diff options
Diffstat (limited to 'config/unbound')
| -rw-r--r-- | config/unbound/unbound.inc | 73 | ||||
| -rw-r--r-- | config/unbound/unbound.xml | 5 |
2 files changed, 52 insertions, 26 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index d013608c..6e55d577 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -118,7 +118,6 @@ function unbound_keys_setup() { function unbound_rc_setup() { global $config; - // Startup process and idea taken from TinyDNS package (author sullrich@gmail.com) $filename = "unbound.sh"; $start = "/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDPHP @@ -198,7 +197,7 @@ function unbound_control($action) { case "start": //Start unbound - if($unbound_config['unbound_status'] == "on") { + if($unbound_config['enable'] == "on") { if(!is_service_running("unbound")) unbound_ctl_exec("start"); /* Link dnsmasq.pid to prevent dhcpleases logging error */ @@ -213,7 +212,7 @@ function unbound_control($action) { case "stop": //Stop unbound and unmount the file system - if($unbound_config['unbound_status'] == "on") { + if($unbound_config['enable'] == "on") { mwexec_bg("/usr/local/bin/unbound_monitor.sh stop"); unbound_ctl_exec("stop"); } @@ -240,7 +239,9 @@ function unbound_control($action) { break; case "anchor_update": //Update the Root Trust Anchor + conf_mount_rw(); mwexec(UNBOUND_BASE . "/sbin/unbound-anchor -a " . UNBOUND_BASE . "/etc/unbound/root-trust-anchor", true); + conf_mount_ro(); break; default: break; @@ -461,15 +462,14 @@ function unbound_resync_config() { private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 192.168.0.0/16 -private-address: 192.254.0.0/16 +private-address: 169.254.0.0/16 private-address: fd00::/8 private-address: fe80::/10 # Set private domains in case authorative name server returns a RFC1918 IP address EOF; - // Add private-domain options - $private_domains = unbound_add_domain_overrides(true); - + // Add private-domain options + $private_domains = unbound_add_domain_overrides(true); } //Setup optimization @@ -547,6 +547,7 @@ harden-dnssec-stripped: {$harden_dnssec_stripped} {$optimization['rrset_cache_size']} outgoing-range: 8192 {$optimization['so_rcvbuf']} +{$optimization['so_sndbuf']} # Interface IP(s) to bind to {$unbound_bind_interfaces} @@ -649,18 +650,21 @@ function unbound_optimization() { // Check that it is set to 4MB (by default the OS has it configured to 4MB) foreach ($config['sysctl']['item'] as $tunable) { if ($tunable['tunable'] == 'kern.ipc.maxsockbuf') { - $so = floor(($tunable['value']/1024/1024)-1); + if ($tunable['value'] == 'default') + $maxsockbuf = '4262144'; + else + $maxsockbuf = $tunable['value']; + $so = floor(($maxsockbuf/1024/1024)-1); // Check to ensure that the number is not a negative - if ($so > 0) + if ($so > 0) { $optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m"; - else - unset($optimization['so_rcvbuf']); - + $optimization['so_sndbuf'] = "so-sndbuf: {$so}m"; + } else { + $optimization['so_rcvbuf'] = "#so-rcvbuf: 4m"; + $optimization['so_sndbuf'] = "#so-sndbuf: 4m"; + } } } - // Safety check in case kern.ipc.maxsockbuf is deleted. - if(!isset($optimization['so_rcvbuf'])) - $optimization['so_rcvbuf'] = "#so-rcvbuf: 4m"; return $optimization; } @@ -694,7 +698,7 @@ function fetch_root_hints() { function unbound_validate($post, $type=null) { global $config, $input_errors; - if($post['unbound_status'] == "on" && isset($config['dnsmasq']['enable'])) + if($post['enable'] == "on" && isset($config['dnsmasq']['enable'])) $input_errors[] = "The system dns-forwarder is still active. Disable it before enabling the Unbound service."; /* Validate the access lists */ @@ -741,7 +745,7 @@ function unbound_reconfigure() { $unbound_config = $config['installedpackages']['unbound']['config'][0]; - if ($unbound_config['unbound_status'] != "on") { + if ($unbound_config['enable'] != "on") { if(is_service_running("unbound")) unbound_control("termstop"); } else { @@ -820,30 +824,49 @@ function unbound_add_host_entries() { $unbound_entries .