#!/bin/sh ############################################################################## # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Copyright (C) 2016 Eric Luehrsen # ############################################################################## # # This crosses over to the dnsmasq UCI file "dhcp" and parses it for fields # that will allow Unbound to request local host DNS of dnsmasq. We need to look # at the interfaces in "dhcp" and get their subnets. The Unbound conf syntax # makes this a little difficult. First in "server:" we need to create private # zones for the domain and PTR records. Then we need to create numerous # "forward:" clauses to forward those zones to dnsmasq. # ############################################################################## dnsmasq_local_zone() { local cfg="$1" local fwd_port fwd_domain wan_fqdn # dnsmasq domain and interface assignment settings will control config config_get fwd_domain "$cfg" domain config_get fwd_port "$cfg" port config_get wan_fqdn "$cfg" add_wan_fqdn if [ -n "$wan_fqdn" ] ; then UNBOUND_D_WAN_FQDN=$wan_fqdn fi if [ -n "$fwd_domain" -a -n "$fwd_port" -a ! "$fwd_port" -eq 53 ] ; then # dnsmasq localhost listening ports (possible multiple instances) UNBOUND_N_FWD_PORTS="$UNBOUND_N_FWD_PORTS $fwd_port" UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $fwd_domain" { # This creates DOMAIN local privledges echo " private-domain: \"$fwd_domain\"" echo " local-zone: \"$fwd_domain.\" transparent" echo " domain-insecure: \"$fwd_domain\"" echo } >> $UNBOUND_CONFFILE fi } ############################################################################## dnsmasq_local_arpa() { local cfg="$1" local logint dhcpv4 dhcpv6 ignore local subnets subnets4 subnets6 local forward arpa local validip4 validip6 privateip config_get logint "$cfg" interface config_get dhcpv4 "$cfg" dhcpv4 config_get dhcpv6 "$cfg" dhcpv6 config_get_bool ignore "$cfg" ignore 0 # Find the list of addresses assigned to a logical interface # Its typical to have a logical gateway split NAME and NAME6 network_get_subnets subnets4 "$logint" network_get_subnets6 subnets6 "$logint" subnets="$subnets4 $subnets6" network_get_subnets subnets4 "${logint}6" network_get_subnets6 subnets6 "${logint}6" subnets="$subnets $subnets4 $subnets6" if [ -z "$subnets" ] ; then forward="" elif [ -z "$UNBOUND_N_FWD_PORTS" ] ; then forward="" elif [ "$ignore" -gt 0 ] ; then if [ "$UNBOUND_D_WAN_FQDN" -gt 0 ] ; then # Only forward the one gateway host. forward="host" else forward="" fi else # Forward the entire private subnet. forward="domain" fi if [ -n "$forward" ] ; then for subnet in $subnets ; do validip4=$( valid_subnet4 $subnet ) validip6=$( valid_subnet6 $subnet ) privateip=$( private_subnet $subnet ) if [ "$validip4" = "ok" -a "$dhcpv4" != "disable" ] ; then if [ "$forward" = "domain" ] ; then arpa=$( domain_ptr_ip4 "$subnet" ) else arpa=$( host_ptr_ip4 "$subnet" ) fi elif [ "$validip6" = "ok" -a "$dhcpv6" != "disable" ] ; then if [ "$forward" = "domain" ] ; then arpa=$( domain_ptr_ip6 "$subnet" ) else arpa=$( host_ptr_ip6 "$subnet" ) fi else arpa="" fi if [ -n "$arpa" ] ; then if [ "$privateip" = "ok" ] ; then { # This creates ARPA local zone privledges echo " local-zone: \"$arpa.\" transparent" echo " domain-insecure: \"$arpa\"" echo } >> $UNBOUND_CONFFILE fi UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $arpa" fi done fi } ############################################################################## dnsmasq_forward_zone() { if [ -n "$UNBOUND_N_FWD_PORTS" -a -n "$UNBOUND_TXT_FWD_ZONE" ] ; then for fwd_domain in $UNBOUND_TXT_FWD_ZONE ; do { # This is derived of dnsmasq_local_zone/arpa # but forward: clauses need to be seperate echo "forward-zone:" echo " name: \"$fwd_domain.\"" for port in $UNBOUND_N_FWD_PORTS ; do echo " forward-addr: 127.0.0.1@$port" done echo } >> $UNBOUND_CONFFILE done fi } ############################################################################## dnsmasq_link() { # Forward to dnsmasq on same host for DHCP lease hosts echo " do-not-query-localhost: no" >> $UNBOUND_CONFFILE # Look at dnsmasq settings config_load dhcp # Zone for DHCP / SLAAC-PING DOMAIN config_foreach dnsmasq_local_zone dnsmasq # Zone for DHCP / SLAAC-PING ARPA config_foreach dnsmasq_local_arpa dhcp # Now create ALL seperate forward: clauses dnsmasq_forward_zone } ##############################################################################