. /etc/sysconfig/rc
. ${rc_functions}
+CACHE_SIZE=2500
+ENABLE_DNSSEC=1
+SHOW_SRV=1
+TRUST_ANCHOR=".,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
+TIMESTAMP_FILE="/var/ipfire/dns/dnssec-timestamp"
+
# Pull custom configuration file
if [ -e "/etc/sysconfig/dnsmasq" ]; then
. /etc/sysconfig/dnsmasq
fi
-SHOW_SRV=1
+function dnssec_args() {
+ local cmdline="--dnssec --dnssec-timestamp ${TIMESTAMP_FILE}"
+
+ if [ -n "${TRUST_ANCHOR}" ]; then
+ cmdline="${cmdline} --trust-anchor=${TRUST_ANCHOR}"
+ fi
+
+ echo "${cmdline}"
+}
+
+function dns_forward_args() {
+ local file="${1}"
+
+ # Do nothing if file is empty.
+ [ -s "${file}" ] || return
+
+ local cmdline
+
+ local enabled zone server remark
+ while IFS="," read -r enabled zone server remark; do
+ # Line must be enabled.
+ [ "${enabled}" = "on" ] || continue
+
+ cmdline="${cmdline} --server=/${zone}/${server}"
+ done < ${file}
+
+ echo "${cmdline}"
+}
+
+function dns_leases_args() {
+ eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
+
+ # If the DHCP server is enabled and DNS Update (RFC2136) is
+ # enabled, too, we won't overlay the internal domain with
+ # the dynamic/static leases.
+
+ if ([ "${ENABLE_GREEN}" = "on" ] || [ "${ENABLE_BLUE}" = "on" ]) \
+ && [ "${DNS_UPDATE_ENABLED}" = "on" ]; then
+ return
+ fi
+
+ echo "-l /var/state/dhcp/dhcpd.leases"
+}
case "${1}" in
start)
+ # kill already running copy of dnsmasq...
+ killproc /usr/sbin/dnsmasq 2>&1 > /dev/null
+
boot_mesg "Starting Domain Name Service Proxy..."
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- ARGS=
- [ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="-s $DOMAIN_NAME_GREEN"
-
+ ARGS="$CUSTOM_ARGS"
+ [ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"
+
+ # DHCP configuration
+ ARGS="${ARGS} $(dns_leases_args)"
+
echo > /var/ipfire/red/resolv.conf # Clear it
if [ -e "/var/ipfire/red/dns1" ]; then
DNS1=$(cat /var/ipfire/red/dns1 2>/dev/null)
fi
fi
[ -e "/var/ipfire/red/active" ] && ARGS="$ARGS -r /var/ipfire/red/resolv.conf"
-
+
ARGS="$ARGS --domain=`cat /var/ipfire/main/settings |grep DOMAIN |cut -d = -f 2`"
- ARGS="$ARGS $CUSTOM_ARGS"
- loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS
+ # Add custom forward dns zones.
+ ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)"
+
+ # Enabled DNSSEC validation
+ if [ "${ENABLE_DNSSEC}" -eq 1 ]; then
+ ARGS="${ARGS} $(dnssec_args)"
+ fi
+
+ if [ -n "${CACHE_SIZE}" ]; then
+ ARGS="${ARGS} --cache-size=${CACHE_SIZE}"
+ fi
+
+ loadproc /usr/sbin/dnsmasq ${ARGS}
if [ "${SHOW_SRV}" -eq 1 ] && [ "${DNS1}" != "" -o "${DNS2}" != "" ]; then
boot_mesg "Using DNS server(s): ${DNS1} ${DNS2}"