From 8830d72bbd8882b89a9d42047c31088ac8e76265 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Tue, 31 Jul 2018 22:59:24 -0400 Subject: [PATCH] unbound: fix boot time and default run directory Unbound struggles with boot ifup, so procd triggers changed to push outside of this noise. Unbound has run in /var/lib/unbound/, so chroot (jail) protects /etc/, and it can save flash wear. Compiled defaults reflect this now, so Unbound tools are easier run on the command line. Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 12 +- net/unbound/files/defaults.sh | 3 +- net/unbound/files/dnsmasq.sh | 1 + net/unbound/files/odhcpd.sh | 4 +- net/unbound/files/unbound.init | 23 ++- net/unbound/files/unbound.sh | 341 +++++++++++++++++---------------- 6 files changed, 205 insertions(+), 179 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index c8c8c4ab5..b2c6d31f4 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.7.3 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -36,7 +36,7 @@ define Package/unbound SECTION:=net CATEGORY:=Network SUBMENU:=IP Addresses and Names - USERID:=unbound=553:unbound=553 + USERID:=unbound:unbound TITLE+= (daemon) DEPENDS+= +libunbound endef @@ -117,8 +117,10 @@ CONFIGURE_ARGS += \ --enable-tfo-server \ --with-libexpat="$(STAGING_DIR)/usr" \ --with-ssl="$(STAGING_DIR)/usr" \ - --with-pidfile=/var/run/unbound.pid \ - --with-user=unbound + --with-user=unbound \ + --with-run-dir=/var/lib/unbound \ + --with-conf-file=/var/lib/unbound/unbound.conf \ + --with-pidfile=/var/run/unbound.pid define Package/unbound/conffiles /etc/config/unbound @@ -142,7 +144,7 @@ define Package/unbound/install $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/etc/unbound $(INSTALL_DATA) \ - $(PKG_INSTALL_DIR)/etc/unbound/unbound.conf \ + $(PKG_INSTALL_DIR)/var/lib/unbound/unbound.conf \ $(1)/etc/unbound/unbound.conf $(INSTALL_DATA) ./files/root.key $(1)/etc/unbound/root.key $(INSTALL_DATA) ./files/unbound_ext.conf $(1)/etc/unbound/unbound_ext.conf diff --git a/net/unbound/files/defaults.sh b/net/unbound/files/defaults.sh index 61c88d219..c26511941 100644 --- a/net/unbound/files/defaults.sh +++ b/net/unbound/files/defaults.sh @@ -41,6 +41,7 @@ UB_TLS_ETC_FILE=/etc/ssl/certs/ca-certificates.crt UB_RKEY_FILE=$UB_VARDIR/root.key UB_RHINT_FILE=$UB_VARDIR/root.hints UB_TIME_FILE=$UB_VARDIR/hotplug.time +UB_SKIP_FILE=$UB_VARDIR/skip.time # control app keys UB_CTLKEY_FILE=$UB_VARDIR/unbound_control.key @@ -50,7 +51,7 @@ UB_SRVPEM_FILE=$UB_VARDIR/unbound_server.pem # similar default SOA / NS RR as Unbound uses for private ARPA zones UB_XSER=$(( $( date +%s ) / 60 )) -UB_XSOA="7200 IN SOA localhost. nobody.invalid. $UB_XSER 3600 1200 9600 600" +UB_XSOA="7200 IN SOA localhost. nobody.invalid. $UB_XSER 3600 1200 9600 300" UB_XNS="7200 IN NS localhost." UB_XTXT="7200 IN TXT \"comment=local intranet dns zone\"" UB_MTXT="7200 IN TXT \"comment=masked internet dns zone\"" diff --git a/net/unbound/files/dnsmasq.sh b/net/unbound/files/dnsmasq.sh index eac2261d8..7ab77592d 100644 --- a/net/unbound/files/dnsmasq.sh +++ b/net/unbound/files/dnsmasq.sh @@ -206,6 +206,7 @@ dnsmasq_local_arpa() { dnsmasq_inactive() { local record + if [ "$UB_D_EXTRA_DNS" -gt 0 ] ; then # Parasite from the uci.dhcp.domain clauses DM_LIST_KNOWN_ZONES="$DM_LIST_KNOWN_ZONES $UB_TXT_DOMAIN" diff --git a/net/unbound/files/odhcpd.sh b/net/unbound/files/odhcpd.sh index 60c2aabea..721198d70 100644 --- a/net/unbound/files/odhcpd.sh +++ b/net/unbound/files/odhcpd.sh @@ -43,8 +43,8 @@ odhcpd_zonedata() { local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile ) - if [ -f "$UB_TIME_FILE" -a "$dhcp_link" = "odhcpd" \ - -a -f "$dhcp_origin" -a -n "$dhcp_domain" ] ; then + if [ -f "$UB_TOTAL_CONF" -a -f "$dhcp_origin" \ + -a "$dhcp_link" = "odhcpd" -a -n "$dhcp_domain" ] ; then # Capture the lease file which could be changing often sort $dhcp_origin > $dhcp_ls_new diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init index f12e6831c..ff827c4f0 100755 --- a/net/unbound/files/unbound.init +++ b/net/unbound/files/unbound.init @@ -54,22 +54,31 @@ stop_service() { ############################################################################## service_triggers() { - local trigger local legacy=$( uci_get unbound.@unbound[0].trigger ) local triggers=$( uci_get unbound.@unbound[0].trigger_interface ) + local trigger="$triggers $legacy" - triggers="$triggers $legacy" - PROCD_RELOAD_DELAY=2000 - procd_add_reload_trigger "unbound" + . /usr/lib/unbound/defaults.sh + + + if [ ! -f "$UB_TOTAL_CONF" -o -n "$UB_BOOT" ] ; then + # Unbound is can be a bit heavy, so wait some on first start but any + # interface coming up affects the trigger and delay so guarantee start + procd_add_raw_trigger "interface.*.up" 5000 /etc/init.d/unbound restart + + elif [ -n "$triggers" ] ; then + PROCD_RELOAD_DELAY=2000 + procd_add_reload_trigger "unbound" "dhcp" - if [ -n "$triggers" ] ; then for trigger in $triggers ; do - # due to some netifd/procd interactions with IP6, limit interfaces + # User selected triggers to restart at any other time procd_add_reload_interface_trigger "$trigger" done + else - procd_add_raw_trigger "interface.*.up" 2000 /etc/init.d/unbound reload + PROCD_RELOAD_DELAY=2000 + procd_add_reload_trigger "unbound" "dhcp" fi } diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index 798b4e353..49a015788 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -61,6 +61,9 @@ UB_TXT_HOSTNAME=thisrouter ############################################################################## +# reset as a combo with UB_B_NTP_BOOT and some time stamp files +UB_B_READY=1 + # keep track of assignments during inserted resource records UB_LIST_NETW_ALL="" UB_LIST_NETW_LAN="" @@ -219,7 +222,7 @@ unbound_mkdir() { # Debian-like package dns-root-data cp -p /usr/share/dns/root.hints $UB_RHINT_FILE - elif [ ! -f "$UB_TIME_FILE" ] ; then + elif [ "$UB_B_READY" -eq 0 ] ; then logger -t unbound -s "default root hints (built in root-servers.net)" fi fi @@ -233,7 +236,7 @@ unbound_mkdir() { elif [ -x $UB_ANCHOR ] ; then $UB_ANCHOR -a $UB_RKEY_FILE - elif [ ! -f "$UB_TIME_FILE" ] ; then + elif [ "$UB_B_READY" -eq 0 ] ; then logger -t unbound -s "default trust anchor (built in root DS record)" fi fi @@ -285,9 +288,21 @@ unbound_mkdir() { fi - if [ "$UB_B_NTP_BOOT" -eq 0 ] ; then - # time is considered okay on this device (skip /etc/hotplug/ntpd/unbound) + if [ -f "$UB_TIME_FILE" ] ; then + # NTP is done so its like you actually had an RTC + UB_B_READY=1 + UB_B_NTP_BOOT=0 + + elif [ "$UB_B_NTP_BOOT" -eq 0 ] ; then + # time is considered okay on this device (ignore /etc/hotplug/ntpd/unbound) date -Is > $UB_TIME_FILE + UB_B_READY=0 + UB_B_NTP_BOOT=0 + + else + # DNSSEC-TIME will not reconcile + UB_B_READY=0 + UB_B_NTP_BOOT=1 fi } @@ -407,8 +422,8 @@ unbound_zone() { case $zone_type in auth_zone) - if [ -n "$UB_LIST_ZONE_NAMES" ] \ - && [ -n "$url_dir" -o -n "$UB_LIST_ZONE_SERVERS" ] ; then + if [ -n "$UB_LIST_ZONE_NAMES" \ + -a \( -n "$url_dir" -o -n "$UB_LIST_ZONE_SERVERS" \) ] ; then for zone_name in $UB_LIST_ZONE_NAMES ; do if [ "$zone_name" = "." ] ; then zone_sym=. @@ -626,7 +641,7 @@ unbound_conf() { ;; *) - if [ ! -f "$UB_TIME_FILE" ] ; then + if [ "$UB_B_READY" -eq 0 ] ; then logger -t unbound -s "default protocol configuration" fi @@ -686,7 +701,7 @@ unbound_conf() { echo } >> $UB_CORE_CONF - elif [ ! -f "$UB_TIME_FILE" ] ; then + elif [ "$UB_B_READY" -eq 0 ] ; then logger -t unbound -s "default memory configuration" fi @@ -696,7 +711,7 @@ unbound_conf() { if [ "$UB_B_DNSSEC" -gt 0 ] ; then - if [ ! -f "$UB_TIME_FILE" -a "$UB_B_NTP_BOOT" -gt 0 ] ; then + if [ "$UB_B_NTP_BOOT" -gt 0 ] ; then # DNSSEC chicken and egg with getting NTP time echo " val-override-date: -1" >> $UB_CORE_CONF fi @@ -777,7 +792,7 @@ unbound_conf() { ;; *) - if [ ! -f "$UB_TIME_FILE" ] ; then + if [ "$UB_B_READY" -eq 0 ] ; then logger -t unbound -s "default recursion configuration" fi ;; @@ -898,8 +913,8 @@ unbound_hostname() { echo } >> $UB_HOST_CONF - elif [ -n "$UB_TXT_DOMAIN" ] \ - && [ "$UB_D_WAN_FQDN" -gt 0 -o "$UB_D_LAN_FQDN" -gt 0 ] ; then + elif [ -n "$UB_TXT_DOMAIN" \ + -a \( "$UB_D_WAN_FQDN" -gt 0 -o "$UB_D_LAN_FQDN" -gt 0 \) ] ; then case "$UB_D_DOMAIN_TYPE" in deny|inform_deny|refuse|static) { @@ -947,180 +962,178 @@ unbound_hostname() { } >> $UB_HOST_CONF - if [ -f "$UB_TIME_FILE" ] ; then - if [ -n "$UB_LIST_NETW_WAN" ] ; then - for ifsubnet in $UB_LIST_NETW_WAN ; do - ifaddr=${ifsubnet#*@} - ifaddr=${ifaddr%/*} - ifarpa=$( host_ptr_any "$ifaddr" ) - - - if [ -n "$ifarpa" ] ; then - if [ "$UB_D_WAN_FQDN" -gt 0 ] ; then - { - # Create a static zone for WAN host record only (singular) - echo " domain-insecure: $ifarpa" - echo " private-address: $ifaddr" - echo " local-zone: $ifarpa static" - echo " local-data: \"$ifarpa. $UB_XSOA\"" - echo " local-data: \"$ifarpa. $UB_XNS\"" - echo " local-data: '$ifarpa. $UB_MTXT'" - echo - } >> $UB_HOST_CONF - - elif [ "$zonetype" -gt 0 ] ; then - { - echo " local-zone: $ifarpa transparent" - echo - } >> $UB_HOST_CONF - fi + if [ -n "$UB_LIST_NETW_WAN" ] ; then + for