]>
Commit | Line | Data |
---|---|---|
d0e5f71f ML |
1 | #!/bin/sh |
2 | # Begin $rc_base/init.d/unbound | |
3 | ||
4 | # Description : Unbound DNS resolver boot script for IPfire | |
5 | # Author : Marcel Lorenz <marcel.lorenz@ipfire.org> | |
d0e5f71f ML |
6 | |
7 | . /etc/sysconfig/rc | |
8 | . ${rc_functions} | |
9 | ||
b8f5eda8 | 10 | USE_FORWARDERS=1 |
d0e5f71f | 11 | |
b8f5eda8 MT |
12 | # Load optional configuration |
13 | [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound | |
d0e5f71f ML |
14 | |
15 | function cidr() { | |
16 | local cidr nbits IFS; | |
17 | IFS=. read -r i1 i2 i3 i4 <<< ${1} | |
18 | IFS=. read -r m1 m2 m3 m4 <<< ${2} | |
19 | cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))") | |
20 | nbits=0 | |
21 | IFS=. | |
22 | for dec in $2 ; do | |
23 | case $dec in | |
24 | 255) let nbits+=8;; | |
25 | 254) let nbits+=7;; | |
26 | 252) let nbits+=6;; | |
27 | 248) let nbits+=5;; | |
28 | 240) let nbits+=4;; | |
29 | 224) let nbits+=3;; | |
30 | 192) let nbits+=2;; | |
31 | 128) let nbits+=1;; | |
32 | 0);; | |
33 | *) echo "Error: $dec is not recognised"; exit 1 | |
34 | esac | |
35 | done | |
36 | echo "${cidr}/${nbits}" | |
37 | } | |
38 | ||
b8f5eda8 MT |
39 | read_name_servers() { |
40 | local i | |
41 | for i in 1 2; do | |
42 | echo "$(</var/ipfire/red/dns${i})" | |
43 | done | xargs echo | |
44 | } | |
45 | ||
46 | config_header() { | |
47 | echo "# This file is automatically generated and any changes" | |
48 | echo "# will be overwritten. DO NOT EDIT!" | |
49 | echo | |
50 | } | |
51 | ||
52 | update_forwarders() { | |
53 | local forwarders="$(read_name_servers)" | |
54 | ||
55 | if [ "${USE_FORWARDERS}" = "1" ] && [ -n "${forwarders}" ]; then | |
56 | boot_mesg "Using Name Server(s): ${forwarders}" | |
57 | boot_mesg_flush | |
58 | ||
59 | unbound-control -q forward ${forwarders} | |
60 | ||
61 | # If forwarders cannot be used we run in recursor mode | |
62 | else | |
63 | unbound-control -q forward off | |
64 | fi | |
65 | } | |
66 | ||
67 | write_interfaces_conf() { | |
68 | ( | |
69 | config_header | |
70 | ||
71 | if [ -n "${GREEN_ADDRESS}" ]; then | |
72 | echo "# GREEN" | |
73 | echo "interface: ${GREEN_ADDRESS}" | |
74 | echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow" | |
75 | fi | |
76 | ||
77 | if [ -n "${BLUE_ADDRESS}" ]; then | |
78 | echo "# BLUE" | |
79 | echo "interface: ${BLUE_ADDRESS}" | |
80 | echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow" | |
81 | fi | |
82 | ) > /etc/unbound/interfaces.conf | |
83 | } | |
84 | ||
85 | write_forward_conf() { | |
86 | ( | |
87 | config_header | |
88 | ||
89 | local enabled zone server remark | |
90 | while IFS="," read -r enabled zone server remark; do | |
91 | # Line must be enabled. | |
92 | [ "${enabled}" = "on" ] || continue | |
93 | ||
94 | echo "forward-zone:" | |
95 | echo " name: ${zone}" | |
96 | echo " forward-addr: ${server}" | |
97 | echo | |
98 | done < /var/ipfire/dnsforward/config | |
99 | ) > /etc/unbound/forward.conf | |
100 | } | |
101 | ||
b658a451 MT |
102 | write_tuning_conf() { |
103 | # https://www.unbound.net/documentation/howto_optimise.html | |
104 | ||
