unbound: add dns assistants on local host

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>

net/unbound/files/README.md

@@ -217,6 +217,11 @@ config unbound
     Level. Same as previous option only this applies to the WAN. WAN are
     inferred by a UCI `config dhcp` entry that contains the 'option ignore 1'.
 
+  option dns_assist 'none'
+    Program Name. Use DNS helpers found on local host and match to their UCI.
+    Only program 'ipset-dns' is supported so far. NSD and Bind might be useful
+    but they don't have UCI to parse.
+
   option dns64 '0'
     Boolean. Enable DNS64 through Unbound in order to bridge networks that are
     IPV6 only and IPV4 only (see RFC6052).

net/unbound/files/defaults.sh

@@ -26,6 +26,7 @@ UB_HOST_CONF=$UB_VARDIR/host.conf.tmp
 UB_DHCP_CONF=$UB_VARDIR/dhcp.conf
 UB_ZONE_CONF=$UB_VARDIR/zone.conf.tmp
 UB_CTRL_CONF=$UB_VARDIR/ctrl.conf.tmp
+UB_ASSIST_CONF=$UB_VARDIR/assist.conf.tmp
 UB_SRVMASQ_CONF=$UB_VARDIR/dnsmasq_srv.conf.tmp
 UB_EXTMASQ_CONF=$UB_VARDIR/dnsmasq_ext.conf.tmp
 UB_SRV_CONF=$UB_VARDIR/unbound_srv.conf

net/unbound/files/unbound.sh

@@ -41,6 +41,7 @@ UB_B_IF_AUTO=1
 UB_D_CONTROL=0
 UB_D_DOMAIN_TYPE=static
 UB_D_DHCP_LINK=none
+UB_D_DNS_ASSIST=none
 UB_D_EXTRA_DNS=0
 UB_D_LAN_FQDN=0
 UB_D_PRIV_BLCK=1
@@ -375,6 +376,37 @@ unbound_control() {
 
 ##############################################################################
 
+unbound_assistant() {
+  local port=53000
+
+  case "$UB_D_DNS_ASSIST" in
+  ipset-dns)
+    port=$( uci_get ipset-dns.@ipset-dns[0].port )
+
+    if [ ! -f "$UB_ASSIST_CONF" ] \
+    && [ $port -gt 0 ] && [ $port -lt 65535 ] ; then
+      {
+        echo "# $UB_ASSIST_CONF generated by UCI $( date -Is )"
+        echo "forward-zone:"
+        echo "  name: ."
+        echo "  forward-addr: 127.0.0.1@$port"
+        echo "  forward-first: no"
+      } > $UB_ASSIST_CONF
+    fi
+    ;;
+
+  nsd)
+    echo "# Sorry, NSD does not have UCI to read and link." >> $UB_ASSIST_CONF
+    ;;
+
+  bind)
+    echo "# Sorry, Bind does not have UCI to read and link." >> $UB_ASSIST_CONF
+    ;;
+  esac
+}
+
+##############################################################################
+
 unbound_zone() {
   local cfg=$1
   local servers_ip=""
@@ -629,6 +661,18 @@ unbound_conf() {
   fi
 
 
+  if [ "$UB_B_IF_AUTO" -gt 0 ] ; then
+    echo "  interface-automatic: yes" >> $UB_CORE_CONF
+  fi
+
+
+  case "$UB_D_DNS_ASSIST" in
+  bind|ipset-dns|nsd)
+    echo "  do-not-query-localhost: no" >> $UB_CORE_CONF
+    ;;
+  esac
+
+
   case "$UB_D_PROTOCOL" in
     ip4_only)
       {
@@ -721,11 +765,6 @@ unbound_conf() {
   esac
 
 
-  if [ "$UB_B_IF_AUTO" -gt 0 ] ; then
-    echo "  interface-automatic: yes" >> $UB_CORE_CONF
-  fi
-
-
   case "$UB_D_RESOURCE" in
     # Tiny - Unbound's recommended cheap hardware config
     tiny)   rt_mem=1  ; rt_conn=2  ; rt_buff=1 ;;
@@ -1226,6 +1265,7 @@ unbound_uci() {
   config_get UB_D_CONTROL     "$cfg" unbound_control 0
   config_get UB_D_DOMAIN_TYPE "$cfg" domain_type static
   config_get UB_D_DHCP_LINK   "$cfg" dhcp_link none
+  config_get UB_D_DNS_ASSIST  "$cfg" dns_assist none
   config_get UB_D_EXTRA_DNS   "$cfg" add_extra_dns 0
   config_get UB_D_LAN_FQDN    "$cfg" add_local_fqdn 0
   config_get UB_D_PRIV_BLCK   "$cfg" rebind_protection 1
@@ -1256,6 +1296,16 @@ unbound_uci() {
   fi
 
 
+  if [ "$UB_D_DNS_ASSIST" = "none" ] ; then
+    UB_D_DNS_ASSIST=none
+
+  elif [ ! -x /usr/sbin/bind ] || [ ! -x /etc/init.d/bind ] \
+    || [ ! -x /usr/sbin/nsd ] || [ ! -x /etc/init.d/nsd ] \
+    || [ ! -x /usr/sbin/ipset-dns ] || [ ! -x /etc/init.d/ipset-dns ] ; then
+    UB_D_DNS_ASSIST=none
+  fi
+
+
   if [ "$UB_D_DHCP_LINK" = "dnsmasq" ] ; then
     if [ ! -x /usr/sbin/dnsmasq ] || [ ! -x /etc/init.d/dnsmasq ] ; then
       UB_D_DHCP_LINK=none
@@ -1391,6 +1441,13 @@ unbound_include() {
   fi
 
 
+  if [ -f "$UB_ASSIST_CONF" ] ; then
+    # UCI found link to DNS helpers
+    cat $UB_ASSIST_CONF >> $UB_TOTAL_CONF
+    rm  $UB_ASSIST_CONF
+  fi
+
+
   if [ -f "$UB_EXT_CONF" ] ; then
     {
       # Pull your own extend feature clauses here
@@ -1453,6 +1510,8 @@ unbound_start() {
     unbound_hostname
     # control:
     unbound_control
+    # assistants
+    unbound_assistant
     # dnsmasq
     dnsmasq_link
     # merge