From dacbde89b24c29ed475d9be31dbac2dc58c0e153 Mon Sep 17 00:00:00 2001 From: pfg Date: Wed, 20 Nov 2019 22:13:14 +0000 Subject: [PATCH] Import openresolv 3.9.0 More information at: https://roy.marples.name/projects/openresolv --- LICENSE | 23 +++++ Makefile | 38 ++++++-- README | 11 --- README.md | 64 +++++++++++++ configure | 88 +++++++++-------- dnsmasq.in | 10 +- libc.in | 24 ++--- named.in | 8 +- pdns_recursor.in | 17 ++-- pdnsd.in | 12 ++- resolvconf.conf | 2 +- resolvconf.conf.5.in | 157 ++++++++++++++++++++---------- resolvconf.in | 223 +++++++++++++++++++++++++------------------ unbound.in | 2 +- 14 files changed, 435 insertions(+), 244 deletions(-) create mode 100644 LICENSE delete mode 100644 README create mode 100644 README.md diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000000..758aec33805 --- /dev/null +++ b/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2007-2019 Roy Marples +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/Makefile b/Makefile index 095779b95b0..6cfa6e4ea07 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,7 @@ SYSCONFDIR?= /etc LIBEXECDIR?= /libexec/resolvconf VARDIR?= /var/run/resolvconf +ECHO?= echo INSTALL?= install SED?= sed @@ -20,7 +21,7 @@ DOCMODE?= 0644 MANMODE?= 0444 RESOLVCONF= resolvconf resolvconf.8 resolvconf.conf.5 -SUBSCRIBERS= libc dnsmasq named pdnsd unbound +SUBSCRIBERS= libc dnsmasq named pdnsd pdns_recursor unbound TARGET= ${RESOLVCONF} ${SUBSCRIBERS} SRCS= ${TARGET:C,$,.in,} # pmake SRCS:= ${TARGET:=.in} # gmake @@ -42,7 +43,7 @@ DISTINFOSIGN= ${DISTINFO}.asc CKSUM?= cksum -a SHA256 PGP?= netpgp -FOSSILID?= current +GITREF?= HEAD .SUFFIXES: .in @@ -79,15 +80,17 @@ maninstall: install: proginstall maninstall -import: +dist-git: + git archive --prefix=${DISTPREFIX}/ ${GITREF} | xz >${DISTFILE} + +dist-inst: + mkdir /tmp/${DISTPREFIX} + cp -RPp * /tmp/${DISTPREFIX} + (cd /tmp/${DISTPREFIX}; make clean) + tar -cvjpf ${DISTFILE} -C /tmp ${DISTPREFIX} rm -rf /tmp/${DISTPREFIX} - ${INSTALL} -d /tmp/${DISTPREFIX} - cp README ${SRCS} /tmp/${DISTPREFIX} -dist: - fossil tarball --name ${DISTPREFIX} ${FOSSILID} ${DISTFILEGZ} - gunzip -c ${DISTFILEGZ} | xz >${DISTFILE} - rm ${DISTFILEGZ} +dist: dist-git distinfo: dist rm -f ${DISTINFO} ${DISTINFOSIGN} @@ -96,3 +99,20 @@ distinfo: dist ${PGP} --clearsign --output=${DISTINFOSIGN} ${DISTINFO} chmod 644 ${DISTINFOSIGN} ls -l ${DISTFILE} ${DISTINFO} ${DISTINFOSIGN} + +import: dist + rm -rf /tmp/${DISTPREFIX} + ${INSTALL} -d /tmp/${DISTPREFIX} + tar xvJpf ${DISTFILE} -C /tmp + +_import-src: + rm -rf ${DESTDIR}/* + ${INSTALL} -d ${DESTDIR} + cp LICENSE README.md ${SRCS} resolvconf.conf ${DESTDIR}; + cp resolvconf.8.in resolvconf.conf.5.in ${DESTDIR}; + @${ECHO} + @${ECHO} "=============================================================" + @${ECHO} "openresolv-${VERSION} imported to ${DESTDIR}" + +import-src: + ${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else echo /tmp/${DISTPREFIX}; fi` diff --git a/README b/README deleted file mode 100644 index b4042b0e81a..00000000000 --- a/README +++ /dev/null @@ -1,11 +0,0 @@ -openresolv is a resolvconf implementation which manages resolv.conf -You can find the latest version at http://roy.marples.name/projects/openresolv -It is written and maintained by Roy Marples - -This resolvconf implementation, along with its subscribers, work with a -POSIX compliant shell and userland utilities. It is designed to work without -tools such as sed as it *has* to work without /usr being available. - -On systems where resolvconf is expected to be used before /var/run is available -for writing, you can configure openresolv to write somewhere else, like say a -ramdisk. diff --git a/README.md b/README.md new file mode 100644 index 00000000000..739cc73356c --- /dev/null +++ b/README.md @@ -0,0 +1,64 @@ +# openresolv + +openresolv is a [resolvconf](https://en.wikipedia.org/wiki/Resolvconf) +implementation which manages `/etc/resolv.conf`. + +`/etc/resolv.conf` is a file that holds the configuration for the local +resolution of domain names. +Normally this file is either static or maintained by a local daemon, +normally a DHCP daemon. But what happens if more than one thing wants to +control the file? +Say you have wired and wireless interfaces to different subnets and run a VPN +or two on top of that, how do you say which one controls the file? +It's also not as easy as