|
@ -0,0 +1,182 @@ |
|
|
|
|
|
#!/bin/sh |
|
|
|
|
|
############################################################################## |
|
|
|
|
|
# |
|
|
|
|
|
# This program is free software; you can redistribute it and/or modify |
|
|
|
|
|
# it under the terms of the GNU General Public License version 2 as |
|
|
|
|
|
# published by the Free Software Foundation. |
|
|
|
|
|
# |
|
|
|
|
|
# This program is distributed in the hope that it will be useful, |
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
|
|
|
# GNU General Public License for more details. |
|
|
|
|
|
# |
|
|
|
|
|
# Copyright (C) 2016 Eric Luehrsen |
|
|
|
|
|
# |
|
|
|
|
|
############################################################################## |
|
|
|
|
|
# |
|
|
|
|
|
# This crosses over to the dnsmasq UCI file "dhcp" and parses it for fields |
|
|
|
|
|
# that will allow Unbound to request local host DNS of dnsmasq. We need to look |
|
|
|
|
|
# at the interfaces in "dhcp" and get their subnets. The Unbound conf syntax |
|
|
|
|
|
# makes this a little difficult. First in "server:" we need to create private |
|
|
|
|
|
# zones for the domain and PTR records. Then we need to create numerous |
|
|
|
|
|
# "forward:" clauses to forward those zones to dnsmasq. |
|
|
|
|
|
# |
|
|
|
|
|
############################################################################## |
|
|
|
|
|
|
|
|
|
|
|
create_local_zone() { |
|
|
|
|
|
local cfg="$1" |
|
|
|
|
|
local fwd_port fwd_domain |
|
|
|
|
|
|
|
|
|
|
|
config_get fwd_domain "$cfg" domain |
|
|
|
|
|
config_get fwd_port "$cfg" port |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -n "$fwd_domain" -a -n "$fwd_port" -a ! "$fwd_port" -eq 53 ] ; then |
|
|
|
|
|
# dnsmasq localhost listening ports (possible multiple instances) |
|
|
|
|
|
UNBOUND_N_FWD_PORTS="$UNBOUND_N_FWD_PORTS $fwd_port" |
|
|
|
|
|
UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $fwd_domain" |
|
|
|
|
|
|
|
|
|
|
|
{ |
|
|
|
|
|
# This creates DOMAIN local privledges |
|
|
|
|
|
echo " private-domain: \"$fwd_domain\"" |
|
|
|
|
|
echo " local-zone: \"$fwd_domain.\" transparent" |
|
|
|
|
|
echo " domain-insecure: \"$fwd_domain\"" |
|
|
|
|
|
echo |
|
|
|
|
|
} >> $UNBOUND_CONFFILE |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
############################################################################## |
|
|
|
|
|
|
|
|
|
|
|
create_local_arpa() { |
|
|
|
|
|
local cfg="$1" |
|
|
|
|
|
local logint dhcpv4 dhcpv6 ignore |
|
|
|
|
|
local subnets subnets4 subnets6 |
|
|
|
|
|
local forward arpa |
|
|
|
|
|
local validip4 validip6 privateip |
|
|
|
|
|
|
|
|
|
|
|
config_get logint "$cfg" interface |
|
|
|
|
|
config_get dhcpv4 "$cfg" dhcpv4 |
|
|
|
|
|
config_get dhcpv6 "$cfg" dhcpv6 |
|
|
|
|
|
config_get_bool ignore "$cfg" ignore 0 |
|
|
|
|
|
|
|
|
|
|
|
# Find the list of addresses assigned to a logical interface |
|
|
|
|
|
# Its typical to have a logical gateway split NAME and NAME6 |
|
|
|
|
|
network_get_subnets subnets4 "$logint" |
|
|
|
|
|
network_get_subnets6 subnets6 "$logint" |
|
|
|
|
|
subnets="$subnets4 $subnets6" |
|
|
|
|
|
|
|
|
|
|
|
network_get_subnets subnets4 "${logint}6" |
|
|
|
|
|
network_get_subnets6 subnets6 "${logint}6" |
|
|
|
|
|
subnets="$subnets $subnets4 $subnets6" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$subnets" ] ; then |
|
|
|
|
|
forward="" |
|
|
|
|
|
|
|
|
|
|
|
elif [ -z "$UNBOUND_N_FWD_PORTS" ] ; then |
