aboutsummaryrefslogtreecommitdiffstats
path: root/config/unbound/unbound.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/unbound/unbound.inc')
-rw-r--r--config/unbound/unbound.inc73
1 files changed, 48 insertions, 25 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index d013608c..6e55d577 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -118,7 +118,6 @@ function unbound_keys_setup() {
function unbound_rc_setup() {
global $config;
-
// Startup process and idea taken from TinyDNS package (author sullrich@gmail.com)
$filename = "unbound.sh";
$start = "/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDPHP
@@ -198,7 +197,7 @@ function unbound_control($action) {
case "start":
//Start unbound
- if($unbound_config['unbound_status'] == "on") {
+ if($unbound_config['enable'] == "on") {
if(!is_service_running("unbound"))
unbound_ctl_exec("start");
/* Link dnsmasq.pid to prevent dhcpleases logging error */
@@ -213,7 +212,7 @@ function unbound_control($action) {
case "stop":
//Stop unbound and unmount the file system
- if($unbound_config['unbound_status'] == "on") {
+ if($unbound_config['enable'] == "on") {
mwexec_bg("/usr/local/bin/unbound_monitor.sh stop");
unbound_ctl_exec("stop");
}
@@ -240,7 +239,9 @@ function unbound_control($action) {
break;
case "anchor_update":
//Update the Root Trust Anchor
+ conf_mount_rw();
mwexec(UNBOUND_BASE . "/sbin/unbound-anchor -a " . UNBOUND_BASE . "/etc/unbound/root-trust-anchor", true);
+ conf_mount_ro();
break;
default:
break;
@@ -461,15 +462,14 @@ function unbound_resync_config() {
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
-private-address: 192.254.0.0/16
+private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
# Set private domains in case authorative name server returns a RFC1918 IP address
EOF;
- // Add private-domain options
- $private_domains = unbound_add_domain_overrides(true);
-
+ // Add private-domain options
+ $private_domains = unbound_add_domain_overrides(true);
}
//Setup optimization
@@ -547,6 +547,7 @@ harden-dnssec-stripped: {$harden_dnssec_stripped}
{$optimization['rrset_cache_size']}
outgoing-range: 8192
{$optimization['so_rcvbuf']}
+{$optimization['so_sndbuf']}
# Interface IP(s) to bind to
{$unbound_bind_interfaces}
@@ -649,18 +650,21 @@ function unbound_optimization() {
// Check that it is set to 4MB (by default the OS has it configured to 4MB)
foreach ($config['sysctl']['item'] as $tunable) {
if ($tunable['tunable'] == 'kern.ipc.maxsockbuf') {
- $so = floor(($tunable['value']/1024/1024)-1);
+ if ($tunable['value'] == 'default')
+ $maxsockbuf = '4262144';
+ else
+ $maxsockbuf = $tunable['value'];
+ $so = floor(($maxsockbuf/1024/1024)-1);
// Check to ensure that the number is not a negative
- if ($so > 0)
+ if ($so > 0) {
$optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m";
- else
- unset($optimization['so_rcvbuf']);
-
+ $optimization['so_sndbuf'] = "so-sndbuf: {$so}m";
+ } else {
+ $optimization['so_rcvbuf'] = "#so-rcvbuf: 4m";
+ $optimization['so_sndbuf'] = "#so-sndbuf: 4m";
+ }
}
}
- // Safety check in case kern.ipc.maxsockbuf is deleted.
