From e6520cf249ccf403a6bc548b7735615f13280212 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Sat, 25 Mar 2017 01:53:28 -0400 Subject: [PATCH] unbound: improve interface trigger behavior procd interface triggers may be busy. Unbound hard restarts will flush the cache. This might happen frequently depending on how interface triggers occur. Change the procd trigger to reduce occurences. Load this trigger prior to netifd (START=20), but only truly start Unbound from the trigger rather than immediately in init. Clean up log entries in scripts after Unbound, NTP, and DNSSEC are established. Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 2 +- net/unbound/files/odhcpd.awk | 21 ++++++++++++++++++++- net/unbound/files/unbound.init | 22 ++++++++++++++++++---- net/unbound/files/unbound.ntpd | 1 + net/unbound/files/unbound.sh | 20 +++++++++++++------- 5 files changed, 53 insertions(+), 13 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 57a65045a..d8db017a4 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.6.1 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk index 34e6710d8..160950884 100644 --- a/net/unbound/files/odhcpd.awk +++ b/net/unbound/files/odhcpd.awk @@ -28,10 +28,13 @@ /^#/ { # We need to pick out DHCP v4 or v6 records - net = $2 ; id = $3 ; cls = $4 ; hst = $5 ; adr = $9 ; + net = $2 ; id = $3 ; cls = $4 ; hst = $5 ; adr = $9 ; adr2 = $10 cdr = adr ; + cdr2 = adr2 ; sub( /\/.*/, "", adr ) ; sub( /.*\//, "", cdr ) ; + sub( /\/.*/, "", adr2 ) ; + sub( /.*\//, "", cdr2 ) ; if ( bisolt == 1 ) { @@ -132,6 +135,22 @@ print ( x "\n" y ) > hostfile ; } } + + if (( cdr2 == 128 ) && ( hst != "-" )) { + if ( bconf == 1 ) { + x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr2 "\"" ) ; + y = ( "local-data-ptr: \"" adr2 " 120 " fqdn "\"" ) ; + print ( x "\n" y ) > hostfile ; + } + + else { + # odhcp puts GA and ULA on the same line (position 9 and 10) + qpr2 = ipv6_ptr( adr2 ) ; + x = ( fqdn ". 120 IN AAAA " adr2 ) ; + y = ( qpr2 ". 120 IN PTR " fqdn ) ; + print ( x "\n" y ) > hostfile ; + } + } } } diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init index e4b7ec85f..1edf9ef80 100755 --- a/net/unbound/files/unbound.init +++ b/net/unbound/files/unbound.init @@ -9,7 +9,8 @@ # ############################################################################## -START=60 +START=19 +STOP=50 USE_PROCD=1 PROG=/usr/sbin/unbound @@ -19,9 +20,18 @@ PROG=/usr/sbin/unbound ############################################################################## +boot() { + UNBOUND_BOOT=1 + start "$@" +} + +############################################################################## + start_service() { - # WAIT! Unbound often takes its time writing closure stats to syslog - pidof $PROG && sleep 1 + if [ -n "$UNBOUND_BOOT" ] ; then + # Load procd triggers (rc) and use event IFUP to really start + return 0 + fi # complex UCI work unbound_start @@ -37,13 +47,17 @@ start_service() { stop_service() { unbound_stop + + # Wait! on restart Unbound may take time writing closure stats to syslog + pidof $PROG && sleep 1 } ############################################################################## service_triggers() { + # use soft reload to prevent continuous stop-start and cache flush procd_add_reload_trigger "unbound" - procd_add_raw_trigger "interface.*" 2000 /etc/init.d/unbound restart + procd_add_raw_trigger "interface.*.up" 2000 /etc/init.d/unbound reload } ############################################################################## diff --git a/net/unbound/files/unbound.ntpd b/net/unbound/files/unbound.ntpd index 5c7191656..d744cb067 100755 --- a/net/unbound/files/unbound.ntpd +++ b/net/unbound/files/unbound.ntpd @@ -20,6 +20,7 @@ if [ "$ACTION" = stratum -a ! -f "$UNBOUND_TIMEFILE" ] ; then echo "ntpd: $( date )" > $UNBOUND_TIMEFILE /etc/init.d/unbound enabled && /etc/init.d/unbound restart + # Yes, hard RESTART. We need to be absolutely sure to enable DNSSEC. fi ############################################################################## diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index d918152d7..4daefda4d 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -315,7 +315,7 @@ unbound_mkdir() { # Debian-like package dns-root-data cp -p /usr/share/dns/root.hints $UNBOUND_HINTFILE - else + elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "iterator will use built-in root hints" fi fi @@ -329,7 +329,7 @@ unbound_mkdir() { elif [ -x $UNBOUND_ANCHOR ] ; then $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE - else + elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "validator will use built-in trust anchor" fi fi @@ -526,7 +526,7 @@ unbound_conf() { echo } >> $UNBOUND_CONFFILE - else + elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "default memory resource consumption" fi @@ -602,7 +602,9 @@ unbound_conf() { ;; *) - logger -t unbound -s "default recursion configuration" + if [ ! -f "$UNBOUND_TIMEFILE" ] ; then + logger -t unbound -s "default recursion configuration" + fi ;; esac @@ -822,7 +824,11 @@ unbound_uci() { if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then UNBOUND_D_DHCP_LINK=dnsmasq - logger -t unbound -s "Please use 'dhcp_link' selector instead" + + + if [ ! -f "$UNBOUND_TIMEFILE" ] ; then + logger -t unbound -s "Please use 'dhcp_link' selector instead" + fi fi fi @@ -835,7 +841,7 @@ unbound_uci() { fi - if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then + if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "cannot forward to dnsmasq" fi fi @@ -849,7 +855,7 @@ unbound_uci() { fi - if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then + if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "cannot receive records from odhcpd" fi fi