1#!/bin/sh 2# 3# 4 5# PROVIDE: local_unbound 6# REQUIRE: FILESYSTEMS defaultroute netwait resolv 7# BEFORE: NETWORKING 8# KEYWORD: shutdown 9 10. /etc/rc.subr 11 12name="local_unbound" 13desc="Local caching forwarding resolver" 14rcvar="local_unbound_enable" 15 16command="/usr/sbin/local-unbound" 17extra_commands="anchor configtest reload setup" 18start_precmd="local_unbound_prestart" 19start_postcmd="local_unbound_poststart" 20reload_precmd="local_unbound_configtest" 21anchor_cmd="local_unbound_anchor" 22configtest_cmd="local_unbound_configtest" 23setup_cmd="local_unbound_setup" 24pidfile="/var/run/${name}.pid" 25 26load_rc_config $name 27 28: ${local_unbound_workdir:=/var/unbound} 29: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 30: ${local_unbound_flags:="-c ${local_unbound_config}"} 31: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 32: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 33: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 34: ${local_unbound_forwarders:=} 35: ${local_unbound_tls:=} 36: ${local_unbound_pidfile:=${pidfile}} 37pidfile=${local_unbound_pidfile} 38 39do_as_unbound() 40{ 41 echo "$@" | su -m unbound 42} 43 44# 45# Retrieve or update the DNSSEC root anchor 46# 47local_unbound_anchor() 48{ 49 do_as_unbound ${command}-anchor -a ${local_unbound_anchor} 50 # we can't trust the exit code - check if the file exists 51 [ -f ${local_unbound_anchor} ] 52} 53 54# 55# Check the unbound configuration file 56# 57local_unbound_configtest() 58{ 59 do_as_unbound ${command}-checkconf ${local_unbound_config} 60} 61 62# 63# Create the unbound configuration file and update resolv.conf to 64# point to unbound. 65# 66local_unbound_setup() 67{ 68 local tls_flag 69 if checkyesno local_unbound_tls ; then 70 tls_flag="-t" 71 fi 72 echo "Performing initial setup." 73 ${command}-setup -n \ 74 -u unbound \ 75 -w ${local_unbound_workdir} \ 76 -c ${local_unbound_config} \ 77 -f ${local_unbound_forwardconf} \ 78 -o ${local_unbound_controlconf} \ 79 -a ${local_unbound_anchor} \ 80 ${tls_flag} \ 81 ${local_unbound_forwarders} 82} 83 84# 85# Before starting, check that the configuration file and root anchor 86# exist. If not, attempt to generate them. 87# 88local_unbound_prestart() 89{ 90 # Create configuration file 91 if [ ! -f ${local_unbound_config} ] ; then 92 run_rc_command setup 93 fi 94 95 # Retrieve DNSSEC root key 96 if [ ! -s ${local_unbound_anchor} ] ; then 97 run_rc_command anchor 98 fi 99} 100 101# 102# After starting, wait for Unbound to report that it is ready to avoid 103# race conditions with services which require functioning DNS. 104# 105local_unbound_poststart() 106{ 107 local retry=5 108 109 echo -n "Waiting for nameserver to start..." 110 until "${command}-control" -c "${local_unbound_config}" status | grep -q "is running" ; do 111 if [ $((retry -= 1)) -eq 0 ] ; then 112 echo " giving up" 113 return 1 114 fi 115 echo -n "." 116 sleep 1 117 done 118 echo " good" 119} 120 121load_rc_config $name 122run_rc_command "$1" 123