xref: /freebsd/libexec/rc/rc.d/local_unbound (revision d34048812292b714a0bf99967270d18fe3097c62)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: local_unbound
7# REQUIRE: FILESYSTEMS defaultroute netwait resolv
8# BEFORE: NETWORKING
9# KEYWORD: shutdown
10
11. /etc/rc.subr
12
13name="local_unbound"
14desc="Local caching forwarding resolver"
15rcvar="local_unbound_enable"
16
17command="/usr/sbin/local-unbound"
18extra_commands="anchor configtest reload setup"
19start_precmd="local_unbound_prestart"
20start_postcmd="local_unbound_poststart"
21reload_precmd="local_unbound_configtest"
22anchor_cmd="local_unbound_anchor"
23configtest_cmd="local_unbound_configtest"
24setup_cmd="local_unbound_setup"
25pidfile="/var/run/${name}.pid"
26
27load_rc_config $name
28
29: ${local_unbound_workdir:=/var/unbound}
30: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf}
31: ${local_unbound_flags:="-c ${local_unbound_config}"}
32: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf}
33: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf}
34: ${local_unbound_anchor:=${local_unbound_workdir}/root.key}
35: ${local_unbound_forwarders:=}
36: ${local_unbound_tls:=}
37
38do_as_unbound()
39{
40	echo "$@" | su -m unbound
41}
42
43#
44# Retrieve or update the DNSSEC root anchor
45#
46local_unbound_anchor()
47{
48	do_as_unbound ${command}-anchor -a ${local_unbound_anchor}
49	# we can't trust the exit code - check if the file exists
50	[ -f ${local_unbound_anchor} ]
51}
52
53#
54# Check the unbound configuration file
55#
56local_unbound_configtest()
57{
58	do_as_unbound ${command}-checkconf ${local_unbound_config}
59}
60
61#
62# Create the unbound configuration file and update resolv.conf to
63# point to unbound.
64#
65local_unbound_setup()
66{
67	local tls_flag
68	if checkyesno local_unbound_tls ; then
69		tls_flag="-t"
70	fi
71	echo "Performing initial setup."
72	${command}-setup -n \
73	    -u unbound \
74	    -w ${local_unbound_workdir} \
75	    -c ${local_unbound_config} \
76	    -f ${local_unbound_forwardconf} \
77	    -o ${local_unbound_controlconf} \
78	    -a ${local_unbound_anchor} \
79	    ${tls_flag} \
80	    ${local_unbound_forwarders}
81}
82
83#
84# Before starting, check that the configuration file and root anchor
85# exist.  If not, attempt to generate them.
86#
87local_unbound_prestart()
88{
89	# Create configuration file
90	if [ ! -f ${local_unbound_config} ] ; then
91		run_rc_command setup
92	fi
93
94	# Retrieve DNSSEC root key
95	if [ ! -s ${local_unbound_anchor} ] ; then
96		run_rc_command anchor
97	fi
98}
99
100#
101# After starting, wait for Unbound to report that it is ready to avoid
102# race conditions with services which require functioning DNS.
103#
104local_unbound_poststart()
105{
106	local retry=5
107
108	echo -n "Waiting for nameserver to start..."
109	until "${command}-control" status | grep -q "is running" ; do
110		if [ $((retry -= 1)) -eq 0 ] ; then
111			echo " giving up"
112			return 1
113		fi
114		echo -n "."
115		sleep 1
116	done
117	echo " good"
118}
119
120load_rc_config $name
121run_rc_command "$1"
122