xref: /freebsd/libexec/rc/rc.d/local_unbound (revision 0696600c41600d80bcd993bfd8e675d0ae6951fe)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: local_unbound
7# REQUIRE: FILESYSTEMS netif resolv
8# BEFORE: NETWORKING
9# KEYWORD: shutdown
10
11. /etc/rc.subr
12
13name="local_unbound"
14desc="Local caching forwarding resolver"
15rcvar="local_unbound_enable"
16
17command="/usr/sbin/local-unbound"
18extra_commands="anchor configtest reload setup"
19start_precmd="local_unbound_prestart"
20start_postcmd="local_unbound_poststart"
21reload_precmd="local_unbound_configtest"
22anchor_cmd="local_unbound_anchor"
23configtest_cmd="local_unbound_configtest"
24setup_cmd="local_unbound_setup"
25pidfile="/var/run/${name}.pid"
26
27load_rc_config $name
28
29: ${local_unbound_workdir:=/var/unbound}
30: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf}
31: ${local_unbound_flags:="-c ${local_unbound_config}"}
32: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf}
33: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf}
34: ${local_unbound_anchor:=${local_unbound_workdir}/root.key}
35: ${local_unbound_forwarders:=}
36
37do_as_unbound()
38{
39	echo "$@" | su -m unbound
40}
41
42#
43# Retrieve or update the DNSSEC root anchor
44#
45local_unbound_anchor()
46{
47	do_as_unbound ${command}-anchor -a ${local_unbound_anchor}
48	# we can't trust the exit code - check if the file exists
49	[ -f ${local_unbound_anchor} ]
50}
51
52#
53# Check the unbound configuration file
54#
55local_unbound_configtest()
56{
57	do_as_unbound ${command}-checkconf ${local_unbound_config}
58}
59
60#
61# Create the unbound configuration file and update resolv.conf to
62# point to unbound.
63#
64local_unbound_setup()
65{
66	echo "Performing initial setup."
67	${command}-setup -n \
68	    -u unbound \
69	    -w ${local_unbound_workdir} \
70	    -c ${local_unbound_config} \
71	    -f ${local_unbound_forwardconf} \
72	    -o ${local_unbound_controlconf} \
73	    -a ${local_unbound_anchor} \
74	    ${local_unbound_forwarders}
75}
76
77#
78# Before starting, check that the configuration file and root anchor
79# exist.  If not, attempt to generate them.
80#
81local_unbound_prestart()
82{
83	# Create configuration file
84	if [ ! -f ${local_unbound_config} ] ; then
85		run_rc_command setup
86	fi
87
88	# Retrieve DNSSEC root key
89	if [ ! -f ${local_unbound_anchor} ] ; then
90		run_rc_command anchor
91	fi
92}
93
94#
95# After starting, wait for Unbound to report that it is ready to avoid
96# race conditions with services which require functioning DNS.
97#
98local_unbound_poststart()
99{
100	local retry=5
101
102	echo -n "Waiting for nameserver to start..."
103	until "${command}-control" status | grep -q "is running" ; do
104		if [ $((retry -= 1)) -eq 0 ] ; then
105			echo " giving up"
106			return 1
107		fi
108		echo -n "."
109		sleep 1
110	done
111	echo " good"
112}
113
114load_rc_config $name
115run_rc_command "$1"
116