From f73ed87a1297f247dfa45d11db91b4425135500f Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Wed, 24 Jun 2020 00:48:21 -0400 Subject: [PATCH] unbound: add dns assistants on local host Signed-off-by: Eric Luehrsen --- net/unbound/files/README.md | 5 +++ net/unbound/files/defaults.sh | 1 + net/unbound/files/unbound.sh | 69 ++++++++++++++++++++++++++++++++--- 3 files changed, 70 insertions(+), 5 deletions(-) diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md index ec06de5a06..a7d0b3f6e9 100644 --- a/net/unbound/files/README.md +++ b/net/unbound/files/README.md @@ -217,6 +217,11 @@ config unbound Level. Same as previous option only this applies to the WAN. WAN are inferred by a UCI `config dhcp` entry that contains the 'option ignore 1'. + option dns_assist 'none' + Program Name. Use DNS helpers found on local host and match to their UCI. + Only program 'ipset-dns' is supported so far. NSD and Bind might be useful + but they don't have UCI to parse. + option dns64 '0' Boolean. Enable DNS64 through Unbound in order to bridge networks that are IPV6 only and IPV4 only (see RFC6052). diff --git a/net/unbound/files/defaults.sh b/net/unbound/files/defaults.sh index c26511941d..ffbd003364 100644 --- a/net/unbound/files/defaults.sh +++ b/net/unbound/files/defaults.sh @@ -26,6 +26,7 @@ UB_HOST_CONF=$UB_VARDIR/host.conf.tmp UB_DHCP_CONF=$UB_VARDIR/dhcp.conf UB_ZONE_CONF=$UB_VARDIR/zone.conf.tmp UB_CTRL_CONF=$UB_VARDIR/ctrl.conf.tmp +UB_ASSIST_CONF=$UB_VARDIR/assist.conf.tmp UB_SRVMASQ_CONF=$UB_VARDIR/dnsmasq_srv.conf.tmp UB_EXTMASQ_CONF=$UB_VARDIR/dnsmasq_ext.conf.tmp UB_SRV_CONF=$UB_VARDIR/unbound_srv.conf diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index a57d81d4ea..ba900585fc 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -41,6 +41,7 @@ UB_B_IF_AUTO=1 UB_D_CONTROL=0 UB_D_DOMAIN_TYPE=static UB_D_DHCP_LINK=none +UB_D_DNS_ASSIST=none UB_D_EXTRA_DNS=0 UB_D_LAN_FQDN=0 UB_D_PRIV_BLCK=1 @@ -375,6 +376,37 @@ unbound_control() { ############################################################################## +unbound_assistant() { + local port=53000 + + case "$UB_D_DNS_ASSIST" in + ipset-dns) + port=$( uci_get ipset-dns.@ipset-dns[0].port ) + + if [ ! -f "$UB_ASSIST_CONF" ] \ + && [ $port -gt 0 ] && [ $port -lt 65535 ] ; then + { + echo "# $UB_ASSIST_CONF generated by UCI $( date -Is )" + echo "forward-zone:" + echo " name: ." + echo " forward-addr: 127.0.0.1@$port" + echo " forward-first: no" + } > $UB_ASSIST_CONF + fi + ;; + + nsd) + echo "# Sorry, NSD does not have UCI to read and link." >> $UB_ASSIST_CONF + ;; + + bind) + echo "# Sorry, Bind does not have UCI to read and link." >> $UB_ASSIST_CONF + ;; + esac +} + +############################################################################## + unbound_zone() { local cfg=$1 local servers_ip="" @@ -629,6 +661,18 @@ unbound_conf() { fi + if [ "$UB_B_IF_AUTO" -gt 0 ] ; then + echo " interface-automatic: yes" >> $UB_CORE_CONF + fi + + + case "$UB_D_DNS_ASSIST" in + bind|ipset-dns|nsd) + echo " do-not-query-localhost: no" >> $UB_CORE_CONF + ;; + esac + + case "$UB_D_PROTOCOL" in ip4_only) { @@ -721,11 +765,6 @@ unbound_conf() { esac - if [ "$UB_B_IF_AUTO" -gt 0 ] ; then - echo " interface-automatic: yes" >> $UB_CORE_CONF - fi - - case "$UB_D_RESOURCE" in # Tiny - Unbound's recommended cheap hardware config tiny) rt_mem=1 ; rt_conn=2 ; rt_buff=1 ;; @@ -1226,6 +1265,7 @@ unbound_uci() { config_get UB_D_CONTROL "$cfg" unbound_control 0 config_get UB_D_DOMAIN_TYPE "$cfg" domain_type static config_get UB_D_DHCP_LINK "$cfg" dhcp_link none + config_get UB_D_DNS_ASSIST "$cfg" dns_assist none config_get UB_D_EXTRA_DNS "$cfg" add_extra_dns 0 config_get UB_D_LAN_FQDN "$cfg" add_local_fqdn 0 config_get UB_D_PRIV_BLCK "$cfg" rebind_protection 1 @@ -1256,6 +1296,16 @@ unbound_uci() { fi + if [ "$UB_D_DNS_ASSIST" = "none" ] ; then + UB_D_DNS_ASSIST=none + + elif [ ! -x /usr/sbin/bind ] || [ ! -x /etc/init.d/bind ] \ + || [ ! -x /usr/sbin/nsd ] || [ ! -x /etc/init.d/nsd ] \ + || [ ! -x /usr/sbin/ipset-dns ] || [ ! -x /etc/init.d/ipset-dns ] ; then + UB_D_DNS_ASSIST=none + fi + + if [ "$UB_D_DHCP_LINK" = "dnsmasq" ] ; then if [ ! -x /usr/sbin/dnsmasq ] || [ ! -x /etc/init.d/dnsmasq ] ; then UB_D_DHCP_LINK=none @@ -1391,6 +1441,13 @@ unbound_include() { fi + if [ -f "$UB_ASSIST_CONF" ] ; then + # UCI found link to DNS helpers + cat $UB_ASSIST_CONF >> $UB_TOTAL_CONF + rm $UB_ASSIST_CONF + fi + + if [ -f "$UB_EXT_CONF" ] ; then { # Pull your own extend feature clauses here @@ -1453,6 +1510,8 @@ unbound_start() { unbound_hostname # control: unbound_control + # assistants + unbound_assistant # dnsmasq dnsmasq_link # merge -- 2.30.2