diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/unbound/unbound.inc | 7 | ||||
-rw-r--r-- | config/unbound/unbound.xml | 4 | ||||
-rw-r--r-- | config/unbound/unbound_acls.php | 8 | ||||
-rw-r--r-- | config/unbound/unbound_acls.xml | 8 | ||||
-rw-r--r-- | config/unbound/unbound_advanced.xml | 6 | ||||
-rwxr-xr-x | config/unbound/unbound_monitor.sh | 29 |
6 files changed, 39 insertions, 23 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index 3287b194..c5cbfc49 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -70,6 +70,7 @@ function unbound_initial_setup() { // We do not need the sample conf or the default rc.d startup file @unlink_if_exists(UNBOUND_BASE . "/etc/unbound/unbound.conf.sample"); @unlink_if_exists(UNBOUND_BASE . "/etc/rc.d/unbound"); + @unlink_if_exists("/usr/local/etc/rc.d/unbound"); // Setup rc file for startup and shutdown. unbound_rc_setup(); @@ -205,7 +206,7 @@ function unbound_control($action) { @unlink("/var/run/dnsmasq.pid"); mwexec("/bin/ln -s /var/run/unbound.pid /var/run/dnsmasq.pid"); } - mwexec_bg("/usr/local/etc/rc.d/unbound_monitor.sh start"); + mwexec_bg("/usr/local/bin/unbound_monitor.sh"); fetch_root_hints(); } break; @@ -213,14 +214,14 @@ function unbound_control($action) { case "stop": //Stop unbound and unmount the file system if($unbound_config['unbound_status'] == "on") { - mwexec_bg("/usr/local/etc/rc.d/unbound_monitor.sh stop"); + mwexec_bg("/usr/local/bin/unbound_monitor.sh stop"); unbound_ctl_exec("stop"); } break; case "termstop": //Stop Unbound by sigkillbypid(); - mwexec_bg("/usr/local/etc/rc.d/unbound_monitor.sh stop"); + mwexec_bg("/usr/local/bin/unbound_monitor.sh stop"); sigkillbypid("{$g['varrun_path']}/unbound.pid", "TERM"); break; diff --git a/config/unbound/unbound.xml b/config/unbound/unbound.xml index 36c005a4..10de1f97 100644 --- a/config/unbound/unbound.xml +++ b/config/unbound/unbound.xml @@ -40,7 +40,7 @@ <requirements/> <faq/> <name>unbound</name> - <version>1.4.20_4</version> + <version>1.4.20_5</version> <title>Services: Unbound DNS Forwarder: Basic Settings</title> <include_file>/usr/local/pkg/unbound.inc</include_file> <menu> @@ -76,7 +76,7 @@ <item>http://www.pfsense.org/packages/config/unbound/unbound_advanced.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/etc/rc.d/</prefix> + <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/unbound/unbound_monitor.sh</item> </additional_files_needed> diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php index 5ba69869..721d3adb 100644 --- a/config/unbound/unbound_acls.php +++ b/config/unbound/unbound_acls.php @@ -221,10 +221,10 @@ if (is_subsystem_dirty("unbound")) <br/> <span class="vexpl"> <?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br/> - <?=gettext("<b>Deny:</b> This actions stops queries from hosts within the netblock defined below.");?> <br/> - <?=gettext("<b>Refuse:</b> This actions also stops queries from hosts within the netblock defined below, but sends back DNS rcode REFUSED error message back tot eh client.");?> <br/> - <?=gettext("<b>Allow:</b> This actions allows queries from hosts within the netblock defined below.");?> <br/> - <?=gettext("<b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/> + <?=gettext("<b>Deny:</b> This action stops queries from hosts within the netblock defined below.");?> <br/> + <?=gettext("<b>Refuse:</b> This action also stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.");?> <br/> + <?=gettext("<b>Allow:</b> This action allows queries from hosts within the netblock defined below.");?> <br/> + <?=gettext("<b>Allow Snoop:</b> This action allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/> </span> </td> </tr> diff --git a/config/unbound/unbound_acls.xml b/config/unbound/unbound_acls.xml index 7c6840ce..04319169 100644 --- a/config/unbound/unbound_acls.xml +++ b/config/unbound/unbound_acls.xml @@ -99,10 +99,10 @@ <fieldname>aclaction</fieldname> <fielddescr>Action</fielddescr> <description><br/>Choose an action:<br/><br/> - <b>Allow:</b> This actions allows queries from hosts within the netblock(s) defined below.<br/> - <b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock(s) defined below. Used for cache snooping and ideally should only be configured for your administrative host.<br/> - <b>Deny:</b> This actions stops queries from hosts within the netblock(s) defined below.<br/> - <b>Refuse:</b> This actions also stops queries from hosts within the netblock(s) defined below, but sends back DNS rcode REFUSED error message back to the client.</description> + <b>Allow:</b> This action allows queries from hosts within the netblock(s) defined below.