49cede74ee
generates a configuration suitable for running unbound as a caching forwarding resolver, and configures resolvconf(8) to update unbound's list of forwarders in addition to /etc/resolv.conf. The initial list is taken from the existing resolv.conf, which is rewritten to point to localhost. Alternatively, a list of forwarders can be provided on the command line. To assist this script, add an rc.subr command called "enabled" which does nothing except return 0 if the service is enabled and 1 if it is not, without going through the usual checks. We should consider doing the same for "status", which is currently pointless. Add an rc script for unbound, called local_unbound. If there is no configuration file, the rc script runs local-unbound-setup to generate one. Note that these scripts place the unbound configuration files in /var/unbound rather than /etc/unbound. This is necessary so that unbound can reload its configuration while chrooted. We should probably provide symlinks in /etc. Approved by: re (blanket)
92 lines
2.0 KiB
Bash
Executable File
92 lines
2.0 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: local_unbound
|
|
# REQUIRE: SERVERS cleanvar
|
|
# KEYWORD: shutdown
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="local_unbound"
|
|
desc="local caching forwarding resolver"
|
|
rcvar="local_unbound_enable"
|
|
|
|
command="/usr/sbin/unbound"
|
|
extra_commands="anchor configtest reload setup"
|
|
start_precmd="local_unbound_prestart"
|
|
reload_precmd="local_unbound_configtest"
|
|
anchor_cmd="local_unbound_anchor"
|
|
configtest_cmd="local_unbound_configtest"
|
|
setup_cmd="local_unbound_setup"
|
|
pidfile="/var/run/${name}.pid"
|
|
|
|
: ${local_unbound_workdir:=/var/unbound}
|
|
: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf}
|
|
: ${local_unbound_flags:=-c${local_unbound_config}}
|
|
: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf}
|
|
: ${local_unbound_anchor:=${local_unbound_workdir}/root.key}
|
|
: ${local_unbound_forwarders:=}
|
|
|
|
load_rc_config $name
|
|
|
|
do_as_unbound()
|
|
{
|
|
echo "$@" | su -m unbound
|
|
}
|
|
|
|
#
|
|
# Retrieve or update the DNSSEC root anchor
|
|
#
|
|
local_unbound_anchor()
|
|
{
|
|
do_as_unbound /usr/sbin/unbound-anchor -a ${local_unbound_anchor}
|
|
# we can't trust the exit code - check if the file exists
|
|
[ -f ${local_unbound_anchor} ]
|
|
}
|
|
|
|
#
|
|
# Check the unbound configuration file
|
|
#
|
|
local_unbound_configtest()
|
|
{
|
|
do_as_unbound /usr/sbin/unbound-checkconf ${local_unbound_config}
|
|
}
|
|
|
|
#
|
|
# Create the unbound configuration file and update resolv.conf to
|
|
# point to unbound.
|
|
#
|
|
local_unbound_setup()
|
|
{
|
|
echo "Performing initial setup."
|
|
/usr/sbin/local-unbound-setup -n \
|
|
-u unbound \
|
|
-w ${local_unbound_workdir} \
|
|
-c ${local_unbound_config} \
|
|
-f ${local_unbound_forwardconf} \
|
|
-a ${local_unbound_anchor} \
|
|
${local_unbound_forwarders}
|
|
}
|
|
|
|
#
|
|
# Before starting, check that the configuration file and root anchor
|
|
# exist. If not, attempt to generate them.
|
|
#
|
|
local_unbound_prestart()
|
|
{
|
|
# Create configuration file
|
|
if [ ! -f ${local_unbound_config} ] ; then
|
|
run_rc_command setup
|
|
fi
|
|
|
|
# Retrieve DNSSEC root key
|
|
if [ ! -f ${local_unbound_anchor} ] ; then
|
|
run_rc_command anchor
|
|
fi
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|