Browse Source

unbound: fix odhcpd link and axfr zone scripts

- fix AXFR zones to delay a potentially large download with ntp-hotplug
- fix odhcpd link script to properly delete expired lease data from DNS

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
lilik-openwrt-22.03
Eric Luehrsen 6 years ago
parent
commit
04f4ab9b92
4 changed files with 79 additions and 71 deletions
  1. +1
    -1
      net/unbound/Makefile
  2. +31
    -32
      net/unbound/files/odhcpd.awk
  3. +44
    -37
      net/unbound/files/odhcpd.sh
  4. +3
    -1
      net/unbound/files/unbound.sh

+ 1
- 1
net/unbound/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=unbound PKG_NAME:=unbound
PKG_VERSION:=1.8.1 PKG_VERSION:=1.8.1
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE


+ 31
- 32
net/unbound/files/odhcpd.awk View File

@ -18,11 +18,12 @@
# function from dnsmasq and use DHCPv4 MAC to find IPV6 SLAAC hosts. # function from dnsmasq and use DHCPv4 MAC to find IPV6 SLAAC hosts.
# #
# External Parameters # External Parameters
# "hostfile" = where this script will cache host DNS data
# "conffile" = Unbound configuration left for a restart
# "pipefile" = DNS entries for unbound-control standard input
# "domain" = text domain suffix # "domain" = text domain suffix
# "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC # "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC
# "bisolt" = boolean, format <host>.<network>.<domain>. so you can isolate # "bisolt" = boolean, format <host>.<network>.<domain>. so you can isolate
# "bconf" = boolean, write conf file format rather than pipe records
# "bconf" = boolean, write conf file with pipe records
# #
############################################################################## ##############################################################################
@ -66,15 +67,15 @@
if ( bconf == 1 ) { if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ; x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ;
y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > hostfile ;
print ( x "\n" y "\n" ) > conffile ;
} }
else {
for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
x = ( fqdn ". 300 IN A " adr ) ;
y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > hostfile ;
}
# always create the pipe file
for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
x = ( fqdn ". 300 IN A " adr ) ;
y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > pipefile ;
if (( bslaac == 1 ) && ( slaac != 0 )) { if (( bslaac == 1 ) && ( slaac != 0 )) {
@ -100,15 +101,15 @@
if ( bconf == 1 ) { if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ; x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > hostfile ;
print ( x "\n" y "\n" ) > conffile ;
} }
else {
qpr = ipv6_ptr( adr ) ;
x = ( fqdn ". 300 IN AAAA " adr ) ;
y = ( qpr ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > hostfile ;
}
# always create the pipe file
qpr = ipv6_ptr( adr ) ;
x = ( fqdn ". 300 IN AAAA " adr ) ;
y = ( qpr ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > pipefile ;
} }
} }
@ -122,32 +123,30 @@
if ( bconf == 1 ) { if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ; x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ; y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > hostfile ;
print ( x "\n" y "\n" ) > conffile ;
} }
else {
# only for provided hostnames and full /128 assignments
qpr = ipv6_ptr( adr ) ;
x = ( fqdn ". 300 IN AAAA " adr ) ;
y = ( qpr ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > hostfile ;
}
# only for provided hostnames and full /128 assignments
qpr = ipv6_ptr( adr ) ;
x = ( fqdn ". 300 IN AAAA " adr ) ;
y = ( qpr ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > pipefile ;
} }
if (cdr2 == 128) { if (cdr2 == 128) {
if ( bconf == 1 ) { if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ; x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ;
y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ; y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > hostfile ;
print ( x "\n" y "\n" ) > conffile ;
} }
else {
# odhcp puts GA and ULA on the same line (position 9 and 10)
qpr2 = ipv6_ptr( adr2 ) ;
x = ( fqdn ". 300 IN AAAA " adr2 ) ;
y = ( qpr2 ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > hostfile ;
}
# odhcp puts GA and ULA on the same line (position 9 and 10)
qpr2 = ipv6_ptr( adr2 ) ;
x = ( fqdn ". 300 IN AAAA " adr2 ) ;
y = ( qpr2 ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > pipefile ;
} }
} }


