1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: local_unbound 7# REQUIRE: FILESYSTEMS netif resolv 8# KEYWORD: shutdown 9 10. /etc/rc.subr 11 12name="local_unbound" 13desc="local caching forwarding resolver" 14rcvar="local_unbound_enable" 15 16command="/usr/sbin/unbound" 17extra_commands="anchor configtest reload setup" 18start_precmd="local_unbound_prestart" 19reload_precmd="local_unbound_configtest" 20anchor_cmd="local_unbound_anchor" 21configtest_cmd="local_unbound_configtest" 22setup_cmd="local_unbound_setup" 23pidfile="/var/run/${name}.pid" 24 25: ${local_unbound_workdir:=/var/unbound} 26: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} 27: ${local_unbound_flags:=-c${local_unbound_config}} 28: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} 29: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} 30: ${local_unbound_forwarders:=} 31 32load_rc_config $name 33 34do_as_unbound() 35{ 36 echo "$@" | su -m unbound 37} 38 39# 40# Retrieve or update the DNSSEC root anchor 41# 42local_unbound_anchor() 43{ 44 do_as_unbound /usr/sbin/unbound-anchor -a ${local_unbound_anchor} 45 # we can't trust the exit code - check if the file exists 46 [ -f ${local_unbound_anchor} ] 47} 48 49# 50# Check the unbound configuration file 51# 52local_unbound_configtest() 53{ 54 do_as_unbound /usr/sbin/unbound-checkconf ${local_unbound_config} 55} 56 57# 58# Create the unbound configuration file and update resolv.conf to 59# point to unbound. 60# 61local_unbound_setup() 62{ 63 echo "Performing initial setup." 64 /usr/sbin/local-unbound-setup -n \ 65 -u unbound \ 66 -w ${local_unbound_workdir} \ 67 -c ${local_unbound_config} \ 68 -f ${local_unbound_forwardconf} \ 69 -a ${local_unbound_anchor} \ 70 ${local_unbound_forwarders} 71} 72 73# 74# Before starting, check that the configuration file and root anchor 75# exist. If not, attempt to generate them. 76# 77local_unbound_prestart() 78{ 79 # Create configuration file 80 if [ ! -f ${local_unbound_config} ] ; then 81 run_rc_command setup 82 fi 83 84 # Retrieve DNSSEC root key 85 if [ ! -f ${local_unbound_anchor} ] ; then 86 run_rc_command anchor 87 fi 88} 89 90load_rc_config $name 91run_rc_command "$1" 92