unbound: fix boot time and default run directory

Unbound struggles with boot ifup, so procd triggers changed to push
outside of this noise. Unbound has run in /var/lib/unbound/, so chroot
(jail) protects /etc/, and it can save flash wear. Compiled defaults
reflect this now, so Unbound tools are easier run on the command line.

Signed-off-by: Eric Luehrsen <[email protected]>

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index c8c8c4ab51cd729a511eb7f12b9eb3b3d8b42d46..b2c6d31f4eecf8401ec59047971bdab257da2108 100644 (file)
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.7.3
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -36,7 +36,7 @@ define Package/unbound
   SECTION:=net
   CATEGORY:=Network
   SUBMENU:=IP Addresses and Names
-  USERID:=unbound=553:unbound=553
+  USERID:=unbound:unbound
   TITLE+= (daemon)
   DEPENDS+= +libunbound
 endef
@@ -117,8 +117,10 @@ CONFIGURE_ARGS += \
        --enable-tfo-server \
        --with-libexpat="$(STAGING_DIR)/usr" \
        --with-ssl="$(STAGING_DIR)/usr" \
-       --with-pidfile=/var/run/unbound.pid \
-       --with-user=unbound
+       --with-user=unbound \
+       --with-run-dir=/var/lib/unbound \
+       --with-conf-file=/var/lib/unbound/unbound.conf \
+       --with-pidfile=/var/run/unbound.pid
 
 define Package/unbound/conffiles
 /etc/config/unbound
@@ -142,7 +144,7 @@ define Package/unbound/install
                $(1)/usr/sbin/
        $(INSTALL_DIR) $(1)/etc/unbound
        $(INSTALL_DATA) \
-               $(PKG_INSTALL_DIR)/etc/unbound/unbound.conf \
+               $(PKG_INSTALL_DIR)/var/lib/unbound/unbound.conf \
                $(1)/etc/unbound/unbound.conf
        $(INSTALL_DATA) ./files/root.key $(1)/etc/unbound/root.key
        $(INSTALL_DATA) ./files/unbound_ext.conf $(1)/etc/unbound/unbound_ext.conf

diff --git a/net/unbound/files/defaults.sh b/net/unbound/files/defaults.sh
index 61c88d2193a08feb50bd5e4a5a8afecdf6e28573..c26511941d33e9b63da0ebefe331b00ed9f257f0 100644 (file)
--- a/net/unbound/files/defaults.sh
+++ b/net/unbound/files/defaults.sh
@@ -41,6 +41,7 @@ UB_TLS_ETC_FILE=/etc/ssl/certs/ca-certificates.crt
 UB_RKEY_FILE=$UB_VARDIR/root.key
 UB_RHINT_FILE=$UB_VARDIR/root.hints
 UB_TIME_FILE=$UB_VARDIR/hotplug.time
+UB_SKIP_FILE=$UB_VARDIR/skip.time
 
 # control app keys
 UB_CTLKEY_FILE=$UB_VARDIR/unbound_control.key
@@ -50,7 +51,7 @@ UB_SRVPEM_FILE=$UB_VARDIR/unbound_server.pem
 
 # similar default SOA / NS RR as Unbound uses for private ARPA zones
 UB_XSER=$(( $( date +%s ) / 60 ))
-UB_XSOA="7200 IN SOA localhost. nobody.invalid. $UB_XSER 3600 1200 9600 600"
+UB_XSOA="7200 IN SOA localhost. nobody.invalid. $UB_XSER 3600 1200 9600 300"
 UB_XNS="7200 IN NS localhost."
 UB_XTXT="7200 IN TXT \"comment=local intranet dns zone\""
 UB_MTXT="7200 IN TXT \"comment=masked internet dns zone\""

diff --git a/net/unbound/files/dnsmasq.sh b/net/unbound/files/dnsmasq.sh
index eac2261d877d41d7e3f67809088b008eaf254c2e..7ab77592dc977ab24d3071731d96c56bd9034890 100644 (file)
--- a/net/unbound/files/dnsmasq.sh
+++ b/net/unbound/files/dnsmasq.sh
@@ -206,6 +206,7 @@ dnsmasq_local_arpa() {
 dnsmasq_inactive() {
   local record
 