just adding and removing the nameservers each client +knows about as different clients could add the same nameservers. + +Enter resolvconf, the middleman between the network configuration services and +`/etc/resolv.conf`. +resolvconf itself is just a script that stores, removes and lists a full +`resolv.conf` generated for the interface. It then calls all the helper scripts +it knows about so it can configure the real `/etc/resolv.conf` and optionally +any local nameservers other than libc. + +## Reasons for using openresolv + +Why openresolv over the +[Debian implementation](http://qref.sourceforge.net/Debian/reference/ch-gateway.en.html#s-dns-resolvconf)? +Here's some reasons: + * Works with + [POSIX shell and userland](http://www.opengroup.org/onlinepubs/009695399) + * Does not need awk, grep or sed which means we can work without `/usr` + mounted + * Works with other init systems than Debians' out of the box + * Available as a 2 clause + [BSD license](http://www.freebsd.org/copyright/freebsd-license.html) + * Prefer configs via IF_METRIC for dynamic ordering + * Configures zones for local resolvers other than libc + +The last point is quite important, especially when running VPN systems. +Take the following resolv.conf files which have been generated by a +[DHCP client](../dhcpcd) and sent to resolvconf: + +``` +# resolv.conf from bge0 +search foo.com +nameserver 1.2.3.4 + +# resolv.conf from tap0 +domain bar.org +nameserver 5.6.7.8 +``` + +In this instance, queries for foo.com will go to 1.2.3.4 and queries for +bar.org will go to 5.6.7.8. +This does require the resolvers to be configured to pickup the resolvconf +generated configuration for them though. +openresolv ships with helpers for: + * [unbound](http://www.unbound.net/) + * [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) + * [ISC BIND](http://www.isc.org/software/bind) + * [PowerDNS Recursor](http://wiki.powerdns.com/trac) + +See the +[configuration section](https://roy.marples.name/projects/openresolv/config) +for more details. diff --git a/configure b/configure index a890cf0dc63..c9422b74b69 100644 --- a/configure +++ b/configure @@ -44,42 +44,8 @@ for x do esac done -if [ -z "$LIBEXECDIR" ]; then - printf "Checking for directory /libexec ... " - if [ -d /libexec ]; then - echo "yes" - LIBEXECDIR=$PREFIX/libexec/resolvconf - else - echo "no" - LIBEXECDIR=$PREFIX/lib/resolvconf - fi -fi -if [ -z "$RUNDIR" ]; then - printf "Checking for directory /run ... " - if [ -d /run ]; then - echo "yes" - RUNDIR=/run - else - echo "no" - RUNDIR=/var/run - fi -fi - : ${SED:=sed} -: ${SYSCONFDIR:=$PREFIX/etc} -: ${SBINDIR:=$PREFIX/sbin} -: ${LIBEXECDIR:=$PREFIX/libexec/resolvconf} -: ${STATEDIR:=/var} -: ${RUNDIR:=$STATEDIR/run} -: ${MANDIR:=${PREFIX:-/usr}/share/man} - -eval SYSCONFDIR="$SYSCONFDIR" -eval SBINDIR="$SBINDIR" -eval LIBEXECDIR="$LIBEXECDIR" -eval VARDIR="$RUNDIR/resolvconf" -eval MANDIR="$MANDIR" - CONFIG_MK=config.mk if [ -z "$BUILD" ]; then @@ -121,7 +87,19 @@ rm -rf $CONFIG_MK echo "# $OS" >$CONFIG_MK case "$OS" in -freebsd*) +dragonfly*) + # This means /usr HAS to be mounted not via dhcpcd + : ${LIBEXECDIR:=${PREFIX:-/usr}/libexec/resolvconf} + ;; +linux*) + # cksum does't support -a and netpgp is rare + echo "CKSUM= sha256sum --tag" >>$CONFIG_MK + echo "PGP= gpg2" >>$CONFIG_MK + ;; +esac + +case "$OS" in +dragonfly*|freebsd*) # On FreeBSD, /etc/init.d/foo status returns 0 if foo is not enabled # regardless of if it's not running. # So we force onestatus to work around this silly bug. @@ -129,13 +107,43 @@ freebsd*) STATUSARG="onestatus" fi ;; -linux*) - # cksum does't support -a and netpgp is rare - echo "CKSUM= sha256sum --tag" >>$CONFIG_MK - echo "PGP= gpg2" >>$CONFIG_MK - ;; esac + +if [ -z "$LIBEXECDIR" ]; then + printf "Checking for directory /libexec ... " + if [ -d /libexec ]; then + echo "yes" + LIBEXECDIR=$PREFIX/libexec/resolvconf + else + echo "no" + LIBEXECDIR=$PREFIX/lib/resolvconf + fi +fi +if [ -z "$RUNDIR" ]; then + printf "Checking for directory /run ... " + if [ -d /run ]; then + echo "yes" + RUNDIR=/run + else + echo "no" + RUNDIR=/var/run + fi +fi + +: ${SYSCONFDIR:=$PREFIX/etc} +: ${SBINDIR:=$PREFIX/sbin} +: ${LIBEXECDIR:=$PREFIX/libexec/resolvconf} +: ${STATEDIR:=/var} +: ${RUNDIR:=$STATEDIR/run} +: ${MANDIR:=${PREFIX:-/usr}/share/man} + +eval SYSCONFDIR="$SYSCONFDIR" +eval SBINDIR="$SBINDIR" +eval