Enable remote control using a local socket in the default configuration.

UPDATING

@@ -31,6 +31,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20150105:
+	The default Unbound configuration now enables remote control
+	using a local socket.  Users who have already enabled the
+	local_unbound service should regenerate their configuration
+	by running "service local_unbound setup" as root.
+	
 20150102:
 	The GNU texinfo and GNU info pages have been removed.
 	To be able to view GNU info pages please install texinfo from ports.

usr.sbin/unbound/local-setup/local-unbound-setup.sh

@@ -34,6 +34,8 @@ user=""
 unbound_conf=""
 forward_conf=""
 lanzones_conf=""
+control_conf=""
+control_socket=""
 workdir=""
 confdir=""
 chrootdir=""
@@ -61,6 +63,8 @@ set_defaults() {
 	: ${unbound_conf:=${workdir}/unbound.conf}
 	: ${forward_conf:=${workdir}/forward.conf}
 	: ${lanzones_conf:=${workdir}/lan-zones.conf}
+	: ${control_conf:=${workdir}/control.conf}
+	: ${control_socket:=/var/run/local_unbound.ctl}
 	: ${anchor:=${workdir}/root.key}
 	: ${pidfile:=/var/run/local_unbound.pid}
 	: ${resolv_conf:=/etc/resolv.conf}
@@ -76,7 +80,7 @@ set_defaults() {
 set_chrootdir() {
 	chrootdir="${workdir}"
 	for file in "${unbound_conf}" "${forward_conf}" \
-	    "${lanzones_conf}" "${anchor}" ; do
+	    "${lanzones_conf}" "${control_conf}" "${anchor}" ; do
 		if [ "${file#${workdir%/}/}" = "${file}" ] ; then
 			echo "warning: ${file} is outside ${workdir}" >&2
 			chrootdir=""
@@ -152,6 +156,14 @@ gen_resolv_conf() {
 	fi
 }
 
+#
+# Boilerplate
+#
+do_not_edit() {
+	echo "# This file was generated by $self."
+	echo "# Modifications will be overwritten."
+}
+
 #
 # Generate resolvconf.conf so it updates forward.conf in addition to
 # resolv.conf.  Note "in addition to" rather than "instead of",
@@ -160,7 +172,7 @@ gen_resolv_conf() {
 # the libc resolver will try unbound first.
 #
 gen_resolvconf_conf() {
-	echo "# Generated by $self"
+	do_not_edit
 	echo "resolv_conf=\"/dev/null\" # prevent updating ${resolv_conf}"
 	echo "unbound_conf=\"${forward_conf}\""
 	echo "unbound_pid=\"${pidfile}\""
@@ -173,8 +185,7 @@ gen_resolvconf_conf() {
 # Generate forward.conf
 #
 gen_forward_conf() {
-	echo "# Generated by $self"
-	echo "# Do not edit this file."
+	do_not_edit
 	echo "forward-zone:"
 	echo "        name: ."
 	for forwarder ; do
@@ -190,8 +201,7 @@ gen_forward_conf() {
 # Generate lan-zones.conf
 #
 gen_lanzones_conf() {
-	echo "# Generated by $self"
-	echo "# Do not edit this file."
+	do_not_edit
 	echo "server:"
 	echo "        # Unblock reverse lookups for LAN addresses"
 	echo "        unblock-lan-zones: yes"
@@ -222,11 +232,22 @@ gen_lanzones_conf() {
 	echo "        domain-insecure: b.e.ip6.arpa."
 }
 
