LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25411 Commits
1 Branch
46 MiB
Tree: 2c1fd3e5e2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2c1fd3e5e2'
${ noResults }
openwrt-packages-dist/net/unbound/files/dnsmasq.sh

318 lines
8.4 KiB
Raw Normal View History

Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: clean up interface interpretation in UCI DNS flag day 2020, software should reflect the minimum EDNS 1232 bytes. Added iface_wan and iface_lan to control internal DNS assignemnts and to control what is local service ACL. Interface wild cards are not explicitly set so that they can be customized in extended conf. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: replace obsolete test expressions Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete. POSIX allows few arguments to test, so long expressions are not portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: log openssl-1.0.2 lacks TLS host verification ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do host cert verification. DNS over TLS connects, but hosts are unverified. A patch for log err is added with a noitce in README.md. (see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658) Also, squash some minor robustness and TLS usability fixes. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: replace obsolete test expressions Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete. POSIX allows few arguments to test, so long expressions are not portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: replace obsolete test expressions Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete. POSIX allows few arguments to test, so long expressions are not portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: replace obsolete test expressions Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete. POSIX allows few arguments to test, so long expressions are not portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: replace obsolete test expressions Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete. POSIX allows few arguments to test, so long expressions are not portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: expand UCI to cover some popular dnsmasq features Unbound+DHCP (server of your choice) should be able to replicate a lot of what dnsmasq provides. With this change set Unbound still works with dnsmasq, but also it can work with a plain DHCP server. Features have been added within the UCI itself to act like dnsmasq. - alone: name each interface relative to router hostname - alone: prevent upstream leakage of your domain and '.local' - dnsmasq: use dnsmasq UCI to configure forwarding clauses - dhcp: work with odhcpd as example of companion DHCP-DNS - dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records - all: enable encrypted remote unbound-control using splice conf - all: allow user spliced conf-files for hybrid UCI and manual conf -- 'unbound_srv.conf' will be spliced into the 'server:' clause -- 'unbound_ext.conf' will add clauses to the end, example 'forward:' README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and unbound-with-odhcpd have better/added UCI starters. HOW TO for including unbound_srv.conf and unbound_ext.conf are added. Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6, dhcp_link, domain, and domain_type Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: expand UCI to cover some popular dnsmasq features Unbound+DHCP (server of your choice) should be able to replicate a lot of what dnsmasq provides. With this change set Unbound still works with dnsmasq, but also it can work with a plain DHCP server. Features have been added within the UCI itself to act like dnsmasq. - alone: name each interface relative to router hostname - alone: prevent upstream leakage of your domain and '.local' - dnsmasq: use dnsmasq UCI to configure forwarding clauses - dhcp: work with odhcpd as example of companion DHCP-DNS - dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records - all: enable encrypted remote unbound-control using splice conf - all: allow user spliced conf-files for hybrid UCI and manual conf -- 'unbound_srv.conf' will be spliced into the 'server:' clause -- 'unbound_ext.conf' will add clauses to the end, example 'forward:' README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and unbound-with-odhcpd have better/added UCI starters. HOW TO for including unbound_srv.conf and unbound_ext.conf are added. Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6, dhcp_link, domain, and domain_type Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: expand UCI to cover some popular dnsmasq features Unbound+DHCP (server of your choice) should be able to replicate a lot of what dnsmasq provides. With this change set Unbound still works with dnsmasq, but also it can work with a plain DHCP server. Features have been added within the UCI itself to act like dnsmasq. - alone: name each interface relative to router hostname - alone: prevent upstream leakage of your domain and '.local' - dnsmasq: use dnsmasq UCI to configure forwarding clauses - dhcp: work with odhcpd as example of companion DHCP-DNS - dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records - all: enable encrypted remote unbound-control using splice conf - all: allow user spliced conf-files for hybrid UCI and manual conf -- 'unbound_srv.conf' will be spliced into the 'server:' clause -- 'unbound_ext.conf' will add clauses to the end, example 'forward:' README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and unbound-with-odhcpd have better/added UCI starters. HOW TO for including unbound_srv.conf and unbound_ext.conf are added. Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6, dhcp_link, domain, and domain_type Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: expand UCI to cover some popular dnsmasq features Unbound+DHCP (server of your choice) should be able to replicate a lot of what dnsmasq provides. With this change set Unbound still works with dnsmasq, but also it can work with a plain DHCP server. Features have been added within the UCI itself to act like dnsmasq. - alone: name each interface relative to router hostname - alone: prevent upstream leakage of your domain and '.local' - dnsmasq: use dnsmasq UCI to configure forwarding clauses - dhcp: work with odhcpd as example of companion DHCP-DNS - dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records - all: enable encrypted remote unbound-control using splice conf - all: allow user spliced conf-files for hybrid UCI and manual conf -- 'unbound_srv.conf' will be spliced into the 'server:' clause -- 'unbound_ext.conf' will add clauses to the end, example 'forward:' README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and unbound-with-odhcpd have better/added UCI starters. HOW TO for including unbound_srv.conf and unbound_ext.conf are added. Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6, dhcp_link, domain, and domain_type Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: expand UCI to cover some popular dnsmasq features Unbound+DHCP (server of your choice) should be able to replicate a lot of what dnsmasq provides. With this change set Unbound still works with dnsmasq, but also it can work with a plain DHCP server. Features have been added within the UCI itself to act like dnsmasq. - alone: name each interface relative to router hostname - alone: prevent upstream leakage of your domain and '.local' - dnsmasq: use dnsmasq UCI to configure forwarding clauses - dhcp: work with odhcpd as example of companion DHCP-DNS - dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records - all: enable encrypted remote unbound-control using splice conf - all: allow user spliced conf-files for hybrid UCI and manual conf -- 'unbound_srv.conf' will be spliced into the 'server:' clause -- 'unbound_ext.conf' will add clauses to the end, example 'forward:' README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and unbound-with-odhcpd have better/added UCI starters. HOW TO for including unbound_srv.conf and unbound_ext.conf are added. Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6, dhcp_link, domain, and domain_type Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: replace obsolete test expressions Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete. POSIX allows few arguments to test, so long expressions are not portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years ago
unbound: improve startup and dhcp script robustness - prevent rapid overlap in DHCP script updates - check and allow localhost forwards with specific applications - add option for rate limiting inbound queries - change UCI list to table format with Unbound conf references Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: expand UCI to cover some popular dnsmasq features Unbound+DHCP (server of your choice) should be able to replicate a lot of what dnsmasq provides. With this change set Unbound still works with dnsmasq, but also it can work with a plain DHCP server. Features have been added within the UCI itself to act like dnsmasq. - alone: name each interface relative to router hostname - alone: prevent upstream leakage of your domain and '.local' - dnsmasq: use dnsmasq UCI to configure forwarding clauses - dhcp: work with odhcpd as example of companion DHCP-DNS - dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records - all: enable encrypted remote unbound-control using splice conf - all: allow user spliced conf-files for hybrid UCI and manual conf -- 'unbound_srv.conf' will be spliced into the 'server:' clause -- 'unbound_ext.conf' will add clauses to the end, example 'forward:' README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and unbound-with-odhcpd have better/added UCI starters. HOW TO for including unbound_srv.conf and unbound_ext.conf are added. Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6, dhcp_link, domain, and domain_type Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: improve startup and dhcp script robustness - prevent rapid overlap in DHCP script updates - check and allow localhost forwards with specific applications - add option for rate limiting inbound queries - change UCI list to table format with Unbound conf references Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: fix boot time and default run directory Unbound struggles with boot ifup, so procd triggers changed to push outside of this noise. Unbound has run in /var/lib/unbound/, so chroot (jail) protects /etc/, and it can save flash wear. Compiled defaults reflect this now, so Unbound tools are easier run on the command line. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: improve startup and dhcp script robustness - prevent rapid overlap in DHCP script updates - check and allow localhost forwards with specific applications - add option for rate limiting inbound queries - change UCI list to table format with Unbound conf references Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: improve startup and dhcp script robustness - prevent rapid overlap in DHCP script updates - check and allow localhost forwards with specific applications - add option for rate limiting inbound queries - change UCI list to table format with Unbound conf references Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: improve startup and dhcp script robustness - prevent rapid overlap in DHCP script updates - check and allow localhost forwards with specific applications - add option for rate limiting inbound queries - change UCI list to table format with Unbound conf references Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: replace obsolete test expressions Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete. POSIX allows few arguments to test, so long expressions are not portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years ago
unbound: improve startup and dhcp script robustness - prevent rapid overlap in DHCP script updates - check and allow localhost forwards with specific applications - add option for rate limiting inbound queries - change UCI list to table format with Unbound conf references Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Unbound: Add files to enable forward link to dnsmasq -dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
 