LIBEXECDIR="$LIBEXECDIR" +eval VARDIR="$RUNDIR/resolvconf" +eval MANDIR="$MANDIR" + for x in SYSCONFDIR SBINDIR LIBEXECDIR VARDIR MANDIR RESTARTCMD RCDIR STATUSARG do eval v=\$$x diff --git a/dnsmasq.in b/dnsmasq.in index b1a2c7408d9..8b51866dca2 100644 --- a/dnsmasq.in +++ b/dnsmasq.in @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2007-2016 Roy Marples +# Copyright (c) 2007-2019 Roy Marples # All rights reserved # dnsmasq subscriber for resolvconf @@ -28,7 +28,7 @@ [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 -[ -z "$dnsmasq_conf" -a -z "$dnsmasq_resolv" ] && exit 0 +[ -z "${dnsmasq_conf}${dnsmasq_resolv}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " @@ -98,7 +98,7 @@ for d in $DOMAINS; do empty=false i=0 IFS=: set -- $n - while [ -n "$1" -o -n "$2" ]; do + while [ -n "$1" ] || [ -n "$2" ]; do addr="$1" shift if [ -z "$addr" ]; then @@ -184,7 +184,7 @@ if $changed; then eval $dnsmasq_restart elif [ -n "$RESTARTCMD" ]; then set -- ${dnsmasq_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${dnsmasq_service} fi @@ -206,4 +206,6 @@ if $dbus; then dbus-send --system --dest=uk.org.thekelleys.dnsmasq \ /uk/org/thekelleys/dnsmasq uk.org.thekelleys.$method \ $dbusdest + dbus-send --system --dest=uk.org.thekelleys.dnsmasq \ + /uk/org/thekelleys/dnsmasq uk.org.thekelleys.ClearCache fi diff --git a/libc.in b/libc.in index d49be65b67b..f44f61bac7f 100644 --- a/libc.in +++ b/libc.in @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2007-2016 Roy Marples +# Copyright (c) 2007-2019 Roy Marples # All rights reserved # libc subscriber for resolvconf @@ -36,9 +36,9 @@ NL=" # sed may not be available, and this is faster on small files key_get_value() { - local key="$1" x= line= - + key="$1" shift + if [ $# -eq 0 ]; then while read -r line; do case "$line" in @@ -58,8 +58,6 @@ key_get_value() keys_remove() { - local key x line found - while read -r line; do found=false for key do @@ -79,7 +77,7 @@ local_nameservers="127.* 0.0.0.0 255.255.255.255 ::1" if [ -f "$SYSCONFDIR"/resolvconf.conf ]; then . "$SYSCONFDIR"/resolvconf.conf elif [ -d "$SYSCONFDIR"/resolvconf ]; then - SYSCONFDIR="$SYSCONFDIR/resolvconf/resolv.conf.d" + SYSCONFDIR="$SYSCONFDIR/resolvconf" base="$SYSCONFDIR/resolv.conf.d/base" if [ -f "$base" ]; then prepend_nameservers="$(key_get_value "nameserver " "$base")" @@ -98,10 +96,12 @@ fi : ${resolv_conf:=/etc/resolv.conf} : ${libc_service:=nscd} : ${list_resolv:=@SBINDIR@/resolvconf -l} -if [ "${resolv_conf_head-x}" = x -a -f "$SYSCONFDIR"/resolv.conf.head ]; then +if [ "${resolv_conf_head-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.head ] +then resolv_conf_head="$(cat "${SYSCONFDIR}"/resolv.conf.head)" fi -if [ "${resolv_conf_tail-x}" = x -a -f "$SYSCONFDIR"/resolv.conf.tail ]; then +if [ "${resolv_conf_tail-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.tail ] +then resolv_conf_tail="$(cat "$SYSCONFDIR"/resolv.conf.tail)" fi @@ -110,7 +110,7 @@ signature="# Generated by resolvconf" uniqify() { - local result= + result= while [ -n "$1" ]; do case " $result " in *" $1 "*);; @@ -126,7 +126,7 @@ case "${resolv_conf_passthrough:-NO}" in backup=false newest= for conf in "$IFACEDIR"/*; do - if [ -z "$newest" -o "$conf" -nt "$newest" ]; then + if [ -z "$newest" ] || [ "$conf" -nt "$newest" ]; then newest="$conf" fi done @@ -178,7 +178,7 @@ case "${resolv_conf_passthrough:-NO}" in fi [ -n "$domain" ] && newconf="${newconf}domain $domain$NL" - if [ -n "$newsearch" -a "$newsearch" != "$domain" ]; then + if [ -n "$newsearch" ] && [ "$newsearch" != "$domain" ]; then newconf="${newconf}search $newsearch$NL" fi for n in $newns; do @@ -232,7 +232,7 @@ if [ -n "$libc_restart" ]; then eval $libc_restart elif [ -n "$RESTARTCMD" ]; then set -- ${libc_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${libc_service} fi diff --git a/named.in b/named.in index 2083ea52058..e5b5a91ee77 100644 --- a/named.in +++ b/named.in @@ -28,14 +28,14 @@ [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 -[ -z "$named_zones" -a -z "$named_options" ] && exit 0 +[ -z "${named_zones}${named_options}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " # Platform specific kludges -if [ -z "$named_service" -a -z "$named_restart" -a \ - -d "$RCDIR" -a ! -x "$RCDIR"/named ] +if [ -z "${named_service}${named_restart}" ] && + [ -d "$RCDIR" ] && ! [ -x "$RCDIR"/named ] then if [ -x "$RCDIR"/bind9 ]; then # Debian and derivatives @@ -111,7 +111,7 @@ if $changed; then eval $named_restart elif [ -n "$RESTARTCMD" ]; then set -- ${named_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${named_service} fi diff --git a/pdns_recursor.in b/pdns_recursor.in index ad2d922dc4d..f3632e00038 100644 --- a/pdns_recursor.in +++ b/pdns_recursor.in @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2009-2011 Roy Marples +# Copyright (c) 2009-2019 Roy Marples # All rights reserved # PowerDNS Recursor subscriber for resolvconf @@ -33,17 +33,14 @@ NL=" " -: ${pdns_service:=pdns_recursor} +: ${pdns_service:=pdns-recursor} newzones= -# pds_recursor does not present support global forward servers, which -# does limit it's usefulness somewhat. -# If it did, the below code can be enabled, or something like it. -#for n in $NAMESERVERS; do -# newzones="$newzones${newzones:+,}$n" -#done -#[ -n "$newzones" ] && newzones=".=$newzones$NL" +for n in $NAMESERVERS; do + newzones="$newzones${newzones:+,}$n" +done +[ -n "$newzones" ] && newzones="+.=$newzones$NL" for d in $DOMAINS; do newns= @@ -71,7 +68,7 @@ then eval $pdns_restart elif [ -n "$RESTARTCMD" ]; then set -- ${pdns_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${pdns_service} fi diff --git a/pdnsd.in b/pdnsd.in index 59a4755aff1..971d90d26a1 100644 --- a/pdnsd.in +++ b/pdnsd.in @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2010-2013 Roy Marples +# Copyright (c) 2010-2018 Roy Marples # All rights reserved # pdnsd subscriber for resolvconf @@ -28,7 +28,7 @@ [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 -[ -z "$pdnsd_conf" -a -z "$pdnsd_resolv" ] && exit 0 +[ -z "${pdnsd_conf}${pdnsd_resolv}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " @@ -41,14 +41,16 @@ signature_end="# End of resolvconf" # but sed may not always be available at the time. remove_markers() { - local m1="$1" m2="$2" x= line= in_marker=0 + m1="$1" + m2="$2" + in_marker=0 shift; shift if type sed >/dev/null 2>&1; then sed "/^$m1/,/^$m2/d" $@ else - for x; do - while read -r line; do + for x do + while read line; do case "$line" in "$m1"*) in_marker=1;; "$m2"*) in_marker=0;; diff --git a/resolvconf.conf b/resolvconf.conf index 607f6af4d91..4f5f2e6f42e 100644 --- a/resolvconf.conf +++ b/resolvconf.conf @@ -4,4 +4,4 @@ resolv_conf=/etc/resolv.conf # If you run a local name server, you should uncomment the below line and # configure your subscribers configuration files below. -#name_servers=127.0.0.1 \ No newline at end of file +#name_servers=127.0.0.1 diff --git a/resolvconf.conf.5.in b/resolvconf.conf.5.in index fcebd864e36..1b0c4716084 100644 --- a/resolvconf.conf.5.in +++ b/resolvconf.conf.5.in @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 29, 2016 +.Dd September 8, 2019 .Dt RESOLVCONF.CONF 5 .Os .Sh NAME @@ -64,19 +64,25 @@ Defaults to YES. .It Sy interface_order These interfaces will always be processed first. If unset, defaults to the following:- -.D1 lo lo[0-9]* +.Bd -compact -literal -offset indent +lo lo[0-9]* +.Ed .It Sy dynamic_order These interfaces will be processed next, unless they have a metric. If unset, defaults to the following:- -.D1 tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]* +.Bd -compact -literal -offset indent +tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]* +.Ed .It Sy inclusive_interfaces -Ignore any exlcusive marking for these interfaces. +Ignore any exclusive marking for these interfaces. This is handy when 3rd party integrations force the .Nm resolvconf -x option and you want to disable it easily. .It Sy local_nameservers If unset, defaults to the following:- -.D1 127.* 0.0.0.0 255.255.255.255 ::1 +.Bd -compact -literal -offset indent +127.* 0.0.0.0 255.255.255.255 ::1 +.Ed .It Sy search_domains Prepend search domains to the dynamically generated list. .It Sy search_domains_append @@ -118,16 +124,24 @@ The syntax is this: .Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement .Pp Example, given this resolv.conf: -.D1 domain foo.org -.D1 search foo.org dead.beef -.D1 nameserver 1.2.3.4 -.D1 nameserver 2.3.4.5 +.Bd -compact -literal -offset indent +domain foo.org +search foo.org dead.beef +nameserver 1.2.3.4 +nameserver 2.3.4.5 +.Ed and this configuaration: -.D1 replace="search/foo*/bar.com nameserver/1.2.3.4/5.6.7.8 nameserver/2.3.4.5/" +.Bd -compact -literal -offset indent +replace="search/foo*/bar.com" +replace="$replace nameserver/1.2.3.4/5.6.7.8" +replace="$replace nameserver/2.3.4.5/" +.Ed you would get this resolv.conf instead: -.D1 domain foo.org -.D1 search bar.com -.D1 nameserver 5.6.7.8 +.Bd -compact -literal -offset indent +domain foo.org +search bar.com +nameserver 5.6.7.8 +.Ed .It Sy replace_sub Works the same way as .Sy replace @@ -138,9 +152,11 @@ Using the same example resolv.conf and changing to .Sy replace_sub , you would get this resolv.conf instead: -.D1 domain foo.org -.D1 search bar.com dead.beef -.D1 nameserver 5.6.7.8 +.Bd -compact -literal -offset indent +domain foo.org +search bar.com dead.beef +nameserver 5.6.7.8 +.Ed .It Sy state_dir Override the default state directory of .Pa @VARDIR@ . @@ -195,7 +211,8 @@ Prepend search domains to the dynamically generated list. openresolv ships with subscribers for the name servers .Xr dnsmasq 8 , .Xr named 8 , -.Xr pdnsd 8 +.Xr pdnsd 8 , +.Xr pdns_recursor 8 , and .Xr unbound 8 . Each subscriber can create configuration files which should be included in @@ -203,7 +220,9 @@ in the subscribers main configuration file. .Pp To disable a subscriber, simply set it's name to NO. For example, to disable the libc subscriber you would set: -.D1 libc=NO +.Bd -compact -literal -offset indent +libc=NO +.Ed .Bl -tag -width indent .It Sy dnsmasq_conf This file tells dnsmasq which name servers to use for specific domains. @@ -211,17 +230,21 @@ This file tells dnsmasq which name servers to use for specific domains. This file tells dnsmasq which name servers to use for global lookups. .Pp Example resolvconf.conf for dnsmasq: -.D1 name_servers=127.0.0.1 -.D1 dnsmasq_conf=/etc/dnsmasq-conf.conf -.D1 dnsmasq_resolv=/etc/dnsmasq-resolv.conf +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +dnsmasq_conf=/etc/dnsmasq-conf.conf +dnsmasq_resolv=/etc/dnsmasq-resolv.conf +.Ed .Pp Example dnsmasq.conf: -.D1 listen-address=127.0.0.1 -.D1 # If dnsmasq is compiled for DBus then we can take -.D1 # advantage of not having to restart dnsmasq. -.D1 enable-dbus -.D1 conf-file=/etc/dnsmasq-conf.conf -.D1 resolv-file=/etc/dnsmasq-resolv.conf +.Bd -compact -literal -offset indent +listen-address=127.0.0.1 +# If dnsmasq is compiled for DBus then we can take +# advantage of not having to restart dnsmasq. +enable-dbus +conf-file=/etc/dnsmasq-conf.conf +resolv-file=/etc/dnsmasq-resolv.conf +.Ed .It Sy named_options Include this file in the named options block. This file tells named which name servers to use for global lookups. @@ -230,16 +253,21 @@ Include this file in the named global scope, after the options block. This file tells named which name servers to use for specific domains. .Pp Example resolvconf.conf for named: -.D1 name_servers=127.0.0.1 -.D1 named_options=/etc/named-options.conf -.D1 named_zones=/etc/named-zones.conf +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +named_options=/etc/named-options.conf +named_zones=/etc/named-zones.conf +.Ed .Pp Example named.conf: -.D1 options { -.D1 listen-on { 127.0.0.1; }; -.D1 include "/etc/named-options.conf"; -.D1 }; -.D1 include "/etc/named-zones.conf"; +.Bd -compact -literal -offset indent +options { + listen-on { 127.0.0.1; }; + include "/etc/named-options.conf"; +}; + +include "/etc/named-zones.conf"; +.Ed .It Sy pdnsd_conf This is the main pdnsd configuration file which we modify to add our forward domains to. @@ -253,32 +281,54 @@ If this variable is not set then it's written to .Pa pdnsd_conf . .Pp Example resolvconf.conf for pdnsd: -.D1 name_servers=127.0.0.1 -.D1 pdnsd_conf=/etc/pdnsd.conf -.D1 # pdnsd_resolv=/etc/pdnsd-resolv.conf +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +pdnsd_conf=/etc/pdnsd.conf +# pdnsd_resolv=/etc/pdnsd-resolv.conf +.Ed .Pp Example pdnsd.conf: -.D1 global { -.D1 server_ip = 127.0.0.1; -.D1 status_ctl = on; -.D1 } -.D1 server { -.D1 # A server definition is required, even if emtpy. -.D1 label="empty"; -.D1 proxy_only=on; -.D1 # file="/etc/pdnsd-resolv.conf"; -.D1 } +.Bd -compact -literal -offset indent +global { + server_ip = 127.0.0.1; + status_ctl = on; +} +server { + # A server definition is required, even if empty. + label="empty"; + proxy_only=on; + # file="/etc/pdnsd-resolv.conf"; +} +.Ed +.It Sy pdns_zones +This file tells pdns_recursor about specific and global name servers. +.Pp +Example resolvconf.conf for pdns_recursor: +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +pdns_zones=/etc/pdns/recursor-zones.conf +.Ed +.Pp +Example recursor.conf: +.Bd -compact -literal -offset indent +allow-from=127.0.0.0/8, ::1/128 +forward-zones-file=/etc/pdns/recursor-zones.conf +.Ed .It Sy unbound_conf This file tells unbound about specific and global name servers. .It Sy unbound_insecure When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC. .Pp Example resolvconf.conf for unbound: -.D1 name_servers=127.0.0.1 -.D1 unbound_conf=/etc/unbound-resolvconf.conf +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +unbound_conf=/etc/unbound-resolvconf.conf +.Ed .Pp Example unbound.conf: -.D1 include: /etc/unbound-resolvconf.conf +.Bd -compact -literal -offset indent +include: /etc/unbound-resolvconf.conf +.Ed .El .Sh SUBSCRIBER INTEGRATION Not all distributions store the files the subscribers need in the same @@ -292,7 +342,6 @@ Also, users could equally want to use a different version from the one installed by default, such as bind8 and bind9. To accommodate this, the subscribers have these files in configurable variables, documented below. -.Pp .Bl -tag -width indent .It Sy dnsmasq_service Name of the dnsmasq service. @@ -310,6 +359,10 @@ Name of the named service. Command to restart the named service. .It Sy pdnsd_restart Command to restart the pdnsd service. +.It Sy pdns_service +Command to restart the pdns_recursor service. +.It Sy pdns_restart +Command to restart the pdns_recursor service. .It Sy unbound_service Name of the unbound service. .It Sy unbound_restart diff --git a/resolvconf.in b/resolvconf.in index 7353cfc348d..e7d38211181 100644 --- a/resolvconf.in +++ b/resolvconf.in @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2007-2016 Roy Marples +# Copyright (c) 2007-2019 Roy Marples # All rights reserved # Redistribution and use in source and binary forms, with or without @@ -25,7 +25,7 @@ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. RESOLVCONF="$0" -OPENRESOLV_VERSION="3.9.0" +OPENRESOLV_VERSION="3.9.2" SYSCONFDIR=@SYSCONFDIR@ LIBEXECDIR=@LIBEXECDIR@ VARDIR=@VARDIR@ @@ -125,21 +125,22 @@ usage() # If you think otherwise, capture a DNS trace and you'll see libc # will strip it regardless. # This also solves setting up duplicate zones in our subscribers. -strip_trailing_dots() +# Also strip any comments denoted by #. +resolv_strip() { - local n= d= - - for n; do - printf "$d%s" "${n%.}" - d=" " + space= + for word; do + case "$word" in + \#*) break;; + esac + printf "%s%s" "$space${word%.}" + space=" " done printf "\n" } private_iface() { - local p - # Allow expansion cd "$IFACEDIR" @@ -168,12 +169,15 @@ private_iface() # for domain name servers, search name servers and global nameservers parse_resolv() { - local line= ns= ds= search= d= n= newns= - local new=true iface= private=false p= domain= l= islocal= - + domain= + new=true newns= + ns= + private=false + search= while read -r line; do + stripped_line="$(resolv_strip ${line#* })" case "$line" in "# resolv.conf from "*) if ${new}; then @@ -189,29 +193,32 @@ parse_resolv() "nameserver "*) islocal=false for l in $local_nameservers; do - case "${line#* }" in + case "$stripped_line" in $l) islocal=true - echo "LOCALNAMESERVERS=\"\$LOCALNAMESERVERS ${line#* }\"" break ;; esac done - $islocal || ns="$ns${line#* } " + if $islocal; then + echo "LOCALNAMESERVERS=\"\$LOCALNAMESERVERS $stripped_line\"" + else + ns="$ns$stripped_line " + fi ;; "domain "*) - search="$(strip_trailing_dots ${line#* })" + search="$stripped_line" if [ -z "$domain" ]; then domain="$search" echo "DOMAIN=\"$domain\"" fi ;; "search "*) - search="$(strip_trailing_dots ${line#* })" + search="$stripped_line" ;; *) [ -n "$line" ] && continue - if [ -n "$ns" -a -n "$search" ]; then + if [ -n "$ns" ] && [ -n "$search" ]; then newns= for n in $ns; do newns="$newns${newns:+,}$n" @@ -236,7 +243,7 @@ parse_resolv() uniqify() { - local result= + result= while [ -n "$1" ]; do case " $result " in *" $1 "*);; @@ -249,8 +256,8 @@ uniqify() dirname() { - local dir= OIFS="$IFS" - local IFS=/ + OIFS="$IFS" + IFS=/ set -- $@ IFS="$OIFS" if [ -n "$1" ]; then @@ -267,7 +274,7 @@ dirname() config_mkdirs() { - local e=0 f d + e=0 for f; do [ -n "$f" ] || continue d="$(dirname "$f")" @@ -295,66 +302,86 @@ detect_init() # Detect the running init system. # As systemd and OpenRC can be installed on top of legacy init # systems we try to detect them first. - local