@ -61,6 +61,9 @@ UB_TXT_HOSTNAME=thisrouter
##############################################################################
##############################################################################
# reset as a combo with UB_B_NTP_BOOT and some time stamp files
UB_B_READY = 1
# keep track of assignments during inserted resource records
# keep track of assignments during inserted resource records
UB_LIST_NETW_ALL = ""
UB_LIST_NETW_ALL = ""
UB_LIST_NETW_LAN = ""
UB_LIST_NETW_LAN = ""
@ -219,7 +222,7 @@ unbound_mkdir() {
# Debian-like package dns-root-data
# Debian-like package dns-root-data
cp -p /usr/share/dns/root.hints $UB_RHINT_FILE
cp -p /usr/share/dns/root.hints $UB_RHINT_FILE
elif [ ! -f " $UB_TIME_FILE " ] ; then
elif [ " $UB_B_READY " -eq 0 ] ; then
logger -t unbound -s "default root hints (built in root-servers.net)"
logger -t unbound -s "default root hints (built in root-servers.net)"
fi
fi
fi
fi
@ -233,7 +236,7 @@ unbound_mkdir() {
elif [ -x $UB_ANCHOR ] ; then
elif [ -x $UB_ANCHOR ] ; then
$UB_ANCHOR -a $UB_RKEY_FILE
$UB_ANCHOR -a $UB_RKEY_FILE
elif [ ! -f " $UB_TIME_FILE " ] ; then
elif [ " $UB_B_READY " -eq 0 ] ; then
logger -t unbound -s "default trust anchor (built in root DS record)"
logger -t unbound -s "default trust anchor (built in root DS record)"
fi
fi
fi
fi
@ -285,9 +288,21 @@ unbound_mkdir() {
fi
fi
if [ " $UB_B_NTP_BOOT " -eq 0 ] ; then
# time is considered okay on this device (skip /etc/hotplug/ntpd/unbound)
if [ -f " $UB_TIME_FILE " ] ; then
# NTP is done so its like you actually had an RTC
UB_B_READY = 1
UB_B_NTP_BOOT = 0
elif [ " $UB_B_NTP_BOOT " -eq 0 ] ; then
# time is considered okay on this device (ignore /etc/hotplug/ntpd/unbound)
date -Is > $UB_TIME_FILE
date -Is > $UB_TIME_FILE
UB_B_READY = 0
UB_B_NTP_BOOT = 0
else
# DNSSEC-TIME will not reconcile
UB_B_READY = 0
UB_B_NTP_BOOT = 1
fi
fi
}
}
@ -407,8 +422,8 @@ unbound_zone() {
case $zone_type in
case $zone_type in
auth_zone)
auth_zone)
if [ -n " $UB_LIST_ZONE_NAMES " ] \
&& [ -n " $url_dir " -o -n " $UB_LIST_ZONE_SERVERS " ] ; then
if [ -n " $UB_LIST_ZONE_NAMES " \
-a \( -n " $url_dir " -o -n " $UB_LIST_ZONE_SERVERS " \) ] ; then
for zone_name in $UB_LIST_ZONE_NAMES ; do
for zone_name in $UB_LIST_ZONE_NAMES ; do
if [ " $zone_name " = "." ] ; then
if [ " $zone_name " = "." ] ; then
zone_sym = .
zone_sym = .