  1. #!/bin/sh

  2. ##############################################################################
  3. #
  4. # This program is free software; you can redistribute it and/or modify
  5. # it under the terms of the GNU General Public License version 2 as
  6. # published by the Free Software Foundation.
  7. #
  8. # This program is distributed in the hope that it will be useful,
  9. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. # GNU General Public License for more details.
  12. #
  13. # Copyright (C) 2016 Eric Luehrsen
  14. #
  15. ##############################################################################
  16. #
  17. # This crosses over to the dnsmasq UCI file "dhcp" and parses it for fields
  18. # that will allow Unbound to request local host DNS of dnsmasq. We need to look
  19. # at the interfaces in "dhcp" and get their subnets. The Unbound conf syntax
  20. # makes this a little difficult. First in "server:" we need to create private
  21. # zones for the domain and PTR records. Then we need to create numerous
  22. # "forward:" clauses to forward those zones to dnsmasq.
  23. #
  24. ##############################################################################
  25. 

  26. # while useful (sh)ellcheck is pedantic and noisy
  27. # shellcheck disable=1091,2002,2004,2034,2039,2086,2094,2140,2154,2155
  28. 

  29. DM_D_WAN_FQDN=0
  30. 

  31. DM_LIST_KNOWN_ZONES="invalid"
  32. DM_LIST_TRN_ZONES=""
  33. DM_LIST_LOCAL_DATA=""
  34. DM_LIST_LOCAL_PTR=""
  35. DM_LIST_FWD_PORTS=""
  36. DM_LIST_FWD_ZONES=""
  37. 

  38. ##############################################################################
  39. 

  40. create_local_zone() {
  41.   local target="$1"
  42.   local partial domain found
  43. 

  44.   case $DM_LIST_TRN_ZONES in
  45.     *"${target}"*)
  46.       found=1
  47.       ;;
  48. 

  49.     *)
  50.       case $target in
  51.         [A-Za-z0-9]*.[A-Za-z0-9]*)
  52.           found=0
  53.           ;;
  54. 

  55.         *) # no dots
  56.           found=1
  57.           ;;
  58.       esac
  59.   esac
  60. 

  61. 

  62.   if [ $found -eq 0 ] ; then
  63.     # New Zone! Bundle local-zones: by first two name tiers "abcd.tld."
  64.     partial=$( echo "$target" | awk -F. '{ j=NF ; i=j-1; print $i"."$j }' )
  65.     DM_LIST_TRN_ZONES="$DM_LIST_TRN_ZONES $partial"
  66.     DM_LIST_KNOWN_ZONES="$DM_LIST_KNOWN_ZONES $partial"
  67.   fi
  68. }
  69. 

  70. ##############################################################################
  71. 

  72. create_host_record() {
  73.   local cfg="$1"
  74.   local ip name debug_ip
  75. 

  76.   # basefiles dhcp "domain" clause which means host A, AAAA, and PRT record
  77.   config_get ip   "$cfg" ip
  78.   config_get name "$cfg" name
  79. 

  80. 

  81.   if [ -n "$name" ] && [ -n "$ip" ] ; then
  82.     create_local_zone "$name"
  83. 

  84. 

  85.     case $ip in
  86.       fe[89ab][0-9a-f]:*|169.254.*)
  87.         debug_ip="$ip@$name"
  88.         ;;
  89. 

  90.       [1-9a-f]*:*[0-9a-f])
  91.         DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $name.@@300@@IN@@AAAA@@$ip"
  92.         DM_LIST_LOCAL_PTR="$DM_LIST_LOCAL_PTR $ip@@300@@$name"
  93.         ;;
  94. 

  95.       [1-9]*.*[0-9])
  96.         DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $name.@@300@@IN@@A@@$ip"
  97.         DM_LIST_LOCAL_PTR="$DM_LIST_LOCAL_PTR $ip@@300@@$name"
  98.         ;;
  99.     esac
  100.   fi
  101. }
  102. 

  103. ##############################################################################
  104. 