+ 44
- 37
net/unbound/files/odhcpd.sh View File

@ -29,14 +29,6 @@
############################################################################## ##############################################################################
odhcpd_zonedata() { odhcpd_zonedata() {
local longconf dateconf
local dns_ls_add=$UB_VARDIR/dhcp_dns.add
local dns_ls_del=$UB_VARDIR/dhcp_dns.del
local dhcp_ls_new=$UB_VARDIR/dhcp_lease.new
local dhcp_ls_old=$UB_VARDIR/dhcp_lease.old
local dhcp_ls_add=$UB_VARDIR/dhcp_lease.add
local dhcp_ls_del=$UB_VARDIR/dhcp_lease.del
local dhcp_link=$( uci_get unbound.@unbound[0].dhcp_link ) local dhcp_link=$( uci_get unbound.@unbound[0].dhcp_link )
local dhcp4_slaac6=$( uci_get unbound.@unbound[0].dhcp4_slaac6 ) local dhcp4_slaac6=$( uci_get unbound.@unbound[0].dhcp4_slaac6 )
local dhcp_domain=$( uci_get unbound.@unbound[0].domain ) local dhcp_domain=$( uci_get unbound.@unbound[0].domain )
@ -45,52 +37,68 @@ odhcpd_zonedata() {
if [ -f "$UB_TOTAL_CONF" -a -f "$dhcp_origin" \ if [ -f "$UB_TOTAL_CONF" -a -f "$dhcp_origin" \
-a "$dhcp_link" = "odhcpd" -a -n "$dhcp_domain" ] ; then -a "$dhcp_link" = "odhcpd" -a -n "$dhcp_domain" ] ; then
local longconf dateconf
local dns_ls_add=$UB_VARDIR/dhcp_dns.add
local dns_ls_del=$UB_VARDIR/dhcp_dns.del
local dns_ls_new=$UB_VARDIR/dhcp_dns.new
local dns_ls_old=$UB_VARDIR/dhcp_dns.old
local dhcp_ls_new=$UB_VARDIR/dhcp_lease.new
# Capture the lease file which could be changing often # Capture the lease file which could be changing often
sort $dhcp_origin > $dhcp_ls_new sort $dhcp_origin > $dhcp_ls_new
if [ ! -f $UB_DHCP_CONF -o ! -f $dhcp_ls_old ] ; then
longconf=2
if [ ! -f $UB_DHCP_CONF -o ! -f $dns_ls_old ] ; then
# no old files laying around
longconf=freshstart
else else
# incremental at high load or full refresh about each 5 minutes
dateconf=$(( $( date +%s ) - $( date -r $UB_DHCP_CONF +%s ) )) dateconf=$(( $( date +%s ) - $( date -r $UB_DHCP_CONF +%s ) ))
if [ $dateconf > 150 ] ; then
longconf=1
if [ $dateconf -gt 300 ] ; then
longconf=longtime
else else
longconf=0
longconf=increment
fi fi
fi fi
if [ $longconf -gt 0 ] ; then
# Go through the messy business of coding up A, AAAA, and PTR records
# This static conf will be available if Unbound restarts asynchronously
awk -v hostfile=$UB_DHCP_CONF -v domain=$dhcp_domain \
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=1 \
case $longconf in
freshstart)
awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
-v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
-v bisolt=0 -v bconf=1 \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
fi
if [ $longconf -lt 2 ] ; then
# Deleting and adding all records into Unbound can be a burden in a
# high density environment. Use unbound-control incrementally.
sort $dhcp_ls_old $dhcp_ls_new $dhcp_ls_new | uniq -u > $dhcp_ls_del
awk -v hostfile=$dns_ls_del -v domain=$dhcp_domain \
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_del
cp $dns_ls_new $dns_ls_add
cp $dns_ls_new $dns_ls_old
;;
sort $dhcp_ls_new $dhcp_ls_old $dhcp_ls_old | uniq -u > $dhcp_ls_add
awk -v hostfile=$dns_ls_add -v domain=$dhcp_domain \
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_add
longtime)
awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
-v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
-v bisolt=0 -v bconf=1 \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
else
awk -v hostfile=$dns_ls_add -v domain=$dhcp_domain \
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
awk '{ print $1 }' $dns_ls_old | sort | uniq > $dns_ls_del
cp $dns_ls_new $dns_ls_add
cp $dns_ls_new $dns_ls_old
;;
*)
# incremental add and prepare the old list for delete later
# unbound-control can be slow so high DHCP rates cannot run a full list
awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
-v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
-v bisolt=0 -v bconf=0 \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
fi
sort $dns_ls_new $dns_ls_old $dns_ls_old | uniq -u > $dns_ls_add
sort $dns_ls_new $dns_ls_old | uniq > $dns_ls_old
;;
esac
if [ -f "$dns_ls_del" ] ; then if [ -f "$dns_ls_del" ] ; then
@ -104,8 +112,7 @@ odhcpd_zonedata() {
# prepare next round # prepare next round
mv $dhcp_ls_new $dhcp_ls_old
rm -f $dns_ls_del $dns_ls_add $dhcp_ls_del $dhcp_ls_add
rm -f $dns_ls_new $dns_ls_del $dns_ls_add $dhcp_ls_new
fi fi
} }


+ 3
- 1
net/unbound/files/unbound.sh View File

@ -422,8 +422,10 @@ unbound_zone() {
case $zone_type in case $zone_type in
auth_zone) auth_zone)
if [ -n "$UB_LIST_ZONE_NAMES" \
if [ "$UB_B_NTP_BOOT" -eq 0 -a -n "$UB_LIST_ZONE_NAMES" \
-a \( -n "$url_dir" -o -n "$UB_LIST_ZONE_SERVERS" \) ] ; then -a \( -n "$url_dir" -o -n "$UB_LIST_ZONE_SERVERS" \) ] ; then
# Note AXFR may have large downloads. If NTP restart is configured,
# then this can cause procd to force a process kill.
for zone_name in $UB_LIST_ZONE_NAMES ; do for zone_name in $UB_LIST_ZONE_NAMES ; do
if [ "$zone_name" = "." ] ; then if [ "$zone_name" = "." ] ; then
zone_sym=. zone_sym=.


Loading…
Cancel
Save