105 | # Determine number of online processors | |
106 | local processors=$(getconf _NPROCESSORS_ONLN) | |
107 | ||
108 | # Determine number of slabs | |
109 | local slabs=1 | |
110 | while [ ${slabs} -lt ${processors} ]; do | |
111 | slabs=$(( ${slabs} * 2 )) | |
112 | done | |
113 | ||
114 | # Determine amount of system memory | |
115 | local mem=$(get_memory_amount) | |
116 | ||
117 | # In the worst case scenario, unbound can use double the | |
118 | # amount of memory allocated to a cache due to malloc overhead | |
119 | ||
120 | # Large systems with more than 2GB of RAM | |
121 | if [ ${mem} -ge 2048 ]; then | |
122 | mem=128 | |
123 | ||
124 | # Small systems with less than 256MB of RAM | |
125 | elif [ ${mem} -le 256 ]; then | |
126 | mem=8 | |
127 | ||
128 | # Everything else | |
129 | else | |
130 | mem=32 | |
131 | fi | |
132 | ||
133 | ( | |
134 | config_header | |
135 | ||
136 | # We run one thread per processor | |
137 | echo "num-threads: ${processors}" | |
138 | ||
139 | # Adjust number of slabs | |
140 | echo "infra-cache-slabs: ${slabs}" | |
141 | echo "key-cache-slabs: ${slabs}" | |
142 | echo "msg-cache-slabs: ${slabs}" | |
143 | echo "rrset-cache-slabs: ${slabs}" | |
144 | ||
145 | # Slice up the cache | |
146 | echo "rrset-cache-size: $(( ${mem} / 2 ))m" | |
147 | echo "msg-cache-size: $(( ${mem} / 4 ))m" | |
148 | echo "key-cache-size: $(( ${mem} / 4 ))m" | |
149 | ) > /etc/unbound/tuning.conf | |
150 | } | |
151 | ||
152 | get_memory_amount() { | |
153 | local key val unit | |
154 | ||
155 | while read -r key val unit; do | |
156 | case "${key}" in | |
157 | MemTotal:*) | |
158 | # Convert to MB | |
159 | echo "$(( ${val} / 1024 ))" | |
160 | break | |
161 | ;; | |
162 | esac | |
163 | done < /proc/meminfo | |
164 | } | |
b8f5eda8 | 165 | |
d0e5f71f ML |
166 | case "$1" in |
167 | start) | |
b8f5eda8 | 168 | eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) |
d0e5f71f | 169 | |
b8f5eda8 MT |
170 | # Create control keys at first run |
171 | if [ ! -r "/etc/unbound/unbound_control.key" ]; then | |
172 | unbound-control-setup -d /etc/unbound &>/dev/null | |
173 | fi | |
174 | ||
175 | # Update configuration files | |
b658a451 | 176 | write_tuning_conf |
b8f5eda8 MT |
177 | write_interfaces_conf |
178 | write_forward_conf | |
179 | ||
180 | boot_mesg "Starting Unbound DNS Proxy..." | |
181 | loadproc /usr/sbin/unbound || exit $? | |
182 | ||
183 | # Update any known forwarding name servers | |
184 | update_forwarders | |
b8f5eda8 | 185 | ;; |
d0e5f71f ML |
186 | |
187 | stop) | |
b8f5eda8 MT |
188 | boot_mesg "Stopping Unbound DNS Proxy..." |
189 | killproc /usr/sbin/unbound | |
190 | ;; | |
d0e5f71f ML |
191 | |
192 | restart) | |
b8f5eda8 MT |
193 | $0 stop |
194 | sleep 1 | |
195 | $0 start | |
196 | ;; | |
d0e5f71f ML |
197 | |
198 | status) | |
b8f5eda8 | 199 | statusproc /usr/sbin/unbound |
b8f5eda8 MT |
200 | ;; |
201 | ||
202 | update-forwarders) | |
203 | update_forwarders | |
204 | ;; | |
d0e5f71f ML |
205 | |
206 | *) | |
b8f5eda8 MT |
207 | echo "Usage: $0 {start|stop|restart|status|update-forwarders}" |
208 | exit 1 | |
209 | ;; | |
d0e5f71f ML |
210 | esac |
211 | ||
212 | # End $rc_base/init.d/unbound |