Boolean. Skip all this UCI nonsense. Manually edit the
configuration. Make changes to /etc/unbound/unbound.conf.
+ option prefetch_root '0'
+ Boolean. Enable Unbound authority zone clauses for "." (root), "arpa,"
+ "in-addr.arpa," and "ip6.arpa" and obtain complete zone files from public
+ servers using http or AXFR (gTLD are unfortunately not as public).
+
option protocol 'mixed'
Unbound can limit its protocol used for recursive queries.
ip4_only - limit issues if you do not have native IPv6
UNBOUND_B_NTP_BOOT=1
UNBOUND_B_QUERY_MIN=0
UNBOUND_B_QRY_MINST=0
+UNBOUND_B_AUTH_ROOT=0
UNBOUND_D_CONTROL=0
UNBOUND_D_DOMAIN_TYPE=static
##############################################################################
+unbound_auth_root() {
+ local axfrservers="lax.xfr.dns.icann.org iad.xfr.dns.icann.org"
+ local httpserver="http://www.internic.net/domain/"
+ local authzones="root arpa in-addr.arpa ip6.arpa"
+ local server zone realzone
+ # Download or AXFR the root and arpa zones to reduce the work needed at
+ # top level of recursion. If your users will hit many ccTLD or you have
+ # tracking logs resolving many PTR, then this can speed things up.
+ # Total size of text in TMPFS could be about 5MB.
+
+
+ if [ "$UNBOUND_B_AUTH_ROOT" -gt 0 ] ; then
+ for zone in $authzones ; do
+ if [ "$zone" = "root" ] ; then
+ realzone="."
+ else
+ realzone=$zone
+ fi
+
+
+ {
+ echo "auth-zone:"
+ echo " name: \"$realzone\""
+ for server in $axfrservers ; do
+ echo " master: \"$server\""
+ done
+ echo " url: \"$httpserver$zone.zone\""
+ echo " fallback-enabled: yes"
+ echo " for-downstream: no"
+ echo " for-upstream: yes"
+ echo " zonefile: \"$zone.zone\""
+ echo
+ } >> $UNBOUND_CONFFILE
+ done
+ fi
+}
+
+##############################################################################
+
unbound_conf() {
local rt_mem rt_conn modulestring domain ifsubnet
config_get_bool UNBOUND_B_MAN_CONF "$cfg" manual_conf 0
config_get_bool UNBOUND_B_QUERY_MIN "$cfg" query_minimize 0
config_get_bool UNBOUND_B_QRY_MINST "$cfg" query_min_strict 0
+ config_get_bool UNBOUND_B_AUTH_ROOT "$cfg" prefetch_root 0
config_get_bool UNBOUND_B_LOCL_BLCK "$cfg" rebind_localhost 0
config_get_bool UNBOUND_B_DNSSEC "$cfg" validator 0
config_get_bool UNBOUND_B_NTP_BOOT "$cfg" validator_ntp 1
##############################################################################
-_resolv_setup() {
+unbound_resolv_setup() {
if [ "$UNBOUND_N_RX_PORT" != "53" ] ; then
return
fi
##############################################################################
-_resolv_teardown() {
+unbound_resolv_teardown() {
case $( cat /tmp/resolv.conf ) in
*"generated by Unbound UCI"*)
# our resolver file, reset to auto resolver file.
unbound_start() {
config_load unbound
config_foreach unbound_uci unbound
-
-
unbound_mkdir
unbound_forward
+ unbound_auth_root
unbound_control
fi
- _resolv_setup
+ unbound_resolv_setup
}
##############################################################################
unbound_stop() {
- _resolv_teardown
-
-
+ unbound_resolv_teardown
rootzone_update
}
projects / feed / packages.git / commitdiff