unbound: improve robustness with dhcp scripts

When for example 'package/net/adblock' and DNSSEC vs NTP robustness
is enabled, significant restart thrashing can occur at boot up. DHCP
lease triggers may be occuring at the same time. Unbounds DNS-DHCP
may be incomplete until new DHCP solicit events. Solve this by
leaving a passive but complete host conf file during lease trigger.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>

net/unbound/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.6.0
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE

net/unbound/files/odhcpd.awk

@@ -22,6 +22,7 @@
 #   "domain" = text domain suffix
 #   "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC
 #   "bisolt" = boolean, format <host>.<network>.<domain>. so you can isolate
+#   "bconf"  = boolean, write conf file format rather than pipe records
 #
 ##############################################################################
 
@@ -59,15 +60,23 @@
       # only for provided hostnames and full /32 assignments
       ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
       slaac = slaac_eui64( id ) ;
-      for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
-
-      # DHCP A and PTR records with FQDN
-      x = ( fqdn ". 120 IN A " adr ) ;
-      y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ;
-      print ( x "\n" y ) > hostfile ;
 
 
-      if ((bslaac == 1) && (slaac != 0)) {
+      if ( bconf == 1 ) {
+        x = ( "local-data: \"" fqdn ". 120 IN A " adr "\"" ) ;
+        y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
+
+      else {
+        for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
+        x = ( fqdn ". 120 IN A " adr ) ;
+        y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
+
+
+      if (( bslaac == 1 ) && ( slaac != 0 )) {
         # UCI option to discover IPV6 routed SLAAC addresses
         # NOT TODO - ping probe take too long when added in awk-rule loop
         cmd = ( "ip -6 --oneline route show dev " net ) ;
@@ -79,11 +88,25 @@
             # GA or ULA routed addresses only (not LL or MC)
             sub( /\/.*/, "", adr ) ;
             adr = ( adr slaac ) ;
-            if ( split( adr, tmp0, ":" ) >= 8 ) { sub( "::", ":", adr ) ; }
+            
-            qpr = ipv6_ptr( adr ) ;
+            
-            x = ( fqdn ". 120 IN AAAA " adr ) ;
+            if ( split( adr, tmp0, ":" ) >= 8 ) { 
-            y = ( qpr " 120 IN PTR " fqdn ) ;
+              sub( "::", ":", adr ) ; 
-            print ( x "\n" y ) > hostfile ;
+            }
+
+
+            if ( bconf == 1 ) {
+              x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
+              y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+              print ( x "\n" y ) > hostfile ;
+            }
+
+            else {
+              qpr = ipv6_ptr( adr ) ;
+              x = ( fqdn ". 120 IN AAAA " adr ) ;
+              y = ( qpr ". 120 IN PTR " fqdn ) ;
+              print ( x "\n" y ) > hostfile ;
+            }
           }
         }
 
@@ -95,11 +118,19 @@
 
   else {
     if (( cdr == 128 ) && ( hst != "-" )) {
-      # only for provided hostnames and full /128 assignments
+      if ( bconf == 1 ) {
-      qpr = ipv6_ptr( adr ) ;
+        x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
-      x = ( fqdn ". 120 IN AAAA " adr ) ;
+        y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
-      y = ( qpr " 120 IN PTR " fqdn ) ;
+        print ( x "\n" y ) > hostfile ;
-      print ( x "\n" y ) > hostfile ;
+      }
+
+      else {
+        # only for provided hostnames and full /128 assignments
+        qpr = ipv6_ptr( adr ) ;
+        x = ( fqdn ". 120 IN AAAA " adr ) ;
+        y = ( qpr ". 120 IN PTR " fqdn ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
     }
   }
 }

net/unbound/files/odhcpd.sh

@@ -51,20 +51,26 @@ odhcpd_zonedata() {
 
 
   if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" -a -f "$dhcp_origin" ] ; then
-    # Capture the lease file which could be changing often,
+    # Capture the lease file which could be changing often
-    # and unbound-control only for changes in hosts (or else...)
     cat $dhcp_origin | sort > $dhcp_ls_new
     touch $dhcp_ls_old
     sort $dhcp_ls_new $dhcp_ls_old $dhcp_ls_old | uniq -u > $dhcp_ls_add
     sort $dhcp_ls_old $dhcp_ls_new $dhcp_ls_new | uniq -u > $dhcp_ls_del
 
-    # Go through the messy business of coding up A, AAAA, and PTR records.
+    # Go through the messy business of coding up A, AAAA, and PTR records
+    # This static conf will be available if Unbound restarts asynchronously
+    awk -v hostfile=$UNBOUND_DHCP_CONF -v domain=$UNBOUND_TXT_DOMAIN \
+        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=1 \
+        -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
+
+    # Deleting and adding all records into Unbound can be a burden in a
+    # high density environment. Use unbound-control incrementally.
     awk -v hostfile=$dns_ls_del -v domain=$UNBOUND_TXT_DOMAIN \
-        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 \
+        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=0 \
         -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_del
 
     awk -v hostfile=$dns_ls_add -v domain=$UNBOUND_TXT_DOMAIN \
-        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 \
+        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=0 \
         -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_add
 
 
@@ -80,7 +86,7 @@ odhcpd_zonedata() {
 
     # prepare next round
     mv $dhcp_ls_new $dhcp_ls_old
-    rm -f $dns_ls_del $dns_ls_add
+    rm -f $dns_ls_del $dns_ls_add $dhcp_ls_del $dhcp_ls_add
   fi
 }
 

net/unbound/files/unbound.sh

@@ -64,6 +64,7 @@ UNBOUND_PIDFILE=/var/run/unbound.pid
 
 UNBOUND_SRV_CONF=$UNBOUND_VARDIR/unbound_srv.conf
 UNBOUND_EXT_CONF=$UNBOUND_VARDIR/unbound_ext.conf
+UNBOUND_DHCP_CONF=$UNBOUND_VARDIR/unbound_dhcp.conf
 UNBOUND_CONFFILE=$UNBOUND_VARDIR/unbound.conf
 
 UNBOUND_KEYFILE=$UNBOUND_VARDIR/root.key
@@ -709,6 +710,16 @@ unbound_hostname() {
       config_load dhcp
       config_foreach create_interface_dns dhcp
     fi
+
+
+    if [ -f "$UNBOUND_DHCP_CONF" ] ; then
+      {
+        # Seed DHCP records because dhcp scripts trigger externally
+        # Incremental Unbound restarts may drop unbound-control add records
+        echo "  include: $UNBOUND_DHCP_CONF"
+        echo
+      } >> $UNBOUND_CONFFILE
+    fi
   fi
 }