diff options
-rw-r--r-- | config/unbound/unbound.inc | 138 | ||||
-rw-r--r-- | config/unbound/unbound_acls.php | 8 | ||||
-rwxr-xr-x | config/unbound/unbound_monitor.sh | 38 | ||||
-rw-r--r-- | config/unbound/unbound_status.php | 54 |
4 files changed, 119 insertions, 119 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index 6588c5c2..e879248a 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -40,7 +40,7 @@ function unbound_initial_setup() { // Make sure read-write conf_mount_rw(); - + if (!is_array($config['installedpackages']['unbound']['config'])) $config['installedpackages']['unbound']['config'] = array(); @@ -64,10 +64,10 @@ function unbound_initial_setup() { // We do not need the sample conf or the default rc.d startup file @unlink_if_exists("/usr/local/etc/unbound/unbound.conf.sample"); @unlink_if_exists("/usr/local/etc/rc.d/unbound"); - + // Setup rc file for startup and shutdown. unbound_rc_setup(); - + /* Check to see if Set initial interfaces that are allowed to query to lan, if that does not exist set it to the wan * */ @@ -77,7 +77,7 @@ function unbound_initial_setup() { else $unbound_config['active_interface'] = "wan"; } - + unbound_anchor_setup(); unbound_resync_config(); unbound_keys_setup(); @@ -86,23 +86,23 @@ function unbound_initial_setup() { // Write out the XML config write_config(); - + // Back to read-only conf_mount_ro(); } function unbound_anchor_setup() { - + $conf = <<<EOD . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 EOD; file_put_contents("/usr/local/etc/unbound/root-trust-anchor", $conf); - + } function unbound_keys_setup() { - + // Generate SSL Keys for controlling the unbound server mwexec("/usr/local/sbin/unbound-control-setup"); @@ -148,25 +148,25 @@ ENDPHP\n"; } function unbound_install() { - + conf_mount_rw(); unbound_initial_setup(); conf_mount_ro(); - + } function unbound_control($action) { global $config, $g; - + $unbound_config = $config['installedpackages']['unbound']['config'][0]; $cache_dumpfile = "/var/tmp/unbound_cache"; - + switch ($action) { case "forward": /* Dont utilize forward cmd if Unbound is doing DNS queries directly * XXX: We could make this an option to then make pfSense use Unbound * as the recursive nameserver instead of upstream ones(?) - */ + */ if ($unbound_config['forwarding_mode'] == "on") { // Get configured DNS servers and add them as forwarders if (!isset($config['system']['dnsallowoverride'])) { @@ -182,7 +182,7 @@ function unbound_control($action) { $dns_servers .= " $nameserver"; } } - + if(is_service_running("unbound")) { unbound_ctl_exec("forward $dns_servers"); } else { @@ -192,7 +192,7 @@ function unbound_control($action) { } } break; - + case "start": //Start unbound if($unbound_config['unbound_status'] == "on") { @@ -206,25 +206,25 @@ function unbound_control($action) { fetch_root_hints(); } break; - + case "stop": //Stop unbound and unmount the file system if($unbound_config['unbound_status'] == "on") { - unbound_ctl_exec("stop"); + unbound_ctl_exec("stop"); } break; - + case "termstop": //Stop Unbound by sigkillbypid(); sigkillbypid("{$g['varrun_path']}/unbound.pid", "TERM"); break; - + case "dump_cache": //Dump Unbound's Cache if($unbound_config['dumpcache'] == "on") unbound_ctl_exec("dump_cache > $cache_dumpfile"); break; - + case "restore_cache": //Restore Unbound's Cache if ((is_service_running("unbound")) && ($unbound_config['dumpcache'] == "on")) { @@ -238,9 +238,9 @@ function unbound_control($action) { break; default: break; - + } - + } function unbound_get_network_interface_addresses() { @@ -251,7 +251,7 @@ function unbound_get_network_interface_addresses() { $unboundint = explode(",", $unbound_config['active_interface']); $unbound_interfaces = array(); $i = 0; - + foreach ($unboundint as $unboundidx => $unboundif) { /* Configure IPv4 addresses */ if (is_ipaddr($interfaces[$unboundif]['ipaddr'])) { @@ -283,7 +283,7 @@ function unbound_get_network_interface_addresses() { $unbound_interfaces[$i]['ipv4']['subnet'] = find_interface_subnet($unboundrealif); $unbound_interfaces[$i]['ipv4']['network'] = gen_subnet($unbound_interfaces[$i]['ipv4']['ipaddr'],$unbound_interfaces[$i]['ipv4']['subnet']); } - + /* Configure