Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

unbound: manage resolv.conf iff when listening on 127.0.0.1#53

Browse source 
With this patch the unbound init routines manage resolv.conf if and only if
when unbound will listen on 127.0.0.1#53 and dnsmasq is not.

Also logs some cases where config values are overriden with sane defaults.

Fixes (partially) LEDE FS#785
Fixes openwrt/packages#4487

Signed-off-by: Paul Oranje <por@xs4all.nl>
This commit is contained in:
Paul Oranje 2017-06-14 00:19:25 +02:00
parent 2436771252
commit 39322d45b0
3 changed files with 54 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/unbound/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=unbound PKG_NAME:=unbound
PKG_VERSION:=1.6.2 PKG_VERSION:=1.6.2
PKG_RELEASE:=2 PKG_RELEASE:=3
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE

3
net/unbound/files/dnsmasq.sh
View file

@ -37,8 +37,7 @@ dnsmasq_local_zone() {
UNBOUND_D_WAN_FQDN=$wan_fqdn UNBOUND_D_WAN_FQDN=$wan_fqdn
fi fi
if [ -n "$fwd_domain" -a -n "$fwd_port" -a ! "${fwd_port:-53}" -eq 53 ] ; then
if [ -n "$fwd_domain" -a -n "$fwd_port" -a ! "$fwd_port" -eq 53 ] ; then
# dnsmasq localhost listening ports (possible multiple instances) # dnsmasq localhost listening ports (possible multiple instances)
UNBOUND_N_FWD_PORTS="$UNBOUND_N_FWD_PORTS $fwd_port" UNBOUND_N_FWD_PORTS="$UNBOUND_N_FWD_PORTS $fwd_port"
UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $fwd_domain" UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $fwd_domain"

93
net/unbound/files/unbound.sh
View file

@ -394,32 +394,11 @@ create_domain_insecure() {
############################################################################## ##############################################################################
unbound_mkdir() { unbound_mkdir() {
local resolvsym=0
local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile ) local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile )
local dhcp_dir=$( dirname $dhcp_origin ) local dhcp_dir=$( dirname $dhcp_origin )
local filestuff local filestuff
if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
resolvsym=1
else
/etc/init.d/dnsmasq enabled || resolvsym=1
fi
if [ "$resolvsym" -gt 0 ] ; then
rm -f /tmp/resolv.conf
{
# Set resolver file to local but not if /etc/init.d/dnsmasq will do it.
echo "nameserver 127.0.0.1"
echo "nameserver ::1"
echo "search $UNBOUND_TXT_DOMAIN"
} > /tmp/resolv.conf
fi
if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" -a ! -d "$dhcp_dir" ] ; then if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" -a ! -d "$dhcp_dir" ] ; then
# make sure odhcpd has a directory to write (not done itself, yet) # make sure odhcpd has a directory to write (not done itself, yet)
mkdir -p "$dhcp_dir" mkdir -p "$dhcp_dir"
@ -1027,29 +1006,71 @@ unbound_uci() {
if [ "$UNBOUND_N_EDNS_SIZE" -lt 512 \ if [ "$UNBOUND_N_EDNS_SIZE" -lt 512 \
-o 4096 -lt "$UNBOUND_N_EDNS_SIZE" ] ; then -o 4096 -lt "$UNBOUND_N_EDNS_SIZE" ] ; then
# exceeds range, back to default logger -t unbound -s "edns_size exceeds range, using default"
UNBOUND_N_EDNS_SIZE=1280 UNBOUND_N_EDNS_SIZE=1280
fi fi
if [ "$UNBOUND_N_RX_PORT" -lt 1024 \ if [ "$UNBOUND_N_RX_PORT" -ne 53 ] \
-o 10240 -lt "$UNBOUND_N_RX_PORT" ] ; then && [ "$UNBOUND_N_RX_PORT" -lt 1024 -o 10240 -lt "$UNBOUND_N_RX_PORT" ] ; then
# special port or in 5 digits, back to default logger -t unbound -s "privileged port or in 5 digits, using default"
UNBOUND_N_RX_PORT=53 UNBOUND_N_RX_PORT=53
fi fi
if [ "$UNBOUND_TTL_MIN" -gt 1800 ] ; then if [ "$UNBOUND_TTL_MIN" -gt 1800 ] ; then
# that could have had awful side effects logger -t unbound -s "ttl_min could have had awful side effects, using 300"
UNBOUND_TTL_MIN=300 UNBOUND_TTL_MIN=300
fi fi
} }
############################################################################## ##############################################################################
_resolv_setup() {
if [ "$UNBOUND_N_RX_PORT" != "53" ] ; then
return
fi
if [ -x /etc/init.d/dnsmasq ] && /etc/init.d/dnsmasq enabled \
&& nslookup localhost 127.0.0.1#53 >/dev/null 2>&1 ; then
# unbound is configured for port 53, but dnsmasq is enabled and a resolver
# listens on localhost:53, lets assume dnsmasq manages the resolver file.
# TODO:
# really check if dnsmasq runs a local (main) resolver in stead of using
# nslookup that times out when no resolver listens on localhost:53.
return
fi
# unbound is designated to listen on 127.0.0.1#53,
# set resolver file to local.
rm -f /tmp/resolv.conf
{
echo "# /tmp/resolv.conf generated by Unbound UCI $( date )"
echo "nameserver 127.0.0.1"
echo "nameserver ::1"
echo "search $UNBOUND_TXT_DOMAIN"
} > /tmp/resolv.conf
}
##############################################################################
_resolv_teardown() {
case $( cat /tmp/resolv.conf ) in
*"generated by Unbound UCI"*)
# our resolver file, reset to auto resolver file.
rm -f /tmp/resolv.conf
ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
;;
esac
}
##############################################################################
unbound_start() { unbound_start() {
config_load unbound config_load unbound
config_foreach unbound_uci unbound config_foreach unbound_uci unbound
unbound_mkdir unbound_mkdir
@ -1067,28 +1088,18 @@ unbound_start() {
unbound_control unbound_control
fi fi
_resolv_setup
} }
############################################################################## ##############################################################################
unbound_stop() { unbound_stop() {
local resolvsym=0 _resolv_teardown
rootzone_update rootzone_update
if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
resolvsym=1
else
/etc/init.d/dnsmasq enabled || resolvsym=1
fi
if [ "$resolvsym" -gt 0 ] ; then
# set resolver file to normal, but don't stomp on dnsmasq
rm -f /tmp/resolv.conf
ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
fi
} }
############################################################################## ##############################################################################