+
   if [ "$UB_D_EXTRA_DNS" -gt 0 ] ; then
     # Parasite from the uci.dhcp.domain clauses
     DM_LIST_KNOWN_ZONES="$DM_LIST_KNOWN_ZONES $UB_TXT_DOMAIN"

diff --git a/net/unbound/files/odhcpd.sh b/net/unbound/files/odhcpd.sh
index 60c2aabea3416fd4f99ae48308108022128000ef..721198d70405e8fdcb9be550189e2cffa2cc80b8 100644 (file)
--- a/net/unbound/files/odhcpd.sh
+++ b/net/unbound/files/odhcpd.sh
@@ -43,8 +43,8 @@ odhcpd_zonedata() {
   local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile )
 
 
-  if [ -f "$UB_TIME_FILE" -a "$dhcp_link" = "odhcpd" \
-    -a -f "$dhcp_origin" -a -n "$dhcp_domain" ] ; then
+  if [ -f "$UB_TOTAL_CONF" -a -f "$dhcp_origin" \
+       -a "$dhcp_link" = "odhcpd" -a -n "$dhcp_domain" ] ; then
     # Capture the lease file which could be changing often
     sort $dhcp_origin > $dhcp_ls_new
 

diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init
index f12e6831c063bdb28be97357f78ee9b8ef21be6a..ff827c4f041d91d5ffdf13e803b3fe42e0cad217 100755 (executable)
--- a/net/unbound/files/unbound.init
+++ b/net/unbound/files/unbound.init
@@ -54,22 +54,31 @@ stop_service() {
 ##############################################################################
 
 service_triggers() {
-  local trigger
   local legacy=$( uci_get unbound.@unbound[0].trigger )
   local triggers=$( uci_get unbound.@unbound[0].trigger_interface )
+  local trigger="$triggers $legacy"
 
-  triggers="$triggers $legacy"
-  PROCD_RELOAD_DELAY=2000
-  procd_add_reload_trigger "unbound"
+  . /usr/lib/unbound/defaults.sh
+
+
+  if [ ! -f "$UB_TOTAL_CONF" -o -n "$UB_BOOT" ] ; then
+    # Unbound is can be a bit heavy, so wait some on first start but any
+    # interface coming up affects the trigger and delay so guarantee start
+    procd_add_raw_trigger "interface.*.up" 5000 /etc/init.d/unbound restart
+
+  elif [ -n "$triggers" ] ; then
+    PROCD_RELOAD_DELAY=2000
+    procd_add_reload_trigger "unbound" "dhcp"
 
 
-  if [ -n "$triggers" ] ; then
     for trigger in $triggers ; do
-      # due to some netifd/procd interactions with IP6, limit interfaces
+      # User selected triggers to restart at any other time
       procd_add_reload_interface_trigger "$trigger"
     done
+
   else
-    procd_add_raw_trigger "interface.*.up" 2000 /etc/init.d/unbound reload
+    PROCD_RELOAD_DELAY=2000
+    procd_add_reload_trigger "unbound" "dhcp"
   fi
 }
 

diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index 798b4e35333d6d8d9b4fc617118488d9a86fd2b0..49a01578866ded2a80034fad05967b0429f6ecce 100644 (file)
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -61,6 +61,9 @@ UB_TXT_HOSTNAME=thisrouter
 
 ##############################################################################
 
+# reset as a combo with UB_B_NTP_BOOT and some time stamp files
+UB_B_READY=1
+
 # keep track of assignments during inserted resource records
 UB_LIST_NETW_ALL=""
 UB_LIST_NETW_LAN=""
@@ -219,7 +222,7 @@ unbound_mkdir() {
       # Debian-like package dns-root-data
       cp -p /usr/share/dns/root.hints $UB_RHINT_FILE
 
-    elif [ ! -f "$UB_TIME_FILE" ] ; then
+    elif [ "$UB_B_READY" -eq 0 ] ; then
       logger -t unbound -s "default root hints (built in root-servers.net)"
     fi
   fi
@@ -233,7 +236,7 @@ unbound_mkdir() {
     elif [ -x $UB_ANCHOR ] ; then
       $UB_ANCHOR -a $UB_RKEY_FILE
 
