6 # PROVIDE: local_unbound
7 # REQUIRE: FILESYSTEMS defaultroute netwait resolv
14 desc="Local caching forwarding resolver"
15 rcvar="local_unbound_enable"
17 command="/usr/sbin/local-unbound"
18 extra_commands="anchor configtest reload setup"
19 start_precmd="local_unbound_prestart"
20 start_postcmd="local_unbound_poststart"
21 reload_precmd="local_unbound_configtest"
22 anchor_cmd="local_unbound_anchor"
23 configtest_cmd="local_unbound_configtest"
24 setup_cmd="local_unbound_setup"
25 pidfile="/var/run/${name}.pid"
29 : ${local_unbound_workdir:=/var/unbound}
30 : ${local_unbound_config:=${local_unbound_workdir}/unbound.conf}
31 : ${local_unbound_flags:="-c ${local_unbound_config}"}
32 : ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf}
33 : ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf}
34 : ${local_unbound_anchor:=${local_unbound_workdir}/root.key}
35 : ${local_unbound_forwarders:=}
36 : ${local_unbound_tls:=}
40 echo "$@" | su -m unbound
44 # Retrieve or update the DNSSEC root anchor
46 local_unbound_anchor()
48 do_as_unbound ${command}-anchor -a ${local_unbound_anchor}
49 # we can't trust the exit code - check if the file exists
50 [ -f ${local_unbound_anchor} ]
54 # Check the unbound configuration file
56 local_unbound_configtest()
58 do_as_unbound ${command}-checkconf ${local_unbound_config}
62 # Create the unbound configuration file and update resolv.conf to
68 if checkyesno local_unbound_tls ; then
71 echo "Performing initial setup."
74 -w ${local_unbound_workdir} \
75 -c ${local_unbound_config} \
76 -f ${local_unbound_forwardconf} \
77 -o ${local_unbound_controlconf} \
78 -a ${local_unbound_anchor} \
80 ${local_unbound_forwarders}
84 # Before starting, check that the configuration file and root anchor
85 # exist. If not, attempt to generate them.
87 local_unbound_prestart()
89 # Create configuration file
90 if [ ! -f ${local_unbound_config} ] ; then
94 # Retrieve DNSSEC root key
95 if [ ! -s ${local_unbound_anchor} ] ; then
101 # After starting, wait for Unbound to report that it is ready to avoid
102 # race conditions with services which require functioning DNS.
104 local_unbound_poststart()
108 echo -n "Waiting for nameserver to start..."
109 until "${command}-control" -c "${local_unbound_config}" status | grep -q "is running" ; do
110 if [ $((retry -= 1)) -eq 0 ] ; then