xref: /freebsd/libexec/rc/rc.d/local_unbound (revision 7d0873ebb83b19ba1e8a89e679470d885efe12e3)
1#!/bin/sh
2#
3#
4
5# PROVIDE: local_unbound
6# REQUIRE: FILESYSTEMS defaultroute netwait resolv
7# BEFORE: NETWORKING
8# KEYWORD: shutdown
9
10. /etc/rc.subr
11
12name="local_unbound"
13desc="Local caching forwarding resolver"
14rcvar="local_unbound_enable"
15
16command="/usr/sbin/local-unbound"
17extra_commands="anchor configtest reload setup"
18start_precmd="local_unbound_prestart"
19start_postcmd="local_unbound_poststart"
20reload_precmd="local_unbound_configtest"
21anchor_cmd="local_unbound_anchor"
22configtest_cmd="local_unbound_configtest"
23setup_cmd="local_unbound_setup"
24pidfile="/var/run/${name}.pid"
25
26load_rc_config $name
27
28: ${local_unbound_workdir:=/var/unbound}
29: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf}
30: ${local_unbound_flags:="-c ${local_unbound_config}"}
31: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf}
32: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf}
33: ${local_unbound_anchor:=${local_unbound_workdir}/root.key}
34: ${local_unbound_forwarders:=}
35: ${local_unbound_tls:=}
36: ${local_unbound_pidfile:=${pidfile}}
37pidfile=${local_unbound_pidfile}
38: ${local_unbound_svcj_options:="net_basic"}
39
40do_as_unbound()
41{
42	echo "$@" | su -m unbound
43}
44
45#
46# Retrieve or update the DNSSEC root anchor
47#
48local_unbound_anchor()
49{
50	do_as_unbound ${command}-anchor -a ${local_unbound_anchor}
51	# we can't trust the exit code - check if the file exists
52	[ -f ${local_unbound_anchor} ]
53}
54
55#
56# Check the unbound configuration file
57#
58local_unbound_configtest()
59{
60	do_as_unbound ${command}-checkconf ${local_unbound_config}
61}
62
63#
64# Create the unbound configuration file and update resolv.conf to
65# point to unbound.
66#
67local_unbound_setup()
68{
69	local tls_flag
70	if checkyesno local_unbound_tls ; then
71		tls_flag="-t"
72	fi
73	echo "Performing initial setup."
74	${command}-setup -n \
75	    -u unbound \
76	    -w ${local_unbound_workdir} \
77	    -c ${local_unbound_config} \
78	    -f ${local_unbound_forwardconf} \
79	    -o ${local_unbound_controlconf} \
80	    -a ${local_unbound_anchor} \
81	    ${tls_flag} \
82	    ${local_unbound_forwarders}
83}
84
85#
86# Before starting, check that the configuration file and root anchor
87# exist.  If not, attempt to generate them.
88#
89local_unbound_prestart()
90{
91	# Create configuration file
92	if [ ! -f ${local_unbound_config} ] ; then
93		run_rc_command setup
94	fi
95
96	# Retrieve DNSSEC root key
97	if [ ! -s ${local_unbound_anchor} ] ; then
98		run_rc_command anchor
99	fi
100}
101
102#
103# After starting, wait for Unbound to report that it is ready to avoid
104# race conditions with services which require functioning DNS.
105#
106local_unbound_poststart()
107{
108	local retry=5
109
110	echo -n "Waiting for nameserver to start..."
111	until "${command}-control" -c "${local_unbound_config}" status | grep -q "is running" ; do
112		if [ $((retry -= 1)) -eq 0 ] ; then
113			echo " giving up"
114			return 1
115		fi
116		echo -n "."
117		sleep 1
118	done
119	echo " good"
120}
121
122load_rc_config $name
123run_rc_command "$1"
124