X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Fsystem%2Funbound;h=4e7e63e5fa72727f2d7c80079bc35ea0b15ec9d0;hp=7e804291852e11f18b815f53646963d989674dd1;hb=682a6b2dc8fb3e917e1d8927cd4caa022f4f23d8;hpb=4a0d69ca464aba3f27e7e2a98247f1630ef664bb

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 7e80429185..4e7e63e5fa 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -61,7 +61,7 @@ read_name_servers() {
 	local i
 	for i in 1 2; do
 		echo "$(</var/ipfire/red/dns${i})"
-	done | xargs echo
+	done 2>/dev/null | xargs echo
 }
 
 config_header() {
@@ -436,6 +436,9 @@ can_resolve_root() {
 enable_dnssec() {
 	local status=$(unbound-control get_option val-permissive-mode)
 
+	# Log DNSSEC status
+	echo "on" > /var/ipfire/red/dnssec-status
+
 	# Don't do anything if DNSSEC is already activated
 	[ "${status}" = "no" ] && return 0
 
@@ -445,9 +448,24 @@ enable_dnssec() {
 }
 
 disable_dnssec() {
+	# Log DNSSEC status
+	echo "off" > /var/ipfire/red/dnssec-status
+
 	unbound-control -q set_option val-permissive-mode: yes
 }
 
+fix_time_if_dns_fail() {
+	# If DNS still not work try to init ntp with
+	# hardcoded ntp.ipfire.org (81.3.27.46)
+	if [ -e /var/ipfire/red/active ]; then
+		host 0.ipfire.pool.ntp.org > /dev/null 2>&1
+		if [ "${?}" != "0" ]; then
+			boot_mesg "DNS still not work ... init time with ntp.ipfire.org at 81.3.27.46 ..."
+			loadproc /usr/local/bin/settime 81.3.27.46
+		fi
+	fi
+}
+
 case "$1" in
 	start)
 		# Print a nicer messagen when unbound is already running
@@ -478,6 +496,8 @@ case "$1" in
 
 		# Update hosts
 		update_hosts
+
+		fix_time_if_dns_fail
 		;;
 
 	stop)
@@ -502,6 +522,11 @@ case "$1" in
 		fi
 
 		update_forwarders
+
+		unbound-control flush_negative > /dev/null
+		unbound-control flush_bogus > /dev/null
+
+		fix_time_if_dns_fail
 		;;
 
 	test-name-server)