@ -626,7 +641,7 @@ unbound_conf() {
; ;
; ;
*)
*)
if [ ! -f " $UB_TIME_FILE " ] ; then
if [ " $UB_B_READY " -eq 0 ] ; then
logger -t unbound -s "default protocol configuration"
logger -t unbound -s "default protocol configuration"
fi
fi
@ -686,7 +701,7 @@ unbound_conf() {
echo
echo
} >> $UB_CORE_CONF
} >> $UB_CORE_CONF
elif [ ! -f " $UB_TIME_FILE " ] ; then
elif [ " $UB_B_READY " -eq 0 ] ; then
logger -t unbound -s "default memory configuration"
logger -t unbound -s "default memory configuration"
fi
fi
@ -696,7 +711,7 @@ unbound_conf() {
if [ " $UB_B_DNSSEC " -gt 0 ] ; then
if [ " $UB_B_DNSSEC " -gt 0 ] ; then
if [ ! -f " $UB_TIME_FILE " -a " $UB_B_NTP_BOOT " -gt 0 ] ; then
if [ " $UB_B_NTP_BOOT " -gt 0 ] ; then
# DNSSEC chicken and egg with getting NTP time
# DNSSEC chicken and egg with getting NTP time
echo " val-override-date: -1" >> $UB_CORE_CONF
echo " val-override-date: -1" >> $UB_CORE_CONF
fi
fi
@ -777,7 +792,7 @@ unbound_conf() {
; ;
; ;
*)
*)
if [ ! -f " $UB_TIME_FILE " ] ; then
if [ " $UB_B_READY " -eq 0 ] ; then
logger -t unbound -s "default recursion configuration"
logger -t unbound -s "default recursion configuration"
fi
fi
; ;
; ;
@ -898,8 +913,8 @@ unbound_hostname() {
echo
echo
} >> $UB_HOST_CONF
} >> $UB_HOST_CONF
elif [ -n " $UB_TXT_DOMAIN " ] \
&& [ " $UB_D_WAN_FQDN " -gt 0 -o " $UB_D_LAN_FQDN " -gt 0 ] ; then
elif [ -n " $UB_TXT_DOMAIN " \
-a \( " $UB_D_WAN_FQDN " -gt 0 -o " $UB_D_LAN_FQDN " -gt 0 \) ] ; then
case " $UB_D_DOMAIN_TYPE " in
case " $UB_D_DOMAIN_TYPE " in
deny| inform_deny| refuse| static)
deny| inform_deny| refuse| static)
{
{
@ -947,180 +962,178 @@ unbound_hostname() {
} >> $UB_HOST_CONF
} >> $UB_HOST_CONF
if [ -f " $UB_TIME_FILE " ] ; then
if [ -n " $UB_LIST_NETW_WAN " ] ; then
for ifsubnet in $UB_LIST_NETW_WAN ; do
ifaddr = ${ ifsubnet #*@ }
ifaddr = ${ ifaddr %/* }
ifarpa = $( host_ptr_any " $ifaddr " )
if [ -n " $ifarpa " ] ; then
if [ " $UB_D_WAN_FQDN " -gt 0 ] ; then
{
# Create a static zone for WAN host record only (singular)
echo " domain-insecure: $ifarpa "
echo " private-address: $ifaddr "
echo " local-zone: $ifarpa static "
echo " local-data: \" $ifarpa . $UB_XSOA \" "
echo " local-data: \" $ifarpa . $UB_XNS \" "
echo " local-data: ' $ifarpa . $UB_MTXT ' "
echo
} >> $UB_HOST_CONF
elif [ " $zonetype " -gt 0 ] ; then
{
echo " local-zone: $ifarpa transparent "
echo
} >> $UB_HOST_CONF
fi
if [ -n " $UB_LIST_NETW_WAN " ] ; then
for ifsubnet in $UB_LIST_NETW_WAN ; do
ifaddr = ${ ifsubnet #*@ }
ifaddr = ${ ifaddr %/* }
ifarpa = $( host_ptr_any " $ifaddr " )
if [ -n " $ifarpa " ] ; then
if [ " $UB_D_WAN_FQDN " -gt 0 ] ; then
{
# Create a static zone for WAN host record only (singular)
echo " domain-insecure: $ifarpa "
echo " private-address: $ifaddr "
echo " local-zone: $ifarpa static "
echo " local-data: \" $ifarpa . $UB_XSOA \" "
echo " local-data: \" $ifarpa . $UB_XNS \" "
echo " local-data: ' $ifarpa . $UB_MTXT ' "
echo
} >> $UB_HOST_CONF
elif [ " $zonetype " -gt 0 ] ; then
{