-    elif [ ! -f "$UB_TIME_FILE" ] ; then
+    elif [ "$UB_B_READY" -eq 0 ] ; then
       logger -t unbound -s "default trust anchor (built in root DS record)"
     fi
   fi
@@ -285,9 +288,21 @@ unbound_mkdir() {
   fi
 
 
-  if [ "$UB_B_NTP_BOOT" -eq 0 ] ; then
-    # time is considered okay on this device (skip /etc/hotplug/ntpd/unbound)
+  if [ -f "$UB_TIME_FILE" ] ; then
+    # NTP is done so its like you actually had an RTC
+    UB_B_READY=1
+    UB_B_NTP_BOOT=0
+
+  elif [ "$UB_B_NTP_BOOT" -eq 0 ] ; then
+    # time is considered okay on this device (ignore /etc/hotplug/ntpd/unbound)
     date -Is > $UB_TIME_FILE
+    UB_B_READY=0
+    UB_B_NTP_BOOT=0
+
+  else
+    # DNSSEC-TIME will not reconcile
+    UB_B_READY=0
+    UB_B_NTP_BOOT=1
   fi
 }
 
@@ -407,8 +422,8 @@ unbound_zone() {
 
   case $zone_type in
     auth_zone)
-      if [ -n "$UB_LIST_ZONE_NAMES" ] \
-      && [ -n "$url_dir" -o -n "$UB_LIST_ZONE_SERVERS" ] ; then
+      if [ -n "$UB_LIST_ZONE_NAMES" \
+           -a \( -n "$url_dir" -o -n "$UB_LIST_ZONE_SERVERS" \) ] ; then
         for zone_name in $UB_LIST_ZONE_NAMES ; do
           if [ "$zone_name" = "." ] ; then
             zone_sym=.
@@ -626,7 +641,7 @@ unbound_conf() {
       ;;
 
     *)
-      if [ ! -f "$UB_TIME_FILE" ] ; then
+      if [ "$UB_B_READY" -eq 0 ] ; then
         logger -t unbound -s "default protocol configuration"
       fi
 
@@ -686,7 +701,7 @@ unbound_conf() {
       echo
     } >> $UB_CORE_CONF
 
-  elif [ ! -f "$UB_TIME_FILE" ] ; then
+  elif [ "$UB_B_READY" -eq 0 ] ; then
     logger -t unbound -s "default memory configuration"
   fi
 
@@ -696,7 +711,7 @@ unbound_conf() {
 
 
   if [ "$UB_B_DNSSEC" -gt 0 ] ; then
-    if [ ! -f "$UB_TIME_FILE" -a "$UB_B_NTP_BOOT" -gt 0 ] ; then
+    if [ "$UB_B_NTP_BOOT" -gt 0 ] ; then
       # DNSSEC chicken and egg with getting NTP time
       echo "  val-override-date: -1" >> $UB_CORE_CONF
     fi
@@ -777,7 +792,7 @@ unbound_conf() {
       ;;
 
     *)
-      if [ ! -f "$UB_TIME_FILE" ] ; then
+      if [ "$UB_B_READY" -eq 0 ] ; then
         logger -t unbound -s "default recursion configuration"
       fi
       ;;
@@ -898,8 +913,8 @@ unbound_hostname() {
       echo
     } >> $UB_HOST_CONF
 
-  elif [ -n "$UB_TXT_DOMAIN" ] \
-    && [ "$UB_D_WAN_FQDN" -gt 0 -o "$UB_D_LAN_FQDN" -gt 0 ] ; then
+  elif [ -n "$UB_TXT_DOMAIN" \
+         -a \( "$UB_D_WAN_FQDN" -gt 0 -o "$UB_D_LAN_FQDN" -gt 0 \) ] ; then
     case "$UB_D_DOMAIN_TYPE" in
       deny|inform_deny|refuse|static)
         {
@@ -947,180 +962,178 @@ unbound_hostname() {
     } >> $UB_HOST_CONF
 
