1*b70d78d6SDag-Erling Smørgrav#!/bin/sh 2*b70d78d6SDag-Erling Smørgrav#- 3*b70d78d6SDag-Erling Smørgrav# SPDX-License-Identifier: BSD-2-Clause-FreeBSD 4*b70d78d6SDag-Erling Smørgrav# 5*b70d78d6SDag-Erling Smørgrav# Copyright (c) 2013 Dag-Erling Smørgrav 6*b70d78d6SDag-Erling Smørgrav# All rights reserved. 7*b70d78d6SDag-Erling Smørgrav# 8*b70d78d6SDag-Erling Smørgrav# Redistribution and use in source and binary forms, with or without 9*b70d78d6SDag-Erling Smørgrav# modification, are permitted provided that the following conditions 10*b70d78d6SDag-Erling Smørgrav# are met: 11*b70d78d6SDag-Erling Smørgrav# 1. Redistributions of source code must retain the above copyright 12*b70d78d6SDag-Erling Smørgrav# notice, this list of conditions and the following disclaimer. 13*b70d78d6SDag-Erling Smørgrav# 2. Redistributions in binary form must reproduce the above copyright 14*b70d78d6SDag-Erling Smørgrav# notice, this list of conditions and the following disclaimer in the 15*b70d78d6SDag-Erling Smørgrav# documentation and/or other materials provided with the distribution. 16*b70d78d6SDag-Erling Smørgrav# 17*b70d78d6SDag-Erling Smørgrav# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18*b70d78d6SDag-Erling Smørgrav# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19*b70d78d6SDag-Erling Smørgrav# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20*b70d78d6SDag-Erling Smørgrav# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21*b70d78d6SDag-Erling Smørgrav# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22*b70d78d6SDag-Erling Smørgrav# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23*b70d78d6SDag-Erling Smørgrav# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24*b70d78d6SDag-Erling Smørgrav# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25*b70d78d6SDag-Erling Smørgrav# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26*b70d78d6SDag-Erling Smørgrav# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27*b70d78d6SDag-Erling Smørgrav# SUCH DAMAGE. 28*b70d78d6SDag-Erling Smørgrav# 29*b70d78d6SDag-Erling Smørgrav# $FreeBSD$ 30*b70d78d6SDag-Erling Smørgrav# 31*b70d78d6SDag-Erling Smørgrav 32*b70d78d6SDag-Erling Smørgrav# 33*b70d78d6SDag-Erling Smørgrav# Configuration variables 34*b70d78d6SDag-Erling Smørgrav# 35*b70d78d6SDag-Erling Smørgravuser="" 36*b70d78d6SDag-Erling Smørgravunbound_conf="" 37*b70d78d6SDag-Erling Smørgravforward_conf="" 38*b70d78d6SDag-Erling Smørgravlanzones_conf="" 39*b70d78d6SDag-Erling Smørgravcontrol_conf="" 40*b70d78d6SDag-Erling Smørgravcontrol_socket="" 41*b70d78d6SDag-Erling Smørgravworkdir="" 42*b70d78d6SDag-Erling Smørgravconfdir="" 43*b70d78d6SDag-Erling Smørgravchrootdir="" 44*b70d78d6SDag-Erling Smørgravanchor="" 45*b70d78d6SDag-Erling Smørgravpidfile="" 46*b70d78d6SDag-Erling Smørgravresolv_conf="" 47*b70d78d6SDag-Erling Smørgravresolvconf_conf="" 48*b70d78d6SDag-Erling Smørgravservice="" 49*b70d78d6SDag-Erling Smørgravstart_unbound="" 50*b70d78d6SDag-Erling Smørgravforwarders="" 51*b70d78d6SDag-Erling Smørgrav 52*b70d78d6SDag-Erling Smørgrav# 53*b70d78d6SDag-Erling Smørgrav# Global variables 54*b70d78d6SDag-Erling Smørgrav# 55*b70d78d6SDag-Erling Smørgravself=$(basename $(realpath "$0")) 56*b70d78d6SDag-Erling Smørgravbkext=$(date "+%Y%m%d.