echo " local-zone: $ifarpa transparent "
echo
} >> $UB_HOST_CONF
fi
fi
done
fi
fi
done
fi
if [ -n " $UB_LIST_NETW_LAN " ] ; then
for ifsubnet in $UB_LIST_NETW_LAN ; do
ifarpa = $( domain_ptr_any " ${ ifsubnet #*@ } " )
if [ -n " $ifarpa " ] ; then
if [ " $zonetype " -eq 2 ] ; then
{
# Do NOT forward queries with your ip6.arpa or in-addr.arpa
echo " domain-insecure: $ifarpa "
echo " local-zone: $ifarpa static "
echo " local-data: \" $ifarpa . $UB_XSOA \" "
echo " local-data: \" $ifarpa . $UB_XNS \" "
echo " local-data: ' $ifarpa . $UB_XTXT ' "
echo
} >> $UB_HOST_CONF
elif [ " $zonetype " -eq 1 -a " $UB_D_PRIV_BLCK " -eq 0 ] ; then
{
echo " local-zone: $ifarpa transparent "
echo
} >> $UB_HOST_CONF
fi
if [ -n " $UB_LIST_NETW_LAN " ] ; then
for ifsubnet in $UB_LIST_NETW_LAN ; do
ifarpa = $( domain_ptr_any " ${ ifsubnet #*@ } " )
if [ -n " $ifarpa " ] ; then
if [ " $zonetype " -eq 2 ] ; then
{
# Do NOT forward queries with your ip6.arpa or in-addr.arpa
echo " domain-insecure: $ifarpa "
echo " local-zone: $ifarpa static "
echo " local-data: \" $ifarpa . $UB_XSOA \" "
echo " local-data: \" $ifarpa . $UB_XNS \" "
echo " local-data: ' $ifarpa . $UB_XTXT ' "
echo
} >> $UB_HOST_CONF
elif [ " $zonetype " -eq 1 -a " $UB_D_PRIV_BLCK " -eq 0 ] ; then
{
echo " local-zone: $ifarpa transparent "
echo
} >> $UB_HOST_CONF
fi
fi
done
fi
fi
done
fi
ulaprefix = $( uci_get network.@globals[ 0] .ula_prefix )
ulaprefix = ${ ulaprefix %% : /* }
hostfqdn = " $UB_TXT_HOSTNAME . $UB_TXT_DOMAIN "
ulaprefix = $( uci_get network.@globals[ 0] .ula_prefix )
ulaprefix = ${ ulaprefix %% : /* }
hostfqdn = " $UB_TXT_HOSTNAME . $UB_TXT_DOMAIN "
if [ -z " $ulaprefix " ] ; then
# Nonsense so this option isn't globbed below
ulaprefix = "fdno:such:addr::"
fi
if [ -z " $ulaprefix " ] ; then
# Nonsense so this option isn't globbed below
ulaprefix = "fdno:such:addr::"
fi
if [ " $UB_LIST_NETW_LAN " -a " $UB_D_LAN_FQDN " -gt 0 ] ; then
for ifsubnet in $UB_LIST_NETW_LAN ; do
ifaddr = ${ ifsubnet #*@ }
ifaddr = ${ ifaddr %/* }
ifname = ${ ifsubnet %@* }
iffqdn = " $ifname . $hostfqdn "
if [ " $UB_LIST_NETW_LAN " -a " $UB_D_LAN_FQDN " -gt 0 ] ; then
for ifsubnet in $UB_LIST_NETW_LAN ; do
ifaddr = ${ ifsubnet #*@ }
ifaddr = ${ ifaddr %/* }
ifname = ${ ifsubnet %@* }
iffqdn = " $ifname . $hostfqdn "
if [ " $UB_D_LAN_FQDN " -eq 4 ] ; then
names = " $iffqdn $hostfqdn $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $iffqdn \" "
echo " $ptrrec " >> $UB_HOST_CONF
if [ " $UB_D_LAN_FQDN " -eq 4 ] ; then
names = " $iffqdn $hostfqdn $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $iffqdn \" "
echo " $ptrrec " >> $UB_HOST_CONF
elif [ " $UB_D_LAN_FQDN " -eq 3 ] ; then
names = " $hostfqdn $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $hostfqdn \" "
echo " $ptrrec " >> $UB_HOST_CONF
elif [ " $UB_D_LAN_FQDN " -eq 3 ] ; then
names = " $hostfqdn $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $hostfqdn \" "
echo " $ptrrec " >> $UB_HOST_CONF
else
