__unbound: add missing functionality.
This commit is contained in:
parent
a7d51bee35
commit
6eab68f081
5 changed files with 66 additions and 21 deletions
|
|
@ -10,6 +10,10 @@ EOF
|
||||||
# Server logging
|
# Server logging
|
||||||
[ "$VERBOSITY" ] && printf "verbosity: %u\n" "$VERBOSITY"
|
[ "$VERBOSITY" ] && printf "verbosity: %u\n" "$VERBOSITY"
|
||||||
|
|
||||||
|
# IP version
|
||||||
|
[ "$DISABLE_IPV4" ] && echo "do-ip4: no"
|
||||||
|
[ "$DISABLE_IPV6" ] && echo "do-ip6: no"
|
||||||
|
|
||||||
# Interfaces to bind to
|
# Interfaces to bind to
|
||||||
[ "$PORT" ] && printf "port: %u\n" "$PORT"
|
[ "$PORT" ] && printf "port: %u\n" "$PORT"
|
||||||
if [ -f "${__object:?}/parameter/interface" ];
|
if [ -f "${__object:?}/parameter/interface" ];
|
||||||
|
|
@ -31,6 +35,15 @@ then
|
||||||
done < "${__object:?}/parameter/access-control"
|
done < "${__object:?}/parameter/access-control"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Local data
|
||||||
|
if [ -f "${__object:?}/parameter/local-data" ];
|
||||||
|
then
|
||||||
|
while read -r data;
|
||||||
|
do
|
||||||
|
printf "local-data: \"%s\"\n" "$data"
|
||||||
|
done < "${__object:?}/parameter/local-data"
|
||||||
|
fi
|
||||||
|
|
||||||
# DNS64
|
# DNS64
|
||||||
printf "module-config: \"%svalidator iterator\"\n" "${DNS64:+dns64 }"
|
printf "module-config: \"%svalidator iterator\"\n" "${DNS64:+dns64 }"
|
||||||
[ "$PREFIX64" ] && printf "dns64-prefix: %s\n" "$PREFIX64"
|
[ "$PREFIX64" ] && printf "dns64-prefix: %s\n" "$PREFIX64"
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,11 @@ forward-zone
|
||||||
where the first element is the name of the zone, and the following elements
|
where the first element is the name of the zone, and the following elements
|
||||||
are the IP addresses of the DNS servers; e.g. `example.com,1.2.3.4,4.3.2.1`
|
are the IP addresses of the DNS servers; e.g. `example.com,1.2.3.4,4.3.2.1`
|
||||||
|
|
||||||
|
local-data
|
||||||
|
Control the `unbound.conf(5)` local-data parameter. Note that no local-zone
|
||||||
|
is defined, so the unbound default is to treat this data as a transparent
|
||||||
|
local zone.
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
BOOLEAN PARAMETERS
|
||||||
------------------
|
------------------
|
||||||
ip-transparent
|
ip-transparent
|
||||||
|
|
@ -74,6 +79,11 @@ control-use-certs
|
||||||
for the interaction between `unbound(8)` and `unbound-control(8)`, as well as
|
for the interaction between `unbound(8)` and `unbound-control(8)`, as well as
|
||||||
their inclusion in the configuration file.
|
their inclusion in the configuration file.
|
||||||
|
|
||||||
|
disable-ip4
|
||||||
|
Disable answering queries over IPv4.
|
||||||
|
|
||||||
|
disable-ip6
|
||||||
|
Disable answering queries over IPv6.
