From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue, 16 Jul 2019 09:14:41 +0000 (+0200)
Subject: unbound: rework dns-forwader handling
X-Git-Tag: v2.23-core135^2~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3ec3329dffe9e045c37b1b3d048947bb59cd6fa6;p=ipfire-2.x.git

unbound: rework dns-forwader handling

add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.

This also fix the hung at dhcpd shutdown.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index b731a70c11..260a961fef 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index b731a70c11..260a961fef 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index df4f859f19..88ec789bc3 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -49,7 +49,7 @@ etc/rc.d/init.d/networking/red.down/10-static-routes
 etc/rc.d/init.d/networking/red.down/20-firewall
 #etc/rc.d/init.d/networking/red.up
 etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
-etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.up/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index df4f859f19..d74fb743b8 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
diff --git a/config/rootfiles/core/135/filelists/files b/config/rootfiles/core/135/filelists/files
index 3d868d3249..d8df9f65b4 100644
--- a/config/rootfiles/core/135/filelists/files
+++ b/config/rootfiles/core/135/filelists/files
@@ -6,6 +6,7 @@ etc/unbound/root.hints
 etc/rc.d/helper/azure-setup
 etc/rc.d/init.d/cloud-init
 etc/rc.d/init.d/functions
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/partresize
 etc/rc.d/init.d/unbound
 etc/sysctl.conf
diff --git a/config/rootfiles/core/135/update.sh b/config/rootfiles/core/135/update.sh
index 56854d2c95..55f72fc4ea 100644
--- a/config/rootfiles/core/135/update.sh
+++ b/config/rootfiles/core/135/update.sh
@@ -35,6 +35,7 @@ done
 rm -vf \
 	/etc/rc.d/init.d/aws \
 	/etc/rc.d/rcsysinit.d/S74aws
+	/etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
 
 # Stop services
 /etc/init.d/squid stop
diff --git a/src/initscripts/networking/red.down/05-remove-dns-forwarders b/src/initscripts/networking/red.down/05-remove-dns-forwarders
new file mode 100644
index 0000000000..671cca9df5
--- /dev/null
+++ b/src/initscripts/networking/red.down/05-remove-dns-forwarders
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Remove DNS forwarders for unbound
+exec /etc/init.d/unbound remove-forwarders
diff --git a/src/initscripts/networking/red.down/05-update-dns-forwarders b/src/initscripts/networking/red.down/05-update-dns-forwarders
deleted file mode 100644
index 7f35696f58..0000000000
--- a/src/initscripts/networking/red.down/05-update-dns-forwarders
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# Update DNS forwarders for unbound
-exec /etc/init.d/unbound update-forwarders
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 5d3c5062ff..dbcfc951f0 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -41,6 +41,22 @@ read_name_servers() {
 	done 2>/dev/null | xargs echo
 }
 
+check_red_has_carrier_and_ip() {
+	# Interface configured ?
+	[ ! -e "/var/ipfire/red/iface" ] && return 0;
+
+	# Interface present ?
+	[ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0;
+
+	# has carrier ?
+	[ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0;
+
+	# has ip ?
+	[ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0;
+
+	return 1;
+}
+
 config_header() {
 	echo "# This file is automatically generated and any changes"
 	echo "# will be overwritten. DO NOT EDIT!"
@@ -48,7 +64,8 @@ config_header() {
 }
 
 update_forwarders() {
-	if [ "${USE_FORWARDERS}" = "1" -a -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
+	check_red_has_carrier_and_ip
+	if [ "${USE_FORWARDERS}" = "1" -a "${?}" = "1" ]; then
 		local forwarders
 		local broken_forwarders
 
@@ -131,6 +148,13 @@ update_forwarders() {
 	unbound-control -q forward off
 }
 
+remove_forwarders() {
+	enable_dnssec
+	echo "local recursor" > /var/ipfire/red/dns
+	unbound-control -q forward off
+
+}
+
 own_hostname() {
 	local hostname=$(hostname -f)
 	# 1.1.1.1 is reserved for unused green, skip this
@@ -473,7 +497,8 @@ disable_dnssec() {
 fix_time_if_dns_fail() {
 	# If DNS still not work try to init ntp with
 	# hardcoded ntp.ipfire.org (81.3.27.46)
-	if [ -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
+	check_red_has_carrier_and_ip
+	if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then
 		host 0.ipfire.pool.ntp.org > /dev/null 2>&1
 		if [ "${?}" != "0" ]; then
 			boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
@@ -807,6 +832,19 @@ case "$1" in
 		fix_time_if_dns_fail
 		;;
 
+	remove-forwarders)
+		# Do not try updating forwarders when unbound is not running
+		if ! pgrep unbound &>/dev/null; then
+			exit 0
+		fi
+
+		remove_forwarders
+
+		unbound-control flush_negative > /dev/null
+		unbound-control flush_bogus > /dev/null
+		;;
+
+
 	test-name-server)
 		ns=${2}
 
@@ -848,7 +886,7 @@ case "$1" in
 		;;
 
 	*)
-		echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}"
+		echo "Usage: $0 {start|stop|restart|status|update-forwarders|remove-forwarders|test-name-server|resolve}"
 		exit 1
 		;;
 esac