From daa453827f1221a2eef4c3abcdd516f4ac9eecde Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Fri, 18 Nov 2016 18:02:09 +0100 Subject: [PATCH] unbound: straighten out regdhcpstatic The amount of work required in the past two years for this original pfSense 2.2 item has been immense. Still deleteing unused functionality like the cache, "reload" not being implemented, DHCPv6 static registration missing in action. While there, dedup the dnsmasq static DHCP registration. PR: https://github.com/opnsense/core/issues/1250 PR: https://github.com/opnsense/core/issues/624 --- src/etc/inc/services.inc | 22 ------ src/etc/inc/system.inc | 38 ++++++----- src/etc/inc/unbound.inc | 140 ++++++++++++++++++++++++--------------- 3 files changed, 111 insertions(+), 89 deletions(-) diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 9ec90bfb0..473e30ed6 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -1853,28 +1853,6 @@ function services_dnsmasq_configure($verbose = false) } } -function services_unbound_configure($verbose = false) -{ - global $config; - - killbypid('/var/run/unbound.pid', 'TERM', true); - - if (!isset($config['unbound']['enable'])) { - return; - } - - if ($verbose) { - echo 'Starting DNS Resolver...'; - flush(); - } - - unbound_sync_service(); - - if ($verbose) { - echo "done.\n"; - } -} - function services_snmpd_configure($verbose = false) { global $config, $g; diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index f3c28f7bc..f4093afde 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -413,13 +413,18 @@ function system_hosts_generate() foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { if (isset($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) { foreach ($dhcpifconf['staticmap'] as $host) { - if ($host['ipaddr'] && $host['hostname'] && $host['domain']) { - $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n"; - } elseif ($host['ipaddr'] && $host['hostname'] && $dhcpifconf['domain']) { - $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n"; - } elseif ($host['ipaddr'] && $host['hostname']) { - $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n"; + if (!$host['ipaddr'] || !$host['hostname']) { + continue; } + + $domain = $syscfg['domain']; + if ($host['domain']) { + $domain = $host['domain']; + } elseif ($dhcpifconf['domain']) { + $domain = $dhcpifconf['domain']; + } + + $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$domain} {$host['hostname']}\n"; } } } @@ -428,13 +433,18 @@ function system_hosts_generate() foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf) { if (isset($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) { foreach ($dhcpifconf['staticmap'] as $host) { - if ($host['ipaddrv6'] && $host['hostname'] && $host['domain']) { - $dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n"; - } elseif ($host['ipaddrv6'] && $host['hostname'] && $dhcpifconf['domain']) { - $dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n"; - } elseif ($host['ipaddrv6'] && $host['hostname']) { - $dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n"; + if (!$host['ipaddrv6'] || !$host['hostname']) { + continue; } + + $domain = $config['system']['domain']; + if ($host['domain']) { + $domain = $host['domain']; + } elseif ($dhcpifconf['domain']) { + $domain = $dhcpifconf['domain']; + } + + $dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$domain} {$host['hostname']}\n"; } } } @@ -461,9 +471,7 @@ function system_hosts_generate() fwrite($fd, $hosts); fclose($fd); - if (isset($config['unbound']['enable'])) { - unbound_hosts_generate(); - } + unbound_hosts_generate(); return 0; } diff --git a/src/etc/inc/unbound.inc b/src/etc/inc/unbound.inc index e3fde117b..e784b64d9 100644 --- a/src/etc/inc/unbound.inc +++ b/src/etc/inc/unbound.inc @@ -28,8 +28,8 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* Optimize Unbound for environment */ -function unbound_optimization() { +function unbound_optimization() +{ global $config; $optimization_settings = array(); @@ -389,18 +389,29 @@ EOF; } } -function unbound_sync_service() +function services_unbound_configure($verbose = false) { - // Configure chroot - unbound_bootstrap_root(); + global $config; - // Configure our Unbound service - unbound_execute("unbound-anchor"); + killbypid('/var/run/unbound.pid', 'TERM', true); + + if (!isset($config['unbound']['enable'])) { + return; + } + + if ($verbose) { + echo 'Starting DNS Resolver...'; + flush(); + } + + unbound_bootstrap_root(); + unbound_execute('unbound-anchor'); unbound_remote_control_setup(); unbound_generate_config(); - unbound_execute("start"); - if (is_process_running('unbound')) { - unbound_execute("restore_cache"); + unbound_execute('start'); + + if ($verbose) { + echo "done.\n"; } } @@ -516,14 +527,16 @@ function unbound_add_host_entries() } } - // Static Host entries + /* Static Host entries */ + if (isset($config['unbound']['hosts'])) { - $host_entries = ""; $added_item = array(); + foreach($config['unbound']['hosts'] as $host) { if ($host['host'] != "") { $host['host'] = $host['host']."