1255809Sdes#!/bin/sh 2255809Sdes# 3255809Sdes# $FreeBSD$ 4255809Sdes# 5255809Sdes 6255809Sdes# PROVIDE: local_unbound 7255825Sdes# REQUIRE: FILESYSTEMS netif resolv 8255809Sdes# KEYWORD: shutdown 9255809Sdes 10255809Sdes. /etc/rc.subr 11255809Sdes 12255809Sdesname="local_unbound" 13255809Sdesdesc="local caching forwarding resolver" 14255809Sdesrcvar="local_unbound_enable" 15255809Sdes 16255809Sdescommand="/usr/sbin/unbound" 17255809Sdesextra_commands="anchor configtest reload setup" 18255809Sdesstart_precmd="local_unbound_prestart" 19255809Sdesreload_precmd="local_unbound_configtest" 20255809Sdesanchor_cmd="local_unbound_anchor" 21255809Sdesconfigtest_cmd="local_unbound_configtest" 22255809Sdessetup_cmd="local_unbound_setup" 23255809Sdespidfile="/var/run/${name}.pid" 24255809Sdes 25255809Sdes: ${local_unbound_workdir:=/var/unbound} 26255809Sdes: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 27255809Sdes: ${local_unbound_flags:=-c${local_unbound_config}} 28255809Sdes: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 29255809Sdes: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 30255809Sdes: ${local_unbound_forwarders:=} 31255809Sdes 32255809Sdesload_rc_config $name 33255809Sdes 34255809Sdesdo_as_unbound() 35255809Sdes{ 36255809Sdes echo "$@" | su -m unbound 37255809Sdes} 38255809Sdes 39255809Sdes# 40255809Sdes# Retrieve or update the DNSSEC root anchor 41255809Sdes# 42255809Sdeslocal_unbound_anchor() 43255809Sdes{ 44255809Sdes do_as_unbound /usr/sbin/unbound-anchor -a ${local_unbound_anchor} 45255809Sdes # we can't trust the exit code - check if the file exists 46255809Sdes [ -f ${local_unbound_anchor} ] 47255809Sdes} 48255809Sdes 49255809Sdes# 50255809Sdes# Check the unbound configuration file 51255809Sdes# 52255809Sdeslocal_unbound_configtest() 53255809Sdes{ 54255809Sdes do_as_unbound /usr/sbin/unbound-checkconf ${local_unbound_config} 55255809Sdes} 56255809Sdes 57255809Sdes# 58255809Sdes# Create the unbound configuration file and update resolv.conf to 59255809Sdes# point to unbound. 60255809Sdes# 61255809Sdeslocal_unbound_setup() 62255809Sdes{ 63255809Sdes echo "Performing initial setup." 64255809Sdes /usr/sbin/local-unbound-setup -n \ 65255809Sdes -u unbound \ 66255809Sdes -w ${local_unbound_workdir} \ 67255809Sdes -c ${local_unbound_config} \ 68255809Sdes -f ${local_unbound_forwardconf} \ 69255809Sdes -a ${local_unbound_anchor} \ 70255809Sdes ${local_unbound_forwarders} 71255809Sdes} 72255809Sdes 73255809Sdes# 74255809Sdes# Before starting, check that the configuration file and root anchor 75255809Sdes# exist. If not, attempt to generate them. 76255809Sdes# 77255809Sdeslocal_unbound_prestart() 78255809Sdes{ 79255809Sdes # Create configuration file 80255809Sdes if [ ! -f ${local_unbound_config} ] ; then 81255809Sdes run_rc_command setup 82255809Sdes fi 83255809Sdes 84255809Sdes # Retrieve DNSSEC root key 85255809Sdes if [ ! -f ${local_unbound_anchor} ] ; then 86255809Sdes run_rc_command anchor 87255809Sdes fi 88255809Sdes} 89255809Sdes 90255809Sdesload_rc_config $name 91255809Sdesrun_rc_command "$1" 92