]>
Commit | Line | Data |
---|---|---|
d0e5f71f ML |
1 | #!/bin/sh |
2 | # Begin $rc_base/init.d/unbound | |
3 | ||
4 | # Description : Unbound DNS resolver boot script for IPfire | |
5 | # Author : Marcel Lorenz <marcel.lorenz@ipfire.org> | |
d0e5f71f ML |
6 | |
7 | . /etc/sysconfig/rc | |
8 | . ${rc_functions} | |
9 | ||
b8f5eda8 | 10 | USE_FORWARDERS=1 |
d0e5f71f | 11 | |
36792be6 MT |
12 | # Cache any local zones for 60 seconds |
13 | LOCAL_TTL=60 | |
14 | ||
b8f5eda8 MT |
15 | # Load optional configuration |
16 | [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound | |
d0e5f71f ML |
17 | |
18 | function cidr() { | |
19 | local cidr nbits IFS; | |
20 | IFS=. read -r i1 i2 i3 i4 <<< ${1} | |
21 | IFS=. read -r m1 m2 m3 m4 <<< ${2} | |
22 | cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))") | |
23 | nbits=0 | |
24 | IFS=. | |
25 | for dec in $2 ; do | |
26 | case $dec in | |
27 | 255) let nbits+=8;; | |
28 | 254) let nbits+=7;; | |
29 | 252) let nbits+=6;; | |
30 | 248) let nbits+=5;; | |
31 | 240) let nbits+=4;; | |
32 | 224) let nbits+=3;; | |
33 | 192) let nbits+=2;; | |
34 | 128) let nbits+=1;; | |
35 | 0);; | |
36 | *) echo "Error: $dec is not recognised"; exit 1 | |
37 | esac | |
38 | done | |
39 | echo "${cidr}/${nbits}" | |
40 | } | |
41 | ||
b8f5eda8 MT |
42 | read_name_servers() { |
43 | local i | |
44 | for i in 1 2; do | |
45 | echo "$(</var/ipfire/red/dns${i})" | |
46 | done | xargs echo | |
47 | } | |
48 | ||
49 | config_header() { | |
50 | echo "# This file is automatically generated and any changes" | |
51 | echo "# will be overwritten. DO NOT EDIT!" | |
52 | echo | |
53 | } | |
54 | ||
55 | update_forwarders() { | |
56 | local forwarders="$(read_name_servers)" | |
57 | ||
58 | if [ "${USE_FORWARDERS}" = "1" ] && [ -n "${forwarders}" ]; then | |
59 | boot_mesg "Using Name Server(s): ${forwarders}" | |
60 | boot_mesg_flush | |
61 | ||
62 | unbound-control -q forward ${forwarders} | |
63 | ||
64 | # If forwarders cannot be used we run in recursor mode | |
65 | else | |
66 | unbound-control -q forward off | |
67 | fi | |
68 | } | |
69 | ||
36792be6 MT |
70 | update_hosts() { |
71 | local enabled address hostname domainname | |
72 | ||
73 | while IFS="," read -r enabled address hostname domainname; do | |
74 | [ "${enabled}" = "on" ] || continue | |
75 | ||
76 | # Build FQDN | |
77 | local fqdn="${hostname}.${domainname}" | |
78 | ||
79 | unbound-control -q local_data "${fqdn} ${LOCAL_TTL} IN A ${address}" | |
80 | done < /var/ipfire/main/hosts | |
81 | } | |
82 | ||
b8f5eda8 MT |
83 | write_interfaces_conf() { |
84 | ( | |
85 | config_header | |
86 | ||
87 | if [ -n "${GREEN_ADDRESS}" ]; then | |
88 | echo "# GREEN" | |
89 | echo "interface: ${GREEN_ADDRESS}" | |
90 | echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow" | |
91 | fi | |
92 | ||
93 | if [ -n "${BLUE_ADDRESS}" ]; then | |
94 | echo "# BLUE" | |
95 | echo "interface: ${BLUE_ADDRESS}" | |
96 | echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow" | |
97 | fi | |
98 | ) > /etc/unbound/interfaces.conf | |
99 | } | |
100 | ||
101 | write_forward_conf() { | |
102 | ( | |
103 | config_header | |
104 | ||
105 | local enabled zone server remark | |
106 | while IFS="," read -r enabled zone server remark; do | |
107 | # Line must be enabled. | |
108 | [ "${enabled}" = "on" ] || continue | |
109 | ||
110 | echo "forward-zone:" | |
111 | echo " name: ${zone}" | |
112 | echo " forward-addr: ${server}" | |
113 | echo | |
