6 # PROVIDE: local_unbound
7 # REQUIRE: FILESYSTEMS netif resolv
14 desc="local caching forwarding resolver"
15 rcvar="local_unbound_enable"
17 command="/usr/sbin/unbound"
18 extra_commands="anchor configtest reload setup"
19 start_precmd="local_unbound_prestart"
20 start_postcmd="local_unbound_poststart"
21 reload_precmd="local_unbound_configtest"
22 anchor_cmd="local_unbound_anchor"
23 configtest_cmd="local_unbound_configtest"
24 setup_cmd="local_unbound_setup"
25 pidfile="/var/run/${name}.pid"
29 : ${local_unbound_workdir:=/var/unbound}
30 : ${local_unbound_config:=${local_unbound_workdir}/unbound.conf}
31 : ${local_unbound_flags:="-c ${local_unbound_config}"}
32 : ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf}
33 : ${local_unbound_anchor:=${local_unbound_workdir}/root.key}
34 : ${local_unbound_forwarders:=}
38 echo "$@" | su -m unbound
42 # Retrieve or update the DNSSEC root anchor
44 local_unbound_anchor()
46 do_as_unbound /usr/sbin/unbound-anchor -a ${local_unbound_anchor}
47 # we can't trust the exit code - check if the file exists
48 [ -f ${local_unbound_anchor} ]
52 # Check the unbound configuration file
54 local_unbound_configtest()
56 do_as_unbound /usr/sbin/unbound-checkconf ${local_unbound_config}
60 # Create the unbound configuration file and update resolv.conf to
65 echo "Performing initial setup."
66 /usr/sbin/local-unbound-setup -n \
68 -w ${local_unbound_workdir} \
69 -c ${local_unbound_config} \
70 -f ${local_unbound_forwardconf} \
71 -a ${local_unbound_anchor} \
72 ${local_unbound_forwarders}
76 # Before starting, check that the configuration file and root anchor
77 # exist. If not, attempt to generate them.
79 local_unbound_prestart()
81 # Create configuration file
82 if [ ! -f ${local_unbound_config} ] ; then
86 # Retrieve DNSSEC root key
87 if [ ! -f ${local_unbound_anchor} ] ; then
93 # After starting, wait for Unbound to report that it is ready to avoid
94 # race conditions with services which require functioning DNS.
96 local_unbound_poststart()
100 echo -n "Waiting for nameserver to start..."
101 until "${command}-control" status | grep -q "is running" ; do
102 if [ $((retry -= 1)) -eq 0 ] ; then