."; } + /* Backwards compatibility for records created before introducing RR types. */ if (!isset($host['rr'])) { $host['rr'] = (is_ipaddrv6($host['ip'])) ? 'AAAA' : 'A'; @@ -532,47 +545,80 @@ function unbound_add_host_entries() switch ($host['rr']) { case 'A': case 'AAAA': - $host_entries .= "local-data-ptr: \"{$host['ip']} {$host['host']}{$host['domain']}\"\n"; - $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN {$host['rr']} {$host['ip']}\"\n"; + $unbound_entries .= "local-data-ptr: \"{$host['ip']} {$host['host']}{$host['domain']}\"\n"; + $unbound_entries .= "local-data: \"{$host['host']}{$host['domain']} IN {$host['rr']} {$host['ip']}\"\n"; break; case 'MX': - $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN MX {$host['mxprio']} {$host['mx']}\"\n"; + $unbound_entries .= "local-data: \"{$host['host']}{$host['domain']} IN MX {$host['mxprio']} {$host['mx']}\"\n"; break; } if (!empty($host['descr']) && isset($config['unbound']['txtsupport'])) { - $host_entries .= "local-data: '{$host['host']}{$host['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; + $unbound_entries .= "local-data: '{$host['host']}{$host['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; } } - $unbound_entries .= $host_entries; } - // Static DHCP entries - $host_entries = ""; + /* Static DHCP entries */ + if (isset($config['unbound']['regdhcpstatic']) && is_array($config['dhcpd'])) { - foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) - if (is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) - foreach ($dhcpifconf['staticmap'] as $host) - if ($host['ipaddr'] && $host['hostname']) { - $host_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['hostname']}.{$config['system']['domain']}\"\n"; - $host_entries .= "local-data: \"{$host['hostname']}.{$config['system']['domain']} IN A {$host['ipaddr']}\"\n"; - if (!empty($host['descr']) && $unboundcfg['txtsupport'] == 'on') { - $host_entries .= "local-data: '{$host['hostname']}.{$config['system']['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; - } + foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { + if (isset($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) { + foreach ($dhcpifconf['staticmap'] as $host) { + if (!$host['ipaddr'] || !$host['hostname']) { + continue; } - $unbound_entries .= $host_entries; + + $domain = $config['system']['domain']; + if ($host['domain']) { + $domain = $host['domain']; + } elseif ($dhcpifconf['domain']) { + $domain = $dhcpifconf['domain']; + } + + $unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['hostname']}.{$domain}\"\n"; + $unbound_entries .= "local-data: \"{$host['hostname']}.{$domain} IN A {$host['ipaddr']}\"\n"; + if (!empty($host['descr']) && $unboundcfg['txtsupport'] == 'on') { + $unbound_entries .= "local-data: '{$host['hostname']}.{$domain} TXT \"".addslashes($host['descr'])."\"'\n"; + } + } + } + } + } + + if (isset($config['unbound']['regdhcpstatic']) && is_array($config['dhcpdv6'])) { + foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf) { + if (isset($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) { + foreach ($dhcpifconf['staticmap'] as $host) { + if (!$host['ipaddrv6'] || !$host['hostname']) { + continue; + } + + $domain = $config['system']['domain']; + if ($host['domain']) { + $domain = $host['domain']; + } elseif ($dhcpifconf['domain']) { + $domain = $dhcpifconf['domain']; + } + + $unbound_entries .= "local-data-ptr: \"{$host['ipaddrv6']} {$host['hostname']}.{$domain}\"\n"; + $unbound_entries .= "local-data: \"{$host['hostname']}.{$domain} IN AAAA {$host['ipaddrv6']}\"\n"; + if (!empty($host['descr']) && $unboundcfg['txtsupport'] == 'on') { + $unbound_entries .= "local-data: '{$host['hostname']}.{$domain} TXT \"".addslashes($host['descr'])."\"'\n"; + } + } + } + } } - // Write out entries unbound_bootstrap_root(); file_put_contents("{$g['unbound_chroot_path']}/host_entries.conf", $unbound_entries); } -function unbound_control($action) { +function unbound_control($action) +{ global $config, $g; - $cache_dumpfile = "/tmp/unbound_cache"; - switch ($action) { case "start": // Start Unbound @@ -592,20 +638,6 @@ function unbound_control($action) { unbound_execute("reload"); } break; - case "dump_cache": - // Dump Unbound's Cache - if ($config['unbound']['dumpcache'] == "on") { - unbound_execute("dump_cache"); - } - break; - case "restore_cache": - // Restore Unbound's Cache - if ((is_process_running("unbound")) && ($config['unbound']['dumpcache'] == "on")) { - if (file_exists($cache_dumpfile) && filesize($cache_dumpfile) > 0) { - unbound_execute("load_cache < /tmp/unbound_cache"); - } - } - break; default: break; } @@ -691,11 +723,15 @@ function unbound_acls_config() { file_put_contents("{$g['unbound_chroot_path']}/access_lists.conf", $aclcfg); } -// Generate hosts and reload services -function unbound_hosts_generate() { - // Generate our hosts file - unbound_add_host_entries(); +function unbound_hosts_generate() +{ + global $config; - // Reload our service to read the updates + if (!isset($config['unbound']['enable'])) { + return; + } + + unbound_add_host_entries(); + /* XXX this doesn't exist! */ unbound_control("reload"); }