# Load configuration
eval $(/usr/local/bin/readhash /var/ipfire/dns/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
ip_address_revptr() {
local addr=${1}
}
read_name_servers() {
- local i
- for i in 1 2; do
- echo "$(</var/ipfire/red/dns${i})"
- done 2>/dev/null | xargs echo
-}
-
-check_red_has_carrier_and_ip() {
- # Interface configured ?
- [ ! -e "/var/ipfire/red/iface" ] && return 0;
-
- # Interface present ?
- [ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0;
-
- # has carrier ?
- [ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0;
+ # Read name servers from ISP
+ if [ "${USE_ISP_NAMESERVERS}" = "on" -a "${PROTO}" != "TLS" ]; then
+ local i
+ for i in 1 2; do
+ echo "$(</var/run/dns${i})"
+ done 2>/dev/null
+ fi
- # has ip ?
- [ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0;
+ # Read configured name servers
+ local id address tls_hostname enabled remark
+ while IFS="," read -r id address tls_hostname enabled remark; do
+ [ "${enabled}" != "enabled" ] && continue
- return 1;
+ if [ "${PROTO}" = "TLS" ]; then
+ if [ -n "${tls_hostname}" ]; then
+ echo "${address}@853#${tls_hostname}"
+ fi
+ else
+ echo "${address}"
+ fi
+ done < /var/ipfire/dns/servers
}
config_header() {
}
update_hosts() {
+ # Make own hostname resolveable
+ own_hostname
+
local enabled address hostname domainname generateptr
while IFS="," read -r enabled address hostname domainname generateptr; do
(
config_header
+ # Enable strict QNAME minimisation
+ if [ "${QNAME_MIN}" = "strict" ]; then
+ echo "server:"
+ echo " qname-minimisation-strict: yes"
+ echo
+ fi
+
# Force using TCP for upstream servers only
if [ "${PROTO}" = "TCP" ]; then
echo "# Force using TCP for upstream servers only"
fi
# Add upstream name servers
- local id address tls_hostname enabled remark
- while IFS="," read -r id address tls_hostname enabled remark; do
- # Skip disabled servers
- [ "${enabled}" != "enabled" ] && continue
-
- # Set DNS server
- if [ "${PROTO}" = "TLS" ]; then
- if [ -n "${tls_hostname}" ]; then
- echo " forward-addr: ${address}@853#${tls_hostname}"
- fi
- else
- echo " forward-addr: ${address}"
- fi
- done < /var/ipfire/dns/servers
+ local ns
+ for ns in $(read_name_servers); do
+ echo " forward-addr: ${ns}"
+ done
) > /etc/unbound/forward.conf
}
done < /proc/meminfo
}
-fix_time_if_dns_fail() {
- # If DNS still not work try to init ntp with
- # hardcoded ntp.ipfire.org (81.3.27.46)
- check_red_has_carrier_and_ip
- if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then
- host 0.ipfire.pool.ntp.org > /dev/null 2>&1
- if [ "${?}" != "0" ]; then
- boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
- loadproc /usr/local/bin/settime 81.3.27.46
- fi
+fix_time_if_dns_fails() {
+ # If DNS is working, everything is fine
+ if resolve "ping.ipfire.org" &>/dev/null; then
+ return 0
fi
+
+ # Try to sync time with a known time server
+ boot_mesg "DNS not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
+ loadproc /usr/local/bin/settime 81.3.27.46
}
resolve() {
done
}
+update_forwarders() {
+ # Do nothing when we do not use the ISP name servers
+ [ "${USE_ISP_NAMESERVERS}" != "on" ] && return 0
+
+ # We cannot update anything when using TLS
+ # Unbound will then try to connect to the servers using UDP on port 853
+ [ "${PROTO}" = "TLS" ] && return 0
+
+ # Update unbound about the new servers
+ local nameservers=( $(read_name_servers) )
+ if [ -n "${nameservers[*]}" ]; then
+ unbound-control -q forward "${nameservers[@]}"
+ else
+ unbound-control -q forward off
+ fi
+}
+
# Sets up Safe Search for various search engines
update_safe_search() {
local google_tlds=(
exit 0
fi
- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-
# Update configuration files
write_tuning_conf
write_forward_conf
boot_mesg "Starting Unbound DNS Proxy..."
loadproc /usr/sbin/unbound || exit $?
- # Make own hostname resolveable
- own_hostname
-
# Install Safe Search rules when the system is already online
if [ -e "/var/ipfire/red/active" ]; then
update_safe_search
# Update hosts
update_hosts
-
- fix_time_if_dns_fail
;;
stop)
sleep 1
$0 start
;;
+ reload)
+ # Update configuration files
+ write_tuning_conf
+ write_forward_conf
+
+ # Update Safe Search rules if the system is online.
+ if [ -e "/var/ipfire/red/active" ]; then
+ update_safe_search
+ fi
+
+ # Update hosts.
+ update_hosts
+
+ # Call unbound-control and perform the reload
+ /usr/sbin/unbound-control -q reload
+ ;;
status)
statusproc /usr/sbin/unbound
;;
update-forwarders)
- : # XXX must set ISP name servers if necessary
+ update_forwarders
+
+ # Make sure DNS works at this point
+ fix_time_if_dns_fails
# Update Safe Search settings
update_safe_search
;;
remove-forwarders)
- : # XXX must remove ISP name servers
+ update_forwarders
;;
resolve)
;;
*)
- echo "Usage: $0 {start|stop|restart|status|resolve|update-forwarders|remove-forwarders|update-safe-search}"
+ echo "Usage: $0 {start|stop|restart|reload|status|resolve|update-forwarders|remove-forwarders|update-safe-search}"
exit 1
;;
esac