From 966e54011e29bf3c6a8a7bccc5afa11be7fc4ddb Mon Sep 17 00:00:00 2001
From: Stephan de Wit <stephan.dewt@yahoo.co.uk>
Date: Tue, 2 Aug 2022 10:33:59 +0200
Subject: [PATCH] unbound: do not start DHCP watcher immediately after
 daemonizing unbound (#5920)

---
 src/etc/inc/plugins.inc.d/unbound.inc | 6 +++---
 src/opnsense/scripts/unbound/start.sh | 8 +++++++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/unbound.inc b/src/etc/inc/plugins.inc.d/unbound.inc
index 7ce748f22..9ee373ff6 100644
--- a/src/etc/inc/plugins.inc.d/unbound.inc
+++ b/src/etc/inc/plugins.inc.d/unbound.inc
@@ -396,6 +396,7 @@ function unbound_cache_flush()
 function unbound_configure_do($verbose = false, $unused = '')
 {
     global $config;
+    $domain = '';
 
     if (empty($config['unbound']['cacheflush'])) {
         if (isvalidpid('/var/run/unbound.pid')) {
@@ -419,16 +420,15 @@ function unbound_configure_do($verbose = false, $unused = '')
         flush();
     }
 
-    mwexec_bg('/usr/local/bin/flock -n -E 0 -o /tmp/unbound_start.lock /usr/local/opnsense/scripts/unbound/start.sh');
-
     if (isset($config['unbound']['regdhcp'])) {
         $domain = $config['system']['domain'];
         if (isset($config['unbound']['regdhcpdomain'])) {
             $domain = $config['unbound']['regdhcpdomain'];
         }
-        mwexecf('/usr/local/opnsense/scripts/dhcp/unbound_watcher.py --domain %s', $domain);
     }
 
+    mwexecf_bg('/usr/local/bin/flock -n -E 0 -o /tmp/unbound_start.lock /usr/local/opnsense/scripts/unbound/start.sh %s', [$domain]);
+
     if ($verbose) {
         echo "done.\n";
     }
diff --git a/src/opnsense/scripts/unbound/start.sh b/src/opnsense/scripts/unbound/start.sh
index 9408e55ec..99d9a2ff6 100755
--- a/src/opnsense/scripts/unbound/start.sh
+++ b/src/opnsense/scripts/unbound/start.sh
@@ -30,6 +30,8 @@ set -e
 
 # prepare and startup unbound, so we can easily background it
 
+DOMAIN=${1}
+
 # if the root.key file is missing or damaged, run unbound-anchor
 if ! /usr/local/sbin/unbound-checkconf /var/unbound/unbound.conf 2> /dev/null; then
 	# unbound-anchor has undefined behaviour if file is corrupted, start clean
@@ -46,7 +48,7 @@ if ! /usr/local/sbin/unbound-checkconf /var/unbound/unbound.conf 2> /dev/null; t
 fi
 
 if [ ! -f /var/unbound/unbound_control.key ]; then
-    chroot -u unbound -g unbound / /usr/local/sbin/unbound-control-setup -d /var/unbound
+	chroot -u unbound -g unbound / /usr/local/sbin/unbound-control-setup -d /var/unbound
 fi
 
 for FILE in $(find /var/unbound/etc -depth 1); do
@@ -61,3 +63,7 @@ chown -R unbound:unbound /var/unbound
 
 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
 /usr/local/opnsense/scripts/unbound/cache.sh load
+
+if [ -n "${DOMAIN}" ]; then
+	/usr/local/opnsense/scripts/dhcp/unbound_watcher.py --domain ${DOMAIN}
+fi