diff options
| author | des <des@FreeBSD.org> | 2014-07-29 20:57:38 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2014-07-29 20:57:38 +0000 |
| commit | fe6d9379787eb938c503444ce243caa89cc7b08c (patch) | |
| tree | 5cc01e837e3c2f3dfb21ef0136ca69be1f957059 /usr.sbin/unbound | |
| parent | 1f52ac9340be3979c9bf100fe65c551bcd870cc6 (diff) | |
| download | FreeBSD-src-fe6d9379787eb938c503444ce243caa89cc7b08c.zip FreeBSD-src-fe6d9379787eb938c503444ce243caa89cc7b08c.tar.gz | |
MFH (r266114, r266138): upgrade to latest ldns and unbound
MFH (r266139-r266143, r266145, r266149, r266150): fix props
MFH (r266179, r266180, r266193, r266238, r266777): misc cleanup
MFH (r266863): create and use /var/unbound/conf.d
MFH (r268839): import unblock-lan-zones patch from upstream
MFH (r268840): fix reverse lookups on private networks
MFH (r268883): avoid spamming source tree during build
PR: 190739 (for r268883)
Diffstat (limited to 'usr.sbin/unbound')
| -rwxr-xr-x | usr.sbin/unbound/local-setup/local-unbound-setup.sh | 65 |
1 files changed, 62 insertions, 3 deletions
diff --git a/usr.sbin/unbound/local-setup/local-unbound-setup.sh b/usr.sbin/unbound/local-setup/local-unbound-setup.sh index 99c9324..837cf9a 100755 --- a/usr.sbin/unbound/local-setup/local-unbound-setup.sh +++ b/usr.sbin/unbound/local-setup/local-unbound-setup.sh @@ -33,7 +33,9 @@ user="" unbound_conf="" forward_conf="" +lanzones_conf="" workdir="" +confdir="" chrootdir="" anchor="" pidfile="" @@ -55,8 +57,10 @@ bkext=$(date "+%Y%m%d.%H%M%S") set_defaults() { : ${user:=unbound} : ${workdir:=/var/unbound} + : ${confdir:=${workdir}/conf.d} : ${unbound_conf:=${workdir}/unbound.conf} : ${forward_conf:=${workdir}/forward.conf} + : ${lanzones_conf:=${workdir}/lan-zones.conf} : ${anchor:=${workdir}/root.key} : ${pidfile:=/var/run/local_unbound.pid} : ${resolv_conf:=/etc/resolv.conf} @@ -71,7 +75,8 @@ set_defaults() { # set_chrootdir() { chrootdir="${workdir}" - for file in "${unbound_conf}" "${forward_conf}" "${anchor}" ; do + for file in "${unbound_conf}" "${forward_conf}" \ + "${lanzones_conf}" "${anchor}" ; do if [ "${file#${workdir%/}/}" = "${file}" ] ; then echo "warning: ${file} is outside ${workdir}" >&2 chrootdir="" @@ -169,6 +174,7 @@ gen_resolvconf_conf() { # gen_forward_conf() { echo "# Generated by $self" + echo "# Do not edit this file." echo "forward-zone:" echo " name: ." for forwarder ; do @@ -181,6 +187,42 @@ gen_forward_conf() { } # +# Generate lan-zones.conf +# +gen_lanzones_conf() { + echo "# Generated by $self" + echo "# Do not edit this file." + echo "server:" + echo " # Unblock reverse lookups for LAN addresses" + echo " unblock-lan-zones: yes" + echo " domain-insecure: 10.in-addr.arpa." + echo " domain-insecure: 127.in-addr.arpa." + echo " domain-insecure: 16.172.in-addr.arpa." + echo " domain-insecure: 17.172.in-addr.arpa." + echo " domain-insecure: 18.172.in-addr.arpa." + echo " domain-insecure: 19.172.in-addr.arpa." + echo " domain-insecure: 20.172.in-addr.arpa." + echo " domain-insecure: 21.172.in-addr.arpa." + echo " domain-insecure: 22.172.in-addr.arpa." + echo " domain-insecure: 23.172.in-addr.arpa." + echo " domain-insecure: 24.172.in-addr.arpa." + echo " domain-insecure: 25.172.in-addr.arpa." + echo " domain-insecure: 26.172.in-addr.arpa." + echo " domain-insecure: 27.172.in-addr.arpa." + echo " domain-insecure: 28.172.in-addr.arpa." + echo " domain-insecure: 29.172.in-addr.arpa." + echo " domain-insecure: 30.172.in-addr.arpa." + echo " domain-insecure: 31.172.in-addr.arpa." + echo " domain-insecure: 168.192.in-addr.arpa." + echo " domain-insecure: 254.169.in-addr.arpa." + echo " domain-insecure: d.f.ip6.arpa." + echo " domain-insecure: 8.e.ip6.arpa." + echo " domain-insecure: 9.e.ip6.arpa." + echo " domain-insecure: a.e.ip6.arpa." + echo " domain-insecure: b.e.ip6.arpa." +} + +# # Generate unbound.conf # gen_unbound_conf() { @@ -195,6 +237,12 @@ gen_unbound_conf() { if [ -f "${forward_conf}" ] ; then echo "include: ${forward_conf}" fi + if [ -f "${lanzones_conf}" ] ; then + echo "include: ${lanzones_conf}" + fi + if [ -d "${confdir}" ] ; then + echo "include: ${confdir}/*.conf" + fi } # @@ -227,7 +275,8 @@ usage() { echo "options:" echo " -n do not start unbound" echo " -a path full path to trust anchor file" - echo " -c path full path to unbound configuration" + echo " -C path full path to additional configuration directory" + echo " -c path full path to unbound configuration file" echo " -f path full path to forwarding configuration" echo " -p path full path to pid file" echo " -R path full path to resolvconf.conf" @@ -247,11 +296,14 @@ main() { # # Parse and validate command-line options # - while getopts "a:c:f:np:R:r:s:u:w:" option ; do + while getopts "a:C:c:f:np:R:r:s:u:w:" option ; do case $option in a) anchor="$OPTARG" ;; + C) + confdir="$OPTARG" + ;; c) unbound_conf="$OPTARG" ;; @@ -314,6 +366,13 @@ main() { fi # + # Generate lan-zones.conf. + # + local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX") + gen_lanzones_conf >"${tmp_lanzones_conf}" + replace "${lanzones_conf}" "${tmp_lanzones_conf}" + + # # Generate unbound.conf. # local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX") |
