webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

unbound: rework dns-forwader handling

Browse Source 
add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.

This also fix the hung at dhcpd shutdown.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Arne Fitzenreiter
2019-07-16 11:14:41 +02:00
parent 4a46575628
commit 3ec3329dff
9 changed files with 51 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/rootfiles/common/aarch64/initscripts
View File

@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
etc/rc.d/init.d/networking/orange
etc/rc.d/init.d/networking/red
#etc/rc.d/init.d/networking/red.down
etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
etc/rc.d/init.d/networking/red.down/10-ipsec
etc/rc.d/init.d/networking/red.down/10-miniupnpd
etc/rc.d/init.d/networking/red.down/10-ovpn

2
config/rootfiles/common/armv5tel/initscripts
View File

@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
etc/rc.d/init.d/networking/orange
etc/rc.d/init.d/networking/red
#etc/rc.d/init.d/networking/red.down
etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
etc/rc.d/init.d/networking/red.down/10-ipsec
etc/rc.d/init.d/networking/red.down/10-miniupnpd
etc/rc.d/init.d/networking/red.down/10-ovpn

2
config/rootfiles/common/i586/initscripts
View File

@@ -49,7 +49,7 @@ etc/rc.d/init.d/networking/red.down/10-static-routes
etc/rc.d/init.d/networking/red.down/20-firewall
#etc/rc.d/init.d/networking/red.up
etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.up/05-remove-dns-forwarders
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes

2
config/rootfiles/common/x86_64/initscripts
View File

@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
etc/rc.d/init.d/networking/orange
etc/rc.d/init.d/networking/red
#etc/rc.d/init.d/networking/red.down
etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
etc/rc.d/init.d/networking/red.down/10-ipsec
etc/rc.d/init.d/networking/red.down/10-miniupnpd
etc/rc.d/init.d/networking/red.down/10-ovpn

1
config/rootfiles/core/135/filelists/files
View File

@@ -6,6 +6,7 @@ etc/unbound/root.hints
etc/rc.d/helper/azure-setup
etc/rc.d/init.d/cloud-init
etc/rc.d/init.d/functions
etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
etc/rc.d/init.d/partresize
etc/rc.d/init.d/unbound
etc/sysctl.conf

1
config/rootfiles/core/135/update.sh
View File

@@ -35,6 +35,7 @@ done
rm -vf \
/etc/rc.d/init.d/aws \
/etc/rc.d/rcsysinit.d/S74aws
/etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
# Stop services
/etc/init.d/squid stop

4
src/initscripts/networking/red.down/05-remove-dns-forwarders Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
# Remove DNS forwarders for unbound
exec /etc/init.d/unbound remove-forwarders

4
src/initscripts/networking/red.down/05-update-dns-forwarders
View File

@@ -1,4 +0,0 @@
#!/bin/bash
# Update DNS forwarders for unbound
exec /etc/init.d/unbound update-forwarders

44
src/initscripts/system/unbound
View File

@@ -41,6 +41,22 @@ read_name_servers() {
done 2>/dev/null | xargs echo
}
check_red_has_carrier_and_ip() {
# Interface configured ?
[ ! -e "/var/ipfire/red/iface" ] && return 0;
# Interface present ?
[ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0;
# has carrier ?
[ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0;
# has ip ?
[ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0;
return 1;
}
config_header() {
echo "# This file is automatically generated and any changes"
echo "# will be overwritten. DO NOT EDIT!"
@@ -48,7 +64,8 @@ config_header() {
}
update_forwarders() {
if [ "${USE_FORWARDERS}" = "1" -a -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
check_red_has_carrier_and_ip
if [ "${USE_FORWARDERS}" = "1" -a "${?}" = "1" ]; then
local forwarders
local broken_forwarders
@@ -131,6 +148,13 @@ update_forwarders() {
unbound-control -q forward off
}
remove_forwarders() {
enable_dnssec
echo "local recursor" > /var/ipfire/red/dns
unbound-control -q forward off
}
own_hostname() {
local hostname=$(hostname -f)
# 1.1.1.1 is reserved for unused green, skip this
@@ -473,7 +497,8 @@ disable_dnssec() {
fix_time_if_dns_fail() {
# If DNS still not work try to init ntp with
# hardcoded ntp.ipfire.org (81.3.27.46)
if [ -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
check_red_has_carrier_and_ip
if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then
host 0.ipfire.pool.ntp.org > /dev/null 2>&1
if [ "${?}" != "0" ]; then
boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
@@ -807,6 +832,19 @@ case "$1" in
fix_time_if_dns_fail
;;
remove-forwarders)
# Do not try updating forwarders when unbound is not running
if ! pgrep unbound &>/dev/null; then
exit 0
fi
remove_forwarders
unbound-control flush_negative > /dev/null
unbound-control flush_bogus > /dev/null
;;
test-name-server)
ns=${2}
@@ -848,7 +886,7 @@ case "$1" in
;;
*)
echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}"
echo "Usage: $0 {start|stop|restart|status|update-forwarders|remove-forwarders|test-name-server|resolve}"
exit 1
;;
esac