Browse Source

unbound: expand UCI support for odhcpd DHCP-DNS

This is bare minimum change in 'unbound.sh' and
'dnsmasq.sh' to migrate the UCI option set for
more flexibility. The boolean(s) to link to
dnsmasq are being changed to a state to include
odhcpd. It is executable but a small step for
clear change management.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
lilik-openwrt-22.03
Eric Luehrsen 8 years ago
parent
commit
89e7bb8f38
2 changed files with 107 additions and 36 deletions
  1. +1
    -1
      net/unbound/files/dnsmasq.sh
  2. +106
    -35
      net/unbound/files/unbound.sh

+ 1
- 1
net/unbound/files/dnsmasq.sh View File

@ -164,7 +164,7 @@ dnsmasq_link() {
####################
if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
if [ "$UNBOUND_D_DHCP_LINK" = "dnsmasq" ] ; then
# Forward to dnsmasq on same host for DHCP lease hosts
echo " do-not-query-localhost: no" >> $UNBOUND_CONFFILE
# Look at dnsmasq settings


+ 106
- 35
net/unbound/files/unbound.sh View File

@ -21,7 +21,6 @@
##############################################################################
UNBOUND_B_CONTROL=0
UNBOUND_B_DNSMASQ=0
UNBOUND_B_DNSSEC=0
UNBOUND_B_DNS64=0
UNBOUND_B_GATE_NAME=0
@ -35,35 +34,40 @@ UNBOUND_B_PRIV_BLCK=1
UNBOUND_B_QUERY_MIN=0
UNBOUND_B_QRY_MINST=0
UNBOUND_IP_DNS64="64:ff9b::/96"
UNBOUND_D_DHCP_LINK=none
UNBOUND_D_PROTOCOL=mixed
UNBOUND_D_RESOURCE=small
UNBOUND_D_RECURSION=passive
UNBOUND_D_PROTOCOL=mixed
UNBOUND_TXT_FWD_ZONE=""
UNBOUND_TTL_MIN=120
UNBOUND_IP_DNS64="64:ff9b::/96"
UNBOUND_N_EDNS_SIZE=1280
UNBOUND_N_FWD_PORTS=""
UNBOUND_N_RX_PORT=53
UNBOUND_N_ROOT_AGE=28
##############################################################################
UNBOUND_TTL_MIN=120
UNBOUND_ANCHOR=/usr/bin/unbound-anchor
UNBOUND_CONTROL=/usr/bin/unbound-control
UNBOUND_TXT_DOMAIN=lan
UNBOUND_TXT_FWD_ZONE=""
##############################################################################
UNBOUND_LIBDIR=/usr/lib/unbound
UNBOUND_VARDIR=/var/lib/unbound
UNBOUND_PIDFILE=/var/run/unbound.pid
UNBOUND_VARDIR=/var/lib/unbound
UNBOUND_CONFFILE=$UNBOUND_VARDIR/unbound.conf
UNBOUND_KEYFILE=$UNBOUND_VARDIR/root.key
UNBOUND_HINTFILE=$UNBOUND_VARDIR/root.hints
UNBOUND_TIMEFILE=$UNBOUND_VARDIR/unbound.time
UNBOUND_CHECKFILE=$UNBOUND_VARDIR/unbound.check
##############################################################################
UNBOUND_ANCHOR=/usr/sbin/unbound-anchor
UNBOUND_CONTROL=/usr/sbin/unbound-control
UNBOUND_CONTROL_CFG="$UNBOUND_CONTROL -c $UNBOUND_CONFFILE"
##############################################################################
@ -109,8 +113,33 @@ create_domain_insecure() {
##############################################################################
unbound_mkdir() {
local resolvsym=0
local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile )
local dhcp_dir=$( dirname "$dhcp_origin" )
if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
resolvsym=1
else
/etc/init.d/dnsmasq enabled || resolvsym=1
fi
if [ "$resolvsym" -gt 0 ] ; then
rm -f /tmp/resolv.conf
{
# Set resolver file to local but not if /etc/init.d/dnsmasq will do it.
echo "nameserver 127.0.0.1"
echo "nameserver ::1"
} > /tmp/resolv.conf
fi
mkdir -p $UNBOUND_VARDIR
touch $UNBOUND_CONFFILE
rm -f $UNBOUND_VARDIR/dhcp_*
if [ -f /etc/unbound/root.hints ] ; then
@ -148,6 +177,7 @@ unbound_conf() {
local cfg=$1
local rt_mem rt_conn modulestring
{
# Make fresh conf file
echo "# $UNBOUND_CONFFILE generated by UCI $( date )"
@ -165,15 +195,6 @@ unbound_conf() {
echo " control-interface: ::1"
echo
} >> $UNBOUND_CONFFILE
else
{
# "control:" clause is seperate before "server:" so we can append
# dnsmasq "server:" parts and "forward:" cluases towards the end.
echo "remote-control:"
