From 19939833206444149e37bf521b052e76f2a91d3d Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Sat, 11 Feb 2017 15:25:22 -0500 Subject: [PATCH] unbound: improve robustness with dhcp scripts When for example 'package/net/adblock' and DNSSEC vs NTP robustness is enabled, significant restart thrashing can occur at boot up. DHCP lease triggers may be occuring at the same time. Unbounds DNS-DHCP may be incomplete until new DHCP solicit events. Solve this by leaving a passive but complete host conf file during lease trigger. Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 2 +- net/unbound/files/odhcpd.awk | 71 ++++++++++++++++++++++++++---------- net/unbound/files/odhcpd.sh | 26 ++++++++----- net/unbound/files/unbound.sh | 11 ++++++ 4 files changed, 79 insertions(+), 31 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index fabf26a16..498700a3d 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.6.0 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk index 8c8d96610..34e6710d8 100644 --- a/net/unbound/files/odhcpd.awk +++ b/net/unbound/files/odhcpd.awk @@ -22,6 +22,7 @@ # "domain" = text domain suffix # "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC # "bisolt" = boolean, format ... so you can isolate +# "bconf" = boolean, write conf file format rather than pipe records # ############################################################################## @@ -59,15 +60,23 @@ # only for provided hostnames and full /32 assignments ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ; slaac = slaac_eui64( id ) ; - for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; } - # DHCP A and PTR records with FQDN - x = ( fqdn ". 120 IN A " adr ) ; - y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ; - print ( x "\n" y ) > hostfile ; + if ( bconf == 1 ) { + x = ( "local-data: \"" fqdn ". 120 IN A " adr "\"" ) ; + y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ; + print ( x "\n" y ) > hostfile ; + } + + else { + for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; } + x = ( fqdn ". 120 IN A " adr ) ; + y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ; + print ( x "\n" y ) > hostfile ; + } - if ((bslaac == 1) && (slaac != 0)) { + + if (( bslaac == 1 ) && ( slaac != 0 )) { # UCI option to discover IPV6 routed SLAAC addresses # NOT TODO - ping probe take too long when added in awk-rule loop cmd = ( "ip -6 --oneline route show dev " net ) ; @@ -79,11 +88,25 @@ # GA or ULA routed addresses only (not LL or MC) sub( /\/.*/, "", adr ) ; adr = ( adr slaac ) ; - if ( split( adr, tmp0, ":" ) >= 8 ) { sub( "::", ":", adr ) ; } - qpr = ipv6_ptr( adr ) ; - x = ( fqdn ". 120 IN AAAA " adr ) ; - y = ( qpr " 120 IN PTR " fqdn ) ; - print ( x "\n" y ) > hostfile ; + + + if ( split( adr, tmp0, ":" ) >= 8 ) { + sub( "::", ":", adr ) ; + } + + + if ( bconf == 1 ) { + x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ; + y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ; + print ( x "\n" y ) > hostfile ; + } + + else { + qpr = ipv6_ptr( adr ) ; + x = ( fqdn ". 120 IN AAAA " adr ) ; + y = ( qpr ". 120 IN PTR " fqdn ) ; + print ( x "\n" y ) > hostfile ; + } } } @@ -95,11 +118,19 @@ else { if (( cdr == 128 ) && ( hst != "-" )) { - # only for provided hostnames and full /128 assignments - qpr = ipv6_ptr( adr ) ; - x = ( fqdn ". 120 IN AAAA " adr ) ; - y = ( qpr " 120 IN PTR " fqdn ) ; - print ( x "\n" y ) > hostfile ; + if ( bconf == 1 ) { + x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ; + y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ; + print ( x "\n" y ) > hostfile ; + } + + else { + # only for provided hostnames and full /128 assignments + qpr = ipv6_ptr( adr ) ; + x = ( fqdn ". 120 IN AAAA " adr ) ; + y = ( qpr ". 