diff options
| author | des <des@FreeBSD.org> | 2014-07-18 12:33:22 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2014-07-18 12:33:22 +0000 |
| commit | f1c75160cf590b270c8ed4eacfcd02fab0dc47e7 (patch) | |
| tree | 37d251ffba3f8db691b6478b8dcc667872c815dc /usr.sbin/unbound/local-setup | |
| parent | d96c67cabdd8553d6547ab549c8a31d73216ca58 (diff) | |
| download | FreeBSD-src-f1c75160cf590b270c8ed4eacfcd02fab0dc47e7.zip FreeBSD-src-f1c75160cf590b270c8ed4eacfcd02fab0dc47e7.tar.gz | |
Use a combination of unblock-lan-zones (r268839) and domain-insecure
to fix reverse lookups on networks using private addresses.
Diffstat (limited to 'usr.sbin/unbound/local-setup')
| -rwxr-xr-x | usr.sbin/unbound/local-setup/local-unbound-setup.sh | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/usr.sbin/unbound/local-setup/local-unbound-setup.sh b/usr.sbin/unbound/local-setup/local-unbound-setup.sh index ca3eced..837cf9a 100755 --- a/usr.sbin/unbound/local-setup/local-unbound-setup.sh +++ b/usr.sbin/unbound/local-setup/local-unbound-setup.sh @@ -33,6 +33,7 @@ user="" unbound_conf="" forward_conf="" +lanzones_conf="" workdir="" confdir="" chrootdir="" @@ -59,6 +60,7 @@ set_defaults() { : ${confdir:=${workdir}/conf.d} : ${unbound_conf:=${workdir}/unbound.conf} : ${forward_conf:=${workdir}/forward.conf} + : ${lanzones_conf:=${workdir}/lan-zones.conf} : ${anchor:=${workdir}/root.key} : ${pidfile:=/var/run/local_unbound.pid} : ${resolv_conf:=/etc/resolv.conf} @@ -73,7 +75,8 @@ set_defaults() { # set_chrootdir() { chrootdir="${workdir}" - for file in "${unbound_conf}" "${forward_conf}" "${anchor}" ; do + for file in "${unbound_conf}" "${forward_conf}" \ + "${lanzones_conf}" "${anchor}" ; do if [ "${file#${workdir%/}/}" = "${file}" ] ; then echo "warning: ${file} is outside ${workdir}" >&2 chrootdir="" @@ -171,6 +174,7 @@ gen_resolvconf_conf() { # gen_forward_conf() { echo "# Generated by $self" + echo "# Do not edit this file." echo "forward-zone:" echo " name: ." for forwarder ; do @@ -183,6 +187,42 @@ gen_forward_conf() { } # +# Generate lan-zones.conf +# +gen_lanzones_conf() { + echo "# Generated by $self" + echo "# Do not edit this file." + echo "server:" + echo " # Unblock reverse lookups for LAN addresses" + echo " unblock-lan-zones: yes" + echo " domain-insecure: 10.in-addr.arpa." + echo " domain-insecure: 127.in-addr.arpa." + echo " domain-insecure: 16.172.in-addr.arpa." + echo " domain-insecure: 17.172.in-addr.arpa." + echo " domain-insecure: 18.172.in-addr.arpa." + echo " domain-insecure: 19.172.in-addr.arpa." + echo " domain-insecure: 20.172.in-addr.arpa." + echo " domain-insecure: 21.172.in-addr.arpa." + echo " domain-insecure: 22.172.in-addr.arpa." + echo " domain-insecure: 23.172.in-addr.arpa." + echo " domain-insecure: 24.172.in-addr.arpa." + echo " domain-insecure: 25.172.in-addr.arpa." + echo " domain-insecure: 26.172.in-addr.arpa." + echo " domain-insecure: 27.172.in-addr.arpa." + echo " domain-insecure: 28.172.in-addr.arpa." + echo " domain-insecure: 29.172.in-addr.arpa." + echo " domain-insecure: 30.172.in-addr.arpa." + echo " domain-insecure: 31.172.in-addr.arpa." + echo " domain-insecure: 168.192.in-addr.arpa." + echo " domain-insecure: 254.169.in-addr.arpa." + echo " domain-insecure: d.f.ip6.arpa." + echo " domain-insecure: 8.e.ip6.arpa." + echo " domain-insecure: 9.e.ip6.arpa." + echo " domain-insecure: a.e.ip6.arpa." + echo " domain-insecure: b.e.ip6.arpa." +} + +# # Generate unbound.conf # gen_unbound_conf() { @@ -197,6 +237,9 @@ gen_unbound_conf() { if [ -f "${forward_conf}" ] ; then echo "include: ${forward_conf}" fi + if [ -f "${lanzones_conf}" ] ; then + echo "include: ${lanzones_conf}" + fi if [ -d "${confdir}" ] ; then echo "include: ${confdir}/*.conf" fi @@ -323,6 +366,13 @@ main() { fi # + # Generate lan-zones.conf. + # + local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX") + gen_lanzones_conf >"${tmp_lanzones_conf}" + replace "${lanzones_conf}" "${tmp_lanzones_conf}" + + # # Generate unbound.conf. # local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX") |