 
-    if [ -f "$UB_TIME_FILE" ] ; then
-      if [ -n "$UB_LIST_NETW_WAN" ] ; then
-        for ifsubnet in $UB_LIST_NETW_WAN ; do
-          ifaddr=${ifsubnet#*@}
-          ifaddr=${ifaddr%/*}
-          ifarpa=$( host_ptr_any "$ifaddr" )
-
-
-          if [ -n "$ifarpa" ] ; then
-            if [ "$UB_D_WAN_FQDN" -gt 0 ] ; then
-              {
-                # Create a static zone for WAN host record only (singular)
-                echo "  domain-insecure: $ifarpa"
-                echo "  private-address: $ifaddr"
-                echo "  local-zone: $ifarpa static"
-                echo "  local-data: \"$ifarpa. $UB_XSOA\""
-                echo "  local-data: \"$ifarpa. $UB_XNS\""
-                echo "  local-data: '$ifarpa. $UB_MTXT'"
-                echo
-              } >> $UB_HOST_CONF
-
-            elif [ "$zonetype" -gt 0 ] ; then
-              {
-                echo "  local-zone: $ifarpa transparent"
-                echo
-              } >> $UB_HOST_CONF
-            fi
+    if [ -n "$UB_LIST_NETW_WAN" ] ; then
+      for ifsubnet in $UB_LIST_NETW_WAN ; do
+        ifaddr=${ifsubnet#*@}
+        ifaddr=${ifaddr%/*}
+        ifarpa=$( host_ptr_any "$ifaddr" )
+
+
+        if [ -n "$ifarpa" ] ; then
+          if [ "$UB_D_WAN_FQDN" -gt 0 ] ; then
+            {
+              # Create a static zone for WAN host record only (singular)
+              echo "  domain-insecure: $ifarpa"
+              echo "  private-address: $ifaddr"
+              echo "  local-zone: $ifarpa static"
+              echo "  local-data: \"$ifarpa. $UB_XSOA\""
+              echo "  local-data: \"$ifarpa. $UB_XNS\""
+              echo "  local-data: '$ifarpa. $UB_MTXT'"
+              echo
+            } >> $UB_HOST_CONF
+
+          elif [ "$zonetype" -gt 0 ] ; then
+            {
+              echo "  local-zone: $ifarpa transparent"
+              echo
+            } >> $UB_HOST_CONF
           fi
-        done
-      fi
+        fi
+      done
+    fi
 
 
-      if  [ -n "$UB_LIST_NETW_LAN" ] ; then
-        for ifsubnet in $UB_LIST_NETW_LAN ; do
-          ifarpa=$( domain_ptr_any "${ifsubnet#*@}" )
-
-
-          if [ -n "$ifarpa" ] ; then
-            if [ "$zonetype" -eq 2 ] ; then
-              {
-                # Do NOT forward queries with your ip6.arpa or in-addr.arpa
-                echo "  domain-insecure: $ifarpa"
-                echo "  local-zone: $ifarpa static"
-                echo "  local-data: \"$ifarpa. $UB_XSOA\""
-                echo "  local-data: \"$ifarpa. $UB_XNS\""
-                echo "  local-data: '$ifarpa. $UB_XTXT'"
-                echo
-              } >> $UB_HOST_CONF
-
-            elif [ "$zonetype" -eq 1 -a "$UB_D_PRIV_BLCK" -eq 0 ] ; then
-              {
-                echo "  local-zone: $ifarpa transparent"
-                echo
-              } >> $UB_HOST_CONF
-            fi
+    if  [ -n "$UB_LIST_NETW_LAN" ] ; then
+      for ifsubnet in $UB_LIST_NETW_LAN ; do
+        ifarpa=$( domain_ptr_any "${ifsubnet#*@}" )
+
+
+        if [ -n "$ifarpa" ] ; then
+          if [ "$zonetype" -eq 2 ] ; then
+            {
+              # Do NOT forward queries with your ip6.arpa or in-addr.arpa
+              echo "  domain-insecure: $ifarpa"
+              echo "  local-zone: $ifarpa static"
+              echo "  local-data: \"$ifarpa. $UB_XSOA\""
+              echo "  local-data: \"$ifarpa. $UB_XNS\""
+              echo "  local-data: '$ifarpa. $UB_XTXT'"
+              echo
+            } >> $UB_HOST_CONF
+
+          elif [ "$zonetype" -eq 1 -a "$UB_D_PRIV_BLCK" -eq 0 ] ; then
+            {
+              echo "  local-zone: $ifarpa transparent"
+              echo
+            } >> $UB_HOST_CONF
           fi
-        done
-      fi
+        fi
+      done
+    fi
 
