From 8d745e073e526884c9c71d551c272d0e43662ce8 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Fri, 12 Aug 2011 23:05:59 +0200
Subject: Make sure loopback is used when selected. Add ::1 as well, also
 configured the acl list and remote control.

---
 config/unbound/unbound.inc | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'config/unbound')

diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index 7102b76c..56e9108a 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -119,6 +119,7 @@ function unbound_rc_setup() {
 	require_once(\"/usr/local/pkg/unbound.inc\");
 	echo \"Starting and configuring Unbound...\";
 	fetch_root_hints();
+	unbound_control(\"anchor_update\");
 	unbound_control(\"start\");
 	unbound_control(\"forward\");
 	unbound_control(\"restore_cache\");
@@ -225,7 +226,10 @@ function unbound_control($action) {
 						unbound_ctl_exec("load_cache < /var/tmp/unbound_cache");
 				}
 				break;
-		
+		case "anchor_update":
+				//Update the Root Trust Anchor
+				mwexec("/usr/local/sbin/unbound-anchor -a /usr/local/etc/unbound/root-trust-anchor", true);
+				break;
 		default:
 				break;
 				
@@ -280,6 +284,11 @@ function unbound_get_network_interface_addresses() {
 			$unbound_interfaces[$i]['ipv6']['subnet'] = $interfaces[$unboundif]['subnetv6'];
 			$unbound_interfaces[$i]['ipv6']['network'] = gen_subnetv6($unbound_interfaces[$i]['ipv6']['ipaddr'], $unbound_interfaces[$i]['ipv6']['subnet']);
 		}
+		/* Lastly check for loopback addresses*/
+		if($unboundif == "lo0") {
+			$unbound_interfaces[$i]['loopback']['ipaddr'] = "127.0.0.1";
+			$unbound_interfaces[$i]['loopback6']['ipaddr'] = "::1";
+		}
 		$i++;
 	}
 	return $unbound_interfaces;
@@ -319,7 +328,8 @@ function unbound_resync_config() {
 	foreach($unboundnetcfg as $netent) {
 		foreach($netent as $entry) {
 			$unbound_bind_interfaces .="interface: {$entry['ipaddr']}\n";
-			$unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n";
+			if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1" )
+				$unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n";
 		}
 	}
 	/* Configure user configured ACLs */
@@ -454,6 +464,7 @@ harden-dnssec-stripped: {$harden_dnssec_stripped}
 #### Access Control ####
 # Local attached networks allowed to utilize service and any user added ACLs
 access-control: 127.0.0.0/8 allow
+access-control: ::1 allow
 {$unbound_allowed_networks}
 {$pvt_addr}
 {$private_domains}
@@ -482,6 +493,7 @@ if(!empty($unbound_config['custom_options'])) {
 remote-control:
 control-enable: yes
 control-interface: 127.0.0.1
+control-interface: ::1
 control-port: 953
 server-key-file: "/usr/local/etc/unbound/unbound_server.key"
 server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
-- 
cgit v1.2.3