IPv6 addresses */ if(function_exists("is_ipaddrv6")) { if(is_ipaddrv6($interfaces[$unboundif]['ipaddrv6'])) { @@ -370,7 +370,7 @@ function unbound_get_query_interface_addresses() { function unbound_acls_config() { global $config; - + /* Configure the ACLs */ if(is_array($config['installedpackages']['unboundacls']['config'])) { $unbound_acls = $config['installedpackages']['unboundacls']['config']; @@ -381,7 +381,7 @@ function unbound_acls_config() { if ($unbound_acl['aclaction'] == "allow snoop") $unbound_acl['aclaction'] = "allow_snoop"; $unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n"; - } + } } return $unboundcfg; } else @@ -390,12 +390,12 @@ function unbound_acls_config() { function unbound_resync_config() { global $config, $g, $input_errors; - + if (!is_array($config['installedpackages']['unbound']['config'])) $config['installedpackages']['unbound']['config'] = array(); $unbound_config = &$config['installedpackages']['unbound']['config'][0]; - + // Interfaces to bind to and setup acls for nics $unbound_bind_interfaces = ""; $unbound_allowed_networks = ""; @@ -420,19 +420,19 @@ function unbound_resync_config() { /* Configure user configured ACLs */ $unbound_allowed_networks .= unbound_acls_config(); - + if($unbound_config['dnssec_status'] == "on") { $module_config = "validator iterator"; $anchor_file = "auto-trust-anchor-file: /usr/local/etc/unbound/root-trust-anchor"; } else $module_config = "iterator"; - + // Host entries $host_entries = unbound_add_host_entries(); - + // Domain Overrides $domain_overrides = unbound_add_domain_overrides(); - + // Unbound Statistics if($unbound_config['stats'] == "on") { $stats_interval = $unbound_config['stats_interval']; @@ -440,13 +440,13 @@ function unbound_resync_config() { if ($unbound_config['extended_stats'] == "on") $extended_stats = "yes"; else - $extended_stats = "no"; + $extended_stats = "no"; } else { $stats_interval = "0"; $cumulative_stats = "no"; $extended_stats = "no"; } - + // Private-address support for DNS Rebinding if($unbound_config['private_address'] == "on") { $pvt_addr = <<<EOF @@ -467,7 +467,7 @@ EOF; //Setup optimization $optimization = unbound_optimization(); - + $unbound_config = &$config['installedpackages']['unboundadvanced']['config'][0]; // Setup Advanced options $log_verbosity = (isset($unbound_config['unbound_verbosity'])) ? $unbound_config['unbound_verbosity'] : "1"; @@ -488,8 +488,8 @@ EOF; $infra_lame_ttl = (!empty($unbound_config['infra_lame_ttl'])) ? $unbound_config['infra_lame_ttl'] : "900"; $infra_cache_numhosts = (!empty($unbound_config['infra_cache_numhosts'])) ? $unbound_config['infra_cache_numhosts'] : "10000"; $unwanted_reply_threshold = (!empty($unbound_config['unwanted_reply_threshold'])) ? $unbound_config['unwanted_reply_threshold'] : "0"; - - + + $unbound_conf = <<<EOD ######################### @@ -591,13 +591,13 @@ EOD; file_put_contents("/usr/local/etc/unbound/unbound.conf", $unbound_conf); - + } function unbound_ctl_exec($cmd) { - + mwexec("/usr/local/sbin/unbound-control $cmd"); - + } @@ -609,7 +609,7 @@ function unbound_optimization() { $unbound_config = $config['installedpackages']['unboundadvanced']['config'][0]; $optimization_settings = array(); - + // Set the number of threads equal to number of CPUs. // Use 1 (disable threading) if for some reason this sysctl fails. $numprocs = intval(trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d" " -f2`)); @@ -617,7 +617,7 @@ function unbound_optimization() { $optimization['number_threads'] = "num-threads: {$numprocs}"; else $optimization['number_threads'] = "num-threads: 1"; - + // Slabs to help reduce lock contention. if ($numprocs > 4) { $optimization['msg_cache_slabs'] = "msg-cache-slabs: {$numprocs}"; @@ -630,7 +630,7 @@ function unbound_optimization() { $optimization['infra_cache_slabs'] = "infra-cache-slabs: 4"; $optimization['key_cache_slabs'] = "key-cache-slabs: 