@ -35,6 +35,7 @@ UNBOUND_B_MAN_CONF=0
UNBOUND_B_NTP_BOOT = 1
UNBOUND_B_QUERY_MIN = 0
UNBOUND_B_QRY_MINST = 0
UNBOUND_B_AUTH_ROOT = 0
UNBOUND_D_CONTROL = 0
UNBOUND_D_DOMAIN_TYPE = static
@ -605,6 +606,45 @@ unbound_forward() {
##############################################################################
unbound_auth_root( ) {
local axfrservers = "lax.xfr.dns.icann.org iad.xfr.dns.icann.org"
local httpserver = "http://www.internic.net/domain/"
local authzones = "root arpa in-addr.arpa ip6.arpa"
local server zone realzone
# Download or AXFR the root and arpa zones to reduce the work needed at
# top level of recursion. If your users will hit many ccTLD or you have
# tracking logs resolving many PTR, then this can speed things up.
# Total size of text in TMPFS could be about 5MB.
if [ " $UNBOUND_B_AUTH_ROOT " -gt 0 ] ; then
for zone in $authzones ; do
if [ " $zone " = "root" ] ; then
realzone = "."
else
realzone = $zone
fi
{
echo "auth-zone:"
echo " name: \" $realzone \" "
for server in $axfrservers ; do
echo " master: \" $server \" "
done
echo " url: \" $httpserver $zone .zone\" "
echo " fallback-enabled: yes"
echo " for-downstream: no"
echo " for-upstream: yes"
echo " zonefile: \" $zone .zone\" "
echo
} >> $UNBOUND_CONFFILE
done
fi
}
##############################################################################
unbound_conf( ) {
local rt_mem rt_conn modulestring domain ifsubnet
@ -1086,6 +1126,7 @@ unbound_uci() {
config_get_bool UNBOUND_B_MAN_CONF " $cfg " manual_conf 0
config_get_bool UNBOUND_B_QUERY_MIN " $cfg " query_minimize 0
config_get_bool UNBOUND_B_QRY_MINST " $cfg " query_min_strict 0
config_get_bool UNBOUND_B_AUTH_ROOT " $cfg " prefetch_root 0
config_get_bool UNBOUND_B_LOCL_BLCK " $cfg " rebind_localhost 0
config_get_bool UNBOUND_B_DNSSEC " $cfg " validator 0
config_get_bool UNBOUND_B_NTP_BOOT " $cfg " validator_ntp 1
@ -1181,7 +1222,7 @@ unbound_uci() {
##############################################################################
_resolv_setup( ) {
unbound _resolv_setup( ) {
if [ " $UNBOUND_N_RX_PORT " != "53" ] ; then
return
fi
@ -1210,7 +1251,7 @@ _resolv_setup() {
##############################################################################
_resolv_teardown( ) {
unbound _resolv_teardown( ) {
case $( cat /tmp/resolv.conf ) in
*"generated by Unbound UCI" *)
# our resolver file, reset to auto resolver file.
@ -1225,8 +1266,6 @@ _resolv_teardown() {
unbound_start( ) {
config_load unbound
config_foreach unbound_uci unbound
unbound_mkdir
@ -1245,19 +1284,18 @@ unbound_start() {
unbound_forward
unbound_auth_root
unbound_control
fi
_resolv_setup
unbound _resolv_setup
}
##############################################################################
unbound_stop( ) {
_resolv_teardown
unbound_resolv_teardown
rootzone_update
}