status="@STATUSARG@" + status="@STATUSARG@" : ${status:=status} - if [ -x /bin/systemctl -a -S /run/systemd/private ]; then - RESTARTCMD="if /bin/systemctl --quiet is-active \$1.service; then - /bin/systemctl restart \$1.service; -fi" - elif [ -x /usr/bin/systemctl -a -S /run/systemd/private ]; then - RESTARTCMD="if /usr/bin/systemctl --quiet is-active \$1.service; then - /usr/bin/systemctl restart \$1.service; -fi" - elif [ -x /sbin/rc-service -a \ - -s /libexec/rc/init.d/softlevel -o -s /run/openrc/softlevel ] + if [ -x /bin/systemctl ] && [ -S /run/systemd/private ]; then + RESTARTCMD=' + if /bin/systemctl --quiet is-active $1.service + then + /bin/systemctl restart $1.service + fi' + elif [ -x /usr/bin/systemctl ] && [ -S /run/systemd/private ]; then + RESTARTCMD=' + if /usr/bin/systemctl --quiet is-active $1.service + then + /usr/bin/systemctl restart $1.service + fi' + elif [ -x /sbin/rc-service ] && + { [ -s /libexec/rc/init.d/softlevel ] || + [ -s /run/openrc/softlevel ]; } then - RESTARTCMD="/sbin/rc-service -i \$1 -- -Ds restart" + RESTARTCMD='/sbin/rc-service -i $1 -- -Ds restart' elif [ -x /usr/sbin/invoke-rc.d ]; then RCDIR=/etc/init.d - RESTARTCMD="if /usr/sbin/invoke-rc.d --quiet \$1 status 1>/dev/null 2>&1; then - /usr/sbin/invoke-rc.d \$1 restart; -fi" + RESTARTCMD=' + if /usr/sbin/invoke-rc.d --quiet $1 status >/dev/null 2>&1 + then + /usr/sbin/invoke-rc.d $1 restart + fi' elif [ -x /sbin/service ]; then # Old RedHat RCDIR=/etc/init.d - RESTARTCMD="if /sbin/service \$1; then - /sbin/service \$1 restart; -fi" + RESTARTCMD=' + if /sbin/service $1; then + /sbin/service $1 restart + fi' elif [ -x /usr/sbin/service ]; then # Could be FreeBSD - RESTARTCMD="if /usr/sbin/service \$1 $status 1>/dev/null 2>&1; then - /usr/sbin/service \$1 restart; -fi" + RESTARTCMD=" + if /usr/sbin/service \$1 $status >/dev/null 2>&1 + then + /usr/sbin/service \$1 restart + fi" elif [ -x /bin/sv ]; then - RESTARTCMD="/bin/sv status \$1 >/dev/null 2>&1 && /bin/sv try-restart \$1" + RESTARTCMD='/bin/sv status $1 >/dev/null 2>&1 && + /bin/sv try-restart $1' elif [ -x /usr/bin/sv ]; then - RESTARTCMD="/usr/bin/sv status \$1 >/dev/null 2>&1 && /usr/bin/sv try-restart \$1" - elif [ -e /etc/arch-release -a -d /etc/rc.d ]; then + RESTARTCMD='/usr/bin/sv status $1 >/dev/null 2>&1 && + /usr/bin/sv try-restart $1' + elif [ -e /etc/arch-release ] && [ -d /etc/rc.d ]; then RCDIR=/etc/rc.d - RESTARTCMD="if [ -e /var/run/daemons/\$1 ]; then - /etc/rc.d/\$1 restart; -fi" - elif [ -e /etc/slackware-version -a -d /etc/rc.d ]; then - RESTARTCMD="if /etc/rc.d/rc.\$1 status 1>/dev/null 2>&1; then - /etc/rc.d/rc.\$1 restart; -fi" - elif [ -e /etc/rc.d/rc.subr -a -d /etc/rc.d ]; then + RESTARTCMD=' + if [ -e /var/run/daemons/$1 ] + then + /etc/rc.d/$1 restart + fi' + elif [ -e /etc/slackware-version ] && [ -d /etc/rc.d ]; then + RESTARTCMD=' + if /etc/rc.d/rc.$1 status >/dev/null 2>&1 + then + /etc/rc.d/rc.$1 restart + fi' + elif [ -e /etc/rc.d/rc.subr ] && [ -d /etc/rc.d ]; then # OpenBSD - RESTARTCMD="if /etc/rc.d/\$1 check 1>/dev/null 2>&1; then - /etc/rc.d/\$1 restart; -fi" + RESTARTCMD=' + if /etc/rc.d/$1 check >/dev/null 2>&1 + then + /etc/rc.d/$1 restart + fi' else for x in /etc/init.d/rc.d /etc/rc.d /etc/init.d; do [ -d $x ] || continue - RESTARTCMD="if $x/\$1 $status 1>/dev/null 2>&1; then - $x/\$1 restart; -fi" + RESTARTCMD=" + if $x/\$1 $status >/dev/null 2>&1 + then + $x/\$1 restart + fi" break done fi if [ -z "$RESTARTCMD" ]; then - if [ "$NOINIT_WARNED" != true ]; then + if [ "$_NOINIT_WARNED" != true ]; then warn "could not detect a useable init system" _NOINIT_WARNED=true fi @@ -366,9 +393,9 @@ fi" echo_resolv() { - local line= OIFS="$IFS" + OIFS="$IFS" - [ -n "$1" -a -f "$IFACEDIR/$1" ] || return 1 + [ -n "$1" ] && [ -f "$IFACEDIR/$1" ] || return 1 echo "# resolv.conf from $1" # Our variable maker works of the fact each resolv.conf per interface # is separated by blank lines. @@ -388,11 +415,16 @@ list_resolv() { [ -d "$IFACEDIR" ] || return 0 - local report=false list= retval=0 cmd="$1" excl= + cmd="$1" shift + excl=false + list= + report=false + retval=0 case "$IF_EXCLUSIVE" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + excl=true if [ -d "$EXCLUSIVEDIR" ]; then cd "$EXCLUSIVEDIR" for i in *; do @@ -402,19 +434,15 @@ list_resolv() fi done fi - excl=true cd "$IFACEDIR" for i in $inclusive_interfaces; do - if [ -f "$i" -a "$list" = "$i" ]; then + if [ -f "$i" ] && [ "$list" = "$i" ]; then list= excl=false break fi done ;; - *) - excl=false - ;; esac # If we have an interface ordering list, then use that. @@ -431,22 +459,28 @@ list_resolv() done done for i in $dynamic_order; do - if [ -e "$i" -a ! -e "$METRICDIR/"*" $i" ]; then + if [ -e "$i" ] && ! [ -e "$METRICDIR/"*" $i" ]; then list="$list $i" fi for ii in "$i":* "$i".