4"; } - + // Memory usage - default is 4Mb if nothing has been selected if(isset($unbound_config['msg_cache_size'])) { $rr = $unbound_config['msg_cache_size']*2; @@ -640,7 +640,7 @@ function unbound_optimization() { $optimization['msg_cache_size'] = "msg-cache-size: 4m"; $optimization['rrset_cache_size'] = "rrset-cache-size: 8m"; } - + // More outgoing connections per thread otherwise assign a default of 4096 for a single thread if($numprocs > 0) { $or = (1024/$numprocs) - 50; @@ -659,7 +659,7 @@ function unbound_optimization() { $optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m"; else unset($optimization['so_rcvbuf']); - + } } // Safety check in case kern.ipc.maxsockbuf is deleted. @@ -676,7 +676,7 @@ function fetch_root_hints() { conf_mount_rw(); $fout = fopen($destination_file, "w"); $url = "ftp://ftp.internic.net/domain/named.cache"; - + $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1); @@ -688,7 +688,7 @@ function fetch_root_hints() { fwrite($fout, $data); fclose($fout); conf_mount_ro(); - + return ($http_code == 200) ? true : $http_code; } else { return false; @@ -700,18 +700,18 @@ function unbound_validate($post, $type=null) { if($post['unbound_status'] == "on" && isset($config['dnsmasq']['enable'])) $input_errors[] = "The system dns-forwarder is still active. Disable it before enabling the Unbound service."; - + /* Validate the access lists */ if($type == "acl") { $acls = $post; // Check to ensure values entered is an action that is in the list if ($acls['aclaction'] != 'refuse' && $acls['aclaction'] != 'allow' && $acls['aclaction'] != 'allow_snoop' && $acls['aclaction'] != 'deny') $input_errors[] = "{$acls['aclaction']} is not a valid ACL Action. Please select one of the four actions defined in the list."; - + // Make sure there is at least 1 network defined. - if (!isset($acls['acl_network0'])) + if (!isset($acls['acl_network0'])) $input_errors[] = "You need to specify at least one network to create a valid ACL."; - + $count = 0; // Get number of rows added, should be passed by the form - will look into that later for($i=0; $i<99; $i++) { @@ -719,7 +719,7 @@ function unbound_validate($post, $type=null) { // Check to ensure values entered are networks if(!is_ipaddr($acls['acl_network'.$i]) && !is_subnet($acls['mask'.$i])) $input_errors[] = "{$acls['acl_network'.$i]}/{$acls['mask'.$i]} is not a valid network."; - } + } } } else if($type == "advanced") { if(!is_numeric($post['cache_max_ttl'])) @@ -732,7 +732,7 @@ function unbound_validate($post, $type=null) { $input_errors[] = "You must enter a valid number in 'TTL for lame delegation'."; if(!is_numeric($post['infra_cache_numhosts'])) $input_errors[] = "You must enter a valid number in 'Number of Hosts to cache'."; - + } else if($type == "basic") { /* Validate settings */ if($post['active_interface'] == "") @@ -742,9 +742,9 @@ function unbound_validate($post, $type=null) { function unbound_reconfigure() { global $config; - + $unbound_config = $config['installedpackages']['unbound']['config'][0]; - + if ($unbound_config['unbound_status'] != "on") { if(is_service_running("unbound")) unbound_control("termstop"); @@ -759,7 +759,7 @@ function unbound_reconfigure() { unbound_control("forward"); unbound_control("restore_cache"); } - } + } } function unbound_uninstall() { @@ -774,15 +774,15 @@ function unbound_uninstall() { @unlink("{$g['varlog_path']}/unbound.log"); @unlink("/var/tmp/unbound_cache"); - conf_mount_ro(); + conf_mount_ro(); } function read_hosts() { - + // Open /etc/hosts and extract the only dhcpleases info $etc_hosts = array(); - foreach (file('/etc/hosts') as $line) { + foreach (file('/etc/hosts') as $line) { $d = preg_split('/\s/', $line, -1, PREG_SPLIT_NO_EMPTY); if (empty($d) || substr(reset($d), 0, 1) == "#") continue; @@ -806,12 +806,12 @@ function read_hosts() { */ function unbound_add_host_entries() { global $config; - + /* XXX: break this out into a separate config file and make use of include */ $unboundcfg = $config['installedpackages']['unbound']['config'][0]; $syscfg = $config['system']; $dnsmasqcfg = $config['dnsmasq']; - + $unbound_entries = "local-zone: \"{$syscfg['domain']}\" transparent\n"; // IPv4 entries $unbound_entries .