10696600cSBjoern A. Zeeb#!/bin/sh 20696600cSBjoern A. Zeeb# 30696600cSBjoern A. Zeeb# 40696600cSBjoern A. Zeeb 50696600cSBjoern A. Zeeb# PROVIDE: local_unbound 6c5119836SDag-Erling Smørgrav# REQUIRE: FILESYSTEMS defaultroute netwait resolv 70696600cSBjoern A. Zeeb# BEFORE: NETWORKING 80696600cSBjoern A. Zeeb# KEYWORD: shutdown 90696600cSBjoern A. Zeeb 100696600cSBjoern A. Zeeb. /etc/rc.subr 110696600cSBjoern A. Zeeb 120696600cSBjoern A. Zeebname="local_unbound" 130696600cSBjoern A. Zeebdesc="Local caching forwarding resolver" 140696600cSBjoern A. Zeebrcvar="local_unbound_enable" 150696600cSBjoern A. Zeeb 160696600cSBjoern A. Zeebcommand="/usr/sbin/local-unbound" 170696600cSBjoern A. Zeebextra_commands="anchor configtest reload setup" 180696600cSBjoern A. Zeebstart_precmd="local_unbound_prestart" 190696600cSBjoern A. Zeebstart_postcmd="local_unbound_poststart" 200696600cSBjoern A. Zeebreload_precmd="local_unbound_configtest" 210696600cSBjoern A. Zeebanchor_cmd="local_unbound_anchor" 220696600cSBjoern A. Zeebconfigtest_cmd="local_unbound_configtest" 230696600cSBjoern A. Zeebsetup_cmd="local_unbound_setup" 240696600cSBjoern A. Zeebpidfile="/var/run/${name}.pid" 250696600cSBjoern A. Zeeb 260696600cSBjoern A. Zeebload_rc_config $name 270696600cSBjoern A. Zeeb 280696600cSBjoern A. Zeeb: ${local_unbound_workdir:=/var/unbound} 290696600cSBjoern A. Zeeb: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 300696600cSBjoern A. Zeeb: ${local_unbound_flags:="-c ${local_unbound_config}"} 310696600cSBjoern A. Zeeb: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 320696600cSBjoern A. Zeeb: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 330696600cSBjoern A. Zeeb: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 340696600cSBjoern A. Zeeb: ${local_unbound_forwarders:=} 35d0d49703SDag-Erling Smørgrav: ${local_unbound_tls:=} 36e1963173SBjoern A. Zeeb: ${local_unbound_pidfile:=${pidfile}} 37e1963173SBjoern A. Zeebpidfile=${local_unbound_pidfile} 38*f99f0ee1SAlexander Leidinger: ${local_unbound_svcj_options:="net_basic"} 390696600cSBjoern A. Zeeb 400696600cSBjoern A. Zeebdo_as_unbound() 410696600cSBjoern A. Zeeb{ 420696600cSBjoern A. Zeeb echo "$@" | su -m unbound 430696600cSBjoern A. Zeeb} 440696600cSBjoern A. Zeeb 450696600cSBjoern A. Zeeb# 460696600cSBjoern A. Zeeb# Retrieve or update the DNSSEC root anchor 470696600cSBjoern A. Zeeb# 480696600cSBjoern A. Zeeblocal_unbound_anchor() 490696600cSBjoern A. Zeeb{ 500696600cSBjoern A. Zeeb do_as_unbound ${command}-anchor -a ${local_unbound_anchor} 510696600cSBjoern A. Zeeb # we can't trust the exit code - check if the file exists 520696600cSBjoern A. Zeeb [ -f ${local_unbound_anchor} ] 530696600cSBjoern A. Zeeb} 540696600cSBjoern A. Zeeb 550696600cSBjoern A. Zeeb# 560696600cSBjoern A. Zeeb# Check the unbound configuration file 570696600cSBjoern A. Zeeb# 580696600cSBjoern A. Zeeblocal_unbound_configtest() 590696600cSBjoern A. Zeeb{ 600696600cSBjoern A. Zeeb do_as_unbound ${command}-checkconf ${local_unbound_config} 610696600cSBjoern A. Zeeb} 620696600cSBjoern A. Zeeb 630696600cSBjoern A. Zeeb# 640696600cSBjoern A. Zeeb# Create the unbound configuration file and update resolv.conf to 650696600cSBjoern A. Zeeb# point to unbound. 660696600cSBjoern A. Zeeb# 670696600cSBjoern A. Zeeblocal_unbound_setup() 680696600cSBjoern A. Zeeb{ 69d0d49703SDag-Erling Smørgrav local tls_flag 70d0d49703SDag-Erling Smørgrav if checkyesno local_unbound_tls ; then 71d0d49703SDag-Erling Smørgrav tls_flag="-t" 72d0d49703SDag-Erling Smørgrav fi 730696600cSBjoern A. Zeeb echo "Performing initial setup." 740696600cSBjoern A. Zeeb ${command}-setup -n \ 750696600cSBjoern A. Zeeb -u unbound \ 760696600cSBjoern A. Zeeb -w ${local_unbound_workdir} \ 770696600cSBjoern A. Zeeb -c ${local_unbound_config} \ 780696600cSBjoern A. Zeeb -f ${local_unbound_forwardconf} \ 790696600cSBjoern A. Zeeb -o ${local_unbound_controlconf} \ 800696600cSBjoern A. Zeeb -a ${local_unbound_anchor} \ 81d0d49703SDag-Erling Smørgrav ${tls_flag} \ 820696600cSBjoern A. Zeeb ${local_unbound_forwarders} 830696600cSBjoern A. Zeeb} 840696600cSBjoern A. Zeeb 850696600cSBjoern A. Zeeb# 860696600cSBjoern A. Zeeb# Before starting, check that the configuration file and root anchor 870696600cSBjoern A. Zeeb# exist. If not, attempt to generate them. 880696600cSBjoern A. Zeeb# 890696600cSBjoern A. Zeeblocal_unbound_prestart() 900696600cSBjoern A. Zeeb{ 910696600cSBjoern A. Zeeb # Create configuration file 920696600cSBjoern A. Zeeb if [ ! -f ${local_unbound_config} ] ; then 930696600cSBjoern A. Zeeb run_rc_command setup 940696600cSBjoern A. Zeeb fi 950696600cSBjoern A. Zeeb 960696600cSBjoern A. Zeeb # Retrieve DNSSEC root key 97caa0408fSDag-Erling Smørgrav if [ ! -s ${local_unbound_anchor} ] ; then 980696600cSBjoern A. Zeeb run_rc_command anchor 990696600cSBjoern A. Zeeb fi 1000696600cSBjoern A. Zeeb} 1010696600cSBjoern A. Zeeb 1020696600cSBjoern A. Zeeb# 1030696600cSBjoern A. Zeeb# After starting, wait for Unbound to report that it is ready to avoid 1040696600cSBjoern A. Zeeb# race conditions with services which require functioning DNS. 1050696600cSBjoern A. Zeeb# 1060696600cSBjoern A. Zeeblocal_unbound_poststart() 1070696600cSBjoern A. Zeeb{ 1080696600cSBjoern A. Zeeb local retry=5 1090696600cSBjoern A. Zeeb 1100696600cSBjoern A. Zeeb echo -n "Waiting for nameserver to start..." 111409388cfSDag-Erling Smørgrav until "${command}-control" -c "${local_unbound_config}" status | grep -q "is running" ; do 1120696600cSBjoern A. Zeeb if [ $((retry -= 1)) -eq 0 ] ; then 1130696600cSBjoern A. Zeeb echo " giving up" 1140696600cSBjoern A. Zeeb return 1 1150696600cSBjoern A. Zeeb fi 1160696600cSBjoern A. Zeeb echo -n "." 1170696600cSBjoern A. Zeeb sleep 1 1180696600cSBjoern A. Zeeb done 1190696600cSBjoern A. Zeeb echo " good" 1200696600cSBjoern A. Zeeb} 1210696600cSBjoern A. Zeeb 1220696600cSBjoern A. Zeebload_rc_config $name 1230696600cSBjoern A. Zeebrun_rc_command "$1" 124