1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: local_unbound 7# REQUIRE: FILESYSTEMS netif resolv 8# BEFORE: NETWORKING 9# KEYWORD: shutdown 10 11. /etc/rc.subr 12 13name="local_unbound" 14desc="Local caching forwarding resolver" 15rcvar="local_unbound_enable" 16 17command="/usr/sbin/local-unbound" 18extra_commands="anchor configtest reload setup" 19start_precmd="local_unbound_prestart" 20start_postcmd="local_unbound_poststart" 21reload_precmd="local_unbound_configtest" 22anchor_cmd="local_unbound_anchor" 23configtest_cmd="local_unbound_configtest" 24setup_cmd="local_unbound_setup" 25pidfile="/var/run/${name}.pid" 26 27load_rc_config $name 28 29: ${local_unbound_workdir:=/var/unbound} 30: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 31: ${local_unbound_flags:="-c ${local_unbound_config}"} 32: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 33: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 34: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 35: ${local_unbound_forwarders:=} 36 37do_as_unbound() 38{ 39 echo "$@" | su -m unbound 40} 41 42# 43# Retrieve or update the DNSSEC root anchor 44# 45local_unbound_anchor() 46{ 47 do_as_unbound ${command}-anchor -a ${local_unbound_anchor} 48 # we can't trust the exit code - check if the file exists 49 [ -f ${local_unbound_anchor} ] 50} 51 52# 53# Check the unbound configuration file 54# 55local_unbound_configtest() 56{ 57 do_as_unbound ${command}-checkconf ${local_unbound_config} 58} 59 60# 61# Create the unbound configuration file and update resolv.conf to 62# point to unbound. 63# 64local_unbound_setup() 65{ 66 echo "Performing initial setup." 67 ${command}-setup -n \ 68 -u unbound \ 69 -w ${local_unbound_workdir} \ 70 -c ${local_unbound_config} \ 71 -f ${local_unbound_forwardconf} \ 72 -o ${local_unbound_controlconf} \ 73 -a ${local_unbound_anchor} \ 74 ${local_unbound_forwarders} 75} 76 77# 78# Before starting, check that the configuration file and root anchor 79# exist. If not, attempt to generate them. 80# 81local_unbound_prestart() 82{ 83 # Create configuration file 84 if [ ! -f ${local_unbound_config} ] ; then 85 run_rc_command setup 86 fi 87 88 # Retrieve DNSSEC root key 89 if [ ! -f ${local_unbound_anchor} ] ; then 90 run_rc_command anchor 91 fi 92} 93 94# 95# After starting, wait for Unbound to report that it is ready to avoid 96# race conditions with services which require functioning DNS. 97# 98local_unbound_poststart() 99{ 100 local retry=5 101 102 echo -n "Waiting for nameserver to start..." 103 until "${command}-control" status | grep -q "is running" ; do 104 if [ $((retry -= 1)) -eq 0 ] ; then 105 echo " giving up" 106 return 1 107 fi 108 echo -n "." 109 sleep 1 110 done 111 echo " good" 112} 113 114load_rc_config $name 115run_rc_command "$1" 116