ifsubnet in $UB_LIST_NETW_WAN ; do + ifaddr=${ifsubnet#*@} + ifaddr=${ifaddr%/*} + ifarpa=$( host_ptr_any "$ifaddr" ) + + + if [ -n "$ifarpa" ] ; then + if [ "$UB_D_WAN_FQDN" -gt 0 ] ; then + { + # Create a static zone for WAN host record only (singular) + echo " domain-insecure: $ifarpa" + echo " private-address: $ifaddr" + echo " local-zone: $ifarpa static" + echo " local-data: \"$ifarpa. $UB_XSOA\"" + echo " local-data: \"$ifarpa. $UB_XNS\"" + echo " local-data: '$ifarpa. $UB_MTXT'" + echo + } >> $UB_HOST_CONF + + elif [ "$zonetype" -gt 0 ] ; then + { + echo " local-zone: $ifarpa transparent" + echo + } >> $UB_HOST_CONF fi - done - fi + fi + done + fi - if [ -n "$UB_LIST_NETW_LAN" ] ; then - for ifsubnet in $UB_LIST_NETW_LAN ; do - ifarpa=$( domain_ptr_any "${ifsubnet#*@}" ) - - - if [ -n "$ifarpa" ] ; then - if [ "$zonetype" -eq 2 ] ; then - { - # Do NOT forward queries with your ip6.arpa or in-addr.arpa - echo " domain-insecure: $ifarpa" - echo " local-zone: $ifarpa static" - echo " local-data: \"$ifarpa. $UB_XSOA\"" - echo " local-data: \"$ifarpa. $UB_XNS\"" - echo " local-data: '$ifarpa. $UB_XTXT'" - echo - } >> $UB_HOST_CONF - - elif [ "$zonetype" -eq 1 -a "$UB_D_PRIV_BLCK" -eq 0 ] ; then - { - echo " local-zone: $ifarpa transparent" - echo - } >> $UB_HOST_CONF - fi + if [ -n "$UB_LIST_NETW_LAN" ] ; then + for ifsubnet in $UB_LIST_NETW_LAN ; do + ifarpa=$( domain_ptr_any "${ifsubnet#*@}" ) + + + if [ -n "$ifarpa" ] ; then + if [ "$zonetype" -eq 2 ] ; then + { + # Do NOT forward queries with your ip6.arpa or in-addr.arpa + echo " domain-insecure: $ifarpa" + echo " local-zone: $ifarpa static" + echo " local-data: \"$ifarpa. $UB_XSOA\"" + echo " local-data: \"$ifarpa. $UB_XNS\"" + echo " local-data: '$ifarpa. $UB_XTXT'" + echo + } >> $UB_HOST_CONF + + elif [ "$zonetype" -eq 1 -a "$UB_D_PRIV_BLCK" -eq 0 ] ; then + { + echo " local-zone: $ifarpa transparent" + echo + } >> $UB_HOST_CONF fi - done - fi + fi + done + fi - ulaprefix=$( uci_get network.@globals[0].ula_prefix ) - ulaprefix=${ulaprefix%%:/*} - hostfqdn="$UB_TXT_HOSTNAME.$UB_TXT_DOMAIN" + ulaprefix=$( uci_get network.@globals[0].ula_prefix ) + ulaprefix=${ulaprefix%%:/*} + hostfqdn="$UB_TXT_HOSTNAME.$UB_TXT_DOMAIN" - if [ -z "$ulaprefix" ] ; then - # Nonsense so this option isn't globbed below - ulaprefix="fdno:such:addr::" - fi + if [ -z "$ulaprefix" ] ; then + # Nonsense so this option isn't globbed below + ulaprefix="fdno:such:addr::" + fi - if [ "$UB_LIST_NETW_LAN" -a "$UB_D_LAN_FQDN" -gt 0 ] ; then - for ifsubnet in $UB_LIST_NETW_LAN ; do - ifaddr=${ifsubnet#*@} - ifaddr=${ifaddr%/*} - ifname=${ifsubnet%@*} - iffqdn="$ifname.$hostfqdn" + if [ "$UB_LIST_NETW_LAN" -a "$UB_D_LAN_FQDN" -gt 0 ] ; then + for ifsubnet in $UB_LIST_NETW_LAN ; do + ifaddr=${ifsubnet#*@} + ifaddr=${ifaddr%/*} + ifname=${ifsubnet%@*} + iffqdn="$ifname.