%H%M%S") 57*b70d78d6SDag-Erling Smørgrav 58*b70d78d6SDag-Erling Smørgrav# 59*b70d78d6SDag-Erling Smørgrav# Set default values for unset configuration variables. 60*b70d78d6SDag-Erling Smørgrav# 61*b70d78d6SDag-Erling Smørgravset_defaults() { 62*b70d78d6SDag-Erling Smørgrav : ${user:=unbound} 63*b70d78d6SDag-Erling Smørgrav : ${workdir:=/var/unbound} 64*b70d78d6SDag-Erling Smørgrav : ${confdir:=${workdir}/conf.d} 65*b70d78d6SDag-Erling Smørgrav : ${unbound_conf:=${workdir}/unbound.conf} 66*b70d78d6SDag-Erling Smørgrav : ${forward_conf:=${workdir}/forward.conf} 67*b70d78d6SDag-Erling Smørgrav : ${lanzones_conf:=${workdir}/lan-zones.conf} 68*b70d78d6SDag-Erling Smørgrav : ${control_conf:=${workdir}/control.conf} 69*b70d78d6SDag-Erling Smørgrav : ${control_socket:=/var/run/local_unbound.ctl} 70*b70d78d6SDag-Erling Smørgrav : ${anchor:=${workdir}/root.key} 71*b70d78d6SDag-Erling Smørgrav : ${pidfile:=/var/run/local_unbound.pid} 72*b70d78d6SDag-Erling Smørgrav : ${resolv_conf:=/etc/resolv.conf} 73*b70d78d6SDag-Erling Smørgrav : ${resolvconf_conf:=/etc/resolvconf.conf} 74*b70d78d6SDag-Erling Smørgrav : ${service:=local_unbound} 75*b70d78d6SDag-Erling Smørgrav : ${start_unbound:=yes} 76*b70d78d6SDag-Erling Smørgrav} 77*b70d78d6SDag-Erling Smørgrav 78*b70d78d6SDag-Erling Smørgrav# 79*b70d78d6SDag-Erling Smørgrav# Verify that the configuration files are inside the working 80*b70d78d6SDag-Erling Smørgrav# directory, and if so, set the chroot directory accordingly. 81*b70d78d6SDag-Erling Smørgrav# 82*b70d78d6SDag-Erling Smørgravset_chrootdir() { 83*b70d78d6SDag-Erling Smørgrav chrootdir="${workdir}" 84*b70d78d6SDag-Erling Smørgrav for file in "${unbound_conf}" "${forward_conf}" \ 85*b70d78d6SDag-Erling Smørgrav "${lanzones_conf}" "${control_conf}" "${anchor}" ; do 86*b70d78d6SDag-Erling Smørgrav if [ "${file#${workdir%/}/}" = "${file}" ] ; then 87*b70d78d6SDag-Erling Smørgrav echo "warning: ${file} is outside ${workdir}" >&2 88*b70d78d6SDag-Erling Smørgrav chrootdir="" 89*b70d78d6SDag-Erling Smørgrav fi 90*b70d78d6SDag-Erling Smørgrav done 91*b70d78d6SDag-Erling Smørgrav if [ -z "${chrootdir}" ] ; then 92*b70d78d6SDag-Erling Smørgrav echo "warning: disabling chroot" >&2 93*b70d78d6SDag-Erling Smørgrav fi 94*b70d78d6SDag-Erling Smørgrav} 95*b70d78d6SDag-Erling Smørgrav 96*b70d78d6SDag-Erling Smørgrav# 97*b70d78d6SDag-Erling Smørgrav# Scan through /etc/resolv.conf looking for uncommented nameserver 98*b70d78d6SDag-Erling Smørgrav# lines that don't point to localhost and return their values. 