114 | done < /var/ipfire/dnsforward/config | |
115 | ) > /etc/unbound/forward.conf | |
116 | } | |
117 | ||
b658a451 MT |
118 | write_tuning_conf() { |
119 | # https://www.unbound.net/documentation/howto_optimise.html | |
120 | ||
121 | # Determine number of online processors | |
122 | local processors=$(getconf _NPROCESSORS_ONLN) | |
123 | ||
124 | # Determine number of slabs | |
125 | local slabs=1 | |
126 | while [ ${slabs} -lt ${processors} ]; do | |
127 | slabs=$(( ${slabs} * 2 )) | |
128 | done | |
129 | ||
130 | # Determine amount of system memory | |
131 | local mem=$(get_memory_amount) | |
132 | ||
133 | # In the worst case scenario, unbound can use double the | |
134 | # amount of memory allocated to a cache due to malloc overhead | |
135 | ||
136 | # Large systems with more than 2GB of RAM | |
137 | if [ ${mem} -ge 2048 ]; then | |
138 | mem=128 | |
139 | ||
140 | # Small systems with less than 256MB of RAM | |
141 | elif [ ${mem} -le 256 ]; then | |
142 | mem=8 | |
143 | ||
144 | # Everything else | |
145 | else | |
146 | mem=32 | |
147 | fi | |
148 | ||
149 | ( | |
150 | config_header | |
151 | ||
152 | # We run one thread per processor | |
153 | echo "num-threads: ${processors}" | |
154 | ||
155 | # Adjust number of slabs | |
156 | echo "infra-cache-slabs: ${slabs}" | |
157 | echo "key-cache-slabs: ${slabs}" | |
158 | echo "msg-cache-slabs: ${slabs}" | |
159 | echo "rrset-cache-slabs: ${slabs}" | |
160 | ||
161 | # Slice up the cache | |
162 | echo "rrset-cache-size: $(( ${mem} / 2 ))m" | |
163 | echo "msg-cache-size: $(( ${mem} / 4 ))m" | |
164 | echo "key-cache-size: $(( ${mem} / 4 ))m" | |
165 | ) > /etc/unbound/tuning.conf | |
166 | } | |
167 | ||
168 | get_memory_amount() { | |
169 | local key val unit | |
170 | ||
171 | while read -r key val unit; do | |
172 | case "${key}" in | |
173 | MemTotal:*) | |
174 | # Convert to MB | |
175 | echo "$(( ${val} / 1024 ))" | |
176 | break | |
177 | ;; | |
178 | esac | |
179 | done < /proc/meminfo | |
180 | } | |
b8f5eda8 | 181 | |
d0e5f71f ML |
182 | case "$1" in |
183 | start) | |
b8f5eda8 | 184 | eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) |
d0e5f71f | 185 | |
b8f5eda8 MT |
186 | # Create control keys at first run |
187 | if [ ! -r "/etc/unbound/unbound_control.key" ]; then | |
188 | unbound-control-setup -d /etc/unbound &>/dev/null | |
189 | fi | |
190 | ||
191 | # Update configuration files | |
b658a451 | 192 | write_tuning_conf |
b8f5eda8 MT |
193 | write_interfaces_conf |
194 | write_forward_conf | |
195 | ||
196 | boot_mesg "Starting Unbound DNS Proxy..." | |
197 | loadproc /usr/sbin/unbound || exit $? | |
198 | ||
199 | # Update any known forwarding name servers | |
200 | update_forwarders | |
36792be6 MT |
201 | |
202 | # Update hosts | |
203 | update_hosts | |
b8f5eda8 | 204 | ;; |
d0e5f71f ML |
205 | |
206 | stop) | |
b8f5eda8 MT |
207 | boot_mesg "Stopping Unbound DNS Proxy..." |
208 | killproc /usr/sbin/unbound | |
209 | ;; | |
d0e5f71f ML |
210 | |
211 | restart) | |
b8f5eda8 MT |
212 | $0 stop |
213 | sleep 1 | |
214 | $0 start | |
215 | ;; | |
d0e5f71f ML |
216 | |
217 | status) | |
b8f5eda8 | 218 | statusproc /usr/sbin/unbound |
b8f5eda8 MT |
219 | ;; |
220 | ||
221 | update-forwarders) | |
222 | update_forwarders | |
223 | ;; | |
d0e5f71f ML |
224 | |
225 | *) | |
b8f5eda8 MT |
226 | echo "Usage: $0 {start|stop|restart|status|update-forwarders}" |
227 | exit 1 | |
228 | ;; | |
d0e5f71f ML |
229 | esac |
230 | ||
231 | # End $rc_base/init.d/unbound |