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
||||||
|
|
@ -34,47 +34,66 @@ alpine)
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Optional parameters:
|
# Optional parameters:
|
||||||
[ -f "${__object:?}/parameter/verbosity" ] && {
|
if [ -f "${__object:?}/parameter/verbosity" ];
|
||||||
|
then
|
||||||
VERBOSITY=$(cat "${__object:?}/parameter/verbosity")
|
VERBOSITY=$(cat "${__object:?}/parameter/verbosity")
|
||||||
export VERBOSITY
|
export VERBOSITY
|
||||||
}
|
fi
|
||||||
|
|
||||||
[ -f "${__object:?}/parameter/port" ] && {
|
if [ -f "${__object:?}/parameter/port" ];
|
||||||
|
then
|
||||||
PORT=$(cat "${__object:?}/parameter/port")
|
PORT=$(cat "${__object:?}/parameter/port")
|
||||||
export PORT
|
export PORT
|
||||||
}
|
fi
|
||||||
|
|
||||||
[ -f "${__object:?}/parameter/control-port" ] && {
|
if [ -f "${__object:?}/parameter/control-port" ];
|
||||||
|
then
|
||||||
CONTROL_PORT=$(cat "${__object:?}/parameter/control-port")
|
CONTROL_PORT=$(cat "${__object:?}/parameter/control-port")
|
||||||
export CONTROL_PORT
|
export CONTROL_PORT
|
||||||
}
|
fi
|
||||||
|
|
||||||
[ -f "${__object:?}/parameter/dns64-prefix" ] && {
|
if [ -f "${__object:?}/parameter/dns64-prefix" ];
|
||||||
|
then
|
||||||
PREFIX64=$(cat "${__object:?}/parameter/dns64-prefix")
|
PREFIX64=$(cat "${__object:?}/parameter/dns64-prefix")
|
||||||
export PREFIX64
|
export PREFIX64
|
||||||
}
|
fi
|
||||||
|
|
||||||
# Boolean parameters:
|
# Boolean parameters:
|
||||||
[ -f "${__object:?}/parameter/ip-transparent" ] && {
|
if [ -f "${__object:?}/parameter/ip-transparent" ];
|
||||||
|
then
|
||||||
IP_TRANSPARENT=yes
|
IP_TRANSPARENT=yes
|
||||||
export IP_TRANSPARENT
|
export IP_TRANSPARENT
|
||||||
}
|
fi
|
||||||
|
|
||||||
[ -f "${__object:?}/parameter/dns64" ] && {
|
if [ -f "${__object:?}/parameter/dns64" ];
|
||||||
|
then
|
||||||
DNS64=yes
|
DNS64=yes
|
||||||
export DNS64
|
export DNS64
|
||||||
}
|
fi
|
||||||
|
|
||||||
[ -f "${__object:?}/parameter/enable-rc" ] && {
|
if [ -f "${__object:?}/parameter/enable-rc" ];
|
||||||
|
then
|
||||||
ENABLE_RC=yes
|
ENABLE_RC=yes
|
||||||
export ENABLE_RC
|
export ENABLE_RC
|
||||||
}
|
fi
|
||||||
|
|
||||||
[ -f "${__object:?}/parameter/control-use-certs" ] && {
|
if [ -f "${__object:?}/parameter/disable-ip4" ];
|
||||||
|
then
|
||||||
|
DISABLE_IPV4=yes
|
||||||
|
export DISABLE_IPV4
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "${__object:?}/parameter/disable-ip6" ];
|
||||||
|
then
|
||||||
|
DISABLE_IPV6=yes
|
||||||
|
export DISABLE_IPV6
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "${__object:?}/parameter/control-use-certs" ];
|
||||||
|
then
|
||||||
__package "$openssl_package"
|
__package "$openssl_package"
|
||||||
CONTROL_USE_CERTS=yes
|
export CONTROL_USE_CERTS=yes
|
||||||
export CONTROL_USE_CERTS
|
fi
|
||||||
}
|
|
||||||
|
|
||||||
# Certs for remote control, generated if --generate-certs is given.
|
# Certs for remote control, generated if --generate-certs is given.
|
||||||
export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key'
|
export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key'
|
||||||
|
|
@ -82,6 +101,7 @@ export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem'
|
||||||
export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key'
|
export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key'
|
||||||
export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem'
|
export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem'
|
||||||
|
|
||||||
|
export require='__package/unbound'
|
||||||
# If object_id is different from 'unbound', we consider that we are launching a
|
# If object_id is different from 'unbound', we consider that we are launching a
|
||||||
# different instance of unbound and create the appropriate init service.
|
# different instance of unbound and create the appropriate init service.
|
||||||
if [ "${__object_id:?}" != "unbound" ];
|
if [ "${__object_id:?}" != "unbound" ];
|
||||||
|
|
@ -102,7 +122,7 @@ then
|
||||||
else
|
else
|
||||||
__start_on_boot unbound
|
__start_on_boot unbound
|
||||||
fi
|
fi
|
||||||
|
unset require
|
||||||
|
|
||||||
# Generate and deploy configuration files.
|
# Generate and deploy configuration files.
|
||||||
source_file="${__object:?}/files/unbound.conf"
|
source_file="${__object:?}/files/unbound.conf"
|
||||||
|
|
@ -112,5 +132,4 @@ mkdir -p "$__object/files"
|
||||||
"${__type:?}/files/unbound.conf.sh" > "$source_file"
|
"${__type:?}/files/unbound.conf.sh" > "$source_file"
|
||||||
require="__package/unbound" __file "$target_file" \
|
require="__package/unbound" __file "$target_file" \
|
||||||
--source "$source_file" \
|
--source "$source_file" \
|
||||||
--owner root \
|
--owner root --mode 644
|
||||||
--mode 644
|
|
||||||
|
|
|
||||||
|
|
@ -2,3 +2,5 @@ ip-transparent
|
||||||
dns64
|
dns64
|
||||||
enable-rc
|
enable-rc
|
||||||
control-use-certs
|
control-use-certs
|
||||||
|
disable-ip4
|
||||||
|
disable-ip6
|
||||||
|
|
|
||||||
|
|
@ -2,3 +2,4 @@ interface
|
||||||
access-control
|
access-control
|
||||||
control-interface
|
control-interface
|
||||||
forward-zone
|
forward-zone
|
||||||
|
local-data
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue