+#!/bin/sh
+# Begin $rc_base/init.d/unbound
+
+# Description : Unbound DNS resolver boot script for IPfire
+# Author : Marcel Lorenz <marcel.lorenz@ipfire.org>
+#
+# Comment : This init script additional starts the dhcpd watcher daemon
+# if DNS-Update (RFC2136) in web interface enabled
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+if [[ ! -d /run/var ]]; then mkdir /run/var; fi;
+
+CONTROL_INTERFACE_FILE=1
+CONTROL_ACCESS_FILE=1
+USE_CUSTOM_FORWARDS=0
+ENABLE_DNSSEC=1
+
+# Unbound daemon pid file
+PIDFILE=/var/run/unbound.pid
+
+# Watcher deamon pid file must be the same in unbound main init script
+WAPIDFILE=/var/run/unbound_dhcpd.pid
+
+function cidr() {
+ local cidr nbits IFS;
+ IFS=. read -r i1 i2 i3 i4 <<< ${1}
+ IFS=. read -r m1 m2 m3 m4 <<< ${2}
+ cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
+ nbits=0
+ IFS=.
+ for dec in $2 ; do
+ case $dec in
+ 255) let nbits+=8;;
+ 254) let nbits+=7;;
+ 252) let nbits+=6;;
+ 248) let nbits+=5;;
+ 240) let nbits+=4;;
+ 224) let nbits+=3;;
+ 192) let nbits+=2;;
+ 128) let nbits+=1;;
+ 0);;
+ *) echo "Error: $dec is not recognised"; exit 1
+ esac
+ done
+ echo "${cidr}/${nbits}"
+}
+
+case "$1" in
+ start)
+
+ if [[ -f ${PIDFILE} ]]; then
+ log_warning_msg "Unbound daemon is running with Process ID $(cat ${PIDFILE})"
+ else
+ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+ #ARGS="$CUSTOM_ARGS"
+ #[ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"
+
+ echo > /var/ipfire/red/resolv.conf # Clear it
+ if [ -e "/var/ipfire/red/dns1" ]; then
+ DNS1=$(cat /var/ipfire/red/dns1 2>/dev/null)
+ if [ ! -z ${DNS1} ]; then
+ echo "nameserver ${DNS1}" >> /var/ipfire/red/resolv.conf
+ NAMESERVERS="${DNS1} "
+ fi
+ fi
+ if [ -e "/var/ipfire/red/dns2" ]; then
+ DNS2=$(cat /var/ipfire/red/dns2 2>/dev/null)
+ if [ ! -z ${DNS2} ]; then
+ echo "nameserver ${DNS2}" >> /var/ipfire/red/resolv.conf
+ NAMESERVERS+="${DNS2} "
+ fi
+ fi
+
+ # create unbound interfaces.conf
+ if [ ${CONTROL_INTERFACE_FILE} = 1 ]; then
+ echo -n > /etc/unbound/interfaces.conf # Clear it
+ if [ ! -z ${GREEN_ADDRESS} ]; then
+ echo "interface: ${GREEN_ADDRESS}" >> /etc/unbound/interfaces.conf
+ fi
+ if [ ! -z ${BLUE_ADDRESS} ]; then
+ echo "interface: ${BLUE_ADDRESS}" >> /etc/unbound/interfaces.conf
+ fi
+ if [ ! -z ${ORANGE_ADDRESS} ]; then
+ echo "interface: ${ORANGE_ADDRESS}" >> /etc/unbound/interfaces.conf
+ fi
+ fi
+
+ # create unbound access.conf
+ if [ ${CONTROL_ACCESS_FILE} = 1 ]; then
+ echo -n > /etc/unbound/access.conf # Clear it
+ if [ ! -z ${GREEN_ADDRESS} ]; then
+ echo "access-control: $(cidr ${GREEN_ADDRESS} ${GREEN_NETMASK}) allow" >> /etc/unbound/access.conf
+ fi
+ if [ ! -z ${BLUE_ADDRESS} ]; then
+ echo "access-control: $(cidr ${BLUE_ADDRESS} ${BLUE_NETMASK}) allow" >> /etc/unbound/access.conf
+ fi
+ if [ ! -z ${ORANGE_ADDRESS} ]; then
+ echo "access-control: $(cidr ${ORANGE_ADDRESS} ${ORANGE_NETMASK}) allow" >> /etc/unbound/access.conf
+ fi
+ fi
+
+ # create unbound dnssec.conf
+ echo -n > /etc/unbound/dnssec.conf # Clear it
+ if [ ${ENABLE_DNSSEC} = 1 ]; then
+ echo " # dessec enabled per default" >> /etc/unbound/dnssec.conf
+ echo " # no necessary config options in this file" >> /etc/unbound/dnssec.conf
+ else
+ echo " # dnssec now disabled" >> /etc/unbound/dnssec.conf
+ echo " module-config: iterator" >> /etc/unbound/dnssec.conf
+ echo " val-permissive-mode: yes" >> /etc/unbound/dnssec.conf
+ fi
+
+ # create zone file for internal ipfire domain
+ unbound-zone
+
+ boot_mesg "Starting Unbound DNS proxy..."
+ unbound-anchor
+ loadproc /usr/sbin/unbound
+
+ # start dhcpd watcher daemon if DNS-Update (RFC2136) activated
+ eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
+ if [[ ${DNS_UPDATE_ENABLED} = on && ! -f ${WAPIDFILE} ]]; then
+ /etc/rc.d/init.d/unbound-dhcpd start
+ fi
+
+ # use setup configured DNS servers
+ if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then
+ unbound-control forward_add +i . ${NAMESERVERS} &> /dev/null
+ fi;
+
+ FORWADRS=$(unbound-control list_forwards |sed 's|. IN forward ||g'|sed 's|+i ||g')
+ if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then
+ boot_mesg "Using DNS server(s): ${FORWADRS}"
+ else
+ boot_mesg "Using custom DNS server(s): ${FORWADRS}"
+ fi
+ if [ ${ENABLE_DNSSEC} = 1 ]; then
+ boot_mesg "DNSSEC is enabled!"
+ else
+ boot_mesg "DNSSEC is disabled!"
+ fi
+ fi
+ ;;
+
+ stop)
+
+ if [[ -f ${PIDFILE} ]]; then
+ # stop dhcpd watcher daemon if activted
+ if [[ -f ${WAPIDFILE} ]]; then
+ /etc/rc.d/init.d/unbound-dhcpd stop
+ fi
+ # stop Unbound daemon
+ boot_mesg "Stopping Unbound DNS proxy..."
+ killproc -p "/var/run/unbound.pid" /usr/sbin/unbound
+ else
+ log_warning_msg "Unbound daemon is not running..."
+ fi
+ ;;
+
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+
+ status)
+ statusproc /usr/sbin/unbound
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/unbound