Browse Source

unbound: add root zone file cache option

Add the possibility to use Unbound auto-zone: clause to
fetch complete root, arpa, in-addr.arpa, and ip6.arpa
zone files. This can speed up recursion when users
access many ccTLD or connection logging hits many PTR.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
lilik-openwrt-22.03
Eric Luehrsen 7 years ago
parent
commit
36e1aa0892
4 changed files with 53 additions and 9 deletions
  1. +1
    -1
      net/unbound/Makefile
  2. +5
    -0
      net/unbound/files/README.md
  3. +46
    -8
      net/unbound/files/unbound.sh
  4. +1
    -0
      net/unbound/files/unbound.uci

+ 1
- 1
net/unbound/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
PKG_VERSION:=1.7.1
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE


+ 5
- 0
net/unbound/files/README.md View File

@ -225,6 +225,11 @@ config unbound
Boolean. Skip all this UCI nonsense. Manually edit the
configuration. Make changes to /etc/unbound/unbound.conf.
option prefetch_root '0'
Boolean. Enable Unbound authority zone clauses for "." (root), "arpa,"
"in-addr.arpa," and "ip6.arpa" and obtain complete zone files from public
servers using http or AXFR (gTLD are unfortunately not as public).
option protocol 'mixed'
Unbound can limit its protocol used for recursive queries.
ip4_only - limit issues if you do not have native IPv6


+ 46
- 8
net/unbound/files/unbound.sh View File

@ -35,6 +35,7 @@ UNBOUND_B_MAN_CONF=0
UNBOUND_B_NTP_BOOT=1
UNBOUND_B_QUERY_MIN=0
UNBOUND_B_QRY_MINST=0
UNBOUND_B_AUTH_ROOT=0
UNBOUND_D_CONTROL=0
UNBOUND_D_DOMAIN_TYPE=static
@ -605,6 +606,45 @@ unbound_forward() {
##############################################################################
unbound_auth_root() {
local axfrservers="lax.xfr.dns.icann.org iad.xfr.dns.icann.org"
local httpserver="http://www.internic.net/domain/"
local authzones="root arpa in-addr.arpa ip6.arpa"
local server zone realzone
# Download or AXFR the root and arpa zones to reduce the work needed at
# top level of recursion. If your users will hit many ccTLD or you have
# tracking logs resolving many PTR, then this can speed things up.
# Total size of text in TMPFS could be about 5MB.
if [ "$UNBOUND_B_AUTH_ROOT" -gt 0 ] ; then
for zone in $authzones ; do
if [ "$zone" = "root" ] ; then
realzone="."
else
realzone=$zone
fi
{
echo "auth-zone:"
echo " name: \"$realzone\""
for server in $axfrservers ; do
echo " master: \"$server\""
done
echo " url: \"$httpserver$zone.zone\""
echo " fallback-enabled: yes"
echo " for-downstream: no"
echo " for-upstream: yes"
echo " zonefile: \"$zone.zone\""
echo
} >> $UNBOUND_CONFFILE
done
fi
}
##############################################################################
unbound_conf() {
local rt_mem rt_conn modulestring domain ifsubnet
@ -1086,6 +1126,7 @@ unbound_uci() {
config_get_bool UNBOUND_B_MAN_CONF "$cfg" manual_conf 0
config_get_bool UNBOUND_B_QUERY_MIN "$cfg" query_minimize 0
config_get_bool UNBOUND_B_QRY_MINST "$cfg" query_min_strict 0
config_get_bool UNBOUND_B_AUTH_ROOT "$cfg" prefetch_root 0
config_get_bool UNBOUND_B_LOCL_BLCK "$cfg" rebind_localhost 0
config_get_bool UNBOUND_B_DNSSEC "$cfg" validator 0
config_get_bool UNBOUND_B_NTP_BOOT "$cfg" validator_ntp 1
@ -1181,7 +1222,7 @@ unbound_uci() {
##############################################################################
_resolv_setup() {
unbound_resolv_setup() {
if [ "$UNBOUND_N_RX_PORT" != "53" ] ; then
return
fi
@ -1210,7 +1251,7 @@ _resolv_setup() {
##############################################################################
_resolv_teardown() {
unbound_resolv_teardown() {
case $( cat /tmp/resolv.conf ) in
*"generated by Unbound UCI"*)
# our resolver file, reset to auto resolver file.
@ -1225,8 +1266,6 @@ _resolv_teardown() {
unbound_start() {
config_load unbound
config_foreach unbound_uci unbound
unbound_mkdir
@ -1245,19 +1284,18 @@ unbound_start() {
unbound_forward
unbound_auth_root
unbound_control
fi
_resolv_setup
unbound_resolv_setup
}
##############################################################################
unbound_stop() {
_resolv_teardown
unbound_resolv_teardown
rootzone_update
}


+ 1
- 0
net/unbound/files/unbound.uci View File

@ -15,6 +15,7 @@ config unbound
option listen_port '53'
option localservice '1'
option manual_conf '0'
option prefetch_root '0'
option protocol 'default'
option query_minimize '0'
option query_min_strict '0'


Loading…
Cancel
Save