Unbound: added UCI support for DNS64

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com> Signed-off-by: Dan Luedte <mail@danrl.com>
2026-04-30 15:38:40 +01:00 · 2016-12-10 13:40:54 -05:00
parent 52486075e6
commit c189596a4a
4 changed files with 58 additions and 19 deletions
@@ -23,6 +23,7 @@
 UNBOUND_B_CONTROL=0
 UNBOUND_B_DNSMASQ=0
 UNBOUND_B_DNSSEC=0
+UNBOUND_B_DNS64=0
 UNBOUND_B_GATE_NAME=0
 UNBOUND_B_LOCL_BLCK=0
 UNBOUND_B_LOCL_NAME=0
@@ -32,6 +33,8 @@ UNBOUND_B_NTP_BOOT=1
 UNBOUND_B_PRIV_BLCK=1
 UNBOUND_B_QUERY_MIN=0

+UNBOUND_IP_DNS64="64:ff9b::/96"
+
 UNBOUND_D_RESOURCE=small
 UNBOUND_D_RECURSION=passive

@@ -140,7 +143,7 @@ unbound_mkdir() {

 unbound_conf() {
  local cfg=$1
-  local rt_mem rt_conn
+  local rt_mem rt_conn modulestring

  {
    # Make fresh conf file
@@ -285,6 +288,9 @@ unbound_conf() {
    logger -t unbound -s "default memory resource consumption"
  fi

+  # Assembly of module-config: options is tricky; order matters
+  modulestring="iterator"
+

  if [ "$UNBOUND_B_DNSSEC" -gt 0 ] ; then
    if [ ! -f "$UNBOUND_TIMEFILE" -a "$UNBOUND_B_NTP_BOOT" -gt 0 ] ; then
@@ -294,23 +300,30 @@ unbound_conf() {


    {
-      # Validation of DNSSEC
-      echo "  module-config: \"validator iterator\""
      echo "  harden-dnssec-stripped: yes"
      echo "  val-clean-additional: yes"
      echo "  ignore-cd-flag: yes"
-      echo
    } >> $UNBOUND_CONFFILE

-  else
-    {
-      # Just iteration without DNSSEC
-      echo "  module-config: \"iterator\""
-      echo
-    } >> $UNBOUND_CONFFILE
+
+    modulestring="validator $modulestring"
  fi


+  if [ "$UNBOUND_B_DNS64" -gt 0 ] ; then
+    echo "  dns64-prefix: $UNBOUND_IP_DNS64" >> $UNBOUND_CONFFILE
+
+    modulestring="dns64 $modulestring"
+  fi
+
+
+  {
+    # Print final module string
+    echo "  module-config: \"$modulestring\""
+    echo
+  }  >> $UNBOUND_CONFFILE
+
+
  if [ "$UNBOUND_B_QUERY_MIN" -gt 0 ] ; then
    # Minor improvement on query privacy
    echo "  qname-minimisation: yes" >> $UNBOUND_CONFFILE
@@ -426,7 +439,8 @@ unbound_uci() {
  ####################
  # UCI @ unbound    #
  ####################
-
+  
+  config_get_bool UNBOUND_B_DNS64     "$cfg" dns64 0
  config_get_bool UNBOUND_B_GATE_NAME "$cfg" dnsmsaq_gate_name 0
  config_get_bool UNBOUND_B_DNSMASQ   "$cfg" dnsmasq_link_dns 0
  config_get_bool UNBOUND_B_LOCL_NAME "$cfg" dnsmasq_only_local 0
@@ -439,6 +453,7 @@ unbound_uci() {
  config_get_bool UNBOUND_B_DNSSEC    "$cfg" validator  0
  config_get_bool UNBOUND_B_NTP_BOOT  "$cfg" validator_ntp 1

+  config_get UNBOUND_IP_DNS64    "$cfg" dns64_prefix "64:ff9b::/96"
  config_get UNBOUND_N_EDNS_SIZE "$cfg" edns_size 1280
  config_get UNBOUND_N_RX_PORT   "$cfg" listen_port 53
  config_get UNBOUND_D_RECURSION "$cfg" recursion passive