LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

unbound: add dns assistants on local host 

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
lilik-openwrt-22.03
Eric Luehrsen 4 years ago
parent
8e0b2d344e
commit
9c655aed3a
3 changed files with 70 additions and 5 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -0
      net/unbound/files/README.md
  2. +1
    -0
      net/unbound/files/defaults.sh
  3. +64
    -5
      net/unbound/files/unbound.sh

+ 5
- 0
net/unbound/files/README.md View File

@ -222,6 +222,11 @@ config unbound
Level. Same as previous option only this applies to the WAN. WAN are Level. Same as previous option only this applies to the WAN. WAN are
inferred by a UCI `config dhcp` entry that contains the 'option ignore 1'. inferred by a UCI `config dhcp` entry that contains the 'option ignore 1'.
option dns_assist 'none'
Program Name. Use DNS helpers found on local host and match to their UCI.
Only program 'ipset-dns' is supported so far. NSD and Bind might be useful
but they don't have UCI to parse.
option dns64 '0' option dns64 '0'
Boolean. Enable DNS64 through Unbound in order to bridge networks that are Boolean. Enable DNS64 through Unbound in order to bridge networks that are
IPV6 only and IPV4 only (see RFC6052). IPV6 only and IPV4 only (see RFC6052).


+ 1
- 0
net/unbound/files/defaults.sh View File

@ -26,6 +26,7 @@ UB_HOST_CONF=$UB_VARDIR/host.conf.tmp
UB_DHCP_CONF=$UB_VARDIR/dhcp.conf UB_DHCP_CONF=$UB_VARDIR/dhcp.conf
UB_ZONE_CONF=$UB_VARDIR/zone.conf.tmp UB_ZONE_CONF=$UB_VARDIR/zone.conf.tmp
UB_CTRL_CONF=$UB_VARDIR/ctrl.conf.tmp UB_CTRL_CONF=$UB_VARDIR/ctrl.conf.tmp
UB_ASSIST_CONF=$UB_VARDIR/assist.conf.tmp
UB_SRVMASQ_CONF=$UB_VARDIR/dnsmasq_srv.conf.tmp UB_SRVMASQ_CONF=$UB_VARDIR/dnsmasq_srv.conf.tmp
UB_EXTMASQ_CONF=$UB_VARDIR/dnsmasq_ext.conf.tmp UB_EXTMASQ_CONF=$UB_VARDIR/dnsmasq_ext.conf.tmp
UB_SRV_CONF=$UB_VARDIR/unbound_srv.conf UB_SRV_CONF=$UB_VARDIR/unbound_srv.conf