|
|
|
|
|
forward="" |
|
|
|
|
|
|
|
|
|
|
|
elif [ "$ignore" -gt 0 ] ; then |
|
|
|
|
|
if [ "$UNBOUND_B_GATE_NAME" -gt 0 ] ; then |
|
|
|
|
|
# Only forward the one gateway host. |
|
|
|
|
|
forward="host" |
|
|
|
|
|
|
|
|
|
|
|
else |
|
|
|
|
|
forward="" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
else |
|
|
|
|
|
# Forward the entire private subnet. |
|
|
|
|
|
forward="domain" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -n "$forward" ] ; then |
|
|
|
|
|
for subnet in $subnets ; do |
|
|
|
|
|
validip4=$( valid_subnet4 $subnet ) |
|
|
|
|
|
validip6=$( valid_subnet6 $subnet ) |
|
|
|
|
|
privateip=$( private_subnet $subnet ) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$validip4" = "ok" -a "$dhcpv4" != "disable" ] ; then |
|
|
|
|
|
if [ "$forward" = "domain" ] ; then |
|
|
|
|
|
arpa=$( domain_ptr_ip4 "$subnet" ) |
|
|
|
|
|
else |
|
|
|
|
|
arpa=$( host_ptr_ip4 "$subnet" ) |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
elif [ "$validip6" = "ok" -a "$dhcpv6" != "disable" ] ; then |
|
|
|
|
|
if [ "$forward" = "domain" ] ; then |
|
|
|
|
|
arpa=$( domain_ptr_ip6 "$subnet" ) |
|
|
|
|
|
else |
|
|
|
|
|
arpa=$( host_ptr_ip6 "$subnet" ) |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
else |
|
|
|
|
|
arpa="" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -n "$arpa" ] ; then |
|
|
|
|
|
if [ "$privateip" = "ok" ] ; then |
|
|
|
|
|
{ |
|
|
|
|
|
# This creates ARPA local zone privledges |
|
|
|
|
|
echo " local-zone: \"$arpa.\" transparent" |
|
|
|
|
|
echo " domain-insecure: \"$arpa\"" |
|
|
|
|
|
echo |
|
|
|
|
|
} >> $UNBOUND_CONFFILE |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $arpa" |
|
|
|
|
|
fi |
|
|
|
|
|
done |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
############################################################################## |
|
|
|
|
|
|
|
|
|
|
|
forward_local_zone() { |
|
|
|
|
|
if [ -n "$UNBOUND_N_FWD_PORTS" -a -n "$UNBOUND_TXT_FWD_ZONE" ] ; then |
|
|
|
|
|
for fwd_domain in $UNBOUND_TXT_FWD_ZONE ; do |
|
|
|
|
|
{ |
|
|
|
|
|
# This is derived of create_local_zone/arpa |
|
|
|
|
|
# but forward: clauses need to be seperate |
|
|
|
|
|
echo "forward-zone:" |
|
|
|
|
|
echo " name: \"$fwd_domain.\"" |
|
|
|
|
|
|
|
|
|
|
|
for port in $UNBOUND_N_FWD_PORTS ; do |
|
|
|
|
|
echo " forward-addr: 127.0.0.1@$port" |
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
|
|
|
echo |
|
|
|
|
|
} >> $UNBOUND_CONFFILE |
|
|
|
|
|
done |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
############################################################################## |
|
|
|
|
|
|
|
|
|
|
|
dnsmasq_link() { |
|
|
|
|
|
#################### |
|
|
|
|
|
# UCI @ dhcp # |
|
|
|
|
|
#################### |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then |
|
|
|
|
|
# Forward to dnsmasq on same host for DHCP lease hosts |
|
|
|
|
|
echo " do-not-query-localhost: no" >> $UNBOUND_CONFFILE |
|
|
|
|
|
# Look at dnsmasq settings |
|
|
|
|
|
config_load dhcp |
|
|
|
|
|
# Zone for DHCP / SLAAC-PING DOMAIN |
|
|
|
|
|
config_foreach create_local_zone dnsmasq |
|
|
|
|
|
# Zone for DHCP / SLAAC-PING ARPA |
|
|
|
|
|
config_foreach create_local_arpa dhcp |
|
|
|
|
|
# Now create ALL seperate forward: clauses |
|
|
|
|
|
forward_local_zone |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
############################################################################## |
|
|
|
|
|
|