mirror of
https://github.com/novatiq/packages.git
synced 2026-04-30 15:38:40 +01:00
unbound: add domain resolution control options
- Add domain_forward to permit designated domains to forward instead of recurse as listed in resolve.conf.auto from DHCP WAN client - Update rebind_protection and add rebind_interface to protect IP6 GLA locally just like RFC 1918 protection - Rename trigger to trigger_interface with backwards compatability - Update odhcpd script for efficiency handling many clients Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This commit is contained in:
Eric Luehrsen
+50
-33
@@ -23,56 +23,73 @@
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
# Common file location definitions
|
||||
. /usr/lib/unbound/unbound.sh
|
||||
|
||||
##############################################################################
|
||||
|
||||
odhcpd_settings() {
|
||||
# This trigger is out of normal init context, so we need to read some UCI.
|
||||
local cfg="$1"
|
||||
config_get UNBOUND_D_DHCP_LINK "$cfg" dhcp_link none
|
||||
config_get_bool UNBOUND_B_SLAAC6_MAC "$cfg" dhcp4_slaac6 0
|
||||
config_get UNBOUND_TXT_DOMAIN "$cfg" domain lan
|
||||
}
|
||||
. /lib/functions.sh
|
||||
. /usr/lib/unbound/defaults.sh
|
||||
|
||||
##############################################################################
|
||||
|
||||
odhcpd_zonedata() {
|
||||
local longconf dateconf
|
||||
local dns_ls_add=$UNBOUND_VARDIR/dhcp_dns.add
|
||||
local dns_ls_del=$UNBOUND_VARDIR/dhcp_dns.del
|
||||
local dhcp_ls_new=$UNBOUND_VARDIR/dhcp_lease.new
|
||||
local dhcp_ls_old=$UNBOUND_VARDIR/dhcp_lease.old
|
||||
local dhcp_ls_add=$UNBOUND_VARDIR/dhcp_lease.add
|
||||
local dhcp_ls_del=$UNBOUND_VARDIR/dhcp_lease.del
|
||||
|
||||
local dhcp_link=$( uci_get unbound.@unbound[0].dhcp_link )
|
||||
local dhcp4_slaac6=$( uci_get unbound.@unbound[0].dhcp4_slaac6 )
|
||||
local dhcp_domain=$( uci_get unbound.@unbound[0].domain )
|
||||
local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile )
|
||||
|
||||
config_load unbound
|
||||
config_foreach odhcpd_settings unbound
|
||||
|
||||
|
||||
if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" -a -f "$dhcp_origin" ] ; then
|
||||
if [ "$dhcp_link" = "odhcpd" -a -f "$dhcp_origin" ] ; then
|
||||
# Capture the lease file which could be changing often
|
||||
cat $dhcp_origin | sort > $dhcp_ls_new
|
||||
touch $dhcp_ls_old
|
||||
sort $dhcp_ls_new $dhcp_ls_old $dhcp_ls_old | uniq -u > $dhcp_ls_add
|
||||
sort $dhcp_ls_old $dhcp_ls_new $dhcp_ls_new | uniq -u > $dhcp_ls_del
|
||||
sort $dhcp_origin > $dhcp_ls_new
|
||||
|
||||
# Go through the messy business of coding up A, AAAA, and PTR records
|
||||
# This static conf will be available if Unbound restarts asynchronously
|
||||
awk -v hostfile=$UNBOUND_DHCP_CONF -v domain=$UNBOUND_TXT_DOMAIN \
|
||||
-v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=1 \
|
||||
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
|
||||
|
||||
# Deleting and adding all records into Unbound can be a burden in a
|
||||
# high density environment. Use unbound-control incrementally.
|
||||
awk -v hostfile=$dns_ls_del -v domain=$UNBOUND_TXT_DOMAIN \
|
||||
-v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=0 \
|
||||
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_del
|
||||
if [ ! -f $UNBOUND_DHCP_CONF -o ! -f $dhcp_ls_old ] ; then
|
||||
longconf=2
|
||||
|
||||
awk -v hostfile=$dns_ls_add -v domain=$UNBOUND_TXT_DOMAIN \
|
||||
-v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=0 \
|
||||
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_add
|
||||
else
|
||||
dateconf=$(( $( date +%s ) - $( date -r $UNBOUND_DHCP_CONF +%s ) ))
|
||||
|
||||
|
||||
if [ $dateconf > 150 ] ; then
|
||||
longconf=1
|
||||
else
|
||||
longconf=0
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ $longconf -gt 0 ] ; then
|
||||
# Go through the messy business of coding up A, AAAA, and PTR records
|
||||
# This static conf will be available if Unbound restarts asynchronously
|
||||
awk -v hostfile=$UNBOUND_DHCP_CONF -v domain=$dhcp_domain \
|
||||
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=1 \
|
||||
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
|
||||
fi
|
||||
|
||||
|
||||
if [ $longconf -lt 2 ] ; then
|
||||
# Deleting and adding all records into Unbound can be a burden in a
|
||||
# high density environment. Use unbound-control incrementally.
|
||||
sort $dhcp_ls_old $dhcp_ls_new $dhcp_ls_new | uniq -u > $dhcp_ls_del
|
||||
awk -v hostfile=$dns_ls_del -v domain=$dhcp_domain \
|
||||
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
|
||||
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_del
|
||||
|
||||
sort $dhcp_ls_new $dhcp_ls_old $dhcp_ls_old | uniq -u > $dhcp_ls_add
|
||||
awk -v hostfile=$dns_ls_add -v domain=$dhcp_domain \
|
||||
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
|
||||
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_add
|
||||
|
||||
else
|
||||
awk -v hostfile=$dns_ls_add -v domain=$dhcp_domain \
|
||||
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
|
||||
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
|
||||
fi
|
||||
|
||||
|
||||
if [ -f "$dns_ls_del" ] ; then
|
||||
|
||||
Reference in New Issue
Block a user