99*b70d78d6SDag-Erling Smørgrav# 100*b70d78d6SDag-Erling Smørgravget_nameservers() { 101*b70d78d6SDag-Erling Smørgrav while read line ; do 102*b70d78d6SDag-Erling Smørgrav local bareline=${line%%\#*} 103*b70d78d6SDag-Erling Smørgrav local key=${bareline%% *} 104*b70d78d6SDag-Erling Smørgrav local value=${bareline#* } 105*b70d78d6SDag-Erling Smørgrav case ${key} in 106*b70d78d6SDag-Erling Smørgrav nameserver) 107*b70d78d6SDag-Erling Smørgrav case ${value} in 108*b70d78d6SDag-Erling Smørgrav 127.0.0.1|::1|localhost|localhost.*) 109*b70d78d6SDag-Erling Smørgrav ;; 110*b70d78d6SDag-Erling Smørgrav *) 111*b70d78d6SDag-Erling Smørgrav echo "${value}" 112*b70d78d6SDag-Erling Smørgrav ;; 113*b70d78d6SDag-Erling Smørgrav esac 114*b70d78d6SDag-Erling Smørgrav ;; 115*b70d78d6SDag-Erling Smørgrav esac 116*b70d78d6SDag-Erling Smørgrav done 117*b70d78d6SDag-Erling Smørgrav} 118*b70d78d6SDag-Erling Smørgrav 119*b70d78d6SDag-Erling Smørgrav# 120*b70d78d6SDag-Erling Smørgrav# Scan through /etc/resolv.conf looking for uncommented nameserver 121*b70d78d6SDag-Erling Smørgrav# lines. Comment out any that don't point to localhost. Finally, 122*b70d78d6SDag-Erling Smørgrav# append a nameserver line that points to localhost, if there wasn't 123*b70d78d6SDag-Erling Smørgrav# one already, and enable the edns0 option. 124*b70d78d6SDag-Erling Smørgrav# 125*b70d78d6SDag-Erling Smørgravgen_resolv_conf() { 126*b70d78d6SDag-Erling Smørgrav local localhost=no 127*b70d78d6SDag-Erling Smørgrav local edns0=no 128*b70d78d6SDag-Erling Smørgrav while read line ; do 129*b70d78d6SDag-Erling Smørgrav local bareline=${line%%\#*} 130*b70d78d6SDag-Erling Smørgrav local key=${bareline%% *} 131*b70d78d6SDag-Erling Smørgrav local value=${bareline#* } 132*b70d78d6SDag-Erling Smørgrav case ${key} in 133*b70d78d6SDag-Erling Smørgrav nameserver) 134*b70d78d6SDag-Erling Smørgrav case ${value} in 135*b70d78d6SDag-Erling Smørgrav 127.0.0.1|::1|localhost|localhost.*) 136*b70d78d6SDag-Erling Smørgrav localhost=yes 137*b70d78d6SDag-Erling Smørgrav ;; 138*b70d78d6SDag-Erling Smørgrav *) 139*b70d78d6SDag-Erling Smørgrav echo -n "# " 140*b70d78d6SDag-Erling Smørgrav ;; 141*b70d78d6SDag-Erling Smørgrav esac 142*b70d78d6SDag-Erling Smørgrav ;; 143*b70d78d6SDag-Erling Smørgrav options) 144*b70d78d6SDag-Erling Smørgrav case ${value} in 145*b70d78d6SDag-Erling Smørgrav *edns0*) 146*b70d78d6SDag-Erling Smørgrav edns0=yes 147*b70d78d6SDag-Erling Smørgrav ;; 148*b70d78d6SDag-Erling Smørgrav esac 149*b70d78d6SDag-Erling Smørgrav ;; 150*b70d78d6SDag-Erling Smørgrav esac 151*b70d78d6SDag-Erling Smørgrav echo "${line}" 152*b70d78d6SDag-Erling Smørgrav done 153*b70d78d6SDag-Erling Smørgrav if [ "${localhost}" = "no" ] ; then 154*b70d78d6SDag-Erling Smørgrav echo "nameserver 127.0.0.1" 155*b70d78d6SDag-Erling Smørgrav fi 156*b70d78d6SDag-Erling Smørgrav if [ "${edns0}" = "no" ] ; then 157*b70d78d6SDag-Erling Smørgrav echo "options edns0" 158*b70d78d6SDag-Erling Smørgrav fi 159*b70d78d6SDag-Erling Smørgrav} 160*b70d78d6SDag-Erling Smørgrav 161*b70d78d6SDag-Erling Smørgrav# 162*b70d78d6SDag-Erling Smørgrav# Boilerplate 163*b70d78d6SDag-Erling Smørgrav# 164*b70d78d6SDag-Erling Smørgravdo_not_edit() { 165*b70d78d6SDag-Erling Smørgrav echo "# This file was generated by $self." 166*b70d78d6SDag-Erling Smørgrav echo "# Modifications will be overwritten." 