#!/bin/sh # # $FreeBSD$ # # PROVIDE: local_unbound # REQUIRE: FILESYSTEMS netif resolv # BEFORE: NETWORKING # KEYWORD: shutdown . /etc/rc.subr name="local_unbound" desc="local caching forwarding resolver" rcvar="local_unbound_enable" command="/usr/sbin/unbound" extra_commands="anchor configtest reload setup" start_precmd="local_unbound_prestart" reload_precmd="local_unbound_configtest" anchor_cmd="local_unbound_anchor" configtest_cmd="local_unbound_configtest" setup_cmd="local_unbound_setup" pidfile="/var/run/${name}.pid" : ${local_unbound_workdir:=/var/unbound} : ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} : ${local_unbound_flags:=-c${local_unbound_config}} : ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} : ${local_unbound_anchor:=${local_unbound_workdir}/root.key} : ${local_unbound_forwarders:=} load_rc_config $name do_as_unbound() { echo "$@" | su -m unbound } # # Retrieve or update the DNSSEC root anchor # local_unbound_anchor() { do_as_unbound /usr/sbin/unbound-anchor -a ${local_unbound_anchor} # we can't trust the exit code - check if the file exists [ -f ${local_unbound_anchor} ] } # # Check the unbound configuration file # local_unbound_configtest() { do_as_unbound /usr/sbin/unbound-checkconf ${local_unbound_config} } # # Create the unbound configuration file and update resolv.conf to # point to unbound. # local_unbound_setup() { echo "Performing initial setup." /usr/sbin/local-unbound-setup -n \ -u unbound \ -w ${local_unbound_workdir} \ -c ${local_unbound_config} \ -f ${local_unbound_forwardconf} \ -a ${local_unbound_anchor} \ ${local_unbound_forwarders} } # # Before starting, check that the configuration file and root anchor # exist. If not, attempt to generate them. # local_unbound_prestart() { # Create configuration file if [ ! -f ${local_unbound_config} ] ; then run_rc_command setup fi # Retrieve DNSSEC root key if [ ! -f ${local_unbound_anchor} ] ; then run_rc_command anchor fi } load_rc_config $name run_rc_command "$1"