]>
Commit | Line | Data |
---|---|---|
d0e5f71f ML |
1 | #!/bin/sh |
2 | # Begin $rc_base/init.d/unbound | |
3 | ||
4 | # Description : Unbound DNS resolver boot script for IPfire | |
5 | # Author : Marcel Lorenz <marcel.lorenz@ipfire.org> | |
6 | # | |
7 | # Comment : This init script additional starts the dhcpd watcher daemon | |
8 | # if DNS-Update (RFC2136) in web interface enabled | |
9 | ||
10 | . /etc/sysconfig/rc | |
11 | . ${rc_functions} | |
12 | ||
13 | if [[ ! -d /run/var ]]; then mkdir /run/var; fi; | |
14 | ||
15 | CONTROL_INTERFACE_FILE=1 | |
16 | CONTROL_ACCESS_FILE=1 | |
17 | USE_CUSTOM_FORWARDS=0 | |
18 | ENABLE_DNSSEC=1 | |
19 | ||
20 | # Unbound daemon pid file | |
21 | PIDFILE=/var/run/unbound.pid | |
22 | ||
23 | # Watcher deamon pid file must be the same in unbound main init script | |
24 | WAPIDFILE=/var/run/unbound_dhcpd.pid | |
25 | ||
26 | function cidr() { | |
27 | local cidr nbits IFS; | |
28 | IFS=. read -r i1 i2 i3 i4 <<< ${1} | |
29 | IFS=. read -r m1 m2 m3 m4 <<< ${2} | |
30 | cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))") | |
31 | nbits=0 | |
32 | IFS=. | |
33 | for dec in $2 ; do | |
34 | case $dec in | |
35 | 255) let nbits+=8;; | |
36 | 254) let nbits+=7;; | |
37 | 252) let nbits+=6;; | |
38 | 248) let nbits+=5;; | |
39 | 240) let nbits+=4;; | |
40 | 224) let nbits+=3;; | |
41 | 192) let nbits+=2;; | |
42 | 128) let nbits+=1;; | |
43 | 0);; | |
44 | *) echo "Error: $dec is not recognised"; exit 1 | |
45 | esac | |
46 | done | |
47 | echo "${cidr}/${nbits}" | |
48 | } | |
49 | ||
50 | case "$1" in | |
51 | start) | |
52 | ||
53 | if [[ -f ${PIDFILE} ]]; then | |
54 | log_warning_msg "Unbound daemon is running with Process ID $(cat ${PIDFILE})" | |
55 | else | |
56 | eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) | |
57 | #ARGS="$CUSTOM_ARGS" | |
58 | #[ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN" | |
59 | ||
60 | echo > /var/ipfire/red/resolv.conf # Clear it | |
61 | if [ -e "/var/ipfire/red/dns1" ]; then | |
62 | DNS1=$(cat /var/ipfire/red/dns1 2>/dev/null) | |
63 | if [ ! -z ${DNS1} ]; then | |
64 | echo "nameserver ${DNS1}" >> /var/ipfire/red/resolv.conf | |
65 | NAMESERVERS="${DNS1} " | |
66 | fi | |
67 | fi | |
68 | if [ -e "/var/ipfire/red/dns2" ]; then | |
69 | DNS2=$(cat /var/ipfire/red/dns2 2>/dev/null) | |
70 | if [ ! -z ${DNS2} ]; then | |
71 | echo "nameserver ${DNS2}" >> /var/ipfire/red/resolv.conf | |
72 | NAMESERVERS+="${DNS2} " | |
73 | fi | |
74 | fi | |
75 | ||
76 | # create unbound interfaces.conf | |
77 | if [ ${CONTROL_INTERFACE_FILE} = 1 ]; then | |
78 | echo -n > /etc/unbound/interfaces.conf # Clear it | |
79 | if [ ! -z ${GREEN_ADDRESS} ]; then | |
80 | echo "interface: ${GREEN_ADDRESS}" >> /etc/unbound/interfaces.conf | |
81 | fi | |
82 | if [ ! -z ${BLUE_ADDRESS} ]; then | |
83 | echo "interface: ${BLUE_ADDRESS}" >> /etc/unbound/interfaces.conf | |
84 | fi | |
85 | if [ ! -z ${ORANGE_ADDRESS} ]; then | |
86 | echo "interface: ${ORANGE_ADDRESS}" >> /etc/unbound/interfaces.conf | |
87 | fi | |
88 | fi | |
89 | ||
90 | # create unbound access.conf | |
91 | if [ ${CONTROL_ACCESS_FILE} = 1 ]; then | |
