From 006987307f9a93d8297260becea880e27bceb347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 4 Jan 2021 09:43:37 +0100 Subject: [PATCH 1/2] __unbound: make the --dns64-prefix flag optional --- type/__unbound/files/unbound.conf.sh | 16 ++++++++++++++-- type/__unbound/man.rst | 6 +++--- type/__unbound/manifest | 7 +++++-- type/__unbound/parameter/required | 1 - 4 files changed, 22 insertions(+), 8 deletions(-) delete mode 100644 type/__unbound/parameter/required diff --git a/type/__unbound/files/unbound.conf.sh b/type/__unbound/files/unbound.conf.sh index 2f7ecff..39443d8 100755 --- a/type/__unbound/files/unbound.conf.sh +++ b/type/__unbound/files/unbound.conf.sh @@ -1,5 +1,10 @@ #!/bin/sh +module_config="validator iterator" +if [ -n "$DNS64_PREFIX" ]; then + module_config="dns64 $module_config" +fi + generate_interface() { for i in $INTERFACES; do echo " interface: $i" @@ -26,6 +31,12 @@ generate_local_data() { done } +generate_dns64_prefix() { + if [ -n "$DNS64_PREFIX" ]; then + echo " dns64-prefix: $DNS64_PREFIX" + fi +} + cat << EOF # # THIS FILE HAS BEEN GENERATED BY CDIST, DO NOT EDIT BY HAND. @@ -506,7 +517,7 @@ $(generate_access_control) # most modules have to be listed at the beginning of the line, # except cachedb(just before iterator), and python (at the beginning, # or, just before the iterator). - module-config: "dns64 validator iterator" + module-config: "$module_config" # File with trusted keys, kept uptodate using RFC5011 probes, # initial file like trust-anchor-file, then it stores metadata. @@ -776,7 +787,8 @@ $(generate_local_data) # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. - dns64-prefix: $DNS64_PREFIX + # dns64-prefix: $DNS64_PREFIX" + $(generate_dns64_prefix) # DNS64 ignore AAAA records for these domains and use A instead. # dns64-ignore-aaaa: "example.com" diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst index 316d011..05fce45 100644 --- a/type/__unbound/man.rst +++ b/type/__unbound/man.rst @@ -13,9 +13,6 @@ answers from specified upstrean DNS server. This is a singleton type. REQUIRED PARAMETERS ------------------- -dns64_prefix - IPv6 prefix used for DNS64. - forward_addr DNS servers used to lookup names, can be provided multiple times. It can be either an IPv4 or IPv6 address but no domain name. @@ -38,6 +35,9 @@ local_data Configure local data, which is served in reply to queries for it. Can be specified multiple times. +dns64_prefix + Enable DNS64 with specified prefix. + BOOLEAN PARAMETERS ------------------ disable-ip4 diff --git a/type/__unbound/manifest b/type/__unbound/manifest index 5d6b50f..53a8ab6 100755 --- a/type/__unbound/manifest +++ b/type/__unbound/manifest @@ -33,12 +33,15 @@ case "$os" in esac # Required parameters: -DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix") -export DNS64_PREFIX FORWARD_ADDRS=$(cat "$__object/parameter/forward_addr") export FORWARD_ADDRS # Optional parameters: +if [ -f "$__object/parameter/dns64_prefix" ]; then + DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix") + export DNS64_PREFIX +fi + if [ -f "$__object/parameter/interface" ]; then INTERFACES=$(cat "$__object/parameter/interface") export INTERFACES diff --git a/type/__unbound/parameter/required b/type/__unbound/parameter/required deleted file mode 100644 index 4ad232f..0000000 --- a/type/__unbound/parameter/required +++ /dev/null @@ -1 +0,0 @@ -dns64_prefix From 5a05b87bebb85c30d1af4878c0b5e134737df225 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 4 Jan 2021 09:46:10 +0100 Subject: [PATCH 2/2] __unbound: normalize flag format --- type/__unbound/gencode-remote | 2 +- type/__unbound/man.rst | 22 +++++++-------- type/__unbound/manifest | 28 +++++++++---------- type/__unbound/parameter/boolean | 6 ++-- .../default/{rc_interface => rc-interface} | 0 type/__unbound/parameter/optional | 2 +- type/__unbound/parameter/optional_multiple | 4 +-- type/__unbound/parameter/required_multiple | 2 +- 8 files changed, 33 insertions(+), 33 deletions(-) rename type/__unbound/parameter/default/{rc_interface => rc-interface} (100%) diff --git a/type/__unbound/gencode-remote b/type/__unbound/gencode-remote index ba6d92b..7c271b7 100755 --- a/type/__unbound/gencode-remote +++ b/type/__unbound/gencode-remote @@ -2,7 +2,7 @@ UNBOUND_CERTS_DIR=/etc/unbound -if [ -f "$__object/parameter/enable_rc" ]; then +if [ -f "$__object/parameter/enable-rc" ]; then echo "unbound-control-setup -d $UNBOUND_CERTS_DIR" echo "chown unbound:unbound $UNBOUND_CERTS_DIR/*.pem $UNBOUND_CERTS_DIR/*.key" fi diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst index 05fce45..350f1ea 100644 --- a/type/__unbound/man.rst +++ b/type/__unbound/man.rst @@ -23,19 +23,19 @@ interface Interface to listen on, can be provided multiple times. Defaults to '127.0.0.1' and '::1'. -access_control +access-control