 
-      ulaprefix=$( uci_get network.@globals[0].ula_prefix )
-      ulaprefix=${ulaprefix%%:/*}
-      hostfqdn="$UB_TXT_HOSTNAME.$UB_TXT_DOMAIN"
+    ulaprefix=$( uci_get network.@globals[0].ula_prefix )
+    ulaprefix=${ulaprefix%%:/*}
+    hostfqdn="$UB_TXT_HOSTNAME.$UB_TXT_DOMAIN"
 
 
-      if [ -z "$ulaprefix" ] ; then
-        # Nonsense so this option isn't globbed below
-        ulaprefix="fdno:such:addr::"
-      fi
+    if [ -z "$ulaprefix" ] ; then
+      # Nonsense so this option isn't globbed below
+      ulaprefix="fdno:such:addr::"
+    fi
 
 
-      if [ "$UB_LIST_NETW_LAN" -a "$UB_D_LAN_FQDN" -gt 0 ] ; then
-        for ifsubnet in $UB_LIST_NETW_LAN ; do
-          ifaddr=${ifsubnet#*@}
-          ifaddr=${ifaddr%/*}
-          ifname=${ifsubnet%@*}
-          iffqdn="$ifname.$hostfqdn"
+    if [ "$UB_LIST_NETW_LAN" -a "$UB_D_LAN_FQDN" -gt 0 ] ; then
+      for ifsubnet in $UB_LIST_NETW_LAN ; do
+        ifaddr=${ifsubnet#*@}
+        ifaddr=${ifaddr%/*}
+        ifname=${ifsubnet%@*}
+        iffqdn="$ifname.$hostfqdn"
 
 
-          if [ "$UB_D_LAN_FQDN" -eq 4 ] ; then
-            names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME"
-            ptrrec="  local-data-ptr: \"$ifaddr 300 $iffqdn\""
-            echo "$ptrrec" >> $UB_HOST_CONF
+        if [ "$UB_D_LAN_FQDN" -eq 4 ] ; then
+          names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME"
+          ptrrec="  local-data-ptr: \"$ifaddr 300 $iffqdn\""
+          echo "$ptrrec" >> $UB_HOST_CONF
 
-          elif [ "$UB_D_LAN_FQDN" -eq 3 ] ; then
-            names="$hostfqdn $UB_TXT_HOSTNAME"
-            ptrrec="  local-data-ptr: \"$ifaddr 300 $hostfqdn\""
-            echo "$ptrrec" >> $UB_HOST_CONF
+        elif [ "$UB_D_LAN_FQDN" -eq 3 ] ; then
+          names="$hostfqdn $UB_TXT_HOSTNAME"
+          ptrrec="  local-data-ptr: \"$ifaddr 300 $hostfqdn\""
+          echo "$ptrrec" >> $UB_HOST_CONF
 
-          else
-            names="$UB_TXT_HOSTNAME"
-            ptrrec="  local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\""
-            echo "$ptrrec" >> $UB_HOST_CONF
-          fi
+        else
+          names="$UB_TXT_HOSTNAME"
+          ptrrec="  local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\""
+          echo "$ptrrec" >> $UB_HOST_CONF
+        fi
 
 
-          for name in $names ; do
-            case $ifaddr in
-              "${ulaprefix}"*)
-                # IP6 ULA only is assigned for OPTION 1
-                namerec="  local-data: \"$name. 300 IN AAAA $ifaddr\""
-                echo "$namerec" >> $UB_HOST_CONF
-                ;;
+        for name in $names ; do
+          case $ifaddr in
+            "${ulaprefix}"*)
+              # IP6 ULA only is assigned for OPTION 1
+              namerec="  local-data: \"$name. 300 IN AAAA $ifaddr\""
+              echo "$namerec" >> $UB_HOST_CONF
+              ;;
+
+            [1-9]*.*[0-9])
+              namerec="  local-data: \"$name. 300 IN A $ifaddr\""
+              echo "$namerec" >> $UB_HOST_CONF
+              ;;
 