names = " $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $UB_TXT_HOSTNAME \" "
echo " $ptrrec " >> $UB_HOST_CONF
fi
else
names = " $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $UB_TXT_HOSTNAME \" "
echo " $ptrrec " >> $UB_HOST_CONF
fi
for name in $names ; do
case $ifaddr in
" ${ ulaprefix } " *)
# IP6 ULA only is assigned for OPTION 1
namerec = " local-data: \" $name . 300 IN AAAA $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
; ;
for name in $names ; do
case $ifaddr in
" ${ ulaprefix } " *)
# IP6 ULA only is assigned for OPTION 1
namerec = " local-data: \" $name . 300 IN AAAA $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
; ;
[ 1-9] *.*[ 0-9] )
namerec = " local-data: \" $name . 300 IN A $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
; ;
[ 1-9] *.*[ 0-9] )
namerec = " local-data: \" $name . 300 IN A $ifaddr \" "
*)
if [ " $UB_D_LAN_FQDN " -gt 1 ] ; then
# IP6 GLA is assigned for higher options
namerec = " local-data: \" $name . 300 IN AAAA $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
echo " $namerec " >> $UB_HOST_CONF
; ;
*)
if [ " $UB_D_LAN_FQDN " -gt 1 ] ; then
# IP6 GLA is assigned for higher options
namerec = " local-data: \" $name . 300 IN AAAA $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
fi
; ;
esac
done
echo >> $UB_HOST_CONF
fi
; ;
esac
done
done
fi
echo >> $UB_HOST_CONF
done
fi
if [ -n " $UB_LIST_NETW_WAN " -a " $UB_D_WAN_FQDN " -gt 0 ] ; then
for ifsubnet in $UB_LIST_NETW_WAN ; do
ifaddr = ${ ifsubnet #*@ }
ifaddr = ${ ifaddr %/* }
ifname = ${ ifsubnet %@* }
iffqdn = " $ifname . $hostfqdn "
if [ -n " $UB_LIST_NETW_WAN " -a " $UB_D_WAN_FQDN " -gt 0 ] ; then
for ifsubnet in $UB_LIST_NETW_WAN ; do
ifaddr = ${ ifsubnet #*@ }
ifaddr = ${ ifaddr %/* }
ifname = ${ ifsubnet %@* }
iffqdn = " $ifname . $hostfqdn "
if [ " $UB_D_WAN_FQDN " -eq 4 ] ; then
names = " $iffqdn $hostfqdn $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $iffqdn \" "
echo " $ptrrec " >> $UB_HOST_CONF
if [ " $UB_D_WAN_FQDN " -eq 4 ] ; then
names = " $iffqdn $hostfqdn $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $iffqdn \" "
echo " $ptrrec " >> $UB_HOST_CONF
elif [ " $UB_D_WAN_FQDN " -eq 3 ] ; then
names = " $hostfqdn $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $hostfqdn \" "
echo " $ptrrec " >> $UB_HOST_CONF
elif [ " $UB_D_WAN_FQDN " -eq 3 ] ; then
names = " $hostfqdn $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $hostfqdn \" "
echo " $ptrrec " >> $UB_HOST_CONF
else
names = " $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $UB_TXT_HOSTNAME \" "
echo " $ptrrec " >> $UB_HOST_CONF
fi
else
names = " $UB_TXT_HOSTNAME "
ptrrec = " local-data-ptr: \" $ifaddr 300 $UB_TXT_HOSTNAME \" "
echo " $ptrrec " >> $UB_HOST_CONF
fi
for name in $names ; do
case $ifaddr in
" ${ ulaprefix } " *)
# IP6 ULA only is assigned for OPTION 1
namerec = " local-data: \" $name . 300 IN AAAA $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
; ;
for name in $names ; do
case $ifaddr in
" ${ ulaprefix } " *)
