1*0696600cSBjoern A. Zeeb#!/bin/sh 2*0696600cSBjoern A. Zeeb# 3*0696600cSBjoern A. Zeeb# $FreeBSD$ 4*0696600cSBjoern A. Zeeb# 5*0696600cSBjoern A. Zeeb 6*0696600cSBjoern A. Zeeb# PROVIDE: local_unbound 7*0696600cSBjoern A. Zeeb# REQUIRE: FILESYSTEMS netif resolv 8*0696600cSBjoern A. Zeeb# BEFORE: NETWORKING 9*0696600cSBjoern A. Zeeb# KEYWORD: shutdown 10*0696600cSBjoern A. Zeeb 11*0696600cSBjoern A. Zeeb. /etc/rc.subr 12*0696600cSBjoern A. Zeeb 13*0696600cSBjoern A. Zeebname="local_unbound" 14*0696600cSBjoern A. Zeebdesc="Local caching forwarding resolver" 15*0696600cSBjoern A. Zeebrcvar="local_unbound_enable" 16*0696600cSBjoern A. Zeeb 17*0696600cSBjoern A. Zeebcommand="/usr/sbin/local-unbound" 18*0696600cSBjoern A. Zeebextra_commands="anchor configtest reload setup" 19*0696600cSBjoern A. Zeebstart_precmd="local_unbound_prestart" 20*0696600cSBjoern A. Zeebstart_postcmd="local_unbound_poststart" 21*0696600cSBjoern A. Zeebreload_precmd="local_unbound_configtest" 22*0696600cSBjoern A. Zeebanchor_cmd="local_unbound_anchor" 23*0696600cSBjoern A. Zeebconfigtest_cmd="local_unbound_configtest" 24*0696600cSBjoern A. Zeebsetup_cmd="local_unbound_setup" 25*0696600cSBjoern A. Zeebpidfile="/var/run/${name}.pid" 26*0696600cSBjoern A. Zeeb 27*0696600cSBjoern A. Zeebload_rc_config $name 28*0696600cSBjoern A. Zeeb 29*0696600cSBjoern A. Zeeb: ${local_unbound_workdir:=/var/unbound} 30*0696600cSBjoern A. Zeeb: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 31*0696600cSBjoern A. Zeeb: ${local_unbound_flags:="-c ${local_unbound_config}"} 32*0696600cSBjoern A. Zeeb: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 33*0696600cSBjoern A. Zeeb: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 34*0696600cSBjoern A. Zeeb: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 35*0696600cSBjoern A. Zeeb: ${local_unbound_forwarders:=} 36*0696600cSBjoern A. Zeeb 37*0696600cSBjoern A. Zeebdo_as_unbound() 38*0696600cSBjoern A. Zeeb{ 39*0696600cSBjoern A. Zeeb echo "$@" | su -m unbound 40*0696600cSBjoern A. Zeeb} 41*0696600cSBjoern A. Zeeb 42*0696600cSBjoern A. Zeeb# 43*0696600cSBjoern A. Zeeb# Retrieve or update the DNSSEC root anchor 44*0696600cSBjoern A. Zeeb# 45*0696600cSBjoern A. Zeeblocal_unbound_anchor() 46*0696600cSBjoern A. Zeeb{ 47*0696600cSBjoern A. Zeeb do_as_unbound ${command}-anchor -a ${local_unbound_anchor} 48*0696600cSBjoern A. Zeeb # we can't trust the exit code - check if the file exists 49*0696600cSBjoern A. Zeeb [ -f ${local_unbound_anchor} ] 50*0696600cSBjoern A. Zeeb} 51*0696600cSBjoern A. Zeeb 52*0696600cSBjoern A. Zeeb# 53*0696600cSBjoern A. Zeeb# Check the unbound configuration file 54*0696600cSBjoern A. Zeeb# 55*0696600cSBjoern A. Zeeblocal_unbound_configtest() 56*0696600cSBjoern A. Zeeb{ 57*0696600cSBjoern A. Zeeb do_as_unbound ${command}-checkconf ${local_unbound_config} 58*0696600cSBjoern A. Zeeb} 59*0696600cSBjoern A. Zeeb 60*0696600cSBjoern A. Zeeb# 61*0696600cSBjoern A. Zeeb# Create the unbound configuration file and update resolv.conf to 62*0696600cSBjoern A. Zeeb# point to unbound. 