-              [1-9]*.*[0-9])
-                namerec="  local-data: \"$name. 300 IN A $ifaddr\""
+            *)
+              if [ "$UB_D_LAN_FQDN" -gt 1 ] ; then
+                # IP6 GLA is assigned for higher options
+                namerec="  local-data: \"$name. 300 IN AAAA $ifaddr\""
                 echo "$namerec" >> $UB_HOST_CONF
-                ;;
-
-              *)
-                if [ "$UB_D_LAN_FQDN" -gt 1 ] ; then
-                  # IP6 GLA is assigned for higher options
-                  namerec="  local-data: \"$name. 300 IN AAAA $ifaddr\""
-                  echo "$namerec" >> $UB_HOST_CONF
-                fi
-                ;;
-            esac
-          done
-          echo >> $UB_HOST_CONF
+              fi
+              ;;
+          esac
         done
-      fi
+        echo >> $UB_HOST_CONF
+      done
+    fi
 
 
-      if [ -n "$UB_LIST_NETW_WAN" -a "$UB_D_WAN_FQDN" -gt 0 ] ; then
-        for ifsubnet in $UB_LIST_NETW_WAN ; do
-          ifaddr=${ifsubnet#*@}
-          ifaddr=${ifaddr%/*}
-          ifname=${ifsubnet%@*}
-          iffqdn="$ifname.$hostfqdn"
+    if [ -n "$UB_LIST_NETW_WAN" -a "$UB_D_WAN_FQDN" -gt 0 ] ; then
+      for ifsubnet in $UB_LIST_NETW_WAN ; do
+        ifaddr=${ifsubnet#*@}
+        ifaddr=${ifaddr%/*}
+        ifname=${ifsubnet%@*}
+        iffqdn="$ifname.$hostfqdn"
 
 
-          if [ "$UB_D_WAN_FQDN" -eq 4 ] ; then
-            names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME"
-            ptrrec="  local-data-ptr: \"$ifaddr 300 $iffqdn\""
-            echo "$ptrrec" >> $UB_HOST_CONF
+        if [ "$UB_D_WAN_FQDN" -eq 4 ] ; then
+          names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME"
+          ptrrec="  local-data-ptr: \"$ifaddr 300 $iffqdn\""
+          echo "$ptrrec" >> $UB_HOST_CONF
 
-          elif [ "$UB_D_WAN_FQDN" -eq 3 ] ; then
-            names="$hostfqdn $UB_TXT_HOSTNAME"
-            ptrrec="  local-data-ptr: \"$ifaddr 300 $hostfqdn\""
-            echo "$ptrrec" >> $UB_HOST_CONF
+        elif [ "$UB_D_WAN_FQDN" -eq 3 ] ; then
+          names="$hostfqdn $UB_TXT_HOSTNAME"
+          ptrrec="  local-data-ptr: \"$ifaddr 300 $hostfqdn\""
+          echo "$ptrrec" >> $UB_HOST_CONF
 
-          else
-            names="$UB_TXT_HOSTNAME"
-            ptrrec="  local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\""
-            echo "$ptrrec" >> $UB_HOST_CONF
-          fi
+        else
+          names="$UB_TXT_HOSTNAME"
+          ptrrec="  local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\""
+          echo "$ptrrec" >> $UB_HOST_CONF
+        fi
 
 
-          for name in $names ; do
-            case $ifaddr in
-              "${ulaprefix}"*)
-                # IP6 ULA only is assigned for OPTION 1
-                namerec="  local-data: \"$name. 300 IN AAAA $ifaddr\""
-                echo "$namerec" >> $UB_HOST_CONF
-                ;;
+        for name in $names ; do
+          case $ifaddr in
+            "${ulaprefix}"*)
+              # IP6 ULA only is assigned for OPTION 1
+              namerec="  local-data: \"$name. 300 IN AAAA $ifaddr\""
+              echo "$namerec" >> $UB_HOST_CONF
+              ;;
 
