1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: local_unbound 7# REQUIRE: FILESYSTEMS defaultroute netwait resolv 8# BEFORE: NETWORKING 9# KEYWORD: shutdown 10 11. /etc/rc.subr 12 13name="local_unbound" 14desc="Local caching forwarding resolver" 15rcvar="local_unbound_enable" 16 17command="/usr/sbin/local-unbound" 18extra_commands="anchor configtest reload setup" 19start_precmd="local_unbound_prestart" 20start_postcmd="local_unbound_poststart" 21reload_precmd="local_unbound_configtest" 22anchor_cmd="local_unbound_anchor" 23configtest_cmd="local_unbound_configtest" 24setup_cmd="local_unbound_setup" 25pidfile="/var/run/${name}.pid" 26 27load_rc_config $name 28 29: ${local_unbound_workdir:=/var/unbound} 30: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 31: ${local_unbound_flags:="-c ${local_unbound_config}"} 32: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 33: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 34: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 35: ${local_unbound_forwarders:=} 36: ${local_unbound_tls:=} 37 38do_as_unbound() 39{ 40 echo "$@" | su -m unbound 41} 42 43# 44# Retrieve or update the DNSSEC root anchor 45# 46local_unbound_anchor() 47{ 48 do_as_unbound ${command}-anchor -a ${local_unbound_anchor} 49 # we can't trust the exit code - check if the file exists 50 [ -f ${local_unbound_anchor} ] 51} 52 53# 54# Check the unbound configuration file 55# 56local_unbound_configtest() 57{ 58 do_as_unbound ${command}-checkconf ${local_unbound_config} 59} 60 61# 62# Create the unbound configuration file and update resolv.conf to 63# point to unbound. 64# 65local_unbound_setup() 66{ 67 local tls_flag 68 if checkyesno local_unbound_tls ; then 69 tls_flag="-t" 70 fi 71 echo "Performing initial setup." 72 ${command}-setup -n \ 73 -u unbound \ 74 -w ${local_unbound_workdir} \ 75 -c ${local_unbound_config} \ 76 -f ${local_unbound_forwardconf} \ 77 -o ${local_unbound_controlconf} \ 78 -a ${local_unbound_anchor} \ 79 ${tls_flag} \ 80 ${local_unbound_forwarders} 81} 82 83# 84# Before starting, check that the configuration file and root anchor 85# exist. If not, attempt to generate them. 86# 87local_unbound_prestart() 88{ 89 # Create configuration file 90 if [ ! -f ${local_unbound_config} ] ; then 91 run_rc_command setup 92 fi 93 94 # Retrieve DNSSEC root key 95 if [ ! -s ${local_unbound_anchor} ] ; then 96 run_rc_command anchor 97 fi 98} 99 100# 101# After starting, wait for Unbound to report that it is ready to avoid 102# race conditions with services which require functioning DNS. 103# 104local_unbound_poststart() 105{ 106 local retry=5 107 108 echo -n "Waiting for nameserver to start..." 109 until "${command}-control" status | grep -q "is running" ; do 110 if [ $((retry -= 1)) -eq 0 ] ; then 111 echo " giving up" 112 return 1 113 fi 114 echo -n "." 115 sleep 1 116 done 117 echo " good" 118} 119 120load_rc_config $name 121run_rc_command "$1" 122