92 | echo -n > /etc/unbound/access.conf # Clear it | |
93 | if [ ! -z ${GREEN_ADDRESS} ]; then | |
94 | echo "access-control: $(cidr ${GREEN_ADDRESS} ${GREEN_NETMASK}) allow" >> /etc/unbound/access.conf | |
95 | fi | |
96 | if [ ! -z ${BLUE_ADDRESS} ]; then | |
97 | echo "access-control: $(cidr ${BLUE_ADDRESS} ${BLUE_NETMASK}) allow" >> /etc/unbound/access.conf | |
98 | fi | |
99 | if [ ! -z ${ORANGE_ADDRESS} ]; then | |
100 | echo "access-control: $(cidr ${ORANGE_ADDRESS} ${ORANGE_NETMASK}) allow" >> /etc/unbound/access.conf | |
101 | fi | |
102 | fi | |
103 | ||
104 | # create unbound dnssec.conf | |
105 | echo -n > /etc/unbound/dnssec.conf # Clear it | |
106 | if [ ${ENABLE_DNSSEC} = 1 ]; then | |
107 | echo " # dessec enabled per default" >> /etc/unbound/dnssec.conf | |
108 | echo " # no necessary config options in this file" >> /etc/unbound/dnssec.conf | |
109 | else | |
110 | echo " # dnssec now disabled" >> /etc/unbound/dnssec.conf | |
111 | echo " module-config: iterator" >> /etc/unbound/dnssec.conf | |
112 | echo " val-permissive-mode: yes" >> /etc/unbound/dnssec.conf | |
113 | fi | |
114 | ||
115 | # create zone file for internal ipfire domain | |
116 | unbound-zone | |
117 | ||
118 | boot_mesg "Starting Unbound DNS proxy..." | |
119 | unbound-anchor | |
120 | loadproc /usr/sbin/unbound | |
121 | ||
122 | # start dhcpd watcher daemon if DNS-Update (RFC2136) activated | |
123 | eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings) | |
124 | if [[ ${DNS_UPDATE_ENABLED} = on && ! -f ${WAPIDFILE} ]]; then | |
125 | /etc/rc.d/init.d/unbound-dhcpd start | |
126 | fi | |
127 | ||
128 | # use setup configured DNS servers | |
129 | if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then | |
130 | unbound-control forward_add +i . ${NAMESERVERS} &> /dev/null | |
131 | fi; | |
132 | ||
133 | FORWADRS=$(unbound-control list_forwards |sed 's|. IN forward ||g'|sed 's|+i ||g') | |
134 | if [ "${USE_CUSTOM_FORWARDS}" -eq 0 ]; then | |
135 | boot_mesg "Using DNS server(s): ${FORWADRS}" | |
136 | else | |
137 | boot_mesg "Using custom DNS server(s): ${FORWADRS}" | |
138 | fi | |
139 | if [ ${ENABLE_DNSSEC} = 1 ]; then | |
140 | boot_mesg "DNSSEC is enabled!" | |
141 | else | |
142 | boot_mesg "DNSSEC is disabled!" | |
143 | fi | |
144 | fi | |
145 | ;; | |
146 | ||
147 | stop) | |
148 | ||
149 | if [[ -f ${PIDFILE} ]]; then | |
150 | # stop dhcpd watcher daemon if activted | |
151 | if [[ -f ${WAPIDFILE} ]]; then | |
152 | /etc/rc.d/init.d/unbound-dhcpd stop | |
153 | fi | |
154 | # stop Unbound daemon | |
155 | boot_mesg "Stopping Unbound DNS proxy..." | |
156 | killproc -p "/var/run/unbound.pid" /usr/sbin/unbound | |
157 | else | |
158 | log_warning_msg "Unbound daemon is not running..." | |
159 | fi | |
160 | ;; | |
161 | ||
162 | restart) | |
163 | $0 stop | |
164 | sleep 1 | |
165 | $0 start | |
166 | ;; | |
167 | ||
168 | status) | |
169 | statusproc /usr/sbin/unbound | |
170 | ;; | |
171 | ||
172 | *) | |
173 | echo "Usage: $0 {start|stop|restart|status}" | |
174 | exit 1 | |
175 | ;; | |
176 | esac | |
177 | ||
178 | # End $rc_base/init.d/unbound |