10696600cSBjoern A. Zeeb#!/bin/sh 20696600cSBjoern A. Zeeb# 30696600cSBjoern A. Zeeb# $FreeBSD$ 40696600cSBjoern A. Zeeb# 50696600cSBjoern A. Zeeb 60696600cSBjoern A. Zeeb# PROVIDE: local_unbound 7c5119836SDag-Erling Smørgrav# REQUIRE: FILESYSTEMS defaultroute netwait resolv 80696600cSBjoern A. Zeeb# BEFORE: NETWORKING 90696600cSBjoern A. Zeeb# KEYWORD: shutdown 100696600cSBjoern A. Zeeb 110696600cSBjoern A. Zeeb. /etc/rc.subr 120696600cSBjoern A. Zeeb 130696600cSBjoern A. Zeebname="local_unbound" 140696600cSBjoern A. Zeebdesc="Local caching forwarding resolver" 150696600cSBjoern A. Zeebrcvar="local_unbound_enable" 160696600cSBjoern A. Zeeb 170696600cSBjoern A. Zeebcommand="/usr/sbin/local-unbound" 180696600cSBjoern A. Zeebextra_commands="anchor configtest reload setup" 190696600cSBjoern A. Zeebstart_precmd="local_unbound_prestart" 200696600cSBjoern A. Zeebstart_postcmd="local_unbound_poststart" 210696600cSBjoern A. Zeebreload_precmd="local_unbound_configtest" 220696600cSBjoern A. Zeebanchor_cmd="local_unbound_anchor" 230696600cSBjoern A. Zeebconfigtest_cmd="local_unbound_configtest" 240696600cSBjoern A. Zeebsetup_cmd="local_unbound_setup" 250696600cSBjoern A. Zeebpidfile="/var/run/${name}.pid" 260696600cSBjoern A. Zeeb 270696600cSBjoern A. Zeebload_rc_config $name 280696600cSBjoern A. Zeeb 290696600cSBjoern A. Zeeb: ${local_unbound_workdir:=/var/unbound} 300696600cSBjoern A. Zeeb: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 310696600cSBjoern A. Zeeb: ${local_unbound_flags:="-c ${local_unbound_config}"} 320696600cSBjoern A. Zeeb: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 330696600cSBjoern A. Zeeb: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 340696600cSBjoern A. Zeeb: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 350696600cSBjoern A. Zeeb: ${local_unbound_forwarders:=} 36d0d49703SDag-Erling Smørgrav: ${local_unbound_tls:=} 370696600cSBjoern A. Zeeb 380696600cSBjoern A. Zeebdo_as_unbound() 390696600cSBjoern A. Zeeb{ 400696600cSBjoern A. Zeeb echo "$@" | su -m unbound 410696600cSBjoern A. Zeeb} 420696600cSBjoern A. Zeeb 430696600cSBjoern A. Zeeb# 440696600cSBjoern A. Zeeb# Retrieve or update the DNSSEC root anchor 450696600cSBjoern A. Zeeb# 460696600cSBjoern A. Zeeblocal_unbound_anchor() 470696600cSBjoern A. Zeeb{ 480696600cSBjoern A. Zeeb do_as_unbound ${command}-anchor -a ${local_unbound_anchor} 490696600cSBjoern A. Zeeb # we can't trust the exit code - check if the file exists 500696600cSBjoern A. Zeeb [ -f ${local_unbound_anchor} ] 510696600cSBjoern A. Zeeb} 520696600cSBjoern A. Zeeb 530696600cSBjoern A. Zeeb# 540696600cSBjoern A. Zeeb# Check the unbound configuration file 550696600cSBjoern A. Zeeb# 560696600cSBjoern A. Zeeblocal_unbound_configtest() 570696600cSBjoern A. Zeeb{ 580696600cSBjoern A. Zeeb do_as_unbound ${command}-checkconf ${local_unbound_config} 590696600cSBjoern A. Zeeb} 600696600cSBjoern A. Zeeb 610696600cSBjoern A. Zeeb# 620696600cSBjoern A. Zeeb# Create the unbound configuration file and update resolv.conf to 630696600cSBjoern A. Zeeb# point to unbound. 