local i
for i in 1 2; do
echo "$(</var/ipfire/red/dns${i})"
- done | xargs echo
+ done 2>/dev/null | xargs echo
}
config_header() {
enable_dnssec() {
local status=$(unbound-control get_option val-permissive-mode)
- # Don't do anything if DNSSEC is already activated
- [ "${status}" = "no" ] && return 0
-
# Log DNSSEC status
echo "on" > /var/ipfire/red/dnssec-status
+ # Don't do anything if DNSSEC is already activated
+ [ "${status}" = "no" ] && return 0
+
# Activate DNSSEC and flush cache with any stale and unvalidated data
unbound-control -q set_option val-permissive-mode: no
unbound-control -q flush_zone .
unbound-control -q set_option val-permissive-mode: yes
}
+fix_time_if_dns_fail() {
+ # If DNS still not work try to init ntp with
+ # hardcoded ntp.ipfire.org (81.3.27.46)
+ if [ -e /var/ipfire/red/active ]; then
+ host 0.ipfire.pool.ntp.org > /dev/null 2>&1
+ if [ "${?}" != "0" ]; then
+ boot_mesg "DNS still not work ... init time with ntp.ipfire.org at 81.3.27.46 ..."
+ loadproc /usr/local/bin/settime 81.3.27.46
+ fi
+ fi
+}
+
case "$1" in
start)
# Print a nicer messagen when unbound is already running
# Update hosts
update_hosts
+
+ fix_time_if_dns_fail
;;
stop)
fi
update_forwarders
+
+ unbound-control flush_negative > /dev/null
+ unbound-control flush_bogus > /dev/null
+
+ fix_time_if_dns_fail
;;
test-name-server)