# IP6 ULA only is assigned for OPTION 1
namerec = " local-data: \" $name . 300 IN AAAA $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
; ;
[ 1-9] *.*[ 0-9] )
namerec = " local-data: \" $name . 300 IN A $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
; ;
*)
if [ " $UB_D_WAN_FQDN " -gt 1 ] ; then
# IP6 GLA is assigned for higher options
namerec = " local-data: \" $name . 300 IN AAAA $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
fi
[ 1-9] *.*[ 0-9] )
namerec = " local-data: \" $name . 300 IN A $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
; ;
; ;
esac
done
echo >> $UB_HOST_CONF
*)
if [ " $UB_D_WAN_FQDN " -gt 1 ] ; then
# IP6 GLA is assigned for higher options
namerec = " local-data: \" $name . 300 IN AAAA $ifaddr \" "
echo " $namerec " >> $UB_HOST_CONF
fi
; ;
esac
done
done
fi
fi # end if time file
echo >> $UB_HOST_CONF
done
fi
fi # end if uci valid
fi # end if uci valid
}
}
@ -1178,7 +1191,7 @@ unbound_uci() {
UB_D_DHCP_LINK = dnsmasq
UB_D_DHCP_LINK = dnsmasq
if [ ! -f " $UB_TIME_FILE " ] ; then
if [ " $UB_B_READY " -eq 0 ] ; then
logger -t unbound -s "Please use 'dhcp_link' selector instead"
logger -t unbound -s "Please use 'dhcp_link' selector instead"
fi
fi
fi
fi
@ -1193,7 +1206,7 @@ unbound_uci() {
fi
fi
if [ ! -f " $UB_TIME_FILE " -a " $UB_D_DHCP_LINK " = "none" ] ; then
if [ " $UB_B_READY " -eq 0 -a " $UB_D_DHCP_LINK " = "none" ] ; then
logger -t unbound -s "cannot forward to dnsmasq"
logger -t unbound -s "cannot forward to dnsmasq"
fi
fi
fi
fi
@ -1207,7 +1220,7 @@ unbound_uci() {
fi
fi
if [ ! -f " $UB_TIME_FILE " -a " $UB_D_DHCP_LINK " = "none" ] ; then
if [ " $UB_B_READY " -eq 0 -a " $UB_D_DHCP_LINK " = "none" ] ; then
logger -t unbound -s "cannot receive records from odhcpd"
logger -t unbound -s "cannot receive records from odhcpd"
fi
fi
fi
fi
@ -1220,8 +1233,8 @@ unbound_uci() {
fi
fi
if [ " $UB_N_RX_PORT " -ne 53 ] \
&& [ " $UB_N_RX_PORT " -lt 1024 -o 10240 -lt " $UB_N_RX_PORT " ] ; then
if [ " $UB_N_RX_PORT " -ne 53 \
-a \( " $UB_N_RX_PORT " -lt 1024 -o 10240 -lt " $UB_N_RX_PORT " \) ] ; then
logger -t unbound -s "privileged port or in 5 digits, using default"
logger -t unbound -s "privileged port or in 5 digits, using default"
UB_N_RX_PORT = 53
UB_N_RX_PORT = 53
fi
fi
@ -1264,7 +1277,7 @@ unbound_include() {
fi
fi
if [ -f " $UB_TIME_FILE " -a -f " $UB_ DHCP_CONF " ] ; then
if [ -f " $UB_DHCP_CONF " ] ; then
{
{
# Seed DHCP records because dhcp scripts trigger externally
# Seed DHCP records because dhcp scripts trigger externally
# Incremental Unbound restarts may drop unbound-control records
# Incremental Unbound restarts may drop unbound-control records
@ -1274,8 +1287,8 @@ unbound_include() {
fi
fi
if [ ! -f " $UB_TIME_FILE " -o -z " $adb_files " \
-o ! -x /usr/bin/adblock.sh -o ! -x /etc/init.d/adblock ] ; then
if [ -z " $adb_files " \
-o ! -x /usr/bin/adblock.sh -o ! -x /etc/init.d/adblock ] ; then
adb_enabled = 0
adb_enabled = 0
elif /etc/init.d/adblock enabled ; then
elif /etc/init.d/adblock enabled ; then