LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23633 Commits
1 Branch
46 MiB
Tree: 6ff21be8b8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6ff21be8b8'
${ noResults }
openwrt-packages-dist/net/unbound/files/defaults.sh

75 lines
2.5 KiB
Raw Normal View History

unbound: add domain resolution control options - Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
unbound: clean up interface interpretation in UCI DNS flag day 2020, software should reflect the minimum EDNS 1232 bytes. Added iface_wan and iface_lan to control internal DNS assignemnts and to control what is local service ACL. Interface wild cards are not explicitly set so that they can be customized in extended conf. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: clean up interface interpretation in UCI DNS flag day 2020, software should reflect the minimum EDNS 1232 bytes. Added iface_wan and iface_lan to control internal DNS assignemnts and to control what is local service ACL. Interface wild cards are not explicitly set so that they can be customized in extended conf. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: add domain resolution control options - Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: follow resolv.conf.auto to new location Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: add domain resolution control options - Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
unbound: follow resolv.conf.auto to new location Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: add domain resolution control options - Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: fix boot time and default run directory Unbound struggles with boot ifup, so procd triggers changed to push outside of this noise. Unbound has run in /var/lib/unbound/, so chroot (jail) protects /etc/, and it can save flash wear. Compiled defaults reflect this now, so Unbound tools are easier run on the command line. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: add domain resolution control options - Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: clean up interface interpretation in UCI DNS flag day 2020, software should reflect the minimum EDNS 1232 bytes. Added iface_wan and iface_lan to control internal DNS assignemnts and to control what is local service ACL. Interface wild cards are not explicitly set so that they can be customized in extended conf. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years ago
unbound: add domain resolution control options - Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: fix boot time and default run directory Unbound struggles with boot ifup, so procd triggers changed to push outside of this noise. Unbound has run in /var/lib/unbound/, so chroot (jail) protects /etc/, and it can save flash wear. Compiled defaults reflect this now, so Unbound tools are easier run on the command line. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: add domain resolution control options - Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
unbound: add UCI for forward stub and auth zone clauses With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
unbound: add domain resolution control options - Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
 
  1. #!/bin/sh

  2. ##############################################################################
  3. #
  4. # This program is free software; you can redistribute it and/or modify
  5. # it under the terms of the GNU General Public License version 2 as
  6. # published by the Free Software Foundation.
  7. #
  8. # This program is distributed in the hope that it will be useful,
  9. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. # GNU General Public License for more details.
  12. #
  13. # Copyright (C) 2016 Eric Luehrsen
  14. #
  15. ##############################################################################
  16. 

  17. # while useful (sh)ellcheck is pedantic and noisy
  18. # shellcheck disable=1091,2002,2004,2034,2039,2086,2094,2140,2154,2155
  19. 

  20. # where are we?
  21. UB_ETCDIR=/etc/unbound
  22. UB_LIBDIR=/usr/lib/unbound
  23. UB_VARDIR=/var/lib/unbound
  24. UB_PIDFILE=/var/run/unbound.pid
  25. 

  26. # conf deconstructed
  27. UB_CORE_CONF=$UB_VARDIR/server.conf.tmp
  28. UB_HOST_CONF=$UB_VARDIR/host.conf.tmp
  29. UB_ZONE_CONF=$UB_VARDIR/zone.conf.tmp
  30. UB_CTRL_CONF=$UB_VARDIR/ctrl.conf.tmp
  31. UB_SRVMASQ_CONF=$UB_VARDIR/dnsmasq_srv.conf.tmp
  32. UB_EXTMASQ_CONF=$UB_VARDIR/dnsmasq_ext.conf.tmp
  33. 

  34. # conf as found
  35. UB_TOTAL_CONF=$UB_VARDIR/unbound.conf
  36. UB_DHCP_CONF=$UB_VARDIR/dhcp.conf
  37. UB_SRV_CONF=$UB_VARDIR/unbound_srv.conf
  38. UB_EXT_CONF=$UB_VARDIR/unbound_ext.conf
  39. 

  40. # resolver file complex
  41. UB_RESOLV_CONF=/tmp/resolv.conf
  42. UB_RESOLV_AUTO=/tmp/resolv.conf.d/resolv.conf.auto
  43. 

  44. # TLS keys
  45. UB_TLS_KEY_FILE="TLS server UCI not implemented"
  46. UB_TLS_PEM_FILE="TLS server UCI not implemented"
  47. UB_TLS_ETC_FILE=/etc/ssl/certs/ca-certificates.crt
  48. 

  49. # start files
  50. UB_RKEY_FILE=$UB_VARDIR/root.key
  51. UB_RHINT_FILE=$UB_VARDIR/root.hints
  52. UB_TIME_FILE=$UB_VARDIR/hotplug.time
  53. UB_SKIP_FILE=$UB_VARDIR/skip.time
  54. 

  55. # control app keys
  56. UB_CTLKEY_FILE=$UB_ETCDIR/unbound_control.key
  57. UB_CTLPEM_FILE=$UB_ETCDIR/unbound_control.pem
  58. UB_SRVKEY_FILE=$UB_ETCDIR/unbound_server.key
  59. UB_SRVPEM_FILE=$UB_ETCDIR/unbound_server.pem
  60. 

  61. # similar default SOA / NS RR as Unbound uses for private ARPA zones
  62. UB_XSER=$(( $( date +%s ) / 60 ))
  63. UB_XSOA="7200 IN SOA localhost. nobody.invalid. $UB_XSER 3600 1200 9600 300"
  64. UB_XNS="7200 IN NS localhost."
  65. UB_XTXT="7200 IN TXT \"comment=local intranet dns zone\""
  66. UB_MTXT="7200 IN TXT \"comment=masked internet dns zone\""
  67. UB_LTXT="7200 IN TXT \"comment=rfc6762 multicast dns zone\""
  68. 

  69. # helper apps
  70. UB_ANCHOR=/usr/sbin/unbound-anchor
  71. UB_CONTROL=/usr/sbin/unbound-control
  72. UB_CONTROL_CFG="$UB_CONTROL -c $UB_TOTAL_CONF"
  73. 

  74. ##############################################################################
  75.