*; do - if [ -f "$ii" -a ! -e "$METRICDIR/"*" $ii" ]; then + if [ -f "$ii" ] && ! [ -e "$METRICDIR/"*" $ii" ] + then list="$list $ii" fi done done + # Interfaces have an implicit metric of 0 if not specified. + for i in *; do + if [ -f "$i" ] && ! [ -e "$METRICDIR/"*" $i" ]; then + list="$list $i" + fi + done if [ -d "$METRICDIR" ]; then cd "$METRICDIR" for i in *; do [ -f "$i" ] && list="$list ${i#* }" done fi - list="$list *" fi cd "$IFACEDIR" @@ -461,23 +495,24 @@ list_resolv() continue fi - if [ "$cmd" = i -o "$cmd" = "-i" ]; then + if [ "$cmd" = i ] || [ "$cmd" = "-i" ]; then printf %s "$i " else echo_resolv "$i" && echo fi - [ $? = 0 -a "$retval" = 1 ] && retval=0 + [ $? = 0 ] && [ "$retval" = 1 ] && retval=0 done - [ "$cmd" = i -o "$cmd" = "-i" ] && echo + [ "$cmd" = i ] || [ "$cmd" = "-i" ] && echo return $retval } -list_remove() { - local list= e= l= result= found= retval=0 - +list_remove() +{ [ -z "$2" ] && return 0 eval list=\"\$$1\" shift + result= + retval=0 set -f for e; do @@ -525,8 +560,6 @@ echo_append() replace() { - local r= k= f= v= val= sub= - while read -r keyword value; do for r in $replace; do k="${r%%/*}" @@ -566,8 +599,6 @@ replace() make_vars() { - local newdomains= d= dn= newns= ns= - # Clear variables DOMAIN= DOMAINS= @@ -575,7 +606,7 @@ make_vars() NAMESERVERS= LOCALNAMESERVERS= - if [ -n "$name_servers" -o -n "$search_domains" ]; then + if [ -n "${name_servers}${search_domains}" ]; then eval "$(echo_prepend | parse_resolv)" fi if [ -z "$VFLAG" ]; then @@ -583,11 +614,12 @@ make_vars() list_resolv -i "$@" >/dev/null || IF_EXCLUSIVE=0 eval "$(list_resolv -l "$@" | replace | parse_resolv)" fi - if [ -n "$name_servers_append" -o -n "$search_domains_append" ]; then + if [ -n "${name_servers_append}${search_domains_append}" ]; then eval "$(echo_append | parse_resolv)" fi # Ensure that we only list each domain once + newdomains= for d in $DOMAINS; do dn="${d%%:*}" list_remove domain_blacklist "$dn" >/dev/null || continue @@ -667,36 +699,37 @@ if [ "$cmd" = D ]; then fi # -l lists our resolv files, optionally for a specific interface -if [ "$cmd" = l -o "$cmd" = i ]; then +if [ "$cmd" = l ] || [ "$cmd" = i ]; then list_resolv "$cmd" "$args" exit $? fi # Restart a service or echo the command to restart a service -if [ "$cmd" = r -o "$cmd" = R ]; then +if [ "$cmd" = r ] || [ "$cmd" = R ]; then detect_init || exit 1 if [ "$cmd" = r ]; then set -- $args - eval $RESTARTCMD + eval "$RESTARTCMD" else - echo "$RESTARTCMD" + echo "$RESTARTCMD" | + sed -e '/^$/d' -e 's/^ //g' fi exit $? fi # Not normally needed, but subscribers should be able to run independently -if [ "$cmd" = v -o -n "$VFLAG" ]; then +if [ "$cmd" = v ] || [ -n "$VFLAG" ]; then make_vars "$iface" exit $? fi # Test that we have valid options -if [ "$cmd" = a -o "$cmd" = d ]; then +if [ "$cmd" = a ] || [ "$cmd" = d ]; then if [ -z "$iface" ]; then usage "Interface not specified" fi elif [ "$cmd" != u ]; then - [ -n "$cmd" -a "$cmd" != h ] && usage "Unknown option $cmd" + [ -n "$cmd" ] && [ "$cmd" != h ] && usage "Unknown option $cmd" usage fi @@ -712,7 +745,7 @@ if [ "$cmd" = a ]; then "$x not allowed at start of interface name";; esac done - [ "$cmd" = a -a -t 0 ] && error_exit "No file given via stdin" + [ "$cmd" = a ] && [ -t 0 ] && error_exit "No file given via stdin" fi if [ ! -d "$VARDIR" ]; then @@ -808,8 +841,8 @@ a) newmetric="$METRICDIR/$IF_METRIC $iface" fi rm -f "$METRICDIR/"*" $iface" - [ "$oldmetric" != "$newmetric" -a \ - "$oldmetric" != "$METRICDIR/* $iface" ] && + [ "$oldmetric" != "$newmetric" ] && + [ "$oldmetric" != "$METRICDIR/* $iface" ] && changed=true [ -n "$newmetric" ] && echo " " >"$newmetric" diff --git a/unbound.in b/unbound.in index 46d45246ff2..34cb401f57c 100644 --- a/unbound.in +++ b/unbound.in @@ -76,7 +76,7 @@ restart_unbound() eval $unbound_restart elif [ -n "$RESTARTCMD" ]; then set -- ${unbound_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${unbound_service} fi -- 2.45.0