From 3ec3329dffe9e045c37b1b3d048947bb59cd6fa6 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue, 16 Jul 2019 11:14:41 +0200
Subject: [PATCH] unbound: rework dns-forwader handling

add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.

This also fix the hung at dhcpd shutdown.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 config/rootfiles/common/aarch64/initscripts   |  2 +-
 config/rootfiles/common/armv5tel/initscripts  |  2 +-
 config/rootfiles/common/i586/initscripts      |  2 +-
 config/rootfiles/common/x86_64/initscripts    |  2 +-
 config/rootfiles/core/135/filelists/files     |  1 +
 config/rootfiles/core/135/update.sh           |  1 +
 .../red.down/05-remove-dns-forwarders         |  4 ++
 .../red.down/05-update-dns-forwarders         |  4 --
 src/initscripts/system/unbound                | 44 +++++++++++++++++--
 9 files changed, 51 insertions(+), 11 deletions(-)
 create mode 100644 src/initscripts/networking/red.down/05-remove-dns-forwarders
 delete mode 100644 src/initscripts/networking/red.down/05-update-dns-forwarders

diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index b731a70c1..260a961fe 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index b731a70c1..260a961fe 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index df4f859f1..88ec789bc 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -49,7 +49,7 @@ etc/rc.d/init.d/networking/red.down/10-static-routes
 etc/rc.d/init.d/networking/red.down/20-firewall
 #etc/rc.d/init.d/networking/red.up
 etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
-etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.up/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index df4f859f1..d74fb743b 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
diff --git a/config/rootfiles/core/135/filelists/files b/config/rootfiles/core/135/filelists/files
index 3d868d324..d8df9f65b 100644
--- a/config/rootfiles/core/135/filelists/files
+++ b/config/rootfiles/core/135/filelists/files
@@ -6,6 +6,7 @@ etc/unbound/root.hints
 etc/rc.d/helper/azure-setup
 etc/rc.d/init.d/cloud-init
 etc/rc.d/init.d/functions
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/partresize
 etc/rc.d/init.d/unbound
 etc/sysctl.conf
diff --git a/config/rootfiles/core/135/update.sh b/config/rootfiles/core/135/update.sh
index 56854d2c9..55f72fc4e 100644
--- a/config/rootfiles/core/135/update.sh
+++ b/config/rootfiles/core/135/update.sh
@@ -35,6 +35,7 @@ done
 rm -vf \
 	/etc/rc.d/init.d/aws \
 	/etc/rc.d/rcsysinit.d/S74aws
+	/etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
 
 # Stop services
 /etc/init.d/squid stop
diff --git a/src/initscripts/networking/red.down/05-remove-dns-forwarders b/src/initscripts/networking/red.down/05-remove-dns-forwarders
new file mode 100644
index 000000000..671cca9df
--- /dev/null
+++ b/src/initscripts/networking/red.down/05-remove-dns-forwarders
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Remove DNS forwarders for unbound
+exec /etc/init.d/unbound remove-forwarders
diff --git a/src/initscripts/networking/red.down/05-update-dns-forwarders b/src/initscripts/networking/red.down/05-update-dns-forwarders
deleted file mode 100644
index 7f35696f5..000000000
--- a/src/initscripts/networking/red.down/05-update-dns-forwarders
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# Update DNS forwarders for unbound
-exec /etc/init.d/unbound update-forwarders
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 5d3c5062f..dbcfc951f 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -41,6 +41,22 @@ read_name_servers() {
 	done 2>/dev/null | xargs echo
 }
 
+check_red_has_carrier_and_ip() {
+	# Interface configured ?
+	[ ! -e "/var/ipfire/red/iface" ] && return 0;
+
+	# Interface present ?
+	[ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0;
+
+	# has carrier ?
+	[ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0;
+
+	# has ip ?
+	[ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0;
+
+	return 1;
+}
+
 config_header() {
 	echo "# This file is automatically generated and any changes"
 	echo "# will be overwritten. DO NOT EDIT!"
@@ -48,7 +64,8 @@ config_header() {
 }
 
 update_forwarders() {
-	if [ "${USE_FORWARDERS}" = "1" -a -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
+	check_red_has_carrier_and_ip
+	if [ "${USE_FORWARDERS}" = "1" -a "${?}" = "1" ]; then
 		local forwarders
 		local broken_forwarders
 
@@ -131,6 +148,13 @@ update_forwarders() {
 	unbound-control -q forward off
 }
 
+remove_forwarders() {
+	enable_dnssec
+	echo "local recursor" > /var/ipfire/red/dns
+	unbound-control -q forward off
+
+}
+
 own_hostname() {
 	local hostname=$(hostname -f)
 	# 1.1.1.1 is reserved for unused green, skip this
@@ -473,7 +497,8 @@ disable_dnssec() {
 fix_time_if_dns_fail() {
 	# If DNS still not work try to init ntp with
 	# hardcoded ntp.ipfire.org (81.3.27.46)
-	if [ -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
+	check_red_has_carrier_and_ip
+	if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then
 		host 0.ipfire.pool.ntp.org > /dev/null 2>&1
 		if [ "${?}" != "0" ]; then
 			boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
@@ -807,6 +832,19 @@ case "$1" in
 		fix_time_if_dns_fail
 		;;
 
+	remove-forwarders)
+		# Do not try updating forwarders when unbound is not running
+		if ! pgrep unbound &>/dev/null; then
+			exit 0
+		fi
+
+		remove_forwarders
+
+		unbound-control flush_negative > /dev/null
+		unbound-control flush_bogus > /dev/null
+		;;
+
+
 	test-name-server)
 		ns=${2}
 
@@ -848,7 +886,7 @@ case "$1" in
 		;;
 
 	*)
-		echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}"
+		echo "Usage: $0 {start|stop|restart|status|update-forwarders|remove-forwarders|test-name-server|resolve}"
 		exit 1
 		;;
 esac