echo " control-enable: no"
echo
} >> $UNBOUND_CONFFILE
fi
@ -496,10 +517,8 @@ unbound_uci() {
####################
config_get_bool UNBOUND_B_DNS64 "$cfg" dns64 0
config_get_bool UNBOUND_B_GATE_NAME "$cfg" dnsmasq_gate_name 0
config_get_bool UNBOUND_B_DNSMASQ "$cfg" dnsmasq_link_dns 0
config_get_bool UNBOUND_B_HIDE_BIND "$cfg" hide_binddata 1
config_get_bool UNBOUND_B_LOCL_NAME "$cfg" dnsmasq_only_local 0
config_get_bool UNBOUND_B_LOCL_SERV "$cfg" localservice 1
config_get_bool UNBOUND_B_MAN_CONF "$cfg" manual_conf 0
config_get_bool UNBOUND_B_QUERY_MIN "$cfg" query_minimize 0
@ -516,6 +535,7 @@ unbound_uci() {
config_get UNBOUND_N_RX_PORT "$cfg" listen_port 53
config_get UNBOUND_N_ROOT_AGE "$cfg" root_age 7
config_get UNBOUND_D_DHCP_LINK "$cfg" dhcp_link none
config_get UNBOUND_D_PROTOCOL "$cfg" protocol mixed
config_get UNBOUND_D_RECURSION "$cfg" recursion passive
config_get UNBOUND_D_RESOURCE "$cfg" resource small
@ -523,13 +543,42 @@ unbound_uci() {
config_get UNBOUND_TTL_MIN "$cfg" ttl_min 120
if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
dnsmasqpath=$( which dnsmasq )
if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
config_get_bool UNBOUND_B_GATE_NAME "$cfg" dnsmasq_gate_name 0
config_get_bool UNBOUND_B_DNSMASQ "$cfg" dnsmasq_link_dns 0
if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
UNBOUND_D_DHCP_LINK=dnsmasq
logger -t unbound -s "Please use 'dhcp_link' selector instead"
fi
fi
if [ "$UNBOUND_D_DHCP_LINK" = "dnsmasq" ] ; then
if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
UNBOUND_D_DHCP_LINK=none
else
/etc/init.d/dnsmasq enabled || UNBOUND_D_DHCP_LINK=none
fi
if [ ! -x "$dnsmasqpath" ] ; then
if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
logger -t unbound -s "cannot forward to dnsmasq"
UNBOUND_B_DNSMASQ=0
fi
fi
if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" ] ; then
if [ ! -x /usr/sbin/odhcpd -o ! -x /etc/init.d/odhcpd ] ; then
UNBOUND_D_DHCP_LINK=none
else
/etc/init.d/odhcpd enabled || UNBOUND_D_DHCP_LINK=none
fi
if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
logger -t unbound -s "cannot receive records from odhcpd"
fi
fi
@ -557,7 +606,7 @@ unbound_uci() {
if [ "$UNBOUND_B_MAN_CONF" -gt 0 ] ; then
# Don't want this being triggered. Maybe we could, but then the
# base conf you provide would need to be just right.
UNBOUND_B_DNSMASQ=0
UNBOUND_D_DHCP_LINK=none
else
unbound_conf $cfg
@ -567,13 +616,7 @@ unbound_uci() {
##############################################################################
unbound_own () {
# Debug UCI
{
echo "# $UNBOUND_CHECKFILE generated by UCI $( date )"
echo
set | grep ^UNBOUND_
} > $UNBOUND_CHECKFILE
local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile )
if [ "$UNBOUND_B_MAN_CONF" -gt 0 ] ; then
# You are doing your own thing, so just copy /etc/ to /var/
@ -581,6 +624,12 @@ unbound_own () {
fi
if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" -a ! -f "$dhcp_origin" ] ; then
# odhcpd will not (yet) create its own lease file home
mkdir -p $( dirname "$dhcp_origin" )
fi
# Ensure access and prepare to jail
chown -R unbound:unbound $UNBOUND_VARDIR
chmod 775 $UNBOUND_VARDIR
@ -606,3 +655,25 @@ unbound_prepare() {
##############################################################################
unbound_cleanup() {
local resolvsym=0
rootzone_update
if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
resolvsym=1
else
/etc/init.d/dnsmasq enabled || resolvsym=1
fi
if [ "$resolvsym" -gt 0 ] ; then
# set resolver file to normal, but don't stomp on dnsmasq
rm -f /tmp/resolv.conf
ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
fi
}
##############################################################################

Loading…
Cancel
Save