Merge remote-tracking branch 'ms/dhcp-rfc2136-broken-down' into next

[ipfire-2.x.git] / src / initscripts / init.d / dnsmasq

diff --git a/src/initscripts/init.d/dnsmasq b/src/initscripts/init.d/dnsmasq
index 11859214b9e050b0d428cf23294f00b1a6095985..059ffacdd8e92abd3bab4f8e93969378afe60531 100644 (file)
--- a/src/initscripts/init.d/dnsmasq
+++ b/src/initscripts/init.d/dnsmasq
@@ -15,21 +15,75 @@
 . /etc/sysconfig/rc
 . ${rc_functions}
 
+CACHE_SIZE=2500
+ENABLE_DNSSEC=1
+SHOW_SRV=1
+TRUST_ANCHOR=".,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
+TIMESTAMP_FILE="/var/ipfire/dns/dnssec-timestamp"
+
 # Pull custom configuration file
 if [ -e "/etc/sysconfig/dnsmasq" ]; then
        . /etc/sysconfig/dnsmasq
 fi
 
-SHOW_SRV=1
+function dnssec_args() {
+       local cmdline="--dnssec --dnssec-timestamp ${TIMESTAMP_FILE}"
+
+       if [ -n "${TRUST_ANCHOR}" ]; then
+               cmdline="${cmdline} --trust-anchor=${TRUST_ANCHOR}"
+       fi
+
+       echo "${cmdline}"
+}
+
+function dns_forward_args() {
+       local file="${1}"
+
+       # Do nothing if file is empty.
+       [ -s "${file}" ] || return
+
+       local cmdline
+
+       local enabled zone server remark
+       while IFS="," read -r enabled zone server remark; do
+               # Line must be enabled.
+               [ "${enabled}" = "on" ] || continue
+
+               cmdline="${cmdline} --server=/${zone}/${server}"
+       done < ${file}
+
+       echo "${cmdline}"
+}
+
+function dns_leases_args() {
+       eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
+
+       # If the DHCP server is enabled and DNS Update (RFC2136) is
+       # enabled, too, we won't overlay the internal domain with
+       # the dynamic/static leases.
+
+       if ([ "${ENABLE_GREEN}" = "on" ] || [ "${ENABLE_BLUE}" = "on" ]) \
+                       && [ "${DNS_UPDATE_ENABLED}" = "on" ]; then
+               return
+       fi
+
+       echo "-l /var/state/dhcp/dhcpd.leases"
+}
 
 case "${1}" in
        start)
+               # kill already running copy of dnsmasq...
+               killproc /usr/sbin/dnsmasq 2>&1 > /dev/null
+
                boot_mesg "Starting Domain Name Service Proxy..."
                
                eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-               ARGS=
-               [ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="-s $DOMAIN_NAME_GREEN"
-               
+               ARGS="$CUSTOM_ARGS"
+               [ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"
+
+               # DHCP configuration
+               ARGS="${ARGS} $(dns_leases_args)"
+
                echo > /var/ipfire/red/resolv.conf # Clear it
                if [ -e "/var/ipfire/red/dns1" ]; then
                    DNS1=$(cat /var/ipfire/red/dns1 2>/dev/null)
@@ -44,11 +98,22 @@ case "${1}" in
                    fi
                fi
                [ -e "/var/ipfire/red/active" ] && ARGS="$ARGS -r /var/ipfire/red/resolv.conf"
-               
+       
                ARGS="$ARGS --domain=`cat /var/ipfire/main/settings |grep DOMAIN |cut -d = -f 2`"
-               ARGS="$ARGS $CUSTOM_ARGS"
 
-               loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS
+               # Add custom forward dns zones.
+               ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)"
+
+               # Enabled DNSSEC validation
+               if [ "${ENABLE_DNSSEC}" -eq 1 ]; then
+                       ARGS="${ARGS} $(dnssec_args)"
+               fi
+
+               if [ -n "${CACHE_SIZE}" ]; then
+                       ARGS="${ARGS} --cache-size=${CACHE_SIZE}"
+               fi
+
+               loadproc /usr/sbin/dnsmasq ${ARGS}
                
                if [ "${SHOW_SRV}" -eq 1 ] && [ "${DNS1}" != "" -o "${DNS2}" != "" ]; then
                    boot_mesg "Using DNS server(s): ${DNS1} ${DNS2}"