unbound: improve interface trigger behavior

procd interface triggers may be busy. Unbound hard restarts will
flush the cache. This might happen frequently depending on how
interface triggers occur.

Change the procd trigger to reduce occurences. Load this trigger
prior to netifd (START=20), but only truly start Unbound from
the trigger rather than immediately in init. Clean up log entries
in scripts after Unbound, NTP, and DNSSEC are established.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 57a65045a16b7b9cdfad3b6e840f71216b5299af..d8db017a4b365517447a8248ec7300a5f5f5dab9 100644 (file)
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.6.1
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE

diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk
index 34e6710d88b3e9b9975805a211adf74aed21c6f7..160950884e39e077946e1cdd0f61abc552b9f8e1 100644 (file)
--- a/net/unbound/files/odhcpd.awk
+++ b/net/unbound/files/odhcpd.awk
@@ -28,10 +28,13 @@
 
 /^#/ {
   # We need to pick out DHCP v4 or v6 records
-  net = $2 ; id = $3 ; cls = $4 ; hst = $5 ; adr = $9 ;
+  net = $2 ; id = $3 ; cls = $4 ; hst = $5 ; adr = $9 ; adr2 = $10
   cdr = adr ;
+  cdr2 = adr2 ;
   sub( /\/.*/, "", adr ) ;
   sub( /.*\//, "", cdr ) ;
+  sub( /\/.*/, "", adr2 ) ;
+  sub( /.*\//, "", cdr2 ) ;
 
 
   if ( bisolt == 1 ) {
@@ -132,6 +135,22 @@
         print ( x "\n" y ) > hostfile ;
       }
     }
+    
+    if (( cdr2 == 128 ) && ( hst != "-" )) {
+      if ( bconf == 1 ) {
+        x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr2 "\"" ) ;
+        y = ( "local-data-ptr: \"" adr2 " 120 " fqdn "\"" ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
+
+      else {
+        # odhcp puts GA and ULA on the same line (position 9 and 10)
+        qpr2 = ipv6_ptr( adr2 ) ;
+        x = ( fqdn ". 120 IN AAAA " adr2 ) ;
+        y = ( qpr2 ". 120 IN PTR " fqdn ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
+    }
   }
 }
 

diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init
index e4b7ec85fae176b8645373237e7493097e2178e8..1edf9ef80d8804366f5c1323201d0b0010fee26a 100755 (executable)
--- a/net/unbound/files/unbound.init
+++ b/net/unbound/files/unbound.init
@@ -9,7 +9,8 @@
 #
 ##############################################################################
 
-START=60
+START=19
+STOP=50
 USE_PROCD=1
 PROG=/usr/sbin/unbound
 
@@ -19,9 +20,18 @@ PROG=/usr/sbin/unbound
 
 ##############################################################################
 
+boot() {
+  UNBOUND_BOOT=1
+  start "$@"
+}
+
+##############################################################################
+
 start_service() {
-  # WAIT! Unbound often takes its time writing closure stats to syslog
-  pidof $PROG && sleep 1
+  if [ -n "$UNBOUND_BOOT" ] ; then
+    # Load procd triggers (rc) and use event IFUP to really start
+    return 0
+  fi
 
   # complex UCI work
   unbound_start
@@ -37,13 +47,17 @@ start_service() {
 
 stop_service() {
   unbound_stop
+  
+  # Wait! on restart Unbound may take time writing closure stats to syslog
+  pidof $PROG && sleep 1
 }
 
 ##############################################################################
 
 service_triggers() {
+  # use soft reload to prevent continuous stop-start and cache flush
   procd_add_reload_trigger "unbound"
-  procd_add_raw_trigger "interface.*" 2000 /etc/init.d/unbound restart
+  procd_add_raw_trigger "interface.*.up" 2000 /etc/init.d/unbound reload
 }
 
 ##############################################################################

diff --git a/net/unbound/files/unbound.ntpd b/net/unbound/files/unbound.ntpd
index 5c7191656d67a2da3471a07f1c589b327cd7cf9e..d744cb06705b1fc37298d136538db29116f9b602 100755 (executable)
--- a/net/unbound/files/unbound.ntpd
+++ b/net/unbound/files/unbound.ntpd
@@ -20,6 +20,7 @@
 if [ "$ACTION" = stratum -a ! -f "$UNBOUND_TIMEFILE" ] ; then
   echo "ntpd: $( date )" > $UNBOUND_TIMEFILE
   /etc/init.d/unbound enabled && /etc/init.d/unbound restart
+  # Yes, hard RESTART. We need to be absolutely sure to enable DNSSEC.
 fi
 
 ##############################################################################

diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index d918152d7c982ffb686463f218ebd3ed6087d8f3..4daefda4d1138c49f6b12742e22fd8ecf32be036 100644 (file)
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -315,7 +315,7 @@ unbound_mkdir() {
       # Debian-like package dns-root-data
       cp -p /usr/share/dns/root.hints $UNBOUND_HINTFILE
 
-    else
+    elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
       logger -t unbound -s "iterator will use built-in root hints"
     fi
   fi
@@ -329,7 +329,7 @@ unbound_mkdir() {
     elif [ -x $UNBOUND_ANCHOR ] ; then
       $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
 
-    else
+    elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
       logger -t unbound -s "validator will use built-in trust anchor"
     fi
   fi
@@ -526,7 +526,7 @@ unbound_conf() {
       echo
     } >> $UNBOUND_CONFFILE
 
-  else
+  elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
     logger -t unbound -s "default memory resource consumption"
   fi
 
@@ -602,7 +602,9 @@ unbound_conf() {
       ;;
 
     *)
-      logger -t unbound -s "default recursion configuration"
+      if [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+        logger -t unbound -s "default recursion configuration"
+      fi
       ;;
   esac
 
@@ -822,7 +824,11 @@ unbound_uci() {
 
     if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
       UNBOUND_D_DHCP_LINK=dnsmasq
-      logger -t unbound -s "Please use 'dhcp_link' selector instead"
+      
+      
+      if [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+        logger -t unbound -s "Please use 'dhcp_link' selector instead"
+      fi
     fi
   fi
 
@@ -835,7 +841,7 @@ unbound_uci() {
     fi
 
 
-    if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
+    if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then
       logger -t unbound -s "cannot forward to dnsmasq"
     fi
   fi
@@ -849,7 +855,7 @@ unbound_uci() {
     fi
 
 
-    if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
+    if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then
       logger -t unbound -s "cannot receive records from odhcpd"
     fi
   fi