= "local-data-ptr: \"127.0.0.1 localhost\"\n"; @@ -823,7 +823,7 @@ function unbound_add_host_entries() { $unbound_entries .= "local-data: \"localhost AAAA ::1\"\n"; $unbound_entries .= "local-data: \"localhost.{$syscfg['domain']} AAAA ::1\"\n"; } - + if ($config['interfaces']['lan']) { $cfgip = get_interface_ip("lan"); if (is_ipaddr($cfgip)) { @@ -866,12 +866,12 @@ function unbound_add_host_entries() { $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN A {$host['ip']}\"\n"; if (!empty($host['descr']) && $unboundcfg['txtsupport'] == 'on') $host_entries .= "local-data: '{$host['host']}{$host['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; - + // Do not add duplicate entries $added_item[$current_host] = true; } } - $unbound_entries .= $host_entries; + $unbound_entries .= $host_entries; } // Static DHCP entries $host_entries = ""; @@ -886,7 +886,7 @@ function unbound_add_host_entries() { $host_entries .= "local-data: '{$host['hostname']}.{$syscfg['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; } $unbound_entries .= $host_entries; - } + } // Handle DHCPLeases added host entries $dhcplcfg = read_hosts(); @@ -915,7 +915,7 @@ function unbound_add_domain_overrides($pvt=false) { // Domain overrides that have multiple entries need multiple stub-addr: added $sorted_domains = msort($domains, "domain"); - $result = array(); + $result = array(); foreach($sorted_domains as $domain) { $domain_key = current($domain); if(!isset($result[$domain_key])) { @@ -923,7 +923,7 @@ function unbound_add_domain_overrides($pvt=false) { } $result[$domain_key][] = $domain['ip']; } - + $domain_entries = ""; foreach($result as $domain=>$ips) { if($pvt == true) { @@ -939,7 +939,7 @@ function unbound_add_domain_overrides($pvt=false) { } } return $domain_entries; - } + } } function unbound_acl_id_used($id) { @@ -962,4 +962,4 @@ function unbound_get_next_id() { return $aclid; } -?>
\ No newline at end of file +?> diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php index a7c3ea9e..5ba69869 100644 --- a/config/unbound/unbound_acls.php +++ b/config/unbound/unbound_acls.php @@ -95,7 +95,7 @@ if ($_POST) { $input_errors[] = gettext("You must enter a valid IPv4 address for {$networkacl[$x]['acl_network']}."); } } - + if (!$input_errors) { if ($pconfig['Submit'] == gettext("Save")) { @@ -173,7 +173,7 @@ if (is_subsystem_dirty("unbound")) print_info_box_np(gettext("The settings for Unbound DNS has changed. You must apply the configuration to take affect.")); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> + <tr> <td class="tabnavtbl"> <ul id="tabnav"> <?php @@ -186,7 +186,7 @@ if (is_subsystem_dirty("unbound")) ?> </ul> </td> - </tr> + </tr> <tr> <td class="tabcont"> @@ -375,4 +375,4 @@ if (is_subsystem_dirty("unbound")) </tr> </table> </body> -<?php include("fend.inc"); ?>
\ No newline at end of file +<?php include("fend.inc"); ?> diff --git a/config/unbound/unbound_monitor.sh b/config/unbound/unbound_monitor.sh index 152a308e..23939311 100755 --- a/config/unbound/unbound_monitor.sh +++ b/config/unbound/unbound_monitor.sh @@ -39,25 +39,25 @@ fi sleep 5 while [ /bin/true ]; do - if [ ! -f /var/run/unbound_alarm ]; then - NUM_PROCS=`/bin/pgrep unbound | wc -l | awk '{print $1}'` - if [ $NUM_PROCS -lt 1 ]; then - # Unbound is not running - echo "Unbound has exited." | logger -p daemon.info -i -t Unbound_Alarm - echo "Attempting restart..." | logger -p daemon.info -i -t Unbound_Alarm - /usr/local/etc/rc.d/unbound.sh start - sleep 3 - touch /var/run/unbound_alarm - fi - fi - NUM_PROCS=`/bin/pgrep unbound | wc -l | awk '{print $1}'` - if [ $NUM_PROCS -gt 0 ]; then - if [ -f /var/run/unbound_alarm ]; then - echo "Unbound has resumed." | logger -p daemon.info -i -t Unbound_Alarm - rm /var/run/unbound_alarm - fi - fi - sleep $LOOP_SLEEP + if [ ! -f /var/run/unbound_alarm ]; then + NUM_PROCS=`/bin/pgrep unbound | wc -l | awk '{print $1}'` + if [ $NUM_PROCS -lt 1 ]; then + # Unbound is not running + echo "Unbound has exited." | logger -p daemon.info -i -t Unbound_Alarm + echo "Attempting restart..." | logger -p daemon.info -i -t Unbound_Alarm + /usr/local/etc/rc.d/unbound.sh start + sleep 3 + touch /var/run/unbound_alarm + fi + fi + NUM_PROCS=`/bin/pgrep unbound | wc -l | awk '{print $1}'` + if [ $NUM_PROCS -gt 0 ]; then + if [ -f /var/run/unbound_alarm ]; then + echo "Unbound has resumed." | logger -p daemon.info -i -t Unbound_Alarm + rm /var/run/unbound_alarm + fi + fi + sleep $LOOP_SLEEP done if [ -f /var/run/unbound_alarm ]; then diff --git a/config/unbound/unbound_status.php b/config/unbound/unbound_status.php index d011b109..0a1eae13 100644 --- a/config/unbound/unbound_status.php +++ b/config/unbound/unbound_status.php @@ -40,11 +40,11 @@ $pgtitle = "Services: Unbound DNS Forwarder: Status"; include("head.inc"); function doCmdT($title, $command, $rows) { - echo "<p>\n"; - echo "<a name=\"" . $title . "\">\n"; - echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"; - echo "<tr><td class=\"listtopic\">" . $title . "</td></tr>\n"; - echo "<tr><td class=\"listlr\"><textarea style=\"font-family:courier\"cols=\"101\" rows=\"$rows\">"; /* no newline after pre */ + echo "<p>\n"; + echo "<a name=\"" . $title . "\">\n"; + echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"; + echo "<tr><td class=\"listtopic\">" . $title . "</td></tr>\n"; + echo "<tr><td class=\"listlr\"><textarea style=\"font-family:courier\"cols=\"101\" rows=\"$rows\">"; /* no newline after pre */ if ($command == "dumpconfigxml") { $fd = @fopen("/conf/config.xml", "r"); @@ -71,46 +71,46 @@ function doCmdT($title, $command, $rows) { echo htmlspecialchars($execOutput[$i],ENT_NOQUOTES); } } - echo "</textarea></tr>\n"; - echo "</table>\n"; + echo "</textarea></tr>\n"; + echo "</table>\n"; } /* Execute a command, giving it a title which is the same as the command. */ function doCmd($command) { - doCmdT($command,$command); + doCmdT($command,$command); } /* Define a command, with a title, to be executed later. */ function defCmdT($title, $command, $rows = "20") { - global $commands; - $title = htmlspecialchars($title,ENT_NOQUOTES); - $commands[] = array($title, $command, $rows); + global $commands; + $title = htmlspecialchars($title,ENT_NOQUOTES); + $commands[] = array($title, $command, $rows); } /* Define a command, with a title which is the same as the command, * to be executed later. */ function defCmd($command) { - defCmdT($command,$command); + defCmdT($command,$command); } /* List all of the commands as an index. */ function listCmds() { - global $commands; - echo "<p>" . gettext("This status page includes the following information") . ":\n"; - echo "<ul width=\"100%\">\n"; - for ($i = 0; isset($commands[$i]); $i++ ) { - echo "<li><strong><a href=\"#" . $commands[$i][0] . "\">" . $commands[$i][0] . "</a></strong>\n"; - } - echo "</ul>\n"; + global $commands; + echo "<p>" . gettext("This status page includes the following information") . ":\n"; + echo "<ul width=\"100%\">\n"; + for ($i = 0; isset($commands[$i]); $i++ ) { + echo "<li><strong><a href=\"#" . $commands[$i][0] . "\">" . $commands[$i][0] . "</a></strong>\n"; + } + echo "</ul>\n"; } /* Execute all of the commands which were defined by a call to defCmd. */ function execCmds() { - global $commands; - for ($i = 0; isset($commands[$i]); $i++ ) { - doCmdT($commands[$i][0], $commands[$i][1], $commands[$i][2]); - } + global $commands; + for ($i = 0; isset($commands[$i]); $i++ ) { + doCmdT($commands[$i][0], $commands[$i][1], $commands[$i][2]); + } } ?> @@ -135,8 +135,8 @@ function execCmds() { </tr> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" width="100%"> + <tr> + <td class="tabcont" width="100%"> <?php $entries = trim(exec("/usr/local/sbin/unbound-control dump_cache | wc -l")); defCmdT("Unbound status", "unbound-control status", "6"); @@ -150,8 +150,8 @@ function execCmds() { listCmds(); execCmds(); ?> - </td> - </tr> + </td> + </tr> </table> </div> <?php include("fend.inc"); ?> |