  105. create_mx_record() {
  106.   local cfg="$1"
  107.   local domain relay pref record
  108. 

  109.   # Insert a static MX record
  110.   config_get domain "$cfg" domain
  111.   config_get relay  "$cfg" relay
  112.   config_get pref   "$cfg" pref 10
  113. 

  114. 

  115.   if [ -n "$domain" ] && [ -n "$relay" ] ; then
  116.     create_local_zone "$domain"
  117.     record="$domain.@@300@@IN@@MX@@$pref@@$relay."
  118.     DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $record"
  119.   fi
  120. }
  121. 

  122. ##############################################################################
  123. 

  124. create_srv_record() {
  125.   local cfg="$1"
  126.   local srv target port class weight record
  127. 

  128.   # Insert a static SRV record such as SIP server
  129.   config_get srv    "$cfg" srv
  130.   config_get target "$cfg" target
  131.   config_get port   "$cfg" port
  132.   config_get class  "$cfg" class 10
  133.   config_get weight "$cfg" weight 10
  134. 

  135. 

  136.   if [ -n "$srv" ] && [ -n "$target" ] && [ -n "$port" ] ; then
  137.     create_local_zone "$srv"
  138.     record="$srv.@@300@@IN@@SRV@@$class@@$weight@@$port@@$target."
  139.     DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $record"
  140.   fi
  141. }
  142. 

  143. ##############################################################################
  144. 

  145. create_cname_record() {
  146.   local cfg="$1"
  147.   local cname target record
  148. 

  149.   # Insert static CNAME record
  150.   config_get cname  "$cfg" cname
  151.   config_get target "$cfg" target
  152. 

  153. 

  154.   if [ -n "$cname" ] && [ -n "$target" ] ; then
  155.     create_local_zone "$cname"
  156.     record="$cname.@@300@@IN@@CNAME@@$target."
  157.     DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $record"
  158.   fi
  159. }
  160. 

  161. ##############################################################################
  162. 

  163. dnsmasq_local_zone() {
  164.   local cfg="$1"
  165.   local fwd_port fwd_domain wan_fqdn
  166. 

  167.   # dnsmasq domain and interface assignment settings will control config
  168.   config_get fwd_domain "$cfg" domain
  169.   config_get fwd_port "$cfg" port
  170.   config_get wan_fqdn "$cfg" add_wan_fqdn
  171. 

  172. 

  173.   if [ -n "$wan_fqdn" ] ; then
  174.     DM_D_WAN_FQDN=$wan_fqdn
  175.   fi
  176. 

  177. 

  178.   if [ -n "$fwd_domain" ] && [ -n "$fwd_port" ] \

  179.   && [ ! ${fwd_port:-53} -eq 53 ] ; then
  180.     # dnsmasq localhost listening ports (possible multiple instances)
  181.     DM_LIST_FWD_PORTS="$DM_LIST_FWD_PORTS $fwd_port"
  182.     DM_LIST_FWD_ZONES="$DM_LIST_FWD_ZONES $fwd_domain"
  183.   fi
  184. }
  185. 

  186. ##############################################################################
  187. 

  188. dnsmasq_local_arpa() {
  189.   local ifarpa ifsubnet
  190. 

  191. 

  192.   if [ -n "$UB_LIST_NETW_LAN" ] ; then
  193.     for ifsubnet in $UB_LIST_NETW_LAN ; do
  194.       ifarpa=$( domain_ptr_any "${ifsubnet#*@}" )
  195.       DM_LIST_FWD_ZONES="$DM_LIST_FWD_ZONES $ifarpa"
  196.     done
  197.   fi
  198. 

  199. 

  200.   if [ -n "$UB_LIST_NETW_WAN" ] && [ $DM_D_WAN_FQDN -gt 0 ] ; then
  201.     for ifsubnet in $UB_LIST_NETW_WAN ; do
  202.       ifarpa=$( domain_ptr_any "${ifsubnet#*@}" )
  203.       DM_LIST_FWD_ZONES="$DM_LIST_FWD_ZONES $ifarpa"
  204.     done
  205.   fi
  206. }
  207. 

  208. ##############################################################################
  209. 

  210. dnsmasq_inactive() {
  211.   local record
  212. 

  213. 

