summaryrefslogtreecommitdiffstats
path: root/network/unbound/rc.unbound
diff options
context:
space:
mode:
Diffstat (limited to 'network/unbound/rc.unbound')
-rw-r--r--network/unbound/rc.unbound203
1 files changed, 116 insertions, 87 deletions
diff --git a/network/unbound/rc.unbound b/network/unbound/rc.unbound
index 49a6c991e8..3c31faf4ef 100644
--- a/network/unbound/rc.unbound
+++ b/network/unbound/rc.unbound
@@ -1,118 +1,147 @@
-#!/bin/sh
+#!/bin/bash
#
-# unbound This shell script takes care of starting and stopping
-# unbound (DNS server).
-#
-# chkconfig: - 14 86
-# description: unbound is a Domain Name Server (DNS) \
-# that is used to resolve host names to IP addresses.
-
-### BEGIN INIT INFO
-# Provides: unbound
-# Required-Start: $network $local_fs
-# Required-Stop: $network $local_fs
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Should-Start: $syslog
-# Should-Stop: $syslog
-# Short-Description: unbound recursive Domain Name Server.
-# Description: unbound is a Domain Name Server (DNS)
-# that is used to resolve host names to IP addresses.
-### END INIT INFO
+# Slackware initialization script for Unbound.
-# Source function library.
-. /etc/rc.d/init.d/functions
-exec="/usr/sbin/unbound"
-config="/etc/unbound/unbound.conf"
-pidfile="/var/run/unbound/unbound.pid"
-piddir=`dirname $pidfile`
+UNBOUND=/usr/sbin/unbound
+CONFIG=/etc/unbound/unbound.conf
+PIDFILE=/run/unbound/unbound.pid
+LOGDIR=/var/log/unbound
+KEYFILE=/var/lib/unbound/root.key
-[ -x /usr/sbin/dnssec-configure ] && [ -r "$config" ] &&
- [ /etc/sysconfig/dnssec -nt "$config" ] && \
- /usr/sbin/dnssec-configure -u --norestart --dnssec="$DNSSEC" --dlv="$DLV"
+# Unbound-control is useful but I'm not going to cram it
+# down your throat. Set this to "yes" to disable unbound-control
+# initial setup. Note that you'll need to disable control port
+# in unbound.conf so Unbound will actually start.
+DISABLE_UNBOUND_CONTROL="no"
-start() {
- [ -x $exec ] || exit 5
- [ -f $config ] || exit 6
- # /var/run could (and should) be tmpfs
- [ -d $piddir ] || mkdir $piddir
+# As part of the initial checks, the script makes sure that
+# $LOGDIR exists. It's mostly for cases where admin accidentally
+# deletes the entire log folder rather than individual logs.
+# If you don't use logging at all, have a custom setup or
+# just want to skip these checks, set this to "yes".
+DISABLE_LOGDIR_CHECKS="no"
- if [ -f /var/lib/unbound/root.anchor -a -f /usr/sbin/unbound-anchor ]
- then
- /sbin/runuser --command="/usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem" --shell /bin/sh unbound
+initchecks() {
+ # If auto-trust-anchor-file is enabled and the keyfile doesn't exists in
+ # /var/lib/unbound, we won't start the daemon. Most(?) errors can be caught
+ # by /usr/sbin/unbound executable but this one actually allows Unbound to start -
+ # - only for it to crash a moment later. Running unbound-checkconf on every start up
+ # would be useful, but it would make noise every time the daemon starts up.
+ if [ ! -z "$(unbound-checkconf -o auto-trust-anchor-file)" ] && [ ! -e "$KEYFILE" ]; then
+ echo "ERROR: $KEYFILE not found, yet auto-trust-anchor-file is enabled in $CONFIG"
+ echo "ERROR: Refusing to start because Unbound would crash."
+ echo "ERROR: Please generate Unbound Anchor file with the following command:"
+ echo " # sh /etc/rc.d/rc.unbound generate-key"
+ echo
+ echo "...or comment out auto-trust-anchor-file in $CONFIG."
+ exit 1
+ fi
+ # Look out for a stale pidfile. If there's one, remove it.
+ # This shouldn't be necessary unless the system was shutdown uncleanly
+ # or if Unbound crashes.
+ if [ -e $PIDFILE ] && [ ! $(pidof unbound) ]; then
+ echo "Looks like Unbound isn't running but there's a stale pid file."
+ echo "Removing $PIDFILE"
+ rm -vf $PIDFILE
+ fi
+ # Check that /run/unbound exists. If not, create and chown it.
