diff options
Diffstat (limited to 'config/unbound')
| -rw-r--r-- | config/unbound/unbound.inc | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index 4118610d..6e55d577 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -1,6 +1,6 @@ <?php /* unbound.inc - (C)2010 Warren Baker (warren@decoy.co.za) + (C)2013 Warren Baker (warren@decoy.co.za) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -118,7 +118,6 @@ function unbound_keys_setup() { function unbound_rc_setup() { global $config; - // Startup process and idea taken from TinyDNS package (author sullrich@gmail.com) $filename = "unbound.sh"; $start = "/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDPHP @@ -240,7 +239,9 @@ function unbound_control($action) { break; case "anchor_update": //Update the Root Trust Anchor + conf_mount_rw(); mwexec(UNBOUND_BASE . "/sbin/unbound-anchor -a " . UNBOUND_BASE . "/etc/unbound/root-trust-anchor", true); + conf_mount_ro(); break; default: break; @@ -461,15 +462,14 @@ function unbound_resync_config() { private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 192.168.0.0/16 -private-address: 192.254.0.0/16 +private-address: 169.254.0.0/16 private-address: fd00::/8 private-address: fe80::/10 # Set private domains in case authorative name server returns a RFC1918 IP address EOF; - // Add private-domain options - $private_domains = unbound_add_domain_overrides(true); - + // Add private-domain options + $private_domains = unbound_add_domain_overrides(true); } //Setup optimization @@ -547,6 +547,7 @@ harden-dnssec-stripped: {$harden_dnssec_stripped} {$optimization['rrset_cache_size']} outgoing-range: 8192 {$optimization['so_rcvbuf']} +{$optimization['so_sndbuf']} # Interface IP(s) to bind to {$unbound_bind_interfaces} @@ -649,18 +650,21 @@ function unbound_optimization() { // Check that it is set to 4MB (by default the OS has it configured to 4MB) foreach ($config['sysctl']['item'] as $tunable) { if ($tunable['tunable'] == 'kern.ipc.maxsockbuf') { - $so = floor(($tunable['value']/1024/1024)-1); + if ($tunable['value'] == 'default') + $maxsockbuf = '4262144'; + else + $maxsockbuf = $tunable['value']; + $so = floor(($maxsockbuf/1024/1024)-1); // Check to ensure that the number is not a negative - if ($so > 0) + if ($so > 0) { $optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m"; - else - unset($optimization['so_rcvbuf']); - + $optimization['so_sndbuf'] = "so-sndbuf: {$so}m"; + } else { + $optimization['so_rcvbuf'] = "#so-rcvbuf: 4m"; + $optimization['so_sndbuf'] = "#so-sndbuf: 4m"; + } } } - // Safety check in case kern.ipc.maxsockbuf is deleted. - if(!isset($optimization['so_rcvbuf'])) - $optimization['so_rcvbuf'] = "#so-rcvbuf: 4m"; return $optimization; } @@ -1006,23 +1010,25 @@ function unbound_add_domain_overrides($pvt=false) { $result = array(); foreach($sorted_domains as $domain) { $domain_key = current($domain); - if(!isset($result[$domain_key])) { + if (!isset($result[$domain_key])) $result[$domain_key] = array(); - } $result[$domain_key][] = $domain['ip']; } $domain_entries = ""; foreach($result as $domain=>$ips) { - if($pvt == true) { - $domain_entries .= "private-domain: \"$domain\"\n"; - $domain_entries .= "domain-insecure: \"$domain\"\n"; + if ($pvt == true) { + if (strpos($domain, "in-addr.arpa") !== false) + $domain_entries .= "local-zone: \"$domain\" transparent\n"; + else + $domain_entries .= "private-domain: \"$domain\"\n"; + if (isset($config['installedpackages']['unbound']['config'][0]['dnssec_status'])) + $domain_entries .= "domain-insecure: \"$domain\"\n"; } else { $domain_entries .= "stub-zone:\n"; $domain_entries .= "\tname: \"$domain\"\n"; - foreach($ips as $ip) { + foreach($ips as $ip) $domain_entries .= "\tstub-addr: $ip\n"; - } $domain_entries .= "\tstub-prime: no\n"; } } |