From f75c279b97552118ee06ae660230465d0a469bc8 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 3 Oct 2016 17:53:13 +0200 Subject: [PATCH 1/3] unbound: fix reverse lockup of webif defined hosts and make the own host resolveable. Signed-off-by: Arne Fitzenreiter --- src/initscripts/init.d/unbound | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/initscripts/init.d/unbound b/src/initscripts/init.d/unbound index dd5c85c7b..d324457d1 100644 --- a/src/initscripts/init.d/unbound +++ b/src/initscripts/init.d/unbound @@ -44,6 +44,15 @@ function cidr() { echo "${cidr}/${nbits}" } +ip_address_revptr() { + local addr=${1} + + local a1 a2 a3 a4 + IFS=. read -r a1 a2 a3 a4 <<< ${addr} + + echo "${a4}.${a3}.${a2}.${a1}.in-addr.arpa" +} + read_name_servers() { local i for i in 1 2; do @@ -101,6 +110,23 @@ update_forwarders() { unbound-control -q forward off } +own_hostname() { + local hostname=$(hostname -f) + # 1.1.1.1 is reserved for green only, skip this + if [ -n "${GREEN_ADDRESS}" -a "${GREEN_ADDRESS}" != "1.1.1.1" ]; then + unbound-control -q local_data "${hostname} ${LOCAL_TTL} IN A ${GREEN_ADDRESS}" + fi + + local address + for address in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do + [ -n "${address}" ] || continue + [ "${address}" = "1.1.1.1" ] && continue + + address=$(ip_address_revptr ${address}) + unbound-control -q local_data "${address} ${LOCAL_TTL} IN PTR ${hostname}" + done +} + update_hosts() { local enabled address hostname domainname @@ -111,6 +137,10 @@ update_hosts() { local fqdn="${hostname}.${domainname}" unbound-control -q local_data "${fqdn} ${LOCAL_TTL} IN A ${address}" + + # Add RDNS + address=$(ip_address_revptr ${address}) + unbound-control -q local_data "${address} ${LOCAL_TTL} IN PTR ${fqdn}" done < /var/ipfire/main/hosts } @@ -307,6 +337,9 @@ case "$1" in boot_mesg "Starting Unbound DNS Proxy..." loadproc /usr/sbin/unbound || exit $? + # Make own hostname resolveable + own_hostname + # Update any known forwarding name servers update_forwarders From a48a2034f5320baf32c10ec877d0c3c53cf4c699 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 4 Oct 2016 19:24:26 +0200 Subject: [PATCH 2/3] unbound: fix update forwarders if unbound was not running psgrep has no "-q" switch so i use pidof. Signed-off-by: Arne Fitzenreiter --- .../networking/red.up/05-update-dns-forwarders | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/initscripts/init.d/networking/red.up/05-update-dns-forwarders b/src/initscripts/init.d/networking/red.up/05-update-dns-forwarders index be8879ca9..4ff2e58ef 100644 --- a/src/initscripts/init.d/networking/red.up/05-update-dns-forwarders +++ b/src/initscripts/init.d/networking/red.up/05-update-dns-forwarders @@ -3,10 +3,11 @@ # If network has not fully been brought up here, we start unbound # so that all following scripts can rely on DNS resolution -# Update DNS forwarders if unbound is running -if pgrep -q unbound; then - exec /etc/init.d/unbound update-forwarders +pidof unbound > /dev/null +if [ "${?}" = "0" ]; then + # unbound is run so update the forwarders + /etc/init.d/unbound update-forwarders +else + # Start unbound if it is not running, yet + /etc/init.d/unbound start fi - -# Start unbound if it is not running, yet -exec /etc/init.d/unbound start From e3a90a5736be84bd4292a05c006802aa26ffcc0d Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 4 Oct 2016 22:05:26 +0200 Subject: [PATCH 3/3] Revert "core106: Add DNS root key to exclude list" This reverts commit f58002a83f279246cdd58bfb5e9dfbf9d5aa99c7. --- config/rootfiles/core/106/exclude | 1 - 1 file changed, 1 deletion(-) diff --git a/config/rootfiles/core/106/exclude b/config/rootfiles/core/106/exclude index 1d8d74e21..7ddeae0ba 100644 --- a/config/rootfiles/core/106/exclude +++ b/config/rootfiles/core/106/exclude @@ -23,7 +23,6 @@ var/ipfire/dma var/ipfire/time var/ipfire/ovpn var/lib/alternatives -var/lib/unbound/root.key var/log/cache var/state/dhcp/dhcpd.leases var/updatecache