Controls which clients are allowed queries to the unbound service (everything but localhost is refused by default), can be provided multiple times. The format is described in unbound.conf(5). -rc_interface +rc-interface Address or path to socket used for remote control (see `--enable_control`. Defaults to `127.0.0.1`). -local_data +local-data Configure local data, which is served in reply to queries for it. Can be specified multiple times. -dns64_prefix +dns64-prefix Enable DNS64 with specified prefix. BOOLEAN PARAMETERS @@ -48,7 +48,7 @@ disable-ip6 Do not answer or issue queries over IPv6. Cannot be used alongside the `--disable-ip4` flag. -enable_rc +enable-rc Enable remote control (see `unbound-control(8)`). EXAMPLES @@ -58,12 +58,12 @@ EXAMPLES __ungleich_unbound \ --interface '::0' \ - --dns64_prefix '2a0a:e5c0:2:10::/96' \ - --forward_addr '2a0a:e5c0:2:1::5' \ - --forward_addr '2a0a:e5c0:2:1::6' \ - --access_control '::0/0 deny' \ - --access_control '2a0a:e5c0::/29 allow' \ - --access_control '2a09:2940::/29 allow' \ + --dns64-prefix '2a0a:e5c0:2:10::/96' \ + --forward-addr '2a0a:e5c0:2:1::5' \ + --forward-addr '2a0a:e5c0:2:1::6' \ + --access-control '::0/0 deny' \ + --access-control '2a0a:e5c0::/29 allow' \ + --access-control '2a09:2940::/29 allow' \ --ip6 SEE ALSO diff --git a/type/__unbound/manifest b/type/__unbound/manifest index 53a8ab6..1a23328 100755 --- a/type/__unbound/manifest +++ b/type/__unbound/manifest @@ -33,12 +33,12 @@ case "$os" in esac # Required parameters: -FORWARD_ADDRS=$(cat "$__object/parameter/forward_addr") +FORWARD_ADDRS=$(cat "$__object/parameter/forward-addr") export FORWARD_ADDRS # Optional parameters: -if [ -f "$__object/parameter/dns64_prefix" ]; then - DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix") +if [ -f "$__object/parameter/dns64-prefix" ]; then + DNS64_PREFIX=$(cat "$__object/parameter/dns64-prefix") export DNS64_PREFIX fi @@ -47,41 +47,41 @@ if [ -f "$__object/parameter/interface" ]; then export INTERFACES fi -if [ -f "$__object/parameter/access_control" ]; then - ACCESS_CONTROLS=$(cat "$__object/parameter/access_control") +if [ -f "$__object/parameter/access-control" ]; then + ACCESS_CONTROLS=$(cat "$__object/parameter/access-control") export ACCESS_CONTROLS fi -if [ -f "$__object/parameter/rc_interface" ]; then - RC_INTERFACE=$(cat "$__object/parameter/rc_interface") +if [ -f "$__object/parameter/rc-interface" ]; then + RC_INTERFACE=$(cat "$__object/parameter/rc-interface") export RC_INTERFACE fi -if [ -f "$__object/parameter/local_data" ]; then - LOCAL_DATA=$(cat "$__object/parameter/local_data") +if [ -f "$__object/parameter/local-data" ]; then + LOCAL_DATA=$(cat "$__object/parameter/local-data") export LOCAL_DATA fi # Boolean parameters: -if [ -f "$__object/parameter/disable_ip4" ] && \ - [ -f "$__object/parameter/disable_ip6" ]; then +if [ -f "$__object/parameter/disable-ip4" ] && \ + [ -f "$__object/parameter/disable-ip6" ]; then echo "--disable-ip4 and --disable-ip6 cannot be used at the same time." >&2 exit 1 fi -if [ -f "$__object/parameter/disable_ip4" ]; then +if [ -f "$__object/parameter/disable-ip4" ]; then export DO_IP4='no' else export DO_IP4='yes' fi -if [ -f "$__object/parameter/disable_ip6" ]; then +if [ -f "$__object/parameter/disable-ip6" ]; then export DO_IP6='no' else export DO_IP6='yes' fi -if [ -f "$__object/parameter/enable_rc" ]; then +if [ -f "$__object/parameter/enable-rc" ]; then export RC_ENABLE='yes' else export RC_ENABLE='no' diff --git a/type/__unbound/parameter/boolean b/type/__unbound/parameter/boolean index b6e53a1..f754fa2 100644 --- a/type/__unbound/parameter/boolean +++ b/type/__unbound/parameter/boolean @@ -1,3 +1,3 @@ -disable_ip6 -disable_ip4 -enable_rc +disable-ip6 +disable-ip4 +enable-rc diff --git a/type/__unbound/parameter/default/rc_interface b/type/__unbound/parameter/default/rc-interface similarity index 100% rename from type/__unbound/parameter/default/rc_interface rename to type/__unbound/parameter/default/rc-interface diff --git a/type/__unbound/parameter/optional b/type/__unbound/parameter/optional index 0826b6e..86a4400 100644 --- a/type/__unbound/parameter/optional +++ b/type/__unbound/parameter/optional @@ -1 +1 @@ -rc_interface +rc-interface diff --git a/type/__unbound/parameter/optional_multiple b/type/__unbound/parameter/optional_multiple index 3fe7eca..4d06e03 100644 --- a/type/__unbound/parameter/optional_multiple +++ b/type/__unbound/parameter/optional_multiple @@ -1,3 +1,3 @@ -access_control -local_data +access-control +local-data interface diff --git a/type/__unbound/parameter/required_multiple b/type/__unbound/parameter/required_multiple index 776abf5..74b99a2 100644 --- a/type/__unbound/parameter/required_multiple +++ b/type/__unbound/parameter/required_multiple @@ -1 +1 @@ -forward_addr +forward-addr