unbound: improve robustness with dhcp scripts

When for example 'package/net/adblock' and DNSSEC vs NTP robustness
is enabled, significant restart thrashing can occur at boot up. DHCP
lease triggers may be occuring at the same time. Unbounds DNS-DHCP
may be incomplete until new DHCP solicit events. Solve this by
leaving a passive but complete host conf file during lease trigger.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index fabf26a16dbe87bbd080eef7d61190bd337b297b..498700a3da84ce3542b9766437915ce3c76bd1a4 100644 (file)
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.6.0
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE

diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk
index 8c8d9661032cf23ac346d9418e5388264ecb1b1b..34e6710d88b3e9b9975805a211adf74aed21c6f7 100644 (file)
--- a/net/unbound/files/odhcpd.awk
+++ b/net/unbound/files/odhcpd.awk
@@ -22,6 +22,7 @@
 #   "domain" = text domain suffix
 #   "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC
 #   "bisolt" = boolean, format <host>.<network>.<domain>. so you can isolate
+#   "bconf"  = boolean, write conf file format rather than pipe records
 #
 ##############################################################################
 
@@ -59,15 +60,23 @@
       # only for provided hostnames and full /32 assignments
       ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
       slaac = slaac_eui64( id ) ;
-      for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
 
-      # DHCP A and PTR records with FQDN
-      x = ( fqdn ". 120 IN A " adr ) ;
-      y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ;
-      print ( x "\n" y ) > hostfile ;
 
+      if ( bconf == 1 ) {
+        x = ( "local-data: \"" fqdn ". 120 IN A " adr "\"" ) ;
+        y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
+
+      else {
+        for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
+        x = ( fqdn ". 120 IN A " adr ) ;
+        y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
 
-      if ((bslaac == 1) && (slaac != 0)) {
+
+      if (( bslaac == 1 ) && ( slaac != 0 )) {
         # UCI option to discover IPV6 routed SLAAC addresses
         # NOT TODO - ping probe take too long when added in awk-rule loop
         cmd = ( "ip -6 --oneline route show dev " net ) ;
@@ -79,11 +88,25 @@
             # GA or ULA routed addresses only (not LL or MC)
             sub( /\/.*/, "", adr ) ;
             adr = ( adr slaac ) ;
-            if ( split( adr, tmp0, ":" ) >= 8 ) { sub( "::", ":", adr ) ; }
-            qpr = ipv6_ptr( adr ) ;
-            x = ( fqdn ". 120 IN AAAA " adr ) ;
-            y = ( qpr " 120 IN PTR " fqdn ) ;
-            print ( x "\n" y ) > hostfile ;
+            
+            
+            if ( split( adr, tmp0, ":" ) >= 8 ) { 
+              sub( "::", ":", adr ) ; 
+            }
+
+
+            if ( bconf == 1 ) {
+              x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
+              y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+              print ( x "\n" y ) > hostfile ;
+            }
+
+            else {
+              qpr = ipv6_ptr( adr ) ;
+              x = ( fqdn ". 120 IN AAAA " adr ) ;
+              y = ( qpr ". 120 IN PTR " fqdn ) ;
+              print ( x "\n" y ) > hostfile ;
+            }
           }
         }
 
@@ -95,11 +118,19 @@
 
   else {
     if (( cdr == 128 ) && ( hst != "-" )) {
-      # only for provided hostnames and full /128 assignments
-      qpr = ipv6_ptr( adr ) ;
-      x = ( fqdn ". 120 IN AAAA " adr ) ;
-      y = ( qpr " 120 IN PTR " fqdn ) ;
-      print ( x "\n" y ) > hostfile ;
+      if ( bconf == 1 ) {
+        x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
+        y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
+
+      else {
+        # only for provided hostnames and full /128 assignments
+        qpr = ipv6_ptr( adr ) ;
+        x = ( fqdn ". 120 IN AAAA " adr ) ;
+        y = ( qpr ". 120 IN PTR " fqdn ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
     }
   }
 }
@@ -133,7 +164,7 @@ function ipv6_ptr( ipv6,    arpa, ary, end, i, j, new6, sz, start ) {
 
