src/initscripts/init.d/unbound

   1 #!/bin/sh
   2 # Begin $rc_base/init.d/unbound
   3
   4 # Description : Unbound DNS resolver boot script for IPfire
   5 # Author      : Marcel Lorenz <marcel.lorenz@ipfire.org>
   6 #
   7 # Comment     : This init script additional starts the dhcpd watcher daemon
   8 #               if DNS-Update (RFC2136) in web interface enabled
   9
  10 . /etc/sysconfig/rc
  11 . ${rc_functions}
  12
  13 USE_FORWARDERS=1
  14
  15 # Load optional configuration
  16 [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
  17
  18 function cidr() {
  19     local cidr nbits IFS;
  20     IFS=. read -r i1 i2 i3 i4 <<< ${1}
  21     IFS=. read -r m1 m2 m3 m4 <<< ${2}
  22     cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
  23     nbits=0
  24     IFS=.
  25     for dec in $2 ; do
  26         case $dec in
  27             255) let nbits+=8;;
  28             254) let nbits+=7;;
  29             252) let nbits+=6;;
  30             248) let nbits+=5;;
  31             240) let nbits+=4;;
  32             224) let nbits+=3;;
  33             192) let nbits+=2;;
  34             128) let nbits+=1;;
  35             0);;
  36             *) echo "Error: $dec is not recognised"; exit 1
  37         esac
  38     done
  39     echo "${cidr}/${nbits}"
  40 }
  41
  42 read_name_servers() {
  43         local i
  44         for i in 1 2; do
  45                 echo "$(</var/ipfire/red/dns${i})"
  46         done | xargs echo
  47 }
  48
  49 config_header() {
  50         echo "# This file is automatically generated and any changes"
  51         echo "# will be overwritten. DO NOT EDIT!"
  52         echo
  53 }
  54
  55 update_forwarders() {
  56         local forwarders="$(read_name_servers)"
  57
  58         if [ "${USE_FORWARDERS}" = "1" ] && [ -n "${forwarders}" ]; then
  59                 boot_mesg "Using Name Server(s): ${forwarders}"
  60                 boot_mesg_flush
  61
  62                 unbound-control -q forward ${forwarders}
  63
  64         # If forwarders cannot be used we run in recursor mode
  65         else
  66                 unbound-control -q forward off
  67         fi
  68 }
  69
  70 write_interfaces_conf() {
  71         (
  72                 config_header
  73
  74                 if [ -n "${GREEN_ADDRESS}" ]; then
  75                         echo "# GREEN"
  76                         echo "interface: ${GREEN_ADDRESS}"
  77                         echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow"
  78                 fi
  79
  80                 if [ -n "${BLUE_ADDRESS}" ]; then
  81                         echo "# BLUE"
  82                         echo "interface: ${BLUE_ADDRESS}"
  83                         echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow"
  84                 fi
  85         ) > /etc/unbound/interfaces.conf
  86 }
  87
  88 write_forward_conf() {
  89         (
  90                 config_header
  91
  92                 local enabled zone server remark
  93                 while IFS="," read -r enabled zone server remark; do
  94                         # Line must be enabled.
  95                         [ "${enabled}" = "on" ] || continue
  96
  97                         echo "forward-zone:"
  98                         echo "  name: ${zone}"
  99                         echo "  forward-addr: ${server}"
 100                         echo
 101                 done < /var/ipfire/dnsforward/config
 102         ) > /etc/unbound/forward.conf
 103 }
 104
 105
 106 case "$1" in
 107         start)
 108                 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 109                 eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
 110
 111                 # Create control keys at first run
 112                 if [ ! -r "/etc/unbound/unbound_control.key" ]; then
 113                         unbound-control-setup -d /etc/unbound &>/dev/null
 114                 fi
 115
 116                 # Update configuration files
 117                 write_interfaces_conf
 118                 write_forward_conf
 119
 120                 boot_mesg "Starting Unbound DNS Proxy..."
 121                 loadproc /usr/sbin/unbound || exit $?
 122
 123                 # Update any known forwarding name servers
 124                 update_forwarders
 125
 126                 # Start Unbound DHCP Lease Bridge unless RFC2136 is used
 127                 if [ "${DNS_UPDATE_ENABLED}" != on ]; then
 128                         boot_mesg "Starting Unbound DHCP Leases Bridge..."
 129                         loadproc /usr/sbin/unbound-dhcp-leases-bridge -d
 130                 fi
 131                 ;;
 132
 133         stop)
 134                 boot_mesg "Stopping Unbound DHCP Leases Bridge..."
 135                 killproc /usr/sbin/unbound-dhcp-leases-bridge
 136
 137                 boot_mesg "Stopping Unbound DNS Proxy..."
 138                 killproc /usr/sbin/unbound
 139                 ;;
 140
 141         restart)
 142                 $0 stop
 143                 sleep 1
 144                 $0 start
 145                 ;;
 146
 147         status)
 148                 statusproc /usr/sbin/unbound
 149                 statusproc /usr/sbin/unbound-dhcp-leases-bridge
 150                 ;;
 151
 152         update-forwarders)
 153                 update_forwarders
 154                 ;;
 155
 156         *)
 157                 echo "Usage: $0 {start|stop|restart|status|update-forwarders}"
 158                 exit 1
 159                 ;;
 160 esac
 161
 162 # End $rc_base/init.d/unbound