1255809Sdes#!/bin/sh 2255809Sdes# 3255809Sdes# $FreeBSD$ 4255809Sdes# 5255809Sdes 6255809Sdes# PROVIDE: local_unbound 7255825Sdes# REQUIRE: FILESYSTEMS netif resolv 8279499Sngie# BEFORE: NETWORKING 9255809Sdes# KEYWORD: shutdown 10255809Sdes 11255809Sdes. /etc/rc.subr 12255809Sdes 13255809Sdesname="local_unbound" 14255809Sdesdesc="local caching forwarding resolver" 15255809Sdesrcvar="local_unbound_enable" 16255809Sdes 17255809Sdescommand="/usr/sbin/unbound" 18255809Sdesextra_commands="anchor configtest reload setup" 19255809Sdesstart_precmd="local_unbound_prestart" 20291767Sdesstart_postcmd="local_unbound_poststart" 21255809Sdesreload_precmd="local_unbound_configtest" 22255809Sdesanchor_cmd="local_unbound_anchor" 23255809Sdesconfigtest_cmd="local_unbound_configtest" 24255809Sdessetup_cmd="local_unbound_setup" 25255809Sdespidfile="/var/run/${name}.pid" 26255809Sdes 27291767Sdesload_rc_config $name 28291767Sdes 29255809Sdes: ${local_unbound_workdir:=/var/unbound} 30255809Sdes: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 31291767Sdes: ${local_unbound_flags:="-c ${local_unbound_config}"} 32255809Sdes: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 33294786Sdes: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} 34255809Sdes: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 35255809Sdes: ${local_unbound_forwarders:=} 36255809Sdes 37255809Sdesdo_as_unbound() 38255809Sdes{ 39255809Sdes echo "$@" | su -m unbound 40255809Sdes} 41255809Sdes 42255809Sdes# 43255809Sdes# Retrieve or update the DNSSEC root anchor 44255809Sdes# 45255809Sdeslocal_unbound_anchor() 46255809Sdes{ 47255809Sdes do_as_unbound /usr/sbin/unbound-anchor -a ${local_unbound_anchor} 48255809Sdes # we can't trust the exit code - check if the file exists 49255809Sdes [ -f ${local_unbound_anchor} ] 50255809Sdes} 51255809Sdes 52255809Sdes# 53255809Sdes# Check the unbound configuration file 54255809Sdes# 55255809Sdeslocal_unbound_configtest() 56255809Sdes{ 57255809Sdes do_as_unbound /usr/sbin/unbound-checkconf ${local_unbound_config} 58255809Sdes} 59255809Sdes 60255809Sdes# 61255809Sdes# Create the unbound configuration file and update resolv.conf to 62255809Sdes# point to unbound. 63255809Sdes# 64255809Sdeslocal_unbound_setup() 65255809Sdes{ 66255809Sdes echo "Performing initial setup." 67255809Sdes /usr/sbin/local-unbound-setup -n \ 68255809Sdes -u unbound \ 69255809Sdes -w ${local_unbound_workdir} \ 70255809Sdes -c ${local_unbound_config} \ 71255809Sdes -f ${local_unbound_forwardconf} \ 72294786Sdes -o ${local_unbound_controlconf} \ 73255809Sdes -a ${local_unbound_anchor} \ 74255809Sdes ${local_unbound_forwarders} 75255809Sdes} 76255809Sdes 77255809Sdes# 78255809Sdes# Before starting, check that the configuration file and root anchor 79255809Sdes# exist. If not, attempt to generate them. 80255809Sdes# 81255809Sdeslocal_unbound_prestart() 82255809Sdes{ 83255809Sdes # Create configuration file 84255809Sdes if [ ! -f ${local_unbound_config} ] ; then 85255809Sdes run_rc_command setup 86255809Sdes fi 87255809Sdes 88255809Sdes # Retrieve DNSSEC root key 89255809Sdes if [ ! -f ${local_unbound_anchor} ] ; then 90255809Sdes run_rc_command anchor 91255809Sdes fi 92255809Sdes} 93255809Sdes 94291767Sdes# 95291767Sdes# After starting, wait for Unbound to report that it is ready to avoid 96291767Sdes# race conditions with services which require functioning DNS. 97291767Sdes# 98291767Sdeslocal_unbound_poststart() 99291767Sdes{ 100291767Sdes local retry=5 101291767Sdes 102291767Sdes echo -n "Waiting for nameserver to start..." 103291767Sdes until "${command}-control" status | grep -q "is running" ; do 104291767Sdes if [ $((retry -= 1)) -eq 0 ] ; then 105291767Sdes echo " giving up" 106291767Sdes return 1 107291767Sdes fi 108291767Sdes echo -n "." 109291767Sdes sleep 1 110291767Sdes done 111291767Sdes echo " good" 112291767Sdes} 113291767Sdes 114255809Sdesload_rc_config $name 115255809Sdesrun_rc_command "$1" 116