$hostfqdn" - if [ "$UB_D_LAN_FQDN" -eq 4 ] ; then - names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME" - ptrrec=" local-data-ptr: \"$ifaddr 300 $iffqdn\"" - echo "$ptrrec" >> $UB_HOST_CONF + if [ "$UB_D_LAN_FQDN" -eq 4 ] ; then + names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME" + ptrrec=" local-data-ptr: \"$ifaddr 300 $iffqdn\"" + echo "$ptrrec" >> $UB_HOST_CONF - elif [ "$UB_D_LAN_FQDN" -eq 3 ] ; then - names="$hostfqdn $UB_TXT_HOSTNAME" - ptrrec=" local-data-ptr: \"$ifaddr 300 $hostfqdn\"" - echo "$ptrrec" >> $UB_HOST_CONF + elif [ "$UB_D_LAN_FQDN" -eq 3 ] ; then + names="$hostfqdn $UB_TXT_HOSTNAME" + ptrrec=" local-data-ptr: \"$ifaddr 300 $hostfqdn\"" + echo "$ptrrec" >> $UB_HOST_CONF - else - names="$UB_TXT_HOSTNAME" - ptrrec=" local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\"" - echo "$ptrrec" >> $UB_HOST_CONF - fi + else + names="$UB_TXT_HOSTNAME" + ptrrec=" local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\"" + echo "$ptrrec" >> $UB_HOST_CONF + fi - for name in $names ; do - case $ifaddr in - "${ulaprefix}"*) - # IP6 ULA only is assigned for OPTION 1 - namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\"" - echo "$namerec" >> $UB_HOST_CONF - ;; + for name in $names ; do + case $ifaddr in + "${ulaprefix}"*) + # IP6 ULA only is assigned for OPTION 1 + namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\"" + echo "$namerec" >> $UB_HOST_CONF + ;; + + [1-9]*.*[0-9]) + namerec=" local-data: \"$name. 300 IN A $ifaddr\"" + echo "$namerec" >> $UB_HOST_CONF + ;; - [1-9]*.*[0-9]) - namerec=" local-data: \"$name. 300 IN A $ifaddr\"" + *) + if [ "$UB_D_LAN_FQDN" -gt 1 ] ; then + # IP6 GLA is assigned for higher options + namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\"" echo "$namerec" >> $UB_HOST_CONF - ;; - - *) - if [ "$UB_D_LAN_FQDN" -gt 1 ] ; then - # IP6 GLA is assigned for higher options - namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\"" - echo "$namerec" >> $UB_HOST_CONF - fi - ;; - esac - done - echo >> $UB_HOST_CONF + fi + ;; + esac done - fi + echo >> $UB_HOST_CONF + done + fi - if [ -n "$UB_LIST_NETW_WAN" -a "$UB_D_WAN_FQDN" -gt 0 ] ; then - for ifsubnet in $UB_LIST_NETW_WAN ; do - ifaddr=${ifsubnet#*@} - ifaddr=${ifaddr%/*} - ifname=${ifsubnet%@*} - iffqdn="$ifname.$hostfqdn" + if [ -n "$UB_LIST_NETW_WAN" -a "$UB_D_WAN_FQDN" -gt 0 ] ; then + for ifsubnet in $UB_LIST_NETW_WAN ; do + ifaddr=${ifsubnet#*@} + ifaddr=${ifaddr%/*} + ifname=${ifsubnet%@*} + iffqdn="$ifname.$hostfqdn" - if [ "$UB_D_WAN_FQDN" -eq 4 ] ; then - names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME" - ptrrec=" local-data-ptr: \"$ifaddr 300 $iffqdn\"" - echo "$ptrrec" >> $UB_HOST_CONF + if [ "$UB_D_WAN_FQDN" -eq 4 ] ; then + names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME" + ptrrec=" local-data-ptr: \"$ifaddr 300 $iffqdn\"" + echo "$ptrrec" >> $UB_HOST_CONF - elif [ "$UB_D_WAN_FQDN" -eq 3 ] ; then - names="$hostfqdn $UB_TXT_HOSTNAME" - ptrrec=" local-data-ptr: \"$ifaddr 300 $hostfqdn\"" - echo "$ptrrec" >> $UB_HOST_CONF + elif [ "$UB_D_WAN_FQDN" -eq 3 ] ; then + names="$hostfqdn $UB_TXT_HOSTNAME" + ptrrec=" local-data-ptr: \"$ifaddr 300 $hostfqdn\"" + echo "$ptrrec" >> $UB_HOST_CONF - else - names="$UB_TXT_HOSTNAME" - ptrrec=" local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\"" - echo "$ptrrec" >> $UB_HOST_CONF - fi + else + names="$UB_TXT_HOSTNAME" + ptrrec=" local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\"" + echo "$ptrrec" >> $UB_HOST_CONF + fi - for name in $names ; do - case $ifaddr in - "${ulaprefix}"*) - # IP6 ULA only is assigned for OPTION 1 - namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\"" - echo "$namerec" >> $UB_HOST_CONF - ;; + for name in $names ; do + case $ifaddr in + "${ulaprefix}"*) + # IP6 ULA only is assigned for OPTION 1 + namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\"" + echo "$namerec" >> $UB_HOST_CONF + ;; - [1-9]*.*[0-9]) - namerec=" local-data: \"$name. 300 IN A $ifaddr\"" - echo "$namerec" >> $UB_HOST_CONF - ;; - - *) - if [ "$UB_D_WAN_FQDN" -gt 1 ] ; then - # IP6 GLA is assigned for higher options - namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\"" - echo "$namerec" >> $UB_HOST_CONF - fi + [1-9]*.*[0-9]) + namerec=" local-data: \"$name. 300 IN A $ifaddr\"" + echo "$namerec" >> $UB_HOST_CONF ;; - esac - done - echo >> $UB_HOST_CONF + + *) + if [ "$UB_D_WAN_FQDN" -gt 1 ] ; then + # IP6 GLA is assigned for higher options + namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\"" + echo "$namerec" >> $UB_HOST_CONF + fi + ;; + esac done - fi - fi # end if time file + echo >> $UB_HOST_CONF + done + fi fi # end if uci valid } @@ -1178,7 +1191,7 @@ unbound_uci() { UB_D_DHCP_LINK=dnsmasq - if [ ! -f "$UB_TIME_FILE" ] ; then + if [ "$UB_B_READY" -eq 0 ] ; then logger -t unbound -s "Please use 'dhcp_link' selector instead" fi fi @@ -1193,7 +1206,7 @@ unbound_uci() { fi - if [ ! -f "$UB_TIME_FILE" -a "$UB_D_DHCP_LINK" = "none" ] ; then + if [ "$UB_B_READY" -eq 0 -a "$UB_D_DHCP_LINK" = "none" ] ; then logger -t unbound -s "cannot forward to dnsmasq" fi fi @@ -1207,7 +1220,7 @@ unbound_uci() { fi - if [ ! -f "$UB_TIME_FILE" -a "$UB_D_DHCP_LINK" = "none" ] ; then + if [ "$UB_B_READY" -eq 0 -a "$UB_D_DHCP_LINK" = "none" ] ; then logger -t unbound -s "cannot receive records from odhcpd" fi fi @@ -1220,8 +1233,8 @@ unbound_uci() { fi - if [ "$UB_N_RX_PORT" -ne 53 ] \ - && [ "$UB_N_RX_PORT" -lt 1024 -o 10240 -lt "$UB_N_RX_PORT" ] ; then + if [ "$UB_N_RX_PORT" -ne 53 \ + -a \( "$UB_N_RX_PORT" -lt 1024 -o 10240 -lt "$UB_N_RX_PORT" \) ] ; then logger -t unbound -s "privileged port or in 5 digits, using default" UB_N_RX_PORT=53 fi @@ -1264,7 +1277,7 @@ unbound_include() { fi - if [ -f "$UB_TIME_FILE" -a -f "$UB_DHCP_CONF" ] ; then + if [ -f "$UB_DHCP_CONF" ] ; then { # Seed DHCP records because dhcp scripts trigger externally # Incremental Unbound restarts may drop unbound-control records @@ -1274,8 +1287,8 @@ unbound_include() { fi - if [ ! -f "$UB_TIME_FILE" -o -z "$adb_files" \ - -o ! -x /usr/bin/adblock.sh -o ! -x /etc/init.d/adblock ] ; then + if [ -z "$adb_files" \ + -o ! -x /usr/bin/adblock.sh -o ! -x /etc/init.d/adblock ] ; then adb_enabled=0 elif /etc/init.d/adblock enabled ; then