Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

unbound: add root zone file cache option

Browse source 
Add the possibility to use Unbound auto-zone: clause to
fetch complete root, arpa, in-addr.arpa, and ip6.arpa
zone files. This can speed up recursion when users
access many ccTLD or connection logging hits many PTR.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This commit is contained in:
Eric Luehrsen 2018-05-28 22:46:07 -04:00
parent cdeefec73e
commit 36e1aa0892
4 changed files with 53 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/unbound/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=unbound PKG_NAME:=unbound
PKG_VERSION:=1.7.1 PKG_VERSION:=1.7.1
PKG_RELEASE:=2 PKG_RELEASE:=3
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE

5
net/unbound/files/README.md
View file

@ -225,6 +225,11 @@ config unbound
Boolean. Skip all this UCI nonsense. Manually edit the Boolean. Skip all this UCI nonsense. Manually edit the
configuration. Make changes to /etc/unbound/unbound.conf. configuration. Make changes to /etc/unbound/unbound.conf.
option prefetch_root '0'
Boolean. Enable Unbound authority zone clauses for "." (root), "arpa,"
"in-addr.arpa," and "ip6.arpa" and obtain complete zone files from public
servers using http or AXFR (gTLD are unfortunately not as public).
option protocol 'mixed' option protocol 'mixed'
Unbound can limit its protocol used for recursive queries. Unbound can limit its protocol used for recursive queries.
ip4_only - limit issues if you do not have native IPv6 ip4_only - limit issues if you do not have native IPv6

54
net/unbound/files/unbound.sh
View file

@ -35,6 +35,7 @@ UNBOUND_B_MAN_CONF=0
UNBOUND_B_NTP_BOOT=1 UNBOUND_B_NTP_BOOT=1
UNBOUND_B_QUERY_MIN=0 UNBOUND_B_QUERY_MIN=0
UNBOUND_B_QRY_MINST=0 UNBOUND_B_QRY_MINST=0
UNBOUND_B_AUTH_ROOT=0
UNBOUND_D_CONTROL=0 UNBOUND_D_CONTROL=0
UNBOUND_D_DOMAIN_TYPE=static UNBOUND_D_DOMAIN_TYPE=static
@ -605,6 +606,45 @@ unbound_forward() {
############################################################################## ##############################################################################
unbound_auth_root() {
local axfrservers="lax.xfr.dns.icann.org iad.xfr.dns.icann.org"
local httpserver="http://www.internic.net/domain/"
local authzones="root arpa in-addr.arpa ip6.arpa"
local server zone realzone
# Download or AXFR the root and arpa zones to reduce the work needed at
# top level of recursion. If your users will hit many ccTLD or you have
# tracking logs resolving many PTR, then this can speed things up.
# Total size of text in TMPFS could be about 5MB.
if [ "$UNBOUND_B_AUTH_ROOT" -gt 0 ] ; then
for zone in $authzones ; do
if [ "$zone" = "root" ] ; then
realzone="."
else
realzone=$zone
fi
{
echo "auth-zone:"
echo " name: \"$realzone\""
for server in $axfrservers ; do
echo " master: \"$server\""
done
echo " url: \"$httpserver$zone.zone\""
echo " fallback-enabled: yes"
echo " for-downstream: no"
echo " for-upstream: yes"
echo " zonefile: \"$zone.zone\""
echo
} >> $UNBOUND_CONFFILE
done
fi
}
##############################################################################
unbound_conf() { unbound_conf() {
local rt_mem rt_conn modulestring domain ifsubnet local rt_mem rt_conn modulestring domain ifsubnet
@ -1086,6 +1126,7 @@ unbound_uci() {
config_get_bool UNBOUND_B_MAN_CONF "$cfg" manual_conf 0 config_get_bool UNBOUND_B_MAN_CONF "$cfg" manual_conf 0
config_get_bool UNBOUND_B_QUERY_MIN "$cfg" query_minimize 0 config_get_bool UNBOUND_B_QUERY_MIN "$cfg" query_minimize 0
config_get_bool UNBOUND_B_QRY_MINST "$cfg" query_min_strict 0 config_get_bool UNBOUND_B_QRY_MINST "$cfg" query_min_strict 0
config_get_bool UNBOUND_B_AUTH_ROOT "$cfg" prefetch_root 0
config_get_bool UNBOUND_B_LOCL_BLCK "$cfg" rebind_localhost 0 config_get_bool UNBOUND_B_LOCL_BLCK "$cfg" rebind_localhost 0
config_get_bool UNBOUND_B_DNSSEC "$cfg" validator 0 config_get_bool UNBOUND_B_DNSSEC "$cfg" validator 0
config_get_bool UNBOUND_B_NTP_BOOT "$cfg" validator_ntp 1 config_get_bool UNBOUND_B_NTP_BOOT "$cfg" validator_ntp 1
@ -1181,7 +1222,7 @@ unbound_uci() {
############################################################################## ##############################################################################
_resolv_setup() { unbound_resolv_setup() {
if [ "$UNBOUND_N_RX_PORT" != "53" ] ; then if [ "$UNBOUND_N_RX_PORT" != "53" ] ; then
return return
fi fi
@ -1210,7 +1251,7 @@ _resolv_setup() {
############################################################################## ##############################################################################
_resolv_teardown() { unbound_resolv_teardown() {
case $( cat /tmp/resolv.conf ) in case $( cat /tmp/resolv.conf ) in
*"generated by Unbound UCI"*) *"generated by Unbound UCI"*)
# our resolver file, reset to auto resolver file. # our resolver file, reset to auto resolver file.
@ -1225,8 +1266,6 @@ _resolv_teardown() {
unbound_start() { unbound_start() {
config_load unbound config_load unbound
config_foreach unbound_uci unbound config_foreach unbound_uci unbound
unbound_mkdir unbound_mkdir
@ -1245,19 +1284,18 @@ unbound_start() {
unbound_forward unbound_forward
unbound_auth_root
unbound_control unbound_control
fi fi
_resolv_setup unbound_resolv_setup
} }
############################################################################## ##############################################################################
unbound_stop() { unbound_stop() {
_resolv_teardown unbound_resolv_teardown
rootzone_update rootzone_update
} }

1
net/unbound/files/unbound.uci
View file

@ -15,6 +15,7 @@ config unbound
option listen_port '53' option listen_port '53'
option localservice '1' option localservice '1'
option manual_conf '0' option manual_conf '0'
option prefetch_root '0'
option protocol 'default' option protocol 'default'
option query_minimize '0' option query_minimize '0'
option query_min_strict '0' option query_min_strict '0'