120 IN PTR " fqdn ) ; + print ( x "\n" y ) > hostfile ; + } } } } @@ -133,7 +164,7 @@ function ipv6_ptr( ipv6, arpa, ary, end, i, j, new6, sz, start ) { ############################################################################## -function slaac_eui64( mac, ary, glbit, eui64 ) { +function slaac_eui64( mac, ary, glbit, eui64 ) { if ( length(mac) >= 12 ) { # RFC2373 and use DHCPv4 registered MAC to find SLAAC addresses split( mac , ary , "" ) ; @@ -144,12 +175,12 @@ function slaac_eui64( mac, ary, glbit, eui64 ) { eui64 = ( ary[1] ary[2] ary[3] ary[4] ":" ary[5] ary[6] "ff:fe" ) ; eui64 = ( eui64 ary[7] ary[8] ":" ary[9] ary[10] ary[11] ary[12] ) ; } - + else { eui64 = 0 ; } - - + + return eui64 ; } diff --git a/net/unbound/files/odhcpd.sh b/net/unbound/files/odhcpd.sh index 68c822af9..2fc64ab40 100644 --- a/net/unbound/files/odhcpd.sh +++ b/net/unbound/files/odhcpd.sh @@ -45,42 +45,48 @@ odhcpd_zonedata() { local dhcp_ls_add=$UNBOUND_VARDIR/dhcp_lease.add local dhcp_ls_del=$UNBOUND_VARDIR/dhcp_lease.del local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile ) - + config_load unbound config_foreach odhcpd_settings unbound if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" -a -f "$dhcp_origin" ] ; then - # Capture the lease file which could be changing often, - # and unbound-control only for changes in hosts (or else...) + # Capture the lease file which could be changing often cat $dhcp_origin | sort > $dhcp_ls_new touch $dhcp_ls_old sort $dhcp_ls_new $dhcp_ls_old $dhcp_ls_old | uniq -u > $dhcp_ls_add sort $dhcp_ls_old $dhcp_ls_new $dhcp_ls_new | uniq -u > $dhcp_ls_del - # Go through the messy business of coding up A, AAAA, and PTR records. + # Go through the messy business of coding up A, AAAA, and PTR records + # This static conf will be available if Unbound restarts asynchronously + awk -v hostfile=$UNBOUND_DHCP_CONF -v domain=$UNBOUND_TXT_DOMAIN \ + -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=1 \ + -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new + + # Deleting and adding all records into Unbound can be a burden in a + # high density environment. Use unbound-control incrementally. awk -v hostfile=$dns_ls_del -v domain=$UNBOUND_TXT_DOMAIN \ - -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 \ + -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=0 \ -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_del awk -v hostfile=$dns_ls_add -v domain=$UNBOUND_TXT_DOMAIN \ - -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 \ + -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=0 \ -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_add if [ -f "$dns_ls_del" ] ; then cat $dns_ls_del | $UNBOUND_CONTROL_CFG local_datas_remove fi - + if [ -f "$dns_ls_add" ] ; then cat $dns_ls_add | $UNBOUND_CONTROL_CFG local_datas fi - - + + # prepare next round mv $dhcp_ls_new $dhcp_ls_old - rm -f $dns_ls_del $dns_ls_add + rm -f $dns_ls_del $dns_ls_add $dhcp_ls_del $dhcp_ls_add fi } diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index 92c87d043..44eeb6fcc 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -64,6 +64,7 @@ UNBOUND_PIDFILE=/var/run/unbound.pid UNBOUND_SRV_CONF=$UNBOUND_VARDIR/unbound_srv.conf UNBOUND_EXT_CONF=$UNBOUND_VARDIR/unbound_ext.conf +UNBOUND_DHCP_CONF=$UNBOUND_VARDIR/unbound_dhcp.conf UNBOUND_CONFFILE=$UNBOUND_VARDIR/unbound.conf UNBOUND_KEYFILE=$UNBOUND_VARDIR/root.key @@ -709,6 +710,16 @@ unbound_hostname() { config_load dhcp config_foreach create_interface_dns dhcp fi + + + if [ -f "$UNBOUND_DHCP_CONF" ] ; then + { + # Seed DHCP records because dhcp scripts trigger externally + # Incremental Unbound restarts may drop unbound-control add records + echo " include: $UNBOUND_DHCP_CONF" + echo + } >> $UNBOUND_CONFFILE + fi fi }