167*b70d78d6SDag-Erling Smørgrav} 168*b70d78d6SDag-Erling Smørgrav 169*b70d78d6SDag-Erling Smørgrav# 170*b70d78d6SDag-Erling Smørgrav# Generate resolvconf.conf so it updates forward.conf in addition to 171*b70d78d6SDag-Erling Smørgrav# resolv.conf. Note "in addition to" rather than "instead of", 172*b70d78d6SDag-Erling Smørgrav# because we still want it to update the domain name and search path 173*b70d78d6SDag-Erling Smørgrav# if they change. Setting name_servers to "127.0.0.1" ensures that 174*b70d78d6SDag-Erling Smørgrav# the libc resolver will try unbound first. 175*b70d78d6SDag-Erling Smørgrav# 176*b70d78d6SDag-Erling Smørgravgen_resolvconf_conf() { 177*b70d78d6SDag-Erling Smørgrav local style="$1" 178*b70d78d6SDag-Erling Smørgrav do_not_edit 179*b70d78d6SDag-Erling Smørgrav echo "resolv_conf=\"/dev/null\" # prevent updating ${resolv_conf}" 180*b70d78d6SDag-Erling Smørgrav if [ "${style}" = "dynamic" ] ; then 181*b70d78d6SDag-Erling Smørgrav echo "unbound_conf=\"${forward_conf}\"" 182*b70d78d6SDag-Erling Smørgrav echo "unbound_pid=\"${pidfile}\"" 183*b70d78d6SDag-Erling Smørgrav echo "unbound_service=\"${service}\"" 184*b70d78d6SDag-Erling Smørgrav # resolvconf(8) likes to restart rather than reload 185*b70d78d6SDag-Erling Smørgrav echo "unbound_restart=\"service ${service} reload\"" 186*b70d78d6SDag-Erling Smørgrav else 187*b70d78d6SDag-Erling Smørgrav echo "# Static DNS configuration" 188*b70d78d6SDag-Erling Smørgrav fi 189*b70d78d6SDag-Erling Smørgrav} 190*b70d78d6SDag-Erling Smørgrav 191*b70d78d6SDag-Erling Smørgrav# 192*b70d78d6SDag-Erling Smørgrav# Generate forward.conf 193*b70d78d6SDag-Erling Smørgrav# 194*b70d78d6SDag-Erling Smørgravgen_forward_conf() { 195*b70d78d6SDag-Erling Smørgrav do_not_edit 196*b70d78d6SDag-Erling Smørgrav echo "forward-zone:" 197*b70d78d6SDag-Erling Smørgrav echo " name: ." 198*b70d78d6SDag-Erling Smørgrav for forwarder ; do 199*b70d78d6SDag-Erling Smørgrav if expr "${forwarder}" : "^[0-9A-Fa-f:.]\{1,\}$" >/dev/null ; then 200*b70d78d6SDag-Erling Smørgrav echo " forward-addr: ${forwarder}" 201*b70d78d6SDag-Erling Smørgrav else 202*b70d78d6SDag-Erling Smørgrav echo " forward-host: ${forwarder}" 203*b70d78d6SDag-Erling Smørgrav fi 204*b70d78d6SDag-Erling Smørgrav done 205*b70d78d6SDag-Erling Smørgrav} 206*b70d78d6SDag-Erling Smørgrav 207*b70d78d6SDag-Erling Smørgrav# 208*b70d78d6SDag-Erling Smørgrav# Generate lan-zones.conf 209*b70d78d6SDag-Erling Smørgrav# 210*b70d78d6SDag-Erling Smørgravgen_lanzones_conf() { 211*b70d78d6SDag-Erling Smørgrav do_not_edit 212*b70d78d6SDag-Erling Smørgrav echo "server:" 213*b70d78d6SDag-Erling Smørgrav echo " # Unblock reverse lookups for LAN addresses" 214*b70d78d6SDag-Erling Smørgrav echo " unblock-lan-zones: yes" 215*b70d78d6SDag-Erling Smørgrav echo " insecure-lan-zones: yes" 216*b70d78d6SDag-Erling Smørgrav} 217*b70d78d6SDag-Erling Smørgrav 218*b70d78d6SDag-Erling