  214.   if [ $UB_D_EXTRA_DNS -gt 0 ] ; then
  215.     # Parasite from the uci.dhcp.domain clauses
  216.     DM_LIST_KNOWN_ZONES="$DM_LIST_KNOWN_ZONES $UB_TXT_DOMAIN"
  217.     config_load dhcp
  218.     config_foreach create_host_record domain
  219. 

  220. 

  221.     if [ $UB_D_EXTRA_DNS -gt 1 ] ; then
  222.       config_foreach create_srv_record srvhost
  223.       config_foreach create_mx_record mxhost
  224.     fi
  225. 

  226. 

  227.     if [ $UB_D_EXTRA_DNS -gt 2 ] ; then
  228.       config_foreach create_cname_record cname
  229.     fi
  230. 

  231. 

  232.     {
  233.       echo "# $UB_SRVMASQ_CONF generated by UCI $( date -Is )"
  234.       if [ -n "$DM_LIST_TRN_ZONES" ] ; then
  235.         for record in $DM_LIST_TRN_ZONES ; do
  236.           echo "  local-zone: $record transparent"
  237.         done
  238.         echo
  239.       fi
  240.       if [ -n "$DM_LIST_LOCAL_DATA" ] ; then
  241.         for record in $DM_LIST_LOCAL_DATA ; do
  242.           echo "  local-data: \"${record//@@/ }\""
  243.         done
  244.         echo
  245.       fi
  246.       if [ -n "$DM_LIST_LOCAL_PTR" ] ; then
  247.         for record in $DM_LIST_LOCAL_PTR ; do
  248.           echo "  local-data-ptr: \"${record//@@/ }\""
  249.         done
  250.         echo
  251.       fi
  252.     } > $UB_SRVMASQ_CONF
  253.   fi
  254. }
  255. 

  256. ##############################################################################
  257. 

  258. dnsmasq_active() {
  259.   # Look at dnsmasq settings
  260.   config_load dhcp
  261.   # Zone for DHCP / SLAAC-PING DOMAIN
  262.   config_foreach dnsmasq_local_zone dnsmasq
  263.   # Zone for DHCP / SLAAC-PING ARPA
  264.   dnsmasq_local_arpa
  265. 

  266. 

  267.   if [ -n "$DM_LIST_FWD_PORTS" ] && [ -n "$DM_LIST_FWD_ZONES" ] ; then
  268.     if [ $UB_B_DNS_ASSIST -lt 1 ] ; then
  269.       {
  270.         # Forward to dnsmasq on same host for DHCP lease hosts
  271.         echo "# $UB_SRVMASQ_CONF generated by UCI $( date -Is )"
  272.         echo "  do-not-query-localhost: no"
  273.         echo
  274.       } > $UB_SRVMASQ_CONF
  275. 

  276.     else
  277.       echo > $UB_SRVMASQ_CONF
  278.     fi
  279. 

  280.     echo "# $UB_EXTMASQ_CONF generated by UCI $( date -Is )" > $UB_EXTMASQ_CONF
  281. 

  282. 

  283.     for fwd_domain in $DM_LIST_FWD_ZONES ; do
  284.       {
  285.         # This creates a domain with local privledges
  286.         echo "  domain-insecure: $fwd_domain"
  287.         echo "  private-domain: $fwd_domain"
  288.         echo "  local-zone: $fwd_domain transparent"
  289.         echo
  290.       } >> $UB_SRVMASQ_CONF
  291. 

  292.       {
  293.         # This is derived from dnsmasq local domain and dhcp service subnets
  294.         echo "forward-zone:"
  295.         echo "  name: $fwd_domain"
  296.         echo "  forward-first: no"
  297.         for port in $DM_LIST_FWD_PORTS ; do
  298.           echo "  forward-addr: 127.0.0.1@$port"
  299.         done
  300.         echo
  301.       } >> $UB_EXTMASQ_CONF
  302.     done
  303.   fi
  304. }
  305. 

  306. ##############################################################################
  307. 

  308. dnsmasq_link() {
  309.   if [ "$UB_D_DHCP_LINK" = "dnsmasq" ] ; then
  310.     dnsmasq_active
  311. 

  312.   else
  313.     dnsmasq_inactive
  314.   fi
  315. }
  316. 

  317. ##############################################################################
  318.