we run in recursor mode
65 else
66 unbound-control -q forward off
67 fi
68 }
69
70 update_hosts() {
71 local enabled address hostname domainname
72
73 while IFS="," read -r enabled address hostname domainname; do
74 [ "${enabled}" = "on" ] || continue
75
76 # Build FQDN
77 local fqdn="${hostname}.${domainname}"
78
79 unbound-control -q local_data "${fqdn} ${LOCAL_TTL} IN A ${address}"
80 done < /var/ipfire/main/hosts
81 }
82
83 write_interfaces_conf() {
84 (
85 config_header
86
87 if [ -n "${GREEN_ADDRESS}" ]; then
88 echo "# GREEN"
89 echo "interface: ${GREEN_ADDRESS}"
90 echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow"
91 fi
92
93 if [ -n "${BLUE_ADDRESS}" ]; then
94 echo "# BLUE"
95 echo "interface: ${BLUE_ADDRESS}"
96 echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow"
97 fi
98 ) > /etc/unbound/interfaces.conf
99 }
100
101 write_forward_conf() {
102 (
103 config_header
104
105 local enabled zone server remark
106 while IFS="," read -r enabled zone server remark; do
107 # Line must be enabled.
108 [ "${enabled}" = "on" ] || continue
109
110 echo "forward-zone:"
111 echo " name: ${zone}"
112 echo " forward-addr: ${server}"
113 echo
114 done < /var/ipfire/dnsforward/config
115 ) > /etc/unbound/forward.conf
116 }
117
118 write_tuning_conf() {
119 # https://www.unbound.net/documentation/howto_optimise.html
120
121 # Determine number of online processors
122 local processors=$(getconf _NPROCESSORS_ONLN)
123
124 # Determine number of slabs
125 local slabs=1
126 while [ ${slabs} -lt ${processors} ]; do
127 slabs=$(( ${slabs} * 2 ))
128 done
129
130 # Determine amount of system memory
131 local mem=$(get_memory_amount)
132
133 # In the worst case scenario, unbound can use double the
134 # amount of memory allocated to a cache due to malloc overhead
135
136 # Large systems with more than 2GB of RAM
137 if [ ${mem} -ge 2048 ]; then
138 mem=128
139
140 # Small systems with less than 256MB of RAM
141 elif [ ${mem} -le 256 ]; then
142 mem=8
143
144 # Everything else
145 else
146 mem=32
147 fi
148
149 (
150 config_header
151
152 # We run one thread per processor
153 echo "num-threads: ${processors}"
154
155 # Adjust number of slabs
156 echo "infra-cache-slabs: ${slabs}"
157 echo "key-cache-slabs: ${slabs}"
158 echo "msg-cache-slabs: ${slabs}"
159 echo "rrset-cache-slabs: ${slabs}"
160
161 # Slice up the cache
162 echo "rrset-cache-size: $(( ${mem} / 2 ))m"
163 echo "msg-cache-size: $(( ${mem} / 4 ))m"
164 echo "key-cache-size: $(( ${mem} / 4 ))m"
165 ) > /etc/unbound/tuning.conf
166 }
167
168 get_memory_amount() {
169 local key val unit
170
171 while read -r key val unit; do
172 case "${key}" in
173 MemTotal:*)
174 # Convert to MB
175 echo "$(( ${val} / 1024 ))"
176 break
177 ;;
178 esac
179 done < /proc/meminfo
180 }
181
182 case "$1" in
183 start)
184 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
185
186 # Create control keys at first run
187 if [ ! -r "/etc/unbound/unbound_control.key" ]; then
188 unbound-control-setup -d /etc/unbound &>/dev/null
189 fi
190
191 # Update configuration files
192 write_tuning_conf
193 write_interfaces_conf
194 write_forward_conf
195
196 boot_mesg "Starting Unbound DNS Proxy..."
197 loadproc /usr/sbin/unbound || exit $?
198
199 # Update any known forwarding name servers
200 update_forwarders
201
202 # Update hosts
203 update_hosts
204 ;;
205
206 stop)
207 boot_mesg "Stopping Unbound DNS Proxy..."
208 killproc /usr/sbin/unbound
209 ;;
210
211 restart)
212 $0 stop
213 sleep 1
214 $0 start
215 ;;
216
217 status)
218 statusproc /usr/sbin/unbound
219 ;;
220
221 update-forwarders)
222 update_forwarders
223 ;;
224
225 *)
226 echo "Usage: $0 {start|stop|restart|status|update-forwarders}"
227 exit 1
228 ;;
229 esac
230
231 # End $rc_base/init.d/unbound
IPFire 2.x development tree