+#
+# Generate control.conf
+#
+gen_control_conf() {
+	do_not_edit
+	echo "remote-control:"
+	echo "        control-enable: yes"
+	echo "        control-interface: ${control_socket}"
+	echo "        control-use-cert: no"
+}
+
 #
 # Generate unbound.conf
 #
 gen_unbound_conf() {
-	echo "# Generated by $self"
+	do_not_edit
 	echo "server:"
 	echo "        username: ${user}"
 	echo "        directory: ${workdir}"
@@ -240,6 +261,9 @@ gen_unbound_conf() {
 	if [ -f "${lanzones_conf}" ] ; then
 		echo "include: ${lanzones_conf}"
 	fi
+	if [ -f "${control_conf}" ] ; then
+		echo "include: ${control_conf}"
+	fi
 	if [ -d "${confdir}" ] ; then
 		echo "include: ${confdir}/*.conf"
 	fi
@@ -278,6 +302,8 @@ usage() {
 	echo "    -C path     full path to additional configuration directory"
 	echo "    -c path     full path to unbound configuration file"
 	echo "    -f path     full path to forwarding configuration"
+	echo "    -O path     full path to remote control socket"
+	echo "    -o path     full path to remote control configuration"
 	echo "    -p path     full path to pid file"
 	echo "    -R path     full path to resolvconf.conf"
 	echo "    -r path     full path to resolv.conf"
@@ -296,7 +322,7 @@ main() {
 	#
 	# Parse and validate command-line options
 	#
-	while getopts "a:C:c:f:np:R:r:s:u:w:" option ; do
+	while getopts "a:C:c:f:no:p:R:r:s:u:w:" option ; do
 		case $option in
 		a)
 			anchor="$OPTARG"
@@ -313,6 +339,12 @@ main() {
 		n)
 			start_unbound="no"
 			;;
+		O)
+			control_socket="$OPTARG"
+			;;
+		o)
+			control_conf="$OPTARG"
+			;;	
 		p)
 			pidfile="$OPTARG"
 			;;
@@ -361,7 +393,7 @@ main() {
 		fi
 	else
 		local tmp_forward_conf=$(mktemp -u "${forward_conf}.XXXXX")
-		gen_forward_conf ${forwarders} >"${tmp_forward_conf}"
+		gen_forward_conf ${forwarders} | unexpand >"${tmp_forward_conf}"
 		replace "${forward_conf}" "${tmp_forward_conf}"
 	fi
 
@@ -369,15 +401,22 @@ main() {
 	# Generate lan-zones.conf.
 	#
 	local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX")
-	gen_lanzones_conf >"${tmp_lanzones_conf}"
+	gen_lanzones_conf | unexpand >"${tmp_lanzones_conf}"
 	replace "${lanzones_conf}" "${tmp_lanzones_conf}"
 
+	#
+	# Generate control.conf.
+	#
+	local tmp_control_conf=$(mktemp -u "${control_conf}.XXXXX")
+	gen_control_conf | unexpand >"${tmp_control_conf}"
+	replace "${control_conf}" "${tmp_control_conf}"
+
 	#
 	# Generate unbound.conf.
 	#
 	local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX")
 	set_chrootdir
-	gen_unbound_conf >"${tmp_unbound_conf}"
+	gen_unbound_conf | unexpand >"${tmp_unbound_conf}"
 	replace "${unbound_conf}" "${tmp_unbound_conf}"
 
 	#
@@ -401,14 +440,14 @@ main() {
 	# instead of resolv.conf.
 	#
 	local tmp_resolvconf_conf=$(mktemp -u "${resolvconf_conf}.XXXXX")
-	gen_resolvconf_conf >"${tmp_resolvconf_conf}"
+	gen_resolvconf_conf | unexpand >"${tmp_resolvconf_conf}"
 	replace "${resolvconf_conf}" "${tmp_resolvconf_conf}"
 
 	#
 	# Finally, rewrite resolv.conf.
 	#
 	local tmp_resolv_conf=$(mktemp -u "${resolv_conf}.XXXXX")
-	gen_resolv_conf <"${resolv_conf}" >"${tmp_resolv_conf}"
+	gen_resolv_conf <"${resolv_conf}" | unexpand >"${tmp_resolv_conf}"
 	replace "${resolv_conf}" "${tmp_resolv_conf}"
 }