- if(!isset($optimization['so_rcvbuf']))
- $optimization['so_rcvbuf'] = "#so-rcvbuf: 4m";
return $optimization;
}
@@ -694,7 +698,7 @@ function fetch_root_hints() {
function unbound_validate($post, $type=null) {
global $config, $input_errors;
- if($post['unbound_status'] == "on" && isset($config['dnsmasq']['enable']))
+ if($post['enable'] == "on" && isset($config['dnsmasq']['enable']))
$input_errors[] = "The system dns-forwarder is still active. Disable it before enabling the Unbound service.";
/* Validate the access lists */
@@ -741,7 +745,7 @@ function unbound_reconfigure() {
$unbound_config = $config['installedpackages']['unbound']['config'][0];
- if ($unbound_config['unbound_status'] != "on") {
+ if ($unbound_config['enable'] != "on") {
if(is_service_running("unbound"))
unbound_control("termstop");
} else {
@@ -820,30 +824,49 @@ function unbound_add_host_entries() {
$unbound_entries .= "local-data: \"localhost.{$syscfg['domain']} AAAA ::1\"\n";
}
+ $added_item_v4 = array();
+ $added_item_v6 = array();
if ($config['interfaces']['lan']) {
+ $current_host = $syscfg['hostname'].".".$syscfg['domain'];
$cfgip = get_interface_ip("lan");
if (is_ipaddr($cfgip)) {
- $unbound_entries .= "local-data-ptr: \"{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']}\"\n";
- $unbound_entries .= "local-data: \"{$syscfg['hostname']}.{$syscfg['domain']} A {$cfgip}\"\n";
+ $unbound_entries .= "local-data-ptr: \"{$cfgip} {$current_host}\"\n";
+ $unbound_entries .= "local-data: \"{$current_host} A {$cfgip}\"\n";
$unbound_entries .= "local-data: \"{$syscfg['hostname']} A {$cfgip}\"\n";
+ $added_item_v4[$current_host] = true;
+ }
+ $cfgip6 = get_interface_ipv6("lan");
+ if (is_ipaddrv6($cfgip6)) {
+ $unbound_entries .= "local-data-ptr: \"{$cfgip6} {$current_host}\"\n";
+ $unbound_entries .= "local-data: \"{$current_host} AAAA {$cfgip6}\"\n";
+ $unbound_entries .= "local-data: \"{$syscfg['hostname']} AAAA {$cfgip6}\"\n";
+ $added_item_v6[$current_host] = true;
}
} else {
$sysiflist = get_configured_interface_list();
foreach ($sysiflist as $sysif) {
if (!interface_has_gateway($sysif)) {
+ $current_host = $syscfg['hostname'].".".$syscfg['domain'];
$cfgip = get_interface_ip($sysif);
if (is_ipaddr($cfgip)) {
- $unbound_entries .= "local-data-ptr: \"{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']}\"\n";
- $unbound_entries .= "local-data: \"{$syscfg['hostname']}.{$syscfg['domain']} A {$cfgip}\"\n";
+ $unbound_entries .= "local-data-ptr: \"{$cfgip} {$current_host}\"\n";
+ $unbound_entries .= "local-data: \"{$current_host} A {$cfgip}\"\n";
$unbound_entries .= "local-data: \"{$syscfg['hostname']} A {$cfgip}\"\n";
- break;
+ $added_item_v4[$current_host] = true;
+ }
+ $cfgip6 = get_interface_ipv6($sysif);
+ if (is_ipaddr($cfgip6)) {
+ $unbound_entries .= "local-data-ptr: \"{$cfgip6} {$current_host}\"\n";
+ $unbound_entries .= "local-data: \"{$current_host} AAAA {$cfgip6}\"\n";
+ $unbound_entries .= "local-data: \"{$syscfg['hostname']} AAAA {$cfgip6}\"\n";
+ $added_item_v6[$current_host] = true;
}
+ if (is_ipaddr($cfgip) || is_ipaddr($cfgip6))
+ break;
}
}
}
- $added_item_v4 = array();
- $added_item_v6 = array();
// DNSMasq entries static host entries
if (isset($dnsmasqcfg['hosts'])) {
$hosts = $dnsmasqcfg['hosts'];
@@ -852,7 +875,7 @@ function unbound_add_host_entries() {
foreach ($hosts as $host) {
$current_host = ($host['host'] != "") ? $host['host'].".".$host['domain'] : $host['domain'];
if (function_exists("is_ipaddrv6") && is_ipaddrv6($host['ip'])) {
- if (!$added_item_v6[$curent_host]) {
+ if (!$added_item_v6[$current_host]) {
$host_entries .= "local-data-ptr: \"{$host['ip']} {$current_host}\"\n";
$host_entries .= "local-data: \"{$current_host} IN AAAA {$host['ip']}\"\n";
$added_item_v6[$current_host] = true;