1#!/bin/sh 2# 3# 4 5# PROVIDE: local_unbound 6# REQUIRE: FILESYSTEMS defaultroute netwait resolv 7# BEFORE: NETWORKING 8# KEYWORD: shutdown 9 10. /etc/rc.subr 11 12name="local_unbound" 13desc="Local caching forwarding resolver" 14rcvar="local_unbound_enable" 15 16command="/usr/sbin/local-unbound" 17extra_commands="anchor configtest reload setup" 18start_precmd="local_unbound_prestart" 19start_postcmd="local_unbound_poststart" 20reload_precmd="local_unbound_configtest" 21anchor_cmd="local_unbound_anchor" 22configtest_cmd="local_unbound_configtest" 23setup_cmd="local_unbound_setup" 24pidfile="/var/run/${name}.pid" 25 26load_rc_config $name 27 28: ${local_unbound_workdir:=/var/unbound} 29: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 30: ${local_unbound_flags:="-c ${local_unbound_config}"} 31: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 32: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 33: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 34: ${local_unbound_forwarders:=} 35: ${local_unbound_tls:=} 36: ${local_unbound_pidfile:=${pidfile}} 37pidfile=${local_unbound_pidfile} 38: ${local_unbound_svcj_options:="net_basic"} 39 40do_as_unbound() 41{ 42 echo "$@" | su -m unbound 43} 44 45# 46# Retrieve or update the DNSSEC root anchor 47# 48local_unbound_anchor() 49{ 50 do_as_unbound ${command}-anchor -a ${local_unbound_anchor} 51 # we can't trust the exit code - check if the file exists 52 [ -f ${local_unbound_anchor} ] 53} 54 55# 56# Check the unbound configuration file 57# 58local_unbound_configtest() 59{ 60 do_as_unbound ${command}-checkconf ${local_unbound_config} 61} 62 63# 64# Create the unbound configuration file and update resolv.conf to 65# point to unbound. 66# 67local_unbound_setup() 68{ 69 local tls_flag 70 if checkyesno local_unbound_tls ; then 71 tls_flag="-t" 72 fi 73 echo "Performing initial setup." 74 ${command}-setup -n \ 75 -u unbound \ 76 -w ${local_unbound_workdir} \ 77 -c ${local_unbound_config} \ 78 -f ${local_unbound_forwardconf} \ 79 -o ${local_unbound_controlconf} \ 80 -a ${local_unbound_anchor} \ 81 ${tls_flag} \ 82 ${local_unbound_forwarders} 83} 84 85# 86# Before starting, check that the configuration file and root anchor 87# exist. If not, attempt to generate them. 88# 89local_unbound_prestart() 90{ 91 # Create configuration file 92 if [ ! -f ${local_unbound_config} ] ; then 93 run_rc_command setup 94 fi 95 96 # Retrieve DNSSEC root key 97 if [ ! -s ${local_unbound_anchor} ] ; then 98 run_rc_command anchor 99 fi 100} 101 102# 103# After starting, wait for Unbound to report that it is ready to avoid 104# race conditions with services which require functioning DNS. 105# 106local_unbound_poststart() 107{ 108 local retry=5 109 110 echo -n "Waiting for nameserver to start..." 111 until "${command}-control" -c "${local_unbound_config}" status | grep -q "is running" ; do 112 if [ $((retry -= 1)) -eq 0 ] ; then 113 echo " giving up" 114 return 1 115 fi 116 echo -n "." 117 sleep 1 118 done 119 echo " good" 120} 121 122load_rc_config $name 123run_rc_command "$1" 124