-              [1-9]*.*[0-9])
-                namerec="  local-data: \"$name. 300 IN A $ifaddr\""
-                echo "$namerec" >> $UB_HOST_CONF
-                ;;
-
-              *)
-                if [ "$UB_D_WAN_FQDN" -gt 1 ] ; then
-                  # IP6 GLA is assigned for higher options
-                  namerec="  local-data: \"$name. 300 IN AAAA $ifaddr\""
-                  echo "$namerec" >> $UB_HOST_CONF
-                fi
+            [1-9]*.*[0-9])
+              namerec="  local-data: \"$name. 300 IN A $ifaddr\""
+              echo "$namerec" >> $UB_HOST_CONF
               ;;
-            esac
-          done
-          echo >> $UB_HOST_CONF
+
+            *)
+              if [ "$UB_D_WAN_FQDN" -gt 1 ] ; then
+                # IP6 GLA is assigned for higher options
+                namerec="  local-data: \"$name. 300 IN AAAA $ifaddr\""
+                echo "$namerec" >> $UB_HOST_CONF
+              fi
+            ;;
+          esac
         done
-      fi
-    fi # end if time file
+        echo >> $UB_HOST_CONF
+      done
+    fi
   fi # end if uci valid
 }
 
@@ -1178,7 +1191,7 @@ unbound_uci() {
       UB_D_DHCP_LINK=dnsmasq
 
 
-      if [ ! -f "$UB_TIME_FILE" ] ; then
+      if [ "$UB_B_READY" -eq 0 ] ; then
         logger -t unbound -s "Please use 'dhcp_link' selector instead"
       fi
     fi
@@ -1193,7 +1206,7 @@ unbound_uci() {
     fi
 
 
-    if [ ! -f "$UB_TIME_FILE" -a "$UB_D_DHCP_LINK" = "none" ] ; then
+    if [ "$UB_B_READY" -eq 0 -a "$UB_D_DHCP_LINK" = "none" ] ; then
       logger -t unbound -s "cannot forward to dnsmasq"
     fi
   fi
@@ -1207,7 +1220,7 @@ unbound_uci() {
     fi
 
 
-    if [ ! -f "$UB_TIME_FILE" -a "$UB_D_DHCP_LINK" = "none" ] ; then
+    if [ "$UB_B_READY" -eq 0 -a "$UB_D_DHCP_LINK" = "none" ] ; then
       logger -t unbound -s "cannot receive records from odhcpd"
     fi
   fi
@@ -1220,8 +1233,8 @@ unbound_uci() {
   fi
 
 
-  if [ "$UB_N_RX_PORT" -ne 53 ] \
-  && [ "$UB_N_RX_PORT" -lt 1024 -o 10240 -lt "$UB_N_RX_PORT" ] ; then
+  if [ "$UB_N_RX_PORT" -ne 53 \
+      -a \( "$UB_N_RX_PORT" -lt 1024 -o 10240 -lt "$UB_N_RX_PORT" \) ] ; then
     logger -t unbound -s "privileged port or in 5 digits, using default"
     UB_N_RX_PORT=53
   fi
@@ -1264,7 +1277,7 @@ unbound_include() {
   fi
 
 
-  if [ -f "$UB_TIME_FILE" -a -f "$UB_DHCP_CONF" ] ; then
+  if [ -f "$UB_DHCP_CONF" ] ; then
     {
       # Seed DHCP records because dhcp scripts trigger externally
       # Incremental Unbound restarts may drop unbound-control records
@@ -1274,8 +1287,8 @@ unbound_include() {
   fi
 
 
-  if [ ! -f "$UB_TIME_FILE" -o -z "$adb_files" \
-      -o  ! -x /usr/bin/adblock.sh -o ! -x /etc/init.d/adblock ] ; then
+  if [ -z "$adb_files" \
+       -o  ! -x /usr/bin/adblock.sh -o ! -x /etc/init.d/adblock ] ; then
     adb_enabled=0
 
   elif /etc/init.d/adblock enabled ; then