63*0696600cSBjoern A. Zeeb# 64*0696600cSBjoern A. Zeeblocal_unbound_setup() 65*0696600cSBjoern A. Zeeb{ 66*0696600cSBjoern A. Zeeb echo "Performing initial setup." 67*0696600cSBjoern A. Zeeb ${command}-setup -n \ 68*0696600cSBjoern A. Zeeb -u unbound \ 69*0696600cSBjoern A. Zeeb -w ${local_unbound_workdir} \ 70*0696600cSBjoern A. Zeeb -c ${local_unbound_config} \ 71*0696600cSBjoern A. Zeeb -f ${local_unbound_forwardconf} \ 72*0696600cSBjoern A. Zeeb -o ${local_unbound_controlconf} \ 73*0696600cSBjoern A. Zeeb -a ${local_unbound_anchor} \ 74*0696600cSBjoern A. Zeeb ${local_unbound_forwarders} 75*0696600cSBjoern A. Zeeb} 76*0696600cSBjoern A. Zeeb 77*0696600cSBjoern A. Zeeb# 78*0696600cSBjoern A. Zeeb# Before starting, check that the configuration file and root anchor 79*0696600cSBjoern A. Zeeb# exist. If not, attempt to generate them. 80*0696600cSBjoern A. Zeeb# 81*0696600cSBjoern A. Zeeblocal_unbound_prestart() 82*0696600cSBjoern A. Zeeb{ 83*0696600cSBjoern A. Zeeb # Create configuration file 84*0696600cSBjoern A. Zeeb if [ ! -f ${local_unbound_config} ] ; then 85*0696600cSBjoern A. Zeeb run_rc_command setup 86*0696600cSBjoern A. Zeeb fi 87*0696600cSBjoern A. Zeeb 88*0696600cSBjoern A. Zeeb # Retrieve DNSSEC root key 89*0696600cSBjoern A. Zeeb if [ ! -f ${local_unbound_anchor} ] ; then 90*0696600cSBjoern A. Zeeb run_rc_command anchor 91*0696600cSBjoern A. Zeeb fi 92*0696600cSBjoern A. Zeeb} 93*0696600cSBjoern A. Zeeb 94*0696600cSBjoern A. Zeeb# 95*0696600cSBjoern A. Zeeb# After starting, wait for Unbound to report that it is ready to avoid 96*0696600cSBjoern A. Zeeb# race conditions with services which require functioning DNS. 97*0696600cSBjoern A. Zeeb# 98*0696600cSBjoern A. Zeeblocal_unbound_poststart() 99*0696600cSBjoern A. Zeeb{ 100*0696600cSBjoern A. Zeeb local retry=5 101*0696600cSBjoern A. Zeeb 102*0696600cSBjoern A. Zeeb echo -n "Waiting for nameserver to start..." 103*0696600cSBjoern A. Zeeb until "${command}-control" status | grep -q "is running" ; do 104*0696600cSBjoern A. Zeeb if [ $((retry -= 1)) -eq 0 ] ; then 105*0696600cSBjoern A. Zeeb echo " giving up" 106*0696600cSBjoern A. Zeeb return 1 107*0696600cSBjoern A. Zeeb fi 108*0696600cSBjoern A. Zeeb echo -n "." 109*0696600cSBjoern A. Zeeb sleep 1 110*0696600cSBjoern A. Zeeb done 111*0696600cSBjoern A. Zeeb echo " good" 112*0696600cSBjoern A. Zeeb} 113*0696600cSBjoern A. Zeeb 114*0696600cSBjoern A. Zeebload_rc_config $name 115*0696600cSBjoern A. Zeebrun_rc_command "$1" 116