+ if [ ! -e $(dirname $PIDFILE) ]; then
+ mkdir -p $(dirname $PIDFILE)
+ chown unbound:unbound $(dirname $PIDFILE)
fi
-
- if [ ! -f /etc/unbound/unbound_control.key ]
+ # Run the initial setup for unbound-control unless it's disabled.
+ # Mostly relevant for the first time run.
+ if [ ! -e $(dirname $CONFIG)/unbound_server.pem ] && [ "$DISABLE_UNBOUND_CONTROL" == "no" ]; then
+ echo "Unbound-control: unbound_server.pem not found."
+ echo "This is normal for the first run."
+ echo "Running initial setup to generate certificates: /usr/sbin/unbound-control-setup"
+ /usr/sbin/unbound-control-setup || exit 1
+ echo "Actually... no need to do anything. It's enabled by default on Slackware :-)"
+ fi
+ # Deleted the entire log directory by accident? Oh well, bound to happen.
+ # Let's fix that right away.
+ if [ "$DISABLE_LOGDIR_CHECKS" == "no" ]
then
- echo -n $"Generating unbound control key and certificate: "
- /usr/sbin/unbound-control-setup -d /etc/unbound/ > /dev/null 2> /dev/null
- chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem
- [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*
- echo
- else
- # old init script created these as root instead of unbound.
- if [ -G /etc/unbound/unbound_control.key ]
- then
- chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem
- [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*
- echo
+ if [ ! -d "$LOGDIR" ]; then
+ echo -n "Unbound log directory not found. Attempting to recreate it... "
+ mkdir $LOGDIR && echo "Success!"
+ fi
+ if [ $(stat -c "%U:%G" "$LOGDIR") != "unbound:unbound" ]; then
+ echo -n "Fixing permissions on the log folder $LOGDIR... "
+ chown -R unbound:unbound $LOGDIR && echo "Success!"
fi
fi
+}
+anchorkeygen() {
+ echo "Generating Unbound Anchor keyfile..."
+ sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key
+ echo "Done"
+}
- unbound-checkconf $config > /dev/null
- RETVAL=$?
- if [ $RETVAL != 0 ]
- then
- echo "Error in /etc/unbound/unbound.conf, aborted"
- exit 6
- fi
-
- echo -n $"Starting unbound: "
+checkconfig() {
+ echo "Checking Unbound configuration file: $CONFIG"
+ echo "This will run the command: /usr/sbin/unbound-checkconf"
+ echo "-----START unbound-checkconf output-----"
+ /usr/sbin/unbound-checkconf
+ echo "-----END unbound-checkconf output-----"
- # if not running, start it up here
- daemon --pidfile=$pidfile $exec -c $config
- echo
}
-stop() {
- echo -n $"Stopping unbound: "
- # stop it here, often "killproc unbound"
- killproc -p $pidfile unbound
- echo
+start() {
+ initchecks
+ if [ -r $PIDFILE ]; then
+ echo 'Unbound is already running!'
+ return
+ else
+ echo "Starting Unbound..."
+ $UNBOUND -c $CONFIG || echo "Failed to start! The error messages above might help."
+ fi
}
-restart() {
- unbound-checkconf $config > /dev/null
- RETVAL=$?
- if [ $RETVAL != 0 ]
- then
- echo "Error in /etc/unbound/unbound.conf, aborted"
- exit 6
+stop() {
+ if [ ! -r $PIDFILE ]; then
+ echo 'Unbound is not running.'
+ return
fi
- stop
- start
+ echo "Stopping Unbound..."
+ kill `cat $PIDFILE`
+ rm -f $PIDFILE
}
reload() {
- restart
+ if [ ! -r $PIDFILE ]; then
+ echo 'Unbound is not running.'
+ return
+ fi
+ echo "Sending SIGHUP to Unbound..."
+ kill -HUP `cat $PIDFILE`
}
case "$1" in
- start)
+ 'start')
start
;;
- stop)
+ 'stop')
stop
;;
- restart)
- restart
+ 'restart')
+ stop
+ sleep 1
+ start
+ ;;
+ 'generate-key')
+ anchorkeygen
+ ;;
+ 'check-config')
+ checkconfig
+ ;;
+ 'reload')
+ reload
;;
*)
- echo $"Usage: $0 {start|stop|restart}"
- exit 2
+ echo "Usage: $0 {start|stop|reload|restart|generate-key|check-config}"
+ exit 1
+ ;;
esac
-exit $?