1255809Sdes#!/bin/sh 2255809Sdes# 3255809Sdes# $FreeBSD: stable/11/etc/rc.d/local_unbound 356345 2020-01-04 01:09:33Z cy $ 4255809Sdes# 5255809Sdes 6255809Sdes# PROVIDE: local_unbound 7255825Sdes# REQUIRE: FILESYSTEMS netif resolv 8278704Sngie# BEFORE: NETWORKING 9255809Sdes# KEYWORD: shutdown 10255809Sdes 11255809Sdes. /etc/rc.subr 12255809Sdes 13255809Sdesname="local_unbound" 14298514Slmedesc="Local caching forwarding resolver" 15255809Sdesrcvar="local_unbound_enable" 16255809Sdes 17356345Scycommand="/usr/sbin/local-unbound" 18255809Sdesextra_commands="anchor configtest reload setup" 19255809Sdesstart_precmd="local_unbound_prestart" 20289592Sdesstart_postcmd="local_unbound_poststart" 21255809Sdesreload_precmd="local_unbound_configtest" 22255809Sdesanchor_cmd="local_unbound_anchor" 23255809Sdesconfigtest_cmd="local_unbound_configtest" 24255809Sdessetup_cmd="local_unbound_setup" 25255809Sdespidfile="/var/run/${name}.pid" 26255809Sdes 27291582Sdesload_rc_config $name 28291582Sdes 29271262Sdes: ${local_unbound_workdir:=/var/unbound} 30271262Sdes: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 31283301Speter: ${local_unbound_flags:="-c ${local_unbound_config}"} 32271262Sdes: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 33277706Sdes: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 34271262Sdes: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 35271262Sdes: ${local_unbound_forwarders:=} 36271262Sdes 37255809Sdesdo_as_unbound() 38255809Sdes{ 39271262Sdes echo "$@" | su -m unbound 40255809Sdes} 41255809Sdes 42255809Sdes# 43255809Sdes# Retrieve or update the DNSSEC root anchor 44255809Sdes# 45255809Sdeslocal_unbound_anchor() 46255809Sdes{ 47356345Scy do_as_unbound ${command}-anchor -a ${local_unbound_anchor} 48255809Sdes # we can't trust the exit code - check if the file exists 49255809Sdes [ -f ${local_unbound_anchor} ] 50255809Sdes} 51255809Sdes 52255809Sdes# 53255809Sdes# Check the unbound configuration file 54255809Sdes# 55255809Sdeslocal_unbound_configtest() 56255809Sdes{ 57356345Scy do_as_unbound ${command}-checkconf ${local_unbound_config} 58255809Sdes} 59255809Sdes 60255809Sdes# 61255809Sdes# Create the unbound configuration file and update resolv.conf to 62255809Sdes# point to unbound. 63255809Sdes# 64255809Sdeslocal_unbound_setup() 65255809Sdes{ 66255809Sdes echo "Performing initial setup." 67356345Scy ${command}-setup -n \ 68255809Sdes -u unbound \ 69255809Sdes -w ${local_unbound_workdir} \ 70255809Sdes -c ${local_unbound_config} \ 71255809Sdes -f ${local_unbound_forwardconf} \ 72277706Sdes -o ${local_unbound_controlconf} \ 73255809Sdes -a ${local_unbound_anchor} \ 74255809Sdes ${local_unbound_forwarders} 75255809Sdes} 76255809Sdes 77255809Sdes# 78255809Sdes# Before starting, check that the configuration file and root anchor 79255809Sdes# exist. If not, attempt to generate them. 80255809Sdes# 81255809Sdeslocal_unbound_prestart() 82255809Sdes{ 83255809Sdes # Create configuration file 84255809Sdes if [ ! -f ${local_unbound_config} ] ; then 85255809Sdes run_rc_command setup 86255809Sdes fi 87255809Sdes 88255809Sdes # Retrieve DNSSEC root key 89255809Sdes if [ ! -f ${local_unbound_anchor} ] ; then 90255809Sdes run_rc_command anchor 91255809Sdes fi 92255809Sdes} 93255809Sdes 94289592Sdes# 95289592Sdes# After starting, wait for Unbound to report that it is ready to avoid 96289592Sdes# race conditions with services which require functioning DNS. 97289592Sdes# 98289592Sdeslocal_unbound_poststart() 99289592Sdes{ 100289592Sdes local retry=5 101289592Sdes 102289592Sdes echo -n "Waiting for nameserver to start..." 103289592Sdes until "${command}-control" status | grep -q "is running" ; do 104289592Sdes if [ $((retry -= 1)) -eq 0 ] ; then 105289592Sdes echo " giving up" 106289592Sdes return 1 107289592Sdes fi 108289592Sdes echo -n "." 109289592Sdes sleep 1 110289592Sdes done 111289592Sdes echo " good" 112289592Sdes} 113289592Sdes 114255809Sdesload_rc_config $name 115255809Sdesrun_rc_command "$1" 116