Smørgrav# 219*b70d78d6SDag-Erling Smørgrav# Generate control.conf 220*b70d78d6SDag-Erling Smørgrav# 221*b70d78d6SDag-Erling Smørgravgen_control_conf() { 222*b70d78d6SDag-Erling Smørgrav do_not_edit 223*b70d78d6SDag-Erling Smørgrav echo "remote-control:" 224*b70d78d6SDag-Erling Smørgrav echo " control-enable: yes" 225*b70d78d6SDag-Erling Smørgrav echo " control-interface: ${control_socket}" 226*b70d78d6SDag-Erling Smørgrav echo " control-use-cert: no" 227*b70d78d6SDag-Erling Smørgrav} 228*b70d78d6SDag-Erling Smørgrav 229*b70d78d6SDag-Erling Smørgrav# 230*b70d78d6SDag-Erling Smørgrav# Generate unbound.conf 231*b70d78d6SDag-Erling Smørgrav# 232*b70d78d6SDag-Erling Smørgravgen_unbound_conf() { 233*b70d78d6SDag-Erling Smørgrav do_not_edit 234*b70d78d6SDag-Erling Smørgrav echo "server:" 235*b70d78d6SDag-Erling Smørgrav echo " username: ${user}" 236*b70d78d6SDag-Erling Smørgrav echo " directory: ${workdir}" 237*b70d78d6SDag-Erling Smørgrav echo " chroot: ${chrootdir}" 238*b70d78d6SDag-Erling Smørgrav echo " pidfile: ${pidfile}" 239*b70d78d6SDag-Erling Smørgrav echo " auto-trust-anchor-file: ${anchor}" 240*b70d78d6SDag-Erling Smørgrav echo "" 241*b70d78d6SDag-Erling Smørgrav if [ -f "${forward_conf}" ] ; then 242*b70d78d6SDag-Erling Smørgrav echo "include: ${forward_conf}" 243*b70d78d6SDag-Erling Smørgrav fi 244*b70d78d6SDag-Erling Smørgrav if [ -f "${lanzones_conf}" ] ; then 245*b70d78d6SDag-Erling Smørgrav echo "include: ${lanzones_conf}" 246*b70d78d6SDag-Erling Smørgrav fi 247*b70d78d6SDag-Erling Smørgrav if [ -f "${control_conf}" ] ; then 248*b70d78d6SDag-Erling Smørgrav echo "include: ${control_conf}" 249*b70d78d6SDag-Erling Smørgrav fi 250*b70d78d6SDag-Erling Smørgrav if [ -d "${confdir}" ] ; then 251*b70d78d6SDag-Erling Smørgrav echo "include: ${confdir}/*.conf" 252*b70d78d6SDag-Erling Smørgrav fi 253*b70d78d6SDag-Erling Smørgrav} 254*b70d78d6SDag-Erling Smørgrav 255*b70d78d6SDag-Erling Smørgrav# 256*b70d78d6SDag-Erling Smørgrav# Replace one file with another, making a backup copy of the first, 257*b70d78d6SDag-Erling Smørgrav# but only if the new file is different from the old. 258*b70d78d6SDag-Erling Smørgrav# 259*b70d78d6SDag-Erling Smørgravreplace() { 260*b70d78d6SDag-Erling Smørgrav local file="$1" 261*b70d78d6SDag-Erling Smørgrav local newfile="$2" 262*b70d78d6SDag-Erling Smørgrav if [ ! -f "${file}" ] ; then 263*b70d78d6SDag-Erling Smørgrav echo "${file} created" 264*b70d78d6SDag-Erling Smørgrav mv "${newfile}" "${file}" 265*b70d78d6SDag-Erling Smørgrav elif ! cmp -s "${file}" "${newfile}" ; then 266*b70d78d6SDag-Erling Smørgrav local oldfile="${file}.${bkext}" 267*b70d78d6SDag-Erling Smørgrav echo "original ${file} saved as ${oldfile}" 268*b70d78d6SDag-Erling Smørgrav mv "${file}" "${oldfile}" 269*b70d78d6SDag-Erling Smørgrav mv "${newfile}" "${file}" 270*b70d78d6SDag-Erling Smørgrav else 271*b70d78d6SDag-Erling Smørgrav echo "${file} not modified" 272*b70d78d6SDag-Erling Smørgrav rm "${newfile}" 273*b70d78d6SDag-Erling Smørgrav fi 274*b70d78d6SDag-Erling Smørgrav} 275*b70d78d6SDag-Erling Smørgrav 276*b70d78d6SDag-Erling Smørgrav# 277*b70d78d6SDag-Erling Smørgrav# Print usage message and exit 278*b70d78d6SDag-Erling Smørgrav# 279*b70d78d6SDag-Erling Smørgravusage() { 280*b70d78d6SDag-Erling Smørgrav exec >&2 281*b70d78d6SDag-Erling Smørgrav echo "usage: $self [options] [forwarder ...]" 