unbound: rework dns-forwader handling

add check if red interface has an IPv4 address before test the servers at red up and simply remove forwarders at down process. This also fix the hung at dhcpd shutdown. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2026-04-27 03:07:43 +02:00 · 2019-07-16 11:14:41 +02:00
parent 4a46575628
commit 3ec3329dff
9 changed files with 51 additions and 11 deletions
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -49,7 +49,7 @@ etc/rc.d/init.d/networking/red.down/10-static-routes
 etc/rc.d/init.d/networking/red.down/20-firewall
 #etc/rc.d/init.d/networking/red.up
 etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
-etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.up/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green
 etc/rc.d/init.d/networking/orange
 etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
+etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
--- a/config/rootfiles/core/135/filelists/files
+++ b/config/rootfiles/core/135/filelists/files
@@ -6,6 +6,7 @@ etc/unbound/root.hints
 etc/rc.d/helper/azure-setup
 etc/rc.d/init.d/cloud-init
 etc/rc.d/init.d/functions
 etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/partresize
 etc/rc.d/init.d/unbound
 etc/sysctl.conf
--- a/config/rootfiles/core/135/update.sh
+++ b/config/rootfiles/core/135/update.sh
@@ -35,6 +35,7 @@ done
 rm -vf \
 	/etc/rc.d/init.d/aws \
 	/etc/rc.d/rcsysinit.d/S74aws
 	/etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
 # Stop services
 /etc/init.d/squid stop
--- a/src/initscripts/networking/red.down/05-remove-dns-forwarders
+++ b/src/initscripts/networking/red.down/05-remove-dns-forwarders
@@ -0,0 +1,4 @@
 #!/bin/bash
 # Remove DNS forwarders for unbound
 exec /etc/init.d/unbound remove-forwarders
--- a/src/initscripts/networking/red.down/05-update-dns-forwarders
+++ b/src/initscripts/networking/red.down/05-update-dns-forwarders
@@ -1,4 +0,0 @@
 #!/bin/bash
 # Update DNS forwarders for unbound
 exec /etc/init.d/unbound update-forwarders
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -41,6 +41,22 @@ read_name_servers() {
 	done 2>/dev/null | xargs echo
 }
 check_red_has_carrier_and_ip() {
 	# Interface configured ?
 	[ ! -e "/var/ipfire/red/iface" ] && return 0;
 	# Interface present ?
 	[ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0;
 	# has carrier ?
 	[ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0;
 	# has ip ?
 	[ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0;
 	return 1;
 }
 config_header() {
 	echo "# This file is automatically generated and any changes"
 	echo "# will be overwritten. DO NOT EDIT!"
@@ -48,7 +64,8 @@ config_header() {
 }
 update_forwarders() {
-	if [ "${USE_FORWARDERS}" = "1" -a -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
+	check_red_has_carrier_and_ip
 	if [ "${USE_FORWARDERS}" = "1" -a "${?}" = "1" ]; then
 		local forwarders
 		local broken_forwarders
@@ -131,6 +148,13 @@ update_forwarders() {
 	unbound-control -q forward off
 }
 remove_forwarders() {
 	enable_dnssec
 	echo "local recursor" > /var/ipfire/red/dns
 	unbound-control -q forward off
 }
 own_hostname() {
 	local hostname=$(hostname -f)
 	# 1.1.1.1 is reserved for unused green, skip this
@@ -473,7 +497,8 @@ disable_dnssec() {
 fix_time_if_dns_fail() {
 	# If DNS still not work try to init ntp with
 	# hardcoded ntp.ipfire.org (81.3.27.46)
-	if [ -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then
+	check_red_has_carrier_and_ip
 	if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then
 		host 0.ipfire.pool.ntp.org > /dev/null 2>&1
 		if [ "${?}" != "0" ]; then
 			boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
@@ -807,6 +832,19 @@ case "$1" in
 		fix_time_if_dns_fail
 		;;
 	remove-forwarders)
 		# Do not try updating forwarders when unbound is not running
 		if ! pgrep unbound &>/dev/null; then
 			exit 0
 		fi
 		remove_forwarders
 		unbound-control flush_negative > /dev/null
 		unbound-control flush_bogus > /dev/null
 		;;
 	test-name-server)
 		ns=${2}
@@ -848,7 +886,7 @@ case "$1" in
 		;;
 	*)
-		echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}"
+		echo "Usage: $0 {start|stop|restart|status|update-forwarders|remove-forwarders|test-name-server|resolve}"
 		exit 1
 		;;
 esac