You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
182 lines
5.2 KiB
182 lines
5.2 KiB
#!/bin/sh
|
|
##############################################################################
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License version 2 as
|
|
# published by the Free Software Foundation.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# Copyright (C) 2016 Eric Luehrsen
|
|
#
|
|
##############################################################################
|
|
#
|
|
# This crosses over to the dnsmasq UCI file "dhcp" and parses it for fields
|
|
# that will allow Unbound to request local host DNS of dnsmasq. We need to look
|
|
# at the interfaces in "dhcp" and get their subnets. The Unbound conf syntax
|
|
# makes this a little difficult. First in "server:" we need to create private
|
|
# zones for the domain and PTR records. Then we need to create numerous
|
|
# "forward:" clauses to forward those zones to dnsmasq.
|
|
#
|
|
##############################################################################
|
|
|
|
create_local_zone() {
|
|
local cfg="$1"
|
|
local fwd_port fwd_domain
|
|
|
|
config_get fwd_domain "$cfg" domain
|
|
config_get fwd_port "$cfg" port
|
|
|
|
|
|
if [ -n "$fwd_domain" -a -n "$fwd_port" -a ! "$fwd_port" -eq 53 ] ; then
|
|
# dnsmasq localhost listening ports (possible multiple instances)
|
|
UNBOUND_N_FWD_PORTS="$UNBOUND_N_FWD_PORTS $fwd_port"
|
|
UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $fwd_domain"
|
|
|
|
{
|
|
# This creates DOMAIN local privledges
|
|
echo " private-domain: \"$fwd_domain\""
|
|
echo " local-zone: \"$fwd_domain.\" transparent"
|
|
echo " domain-insecure: \"$fwd_domain\""
|
|
echo
|
|
} >> $UNBOUND_CONFFILE
|
|
fi
|
|
}
|
|
|
|
##############################################################################
|
|
|
|
create_local_arpa() {
|
|
local cfg="$1"
|
|
local logint dhcpv4 dhcpv6 ignore
|
|
local subnets subnets4 subnets6
|
|
local forward arpa
|
|
local validip4 validip6 privateip
|
|
|
|
config_get logint "$cfg" interface
|
|
config_get dhcpv4 "$cfg" dhcpv4
|
|
config_get dhcpv6 "$cfg" dhcpv6
|
|
config_get_bool ignore "$cfg" ignore 0
|
|
|
|
# Find the list of addresses assigned to a logical interface
|
|
# Its typical to have a logical gateway split NAME and NAME6
|
|
network_get_subnets subnets4 "$logint"
|
|
network_get_subnets6 subnets6 "$logint"
|
|
subnets="$subnets4 $subnets6"
|
|
|
|
network_get_subnets subnets4 "${logint}6"
|
|
network_get_subnets6 subnets6 "${logint}6"
|
|
subnets="$subnets $subnets4 $subnets6"
|
|
|
|
|
|
if [ -z "$subnets" ] ; then
|
|
forward=""
|
|
|
|
elif [ -z "$UNBOUND_N_FWD_PORTS" ] ; then
|
|
forward=""
|
|
|
|
elif [ "$ignore" -gt 0 ] ; then
|
|
if [ "$UNBOUND_B_GATE_NAME" -gt 0 ] ; then
|
|
# Only forward the one gateway host.
|
|
forward="host"
|
|
|
|
else
|
|
forward=""
|
|
fi
|
|
|
|
else
|
|
# Forward the entire private subnet.
|
|
forward="domain"
|
|
fi
|
|
|
|
|
|
if [ -n "$forward" ] ; then
|
|
for subnet in $subnets ; do
|
|
validip4=$( valid_subnet4 $subnet )
|
|
validip6=$( valid_subnet6 $subnet )
|
|
privateip=$( private_subnet $subnet )
|
|
|
|
|
|
if [ "$validip4" = "ok" -a "$dhcpv4" != "disable" ] ; then
|
|
if [ "$forward" = "domain" ] ; then
|
|
arpa=$( domain_ptr_ip4 "$subnet" )
|
|
else
|
|
arpa=$( host_ptr_ip4 "$subnet" )
|
|
fi
|
|
|
|
elif [ "$validip6" = "ok" -a "$dhcpv6" != "disable" ] ; then
|
|
if [ "$forward" = "domain" ] ; then
|
|
arpa=$( domain_ptr_ip6 "$subnet" )
|
|
else
|
|
arpa=$( host_ptr_ip6 "$subnet" )
|
|
fi
|
|
|
|
else
|
|
arpa=""
|
|
fi
|
|
|
|
|
|
if [ -n "$arpa" ] ; then
|
|
if [ "$privateip" = "ok" ] ; then
|
|
{
|
|
# This creates ARPA local zone privledges
|
|
echo " local-zone: \"$arpa.\" transparent"
|
|
echo " domain-insecure: \"$arpa\""
|
|
echo
|
|
} >> $UNBOUND_CONFFILE
|
|
fi
|
|
|
|
|
|
UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $arpa"
|
|
fi
|
|
done
|
|
fi
|
|
}
|
|
|
|
##############################################################################
|
|
|
|
forward_local_zone() {
|
|
if [ -n "$UNBOUND_N_FWD_PORTS" -a -n "$UNBOUND_TXT_FWD_ZONE" ] ; then
|
|
for fwd_domain in $UNBOUND_TXT_FWD_ZONE ; do
|
|
{
|
|
# This is derived of create_local_zone/arpa
|
|
# but forward: clauses need to be seperate
|
|
echo "forward-zone:"
|
|
echo " name: \"$fwd_domain.\""
|
|
|
|
for port in $UNBOUND_N_FWD_PORTS ; do
|
|
echo " forward-addr: 127.0.0.1@$port"
|
|
done
|
|
|
|
echo
|
|
} >> $UNBOUND_CONFFILE
|
|
done
|
|
fi
|
|
}
|
|
|
|
##############################################################################
|
|
|
|
dnsmasq_link() {
|
|
####################
|
|
# UCI @ dhcp #
|
|
####################
|
|
|
|
|
|
if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
|
|
# Forward to dnsmasq on same host for DHCP lease hosts
|
|
echo " do-not-query-localhost: no" >> $UNBOUND_CONFFILE
|
|
# Look at dnsmasq settings
|
|
config_load dhcp
|
|
# Zone for DHCP / SLAAC-PING DOMAIN
|
|
config_foreach create_local_zone dnsmasq
|
|
# Zone for DHCP / SLAAC-PING ARPA
|
|
config_foreach create_local_arpa dhcp
|
|
# Now create ALL seperate forward: clauses
|
|
forward_local_zone
|
|
fi
|
|
}
|
|
|
|
##############################################################################
|
|
|