282*b70d78d6SDag-Erling Smørgrav echo "options:" 283*b70d78d6SDag-Erling Smørgrav echo " -n do not start unbound" 284*b70d78d6SDag-Erling Smørgrav echo " -a path full path to trust anchor file" 285*b70d78d6SDag-Erling Smørgrav echo " -C path full path to additional configuration directory" 286*b70d78d6SDag-Erling Smørgrav echo " -c path full path to unbound configuration file" 287*b70d78d6SDag-Erling Smørgrav echo " -f path full path to forwarding configuration" 288*b70d78d6SDag-Erling Smørgrav echo " -O path full path to remote control socket" 289*b70d78d6SDag-Erling Smørgrav echo " -o path full path to remote control configuration" 290*b70d78d6SDag-Erling Smørgrav echo " -p path full path to pid file" 291*b70d78d6SDag-Erling Smørgrav echo " -R path full path to resolvconf.conf" 292*b70d78d6SDag-Erling Smørgrav echo " -r path full path to resolv.conf" 293*b70d78d6SDag-Erling Smørgrav echo " -s service name of unbound service" 294*b70d78d6SDag-Erling Smørgrav echo " -u user user to run unbound as" 295*b70d78d6SDag-Erling Smørgrav echo " -w path full path to working directory" 296*b70d78d6SDag-Erling Smørgrav exit 1 297*b70d78d6SDag-Erling Smørgrav} 298*b70d78d6SDag-Erling Smørgrav 299*b70d78d6SDag-Erling Smørgrav# 300*b70d78d6SDag-Erling Smørgrav# Main 301*b70d78d6SDag-Erling Smørgrav# 302*b70d78d6SDag-Erling Smørgravmain() { 303*b70d78d6SDag-Erling Smørgrav umask 022 304*b70d78d6SDag-Erling Smørgrav 305*b70d78d6SDag-Erling Smørgrav # 306*b70d78d6SDag-Erling Smørgrav # Parse and validate command-line options 307*b70d78d6SDag-Erling Smørgrav # 308*b70d78d6SDag-Erling Smørgrav while getopts "a:C:c:f:no:p:R:r:s:u:w:" option ; do 309*b70d78d6SDag-Erling Smørgrav case $option in 310*b70d78d6SDag-Erling Smørgrav a) 311*b70d78d6SDag-Erling Smørgrav anchor="$OPTARG" 312*b70d78d6SDag-Erling Smørgrav ;; 313*b70d78d6SDag-Erling Smørgrav C) 314*b70d78d6SDag-Erling Smørgrav confdir="$OPTARG" 315*b70d78d6SDag-Erling Smørgrav ;; 316*b70d78d6SDag-Erling Smørgrav c) 317*b70d78d6SDag-Erling Smørgrav unbound_conf="$OPTARG" 318*b70d78d6SDag-Erling Smørgrav ;; 319*b70d78d6SDag-Erling Smørgrav f) 320*b70d78d6SDag-Erling Smørgrav forward_conf="$OPTARG" 321*b70d78d6SDag-Erling Smørgrav ;; 322*b70d78d6SDag-Erling Smørgrav n) 323*b70d78d6SDag-Erling Smørgrav start_unbound="no" 324*b70d78d6SDag-Erling Smørgrav ;; 325*b70d78d6SDag-Erling Smørgrav O) 326*b70d78d6SDag-Erling Smørgrav control_socket="$OPTARG" 327*b70d78d6SDag-Erling Smørgrav ;; 328*b70d78d6SDag-Erling Smørgrav o) 329*b70d78d6SDag-Erling Smørgrav control_conf="$OPTARG" 330*b70d78d6SDag-Erling Smørgrav ;; 331*b70d78d6SDag-Erling Smørgrav p) 332*b70d78d6SDag-Erling