+ 64
- 5
net/unbound/files/unbound.sh View File

@ -41,6 +41,7 @@ UB_B_IF_AUTO=1
UB_D_CONTROL=0 UB_D_CONTROL=0
UB_D_DOMAIN_TYPE=static UB_D_DOMAIN_TYPE=static
UB_D_DHCP_LINK=none UB_D_DHCP_LINK=none
UB_D_DNS_ASSIST=none
UB_D_EXTRA_DNS=0 UB_D_EXTRA_DNS=0
UB_D_LAN_FQDN=0 UB_D_LAN_FQDN=0
UB_D_PRIV_BLCK=1 UB_D_PRIV_BLCK=1
@ -375,6 +376,37 @@ unbound_control() {
############################################################################## ##############################################################################
unbound_assistant() {
local port=53000
case "$UB_D_DNS_ASSIST" in
ipset-dns)
port=$( uci_get ipset-dns.@ipset-dns[0].port )
if [ ! -f "$UB_ASSIST_CONF" ] \
&& [ $port -gt 0 ] && [ $port -lt 65535 ] ; then
{
echo "# $UB_ASSIST_CONF generated by UCI $( date -Is )"
echo "forward-zone:"
echo " name: ."
echo " forward-addr: 127.0.0.1@$port"
echo " forward-first: no"
} > $UB_ASSIST_CONF
fi
;;
nsd)
echo "# Sorry, NSD does not have UCI to read and link." >> $UB_ASSIST_CONF
;;
bind)
echo "# Sorry, Bind does not have UCI to read and link." >> $UB_ASSIST_CONF
;;
esac
}
##############################################################################
unbound_zone() { unbound_zone() {
local cfg=$1 local cfg=$1
local servers_ip="" local servers_ip=""
@ -629,6 +661,18 @@ unbound_conf() {
fi fi
if [ "$UB_B_IF_AUTO" -gt 0 ] ; then
echo " interface-automatic: yes" >> $UB_CORE_CONF
fi
case "$UB_D_DNS_ASSIST" in
bind|ipset-dns|nsd)
echo " do-not-query-localhost: no" >> $UB_CORE_CONF
;;
esac
case "$UB_D_PROTOCOL" in case "$UB_D_PROTOCOL" in
ip4_only) ip4_only)
{ {
@ -721,11 +765,6 @@ unbound_conf() {
esac esac
if [ "$UB_B_IF_AUTO" -gt 0 ] ; then
echo " interface-automatic: yes" >> $UB_CORE_CONF
fi
case "$UB_D_RESOURCE" in case "$UB_D_RESOURCE" in
# Tiny - Unbound's recommended cheap hardware config # Tiny - Unbound's recommended cheap hardware config
tiny) rt_mem=1 ; rt_conn=2 ; rt_buff=1 ;; tiny) rt_mem=1 ; rt_conn=2 ; rt_buff=1 ;;
@ -1241,6 +1280,7 @@ unbound_uci() {
config_get UB_D_CONTROL "$cfg" unbound_control 0 config_get UB_D_CONTROL "$cfg" unbound_control 0
config_get UB_D_DOMAIN_TYPE "$cfg" domain_type static config_get UB_D_DOMAIN_TYPE "$cfg" domain_type static
config_get UB_D_DHCP_LINK "$cfg" dhcp_link none config_get UB_D_DHCP_LINK "$cfg" dhcp_link none
config_get UB_D_DNS_ASSIST "$cfg" dns_assist none
config_get UB_D_EXTRA_DNS "$cfg" add_extra_dns 0 config_get UB_D_EXTRA_DNS "$cfg" add_extra_dns 0
config_get UB_D_LAN_FQDN "$cfg" add_local_fqdn 0 config_get UB_D_LAN_FQDN "$cfg" add_local_fqdn 0
config_get UB_D_PRIV_BLCK "$cfg" rebind_protection 1 config_get UB_D_PRIV_BLCK "$cfg" rebind_protection 1
@ -1271,6 +1311,16 @@ unbound_uci() {
fi fi
if [ "$UB_D_DNS_ASSIST" = "none" ] ; then
UB_D_DNS_ASSIST=none
elif [ ! -x /usr/sbin/bind ] || [ ! -x /etc/init.d/bind ] \
|| [ ! -x /usr/sbin/nsd ] || [ ! -x /etc/init.d/nsd ] \
|| [ ! -x /usr/sbin/ipset-dns ] || [ ! -x /etc/init.d/ipset-dns ] ; then
UB_D_DNS_ASSIST=none
fi
if [ "$UB_D_DHCP_LINK" = "dnsmasq" ] ; then if [ "$UB_D_DHCP_LINK" = "dnsmasq" ] ; then
if [ ! -x /usr/sbin/dnsmasq ] || [ ! -x /etc/init.d/dnsmasq ] ; then if [ ! -x /usr/sbin/dnsmasq ] || [ ! -x /etc/init.d/dnsmasq ] ; then
UB_D_DHCP_LINK=none UB_D_DHCP_LINK=none
@ -1406,6 +1456,13 @@ unbound_include() {
fi fi
if [ -f "$UB_ASSIST_CONF" ] ; then
# UCI found link to DNS helpers
cat $UB_ASSIST_CONF >> $UB_TOTAL_CONF
rm $UB_ASSIST_CONF
fi
if [ -f "$UB_EXT_CONF" ] ; then if [ -f "$UB_EXT_CONF" ] ; then
{ {
# Pull your own extend feature clauses here # Pull your own extend feature clauses here
@ -1468,6 +1525,8 @@ unbound_start() {
unbound_hostname unbound_hostname
# control: # control:
unbound_control unbound_control
# assistants
unbound_assistant
# dnsmasq # dnsmasq
dnsmasq_link dnsmasq_link
# merge # merge


Write Preview
Loading…
Cancel
Save