 ##############################################################################
 
-function slaac_eui64( mac,    ary, glbit, eui64 ) {  
+function slaac_eui64( mac,    ary, glbit, eui64 ) {
   if ( length(mac) >= 12 ) {
     # RFC2373 and use DHCPv4 registered MAC to find SLAAC addresses
     split( mac , ary , "" ) ;
@@ -144,12 +175,12 @@ function slaac_eui64( mac,    ary, glbit, eui64 ) {
     eui64 = ( ary[1] ary[2] ary[3] ary[4] ":" ary[5] ary[6] "ff:fe" ) ;
     eui64 = ( eui64 ary[7] ary[8] ":" ary[9] ary[10]  ary[11] ary[12] ) ;
   }
-  
+
   else {
     eui64 = 0 ;
   }
-  
-  
+
+
   return eui64 ;
 }
 

diff --git a/net/unbound/files/odhcpd.sh b/net/unbound/files/odhcpd.sh
index 68c822af9a656b0f669686fe1af86acddef79a90..2fc64ab4055950985a06f6ab890a8e85bb7e2bb3 100644 (file)
--- a/net/unbound/files/odhcpd.sh
+++ b/net/unbound/files/odhcpd.sh
@@ -45,42 +45,48 @@ odhcpd_zonedata() {
   local dhcp_ls_add=$UNBOUND_VARDIR/dhcp_lease.add
   local dhcp_ls_del=$UNBOUND_VARDIR/dhcp_lease.del
   local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile )
-  
+
   config_load unbound
   config_foreach odhcpd_settings unbound
 
 
   if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" -a -f "$dhcp_origin" ] ; then
-    # Capture the lease file which could be changing often,
-    # and unbound-control only for changes in hosts (or else...)
+    # Capture the lease file which could be changing often
     cat $dhcp_origin | sort > $dhcp_ls_new
     touch $dhcp_ls_old
     sort $dhcp_ls_new $dhcp_ls_old $dhcp_ls_old | uniq -u > $dhcp_ls_add
     sort $dhcp_ls_old $dhcp_ls_new $dhcp_ls_new | uniq -u > $dhcp_ls_del
 
-    # Go through the messy business of coding up A, AAAA, and PTR records.
+    # Go through the messy business of coding up A, AAAA, and PTR records
+    # This static conf will be available if Unbound restarts asynchronously
+    awk -v hostfile=$UNBOUND_DHCP_CONF -v domain=$UNBOUND_TXT_DOMAIN \
+        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=1 \
+        -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
+
+    # Deleting and adding all records into Unbound can be a burden in a
+    # high density environment. Use unbound-control incrementally.
     awk -v hostfile=$dns_ls_del -v domain=$UNBOUND_TXT_DOMAIN \
-        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 \
+        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=0 \
         -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_del
 
     awk -v hostfile=$dns_ls_add -v domain=$UNBOUND_TXT_DOMAIN \
-        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 \
+        -v bslaac=$UNBOUND_B_SLAAC6_MAC -v bisolt=0 -v bconf=0 \
         -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_add
 
 
     if [ -f "$dns_ls_del" ] ; then
       cat $dns_ls_del | $UNBOUND_CONTROL_CFG local_datas_remove
     fi
-    
+
 
     if [ -f "$dns_ls_add" ] ; then
       cat $dns_ls_add | $UNBOUND_CONTROL_CFG local_datas
     fi
-    
-    
+
+
     # prepare next round
     mv $dhcp_ls_new $dhcp_ls_old
-    rm -f $dns_ls_del $dns_ls_add
+    rm -f $dns_ls_del $dns_ls_add $dhcp_ls_del $dhcp_ls_add
   fi
 }
 

diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index 92c87d043291130b0ba0bbbf20e9d6f706392cdc..44eeb6fccd07de8df4637e1de6faeb01540685b5 100644 (file)
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -64,6 +64,7 @@ UNBOUND_PIDFILE=/var/run/unbound.pid
 
 UNBOUND_SRV_CONF=$UNBOUND_VARDIR/unbound_srv.conf
 UNBOUND_EXT_CONF=$UNBOUND_VARDIR/unbound_ext.conf
+UNBOUND_DHCP_CONF=$UNBOUND_VARDIR/unbound_dhcp.conf
 UNBOUND_CONFFILE=$UNBOUND_VARDIR/unbound.conf
 
 UNBOUND_KEYFILE=$UNBOUND_VARDIR/root.key
@@ -709,6 +710,16 @@ unbound_hostname() {
       config_load dhcp
       config_foreach create_interface_dns dhcp
     fi
+
+
+    if [ -f "$UNBOUND_DHCP_CONF" ] ; then
+      {
+        # Seed DHCP records because dhcp scripts trigger externally
+        # Incremental Unbound restarts may drop unbound-control add records
+        echo "  include: $UNBOUND_DHCP_CONF"
+        echo
+      } >> $UNBOUND_CONFFILE
+    fi
   fi
 }