= "local-data: \"localhost.{$syscfg['domain']} AAAA ::1\"\n"; } + $added_item_v4 = array(); + $added_item_v6 = array(); if ($config['interfaces']['lan']) { + $current_host = $syscfg['hostname'].".".$syscfg['domain']; $cfgip = get_interface_ip("lan"); if (is_ipaddr($cfgip)) { - $unbound_entries .= "local-data-ptr: \"{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']}\"\n"; - $unbound_entries .= "local-data: \"{$syscfg['hostname']}.{$syscfg['domain']} A {$cfgip}\"\n"; + $unbound_entries .= "local-data-ptr: \"{$cfgip} {$current_host}\"\n"; + $unbound_entries .= "local-data: \"{$current_host} A {$cfgip}\"\n"; $unbound_entries .= "local-data: \"{$syscfg['hostname']} A {$cfgip}\"\n"; + $added_item_v4[$current_host] = true; + } + $cfgip6 = get_interface_ipv6("lan"); + if (is_ipaddrv6($cfgip6)) { + $unbound_entries .= "local-data-ptr: \"{$cfgip6} {$current_host}\"\n"; + $unbound_entries .= "local-data: \"{$current_host} AAAA {$cfgip6}\"\n"; + $unbound_entries .= "local-data: \"{$syscfg['hostname']} AAAA {$cfgip6}\"\n"; + $added_item_v6[$current_host] = true; } } else { $sysiflist = get_configured_interface_list(); foreach ($sysiflist as $sysif) { if (!interface_has_gateway($sysif)) { + $current_host = $syscfg['hostname'].".".$syscfg['domain']; $cfgip = get_interface_ip($sysif); if (is_ipaddr($cfgip)) { - $unbound_entries .= "local-data-ptr: \"{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']}\"\n"; - $unbound_entries .= "local-data: \"{$syscfg['hostname']}.{$syscfg['domain']} A {$cfgip}\"\n"; + $unbound_entries .= "local-data-ptr: \"{$cfgip} {$current_host}\"\n"; + $unbound_entries .= "local-data: \"{$current_host} A {$cfgip}\"\n"; $unbound_entries .= "local-data: \"{$syscfg['hostname']} A {$cfgip}\"\n"; - break; + $added_item_v4[$current_host] = true; + } + $cfgip6 = get_interface_ipv6($sysif); + if (is_ipaddr($cfgip6)) { + $unbound_entries .= "local-data-ptr: \"{$cfgip6} {$current_host}\"\n"; + $unbound_entries .= "local-data: \"{$current_host} AAAA {$cfgip6}\"\n"; + $unbound_entries .= "local-data: \"{$syscfg['hostname']} AAAA {$cfgip6}\"\n"; + $added_item_v6[$current_host] = true; } + if (is_ipaddr($cfgip) || is_ipaddr($cfgip6)) + break; } } } - $added_item_v4 = array(); - $added_item_v6 = array(); // DNSMasq entries static host entries if (isset($dnsmasqcfg['hosts'])) { $hosts = $dnsmasqcfg['hosts']; @@ -852,7 +875,7 @@ function unbound_add_host_entries() { foreach ($hosts as $host) { $current_host = ($host['host'] != "") ? $host['host'].".".$host['domain'] : $host['domain']; if (function_exists("is_ipaddrv6") && is_ipaddrv6($host['ip'])) { - if (!$added_item_v6[$curent_host]) { + if (!$added_item_v6[$current_host]) { $host_entries .= "local-data-ptr: \"{$host['ip']} {$current_host}\"\n"; $host_entries .= "local-data: \"{$current_host} IN AAAA {$host['ip']}\"\n"; $added_item_v6[$current_host] = true; diff --git a/config/unbound/unbound.xml b/config/unbound/unbound.xml index 10de1f97..20f3d250 100644 --- a/config/unbound/unbound.xml +++ b/config/unbound/unbound.xml @@ -80,6 +80,9 @@ <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/unbound/unbound_monitor.sh</item> </additional_files_needed> + <system_services> + <dns/> + </system_services> <tabs> <tab> <text>Unbound DNS Settings</text> @@ -106,7 +109,7 @@ <type>listtopic</type> </field> <field> - <fieldname>unbound_status</fieldname> + <fieldname>enable</fieldname> <fielddescr>Enable Unbound</fielddescr> <description>Enable the use of Unbound as your DNS forwarder.</description> <type>checkbox</type> |