<br/> + <b>Allow Snoop:</b> This action allows recursive and nonrecursive access from hosts within the netblock(s) defined below. Used for cache snooping and ideally should only be configured for your administrative host.<br/> + <b>Deny:</b> This action stops queries from hosts within the netblock(s) defined below.<br/> + <b>Refuse:</b> This action also stops queries from hosts within the netblock(s) defined below, but sends a DNS rcode REFUSED error message back to the client.</description> <type>select</type> <options> <option><name>Allow</name><value>allow</value></option> diff --git a/config/unbound/unbound_advanced.xml b/config/unbound/unbound_advanced.xml index 30fca482..7603d0aa 100644 --- a/config/unbound/unbound_advanced.xml +++ b/config/unbound/unbound_advanced.xml @@ -99,7 +99,7 @@ <field> <fieldname>prefetch</fieldname> <fielddescr>Prefetch Support</fielddescr> - <description>If enabled, the message cache elements are prefetched before they expire to keep the cache up to date. Enabling this option causes an increase of about 10 percent more traffic and load on the server, but popular items do not expire form the cache. Default is disabled.</description> + <description>If enabled, the message cache elements are prefetched before they expire to keep the cache up to date. Enabling this option causes an increase of about 10 percent more traffic and load on the server, but popular items do not expire from the cache. Default is disabled.</description> <type>checkbox</type> <default_value>off</default_value> <advancedfield/> @@ -123,7 +123,7 @@ <field> <fieldname>harden_dnssec_stripped</fieldname> <fielddescr>Harden DNSSEC data</fielddescr> - <description>If enabled, DNSSEC data is required for trust-anchored zones. If such data is absent, the zone is becomes bogus. If disabled then and no DNSSEC data is received, then the zone is made insecure. The default is enabled.</description> + <description>If enabled, DNSSEC data is required for trust-anchored zones. If such data is absent, the zone is considered bogus. If disabled and no DNSSEC data is received, then the zone is made insecure. The default is enabled.</description> <type>checkbox</type> <default_value>on</default_value> <advancedfield/> @@ -305,7 +305,7 @@ <field> <fielddescr>Custom Options</fielddescr> <fieldname>custom_options</fieldname> - <description>You can put your own custom options here, separated by semi-colons (;). These configurations options will then be added to the configuration file. <br/> <b>Note:</b> They need to be Unbound native configuration options, otherwise Unbound will <b>not</b> work.</description> + <description>You can put your own custom options here, separated by semi-colons (;). These configuration options will then be added to the configuration file. <br/> <b>Note:</b> They need to be Unbound native configuration options, otherwise Unbound will <b>not</b> work.</description> <type>textarea</type> <cols>65</cols> <rows>5</rows> diff --git a/config/unbound/unbound_monitor.sh b/config/unbound/unbound_monitor.sh index 042866be..91e5a2ed 100755 --- a/config/unbound/unbound_monitor.sh +++ b/config/unbound/unbound_monitor.sh @@ -27,33 +27,48 @@ # POSSIBILITY OF SUCH DAMAGE. # +export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin + set -e LOOP_SLEEP=5 +PIDFILE=/var/run/unbound_monitor.pid if [ -f /var/run/unbound_alarm ]; then rm /var/run/unbound_alarm fi +PID="" +if [ -f "${PIDFILE}" ]; then + PID=`head -n 1 ${PIDFILE}` +fi if [ "$1" = "stop" ]; then - pkill -f unbound_monitor.sh + if [ -n "${PID}" ] && ps -p ${PID} | grep -q unbound_monitor.sh; then + kill ${PID} + else + pkill -f unbound_monitor.sh + fi exit 0 fi -PROCS=`/bin/pgrep -f unbound_monitor.sh | wc -l | awk '{print $1}'` - -if [ ${PROCS} -gt 1 ]; then - echo "There are another unbound monitor proccess running" +if [ -n "${PID}" ] && ps -p ${PID} | grep -q unbound_monitor.sh; then + echo "There is another unbound monitor process running" exit 0 fi +echo $$ > ${PIDFILE} + # Sleep 5 seconds on startup not to mangle with existing boot scripts. sleep 5 while true; do + if [ ! -f "${PIDFILE}" ]; then + echo $$ > ${PIDFILE} + fi + if [ ! -f /var/run/unbound_alarm ]; then - NUM_PROCS=`/bin/pgrep unbound | wc -l | awk '{print $1}'` + NUM_PROCS=`pgrep unbound | wc -l | awk '{print $1}'` if [ $NUM_PROCS -lt 1 ]; then # Unbound is not running echo "Unbound has exited." | logger -p daemon.info -i -t Unbound_Alarm @@ -63,7 +78,7 @@ while true; do touch /var/run/unbound_alarm fi fi - NUM_PROCS=`/bin/pgrep unbound | wc -l | awk '{print $1}'` + NUM_PROCS=`pgrep unbound | wc -l | awk '{print $1}'` if [ $NUM_PROCS -gt 0 ]; then if [ -f /var/run/unbound_alarm ]; then echo "Unbound has resumed." | logger -p daemon.info -i -t Unbound_Alarm |