Smørgrav pidfile="$OPTARG" 333*b70d78d6SDag-Erling Smørgrav ;; 334*b70d78d6SDag-Erling Smørgrav R) 335*b70d78d6SDag-Erling Smørgrav resolvconf_conf="$OPTARG" 336*b70d78d6SDag-Erling Smørgrav ;; 337*b70d78d6SDag-Erling Smørgrav r) 338*b70d78d6SDag-Erling Smørgrav resolv_conf="$OPTARG" 339*b70d78d6SDag-Erling Smørgrav ;; 340*b70d78d6SDag-Erling Smørgrav s) 341*b70d78d6SDag-Erling Smørgrav service="$OPTARG" 342*b70d78d6SDag-Erling Smørgrav ;; 343*b70d78d6SDag-Erling Smørgrav u) 344*b70d78d6SDag-Erling Smørgrav user="$OPTARG" 345*b70d78d6SDag-Erling Smørgrav ;; 346*b70d78d6SDag-Erling Smørgrav w) 347*b70d78d6SDag-Erling Smørgrav workdir="$OPTARG" 348*b70d78d6SDag-Erling Smørgrav ;; 349*b70d78d6SDag-Erling Smørgrav *) 350*b70d78d6SDag-Erling Smørgrav usage 351*b70d78d6SDag-Erling Smørgrav ;; 352*b70d78d6SDag-Erling Smørgrav esac 353*b70d78d6SDag-Erling Smørgrav done 354*b70d78d6SDag-Erling Smørgrav shift $((OPTIND-1)) 355*b70d78d6SDag-Erling Smørgrav set_defaults 356*b70d78d6SDag-Erling Smørgrav 357*b70d78d6SDag-Erling Smørgrav # 358*b70d78d6SDag-Erling Smørgrav # Get the list of forwarders, either from the command line or 359*b70d78d6SDag-Erling Smørgrav # from resolv.conf. 360*b70d78d6SDag-Erling Smørgrav # 361*b70d78d6SDag-Erling Smørgrav forwarders="$@" 362*b70d78d6SDag-Erling Smørgrav if [ -z "$forwarders" ] ; then 363*b70d78d6SDag-Erling Smørgrav echo "Extracting forwarders from ${resolv_conf}." 364*b70d78d6SDag-Erling Smørgrav forwarders=$(get_nameservers <"${resolv_conf}") 365*b70d78d6SDag-Erling Smørgrav style=dynamic 366*b70d78d6SDag-Erling Smørgrav else 367*b70d78d6SDag-Erling Smørgrav style=static 368*b70d78d6SDag-Erling Smørgrav fi 369*b70d78d6SDag-Erling Smørgrav 370*b70d78d6SDag-Erling Smørgrav # 371*b70d78d6SDag-Erling Smørgrav # Generate forward.conf. 372*b70d78d6SDag-Erling Smørgrav # 373*b70d78d6SDag-Erling Smørgrav if [ -z "${forwarders}" ] ; then 374*b70d78d6SDag-Erling Smørgrav echo -n "No forwarders found in ${resolv_conf##*/}, " 375*b70d78d6SDag-Erling Smørgrav if [ -f "${forward_conf}" ] ; then 376*b70d78d6SDag-Erling Smørgrav echo "using existing ${forward_conf##*/}." 377*b70d78d6SDag-Erling Smørgrav else 378*b70d78d6SDag-Erling Smørgrav echo "unbound will recurse." 379*b70d78d6SDag-Erling Smørgrav fi 380*b70d78d6SDag-Erling Smørgrav else 381*b70d78d6SDag-Erling Smørgrav local tmp_forward_conf=$(mktemp -u "${forward_conf}.XXXXX") 382*b70d78d6SDag-Erling Smørgrav gen_forward_conf ${forwarders} | unexpand >"${tmp_forward_conf}" 383*b70d78d6SDag-Erling Smørgrav replace "${forward_conf}" "${tmp_forward_conf}" 384*b70d78d6SDag-Erling Smørgrav fi 385*b70d78d6SDag-Erling Smørgrav 386*b70d78d6SDag-Erling Smørgrav # 387*b70d78d6SDag-Erling Smørgrav # Generate lan-zones.conf. 388*b70d78d6SDag-Erling Smørgrav # 389*b70d78d6SDag-Erling Smørgrav local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX") 390*b70d78d6SDag-Erling Smørgrav gen_lanzones_conf | unexpand >"${tmp_lanzones_conf}" 391*b70d78d6SDag-Erling Smørgrav replace "${lanzones_conf}" "${tmp_lanzones_conf}" 392*b70d78d6SDag-Erling Smørgrav 393*b70d78d6SDag-Erling Smørgrav # 394*b70d78d6SDag-Erling Smørgrav # Generate control.conf. 395*b70d78d6SDag-Erling Smørgrav # 396*b70d78d6SDag-Erling Smørgrav local tmp_control_conf=$(mktemp -u "${control_conf}.XXXXX") 397*b70d78d6SDag-Erling Smørgrav gen_control_conf | unexpand >"${tmp_control_conf}" 398*b70d78d6SDag-Erling Smørgrav replace "${control_conf}" "${tmp_control_conf}" 399*b70d78d6SDag-Erling Smørgrav 400*b70d78d6SDag-Erling Smørgrav # 401*b70d78d6SDag-Erling Smørgrav # Generate unbound.conf. 402*b70d78d6SDag-Erling Smørgrav # 403*b70d78d6SDag-Erling Smørgrav local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX") 404*b70d78d6SDag-Erling Smørgrav set_chrootdir 405*b70d78d6SDag-Erling Smørgrav gen_unbound_conf | unexpand >"${tmp_unbound_conf}" 406*b70d78d6SDag-Erling Smørgrav replace "${unbound_conf}" "${tmp_unbound_conf}" 407*b70d78d6SDag-Erling Smørgrav 408*b70d78d6SDag-Erling Smørgrav # 409*b70d78d6SDag-Erling Smørgrav # Start unbound, unless requested not to. Stop immediately if 410*b70d78d6SDag-Erling Smørgrav # it is not enabled so we don't end up with a resolv.conf that 411*b70d78d6SDag-Erling Smørgrav # points into nothingness. We could "onestart" it, but it 412*b70d78d6SDag-Erling Smørgrav # wouldn't stick. 413*b70d78d6SDag-Erling Smørgrav # 414*b70d78d6SDag-Erling Smørgrav if [ "${start_unbound}" = "no" ] ; then 415*b70d78d6SDag-Erling Smørgrav # skip 416*b70d78d6SDag-Erling Smørgrav elif ! service "${service}" enabled ; then 417*b70d78d6SDag-Erling Smørgrav echo "Please enable $service in rc.conf(5) and try again." 418*b70d78d6SDag-Erling Smørgrav return 1 419*b70d78d6SDag-Erling Smørgrav elif ! service "${service}" restart ; then 420*b70d78d6SDag-Erling Smørgrav echo "Failed to start $service." 421*b70d78d6SDag-Erling Smørgrav return 1 422*b70d78d6SDag-Erling Smørgrav fi 423*b70d78d6SDag-Erling Smørgrav 424*b70d78d6SDag-Erling Smørgrav # 425*b70d78d6SDag-Erling Smørgrav # Rewrite resolvconf.conf so resolvconf updates forward.conf 426*b70d78d6SDag-Erling Smørgrav # instead of resolv.conf. 427*b70d78d6SDag-Erling Smørgrav # 428*b70d78d6SDag-Erling Smørgrav local tmp_resolvconf_conf=$(mktemp -u "${resolvconf_conf}.XXXXX") 429*b70d78d6SDag-Erling Smørgrav gen_resolvconf_conf "${style}" | unexpand >"${tmp_resolvconf_conf}" 430*b70d78d6SDag-Erling Smørgrav replace "${resolvconf_conf}" "${tmp_resolvconf_conf}" 431*b70d78d6SDag-Erling Smørgrav 432*b70d78d6SDag-Erling Smørgrav # 433*b70d78d6SDag-Erling Smørgrav # Finally, rewrite resolv.conf. 434*b70d78d6SDag-Erling Smørgrav # 435*b70d78d6SDag-Erling Smørgrav local tmp_resolv_conf=$(mktemp -u "${resolv_conf}.XXXXX") 436*b70d78d6SDag-Erling Smørgrav gen_resolv_conf <"${resolv_conf}" | unexpand >"${tmp_resolv_conf}" 437*b70d78d6SDag-Erling Smørgrav replace "${resolv_conf}" "${tmp_resolv_conf}" 438*b70d78d6SDag-Erling Smørgrav} 439*b70d78d6SDag-Erling Smørgrav 440*b70d78d6SDag-Erling Smørgravmain "$@" 441