lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

unbound: fix/secure unbound control

Browse Source 
Turns out unbound reload flushes cache as well.  Also, unbound-control
may hang when it runs into an "undefined state" (stoping a stopped
service, right), and lastly it wants to chroot after being chrooted
on reload, something that cannot be fixed with using unbound-control.

Keep unbound-control-setup in case somebody finds the facility useful.
This commit is contained in:
Franco Fichtner 2016-11-21 08:40:19 +01:00
parent d539e535ed
commit 2bb0f2301b
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/etc/inc/plugins.inc.d/unbound.inc
View File

@ -455,22 +455,28 @@ function unbound_execute($cmd)
$local_domain = !empty($config['system']['domain']) ? $config['system']['domain'] : "local";
killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true);
if (isset($config['unbound']['regdhcp'])) {
mwexec('/usr/local/opnsense/scripts/dns/unbound_dhcpd.py /domain "'.$local_domain.'"');
mwexecf('/usr/local/opnsense/scripts/dns/unbound_dhcpd.py /domain %s', $local_domain);
}
mwexec("/usr/local/sbin/unbound -c {$g['unbound_chroot_path']}/unbound.conf");
mwexecf('/usr/local/sbin/unbound -c %s', "{$g['unbound_chroot_path']}/unbound.conf");
break;
case 'stop':
killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true);
mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-control stop", true);
killbypid('/var/run/unbound.pid', 'TERM', true);
break;
case 'reload':
killbypid('/var/run/unbound.pid', 'HUP');
break;
case 'unbound-anchor':
mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-anchor -a {$g['unbound_chroot_path']}/root.key", true);
mwexecf(
'chroot -u unbound -g unbound / %s -a %s',
array('/usr/local/sbin/unbound-anchor', "{$g['unbound_chroot_path']}/root.key")
);
break;
case 'unbound-control-setup':
mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-control-setup -d {$g['unbound_chroot_path']}", true);
mwexecf(
'chroot -u unbound -g unbound / %s -d %s',
array('/usr/local/sbin/unbound-control-setup', $g['unbound_chroot_path'])
);
break;
default:
break;