640696600cSBjoern A. Zeeb# 650696600cSBjoern A. Zeeblocal_unbound_setup() 660696600cSBjoern A. Zeeb{ 67d0d49703SDag-Erling Smørgrav local tls_flag 68d0d49703SDag-Erling Smørgrav if checkyesno local_unbound_tls ; then 69d0d49703SDag-Erling Smørgrav tls_flag="-t" 70d0d49703SDag-Erling Smørgrav fi 710696600cSBjoern A. Zeeb echo "Performing initial setup." 720696600cSBjoern A. Zeeb ${command}-setup -n \ 730696600cSBjoern A. Zeeb -u unbound \ 740696600cSBjoern A. Zeeb -w ${local_unbound_workdir} \ 750696600cSBjoern A. Zeeb -c ${local_unbound_config} \ 760696600cSBjoern A. Zeeb -f ${local_unbound_forwardconf} \ 770696600cSBjoern A. Zeeb -o ${local_unbound_controlconf} \ 780696600cSBjoern A. Zeeb -a ${local_unbound_anchor} \ 79d0d49703SDag-Erling Smørgrav ${tls_flag} \ 800696600cSBjoern A. Zeeb ${local_unbound_forwarders} 810696600cSBjoern A. Zeeb} 820696600cSBjoern A. Zeeb 830696600cSBjoern A. Zeeb# 840696600cSBjoern A. Zeeb# Before starting, check that the configuration file and root anchor 850696600cSBjoern A. Zeeb# exist. If not, attempt to generate them. 860696600cSBjoern A. Zeeb# 870696600cSBjoern A. Zeeblocal_unbound_prestart() 880696600cSBjoern A. Zeeb{ 890696600cSBjoern A. Zeeb # Create configuration file 900696600cSBjoern A. Zeeb if [ ! -f ${local_unbound_config} ] ; then 910696600cSBjoern A. Zeeb run_rc_command setup 920696600cSBjoern A. Zeeb fi 930696600cSBjoern A. Zeeb 940696600cSBjoern A. Zeeb # Retrieve DNSSEC root key 95caa0408fSDag-Erling Smørgrav if [ ! -s ${local_unbound_anchor} ] ; then 960696600cSBjoern A. Zeeb run_rc_command anchor 970696600cSBjoern A. Zeeb fi 980696600cSBjoern A. Zeeb} 990696600cSBjoern A. Zeeb 1000696600cSBjoern A. Zeeb# 1010696600cSBjoern A. Zeeb# After starting, wait for Unbound to report that it is ready to avoid 1020696600cSBjoern A. Zeeb# race conditions with services which require functioning DNS. 1030696600cSBjoern A. Zeeb# 1040696600cSBjoern A. Zeeblocal_unbound_poststart() 1050696600cSBjoern A. Zeeb{ 1060696600cSBjoern A. Zeeb local retry=5 1070696600cSBjoern A. Zeeb 1080696600cSBjoern A. Zeeb echo -n "Waiting for nameserver to start..." 109*409388cfSDag-Erling Smørgrav until "${command}-control" -c "${local_unbound_config}" status | grep -q "is running" ; do 1100696600cSBjoern A. Zeeb if [ $((retry -= 1)) -eq 0 ] ; then 1110696600cSBjoern A. Zeeb echo " giving up" 1120696600cSBjoern A. Zeeb return 1 1130696600cSBjoern A. Zeeb fi 1140696600cSBjoern A. Zeeb echo -n "." 1150696600cSBjoern A. Zeeb sleep 1 1160696600cSBjoern A. Zeeb done 1170696600cSBjoern A. Zeeb echo " good" 1180696600cSBjoern A. Zeeb} 1190696600cSBjoern A. Zeeb 1200696600cSBjoern A. Zeebload_rc_config $name 1210696600cSBjoern A. Zeebrun_rc_command "$1" 122