diff options
author | des <des@FreeBSD.org> | 2013-09-23 04:36:51 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2013-09-23 04:36:51 +0000 |
commit | b1d537a11d2a680fc34947d3883280e75b3d6b71 (patch) | |
tree | 0df6588b3449352aea0a807080b17b534bc0595f /etc/defaults | |
parent | 5acce3cc7f418da48d069006b327265877aa87d8 (diff) | |
download | FreeBSD-src-b1d537a11d2a680fc34947d3883280e75b3d6b71.zip FreeBSD-src-b1d537a11d2a680fc34947d3883280e75b3d6b71.tar.gz |
Add a setup script for unbound(8) called local-unbound-setup. It
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf. The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost. Alternatively, a list of forwarders can be provided on the
command line.
To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks. We should consider doing
the same for "status", which is currently pointless.
Add an rc script for unbound, called local_unbound. If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.
Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound. This is necessary so that
unbound can reload its configuration while chrooted. We should
probably provide symlinks in /etc.
Approved by: re (blanket)
Diffstat (limited to 'etc/defaults')
-rw-r--r-- | etc/defaults/rc.conf | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 39957278..80f279d 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -270,6 +270,7 @@ hastd_enable="NO" # Run the HAST daemon (YES/NO). hastd_program="/sbin/hastd" # path to hastd, if you want a different one. hastd_flags="" # Optional flags to hastd. ctld_enable="NO" # CAM Target Layer / iSCSI target daemon. +local_unbound_enable="NO" # local caching resolver # # named. It may be possible to run named in a sandbox, man security for # details. |