xref: /freebsd/libexec/rc/rc.d/local_unbound (revision f126890ac5386406dadf7c4cfa9566cbb56537c5)
1#!/bin/sh
2#
3#
4
5# PROVIDE: local_unbound
6# REQUIRE: FILESYSTEMS defaultroute netwait resolv
7# BEFORE: NETWORKING
8# KEYWORD: shutdown
9
10. /etc/rc.subr
11
12name="local_unbound"
13desc="Local caching forwarding resolver"
14rcvar="local_unbound_enable"
15
16command="/usr/sbin/local-unbound"
17extra_commands="anchor configtest reload setup"
18start_precmd="local_unbound_prestart"
19start_postcmd="local_unbound_poststart"
20reload_precmd="local_unbound_configtest"
21anchor_cmd="local_unbound_anchor"
22configtest_cmd="local_unbound_configtest"
23setup_cmd="local_unbound_setup"
24pidfile="/var/run/${name}.pid"
25
26load_rc_config $name
27
28: ${local_unbound_workdir:=/var/unbound}
29: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf}
30: ${local_unbound_flags:="-c ${local_unbound_config}"}
31: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf}
32: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf}
33: ${local_unbound_anchor:=${local_unbound_workdir}/root.key}
34: ${local_unbound_forwarders:=}
35: ${local_unbound_tls:=}
36: ${local_unbound_pidfile:=${pidfile}}
37pidfile=${local_unbound_pidfile}
38
39do_as_unbound()
40{
41	echo "$@" | su -m unbound
42}
43
44#
45# Retrieve or update the DNSSEC root anchor
46#
47local_unbound_anchor()
48{
49	do_as_unbound ${command}-anchor -a ${local_unbound_anchor}
50	# we can't trust the exit code - check if the file exists
51	[ -f ${local_unbound_anchor} ]
52}
53
54#
55# Check the unbound configuration file
56#
57local_unbound_configtest()
58{
59	do_as_unbound ${command}-checkconf ${local_unbound_config}
60}
61
62#
63# Create the unbound configuration file and update resolv.conf to
64# point to unbound.
65#
66local_unbound_setup()
67{
68	local tls_flag
69	if checkyesno local_unbound_tls ; then
70		tls_flag="-t"
71	fi
72	echo "Performing initial setup."
73	${command}-setup -n \
74	    -u unbound \
75	    -w ${local_unbound_workdir} \
76	    -c ${local_unbound_config} \
77	    -f ${local_unbound_forwardconf} \
78	    -o ${local_unbound_controlconf} \
79	    -a ${local_unbound_anchor} \
80	    ${tls_flag} \
81	    ${local_unbound_forwarders}
82}
83
84#
85# Before starting, check that the configuration file and root anchor
86# exist.  If not, attempt to generate them.
87#
88local_unbound_prestart()
89{
90	# Create configuration file
91	if [ ! -f ${local_unbound_config} ] ; then
92		run_rc_command setup
93	fi
94
95	# Retrieve DNSSEC root key
96	if [ ! -s ${local_unbound_anchor} ] ; then
97		run_rc_command anchor
98	fi
99}
100
101#
102# After starting, wait for Unbound to report that it is ready to avoid
103# race conditions with services which require functioning DNS.
104#
105local_unbound_poststart()
106{
107	local retry=5
108
109	echo -n "Waiting for nameserver to start..."
110	until "${command}-control" -c "${local_unbound_config}" status | grep -q "is running" ; do
111		if [ $((retry -= 1)) -eq 0 ] ; then
112			echo " giving up"
113			return 1
114		fi
115		echo -n "."
116		sleep 1
117	done
118	echo " good"
119}
120
121load_rc_config $name
122run_rc_command "$1"
123