From 79a48b009fb02786063e9b2268a8f2c79c5edf1e Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Sat, 25 Mar 2017 01:53:28 -0400 Subject: [PATCH] unbound: improve interface trigger behavior procd interface triggers may be busy. Unbound hard restarts will flush the cache. This might happen frequently depending on how interface triggers occur. Change the procd trigger to reduce occurences. Load this trigger prior to netifd (START=20), but only truly start Unbound from the trigger rather than immediately in init. Clean up log entries in scripts after Unbound, NTP, and DNSSEC are established. Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 2 +- net/unbound/files/odhcpd.awk | 21 ++++++++++++++++++++- net/unbound/files/unbound.init | 22 ++++++++++++++++++---- net/unbound/files/unbound.ntpd | 1 + net/unbound/files/unbound.sh | 20 +++++++++++++------- 5 files changed, 53 insertions(+), 13 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 57a65045a1..d8db017a4b 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.6.1 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk index 34e6710d88..160950884e 100644 --- a/net/unbound/files/odhcpd.awk +++ b/net/unbound/files/odhcpd.awk @@ -28,10 +28,13 @@ /^#/ { # We need to pick out DHCP v4 or v6 records - net = $2 ; id = $3 ; cls = $4 ; hst = $5 ; adr = $9 ; + net = $2 ; id = $3 ; cls = $4 ; hst = $5 ; adr = $9 ; adr2 = $10 cdr = adr ; + cdr2 = adr2 ; sub( /\/.*/, "", adr ) ; sub( /.*\//, "", cdr ) ; + sub( /\/.*/, "", adr2 ) ; + sub( /.*\//, "", cdr2 ) ; if ( bisolt == 1 ) { @@ -132,6 +135,22 @@ print ( x "\n" y ) > hostfile ; } } + + if (( cdr2 == 128 ) && ( hst != "-" )) { + if ( bconf == 1 ) { + x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr2 "\"" ) ; + y = ( "local-data-ptr: \"" adr2 " 120 " fqdn "\"" ) ; + print ( x "\n" y ) > hostfile ; + } + + else { + # odhcp puts GA and ULA on the same line (position 9 and 10) + qpr2 = ipv6_ptr( adr2 ) ; + x = ( fqdn ". 120 IN AAAA " adr2 ) ; + y = ( qpr2 ". 120 IN PTR " fqdn ) ; + print ( x "\n" y ) > hostfile ; + } + } } } diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init index e4b7ec85fa..1edf9ef80d 100755 --- a/net/unbound/files/unbound.init +++ b/net/unbound/files/unbound.init @@ -9,7 +9,8 @@ # ############################################################################## -START=60 +START=19 +STOP=50 USE_PROCD=1 PROG=/usr/sbin/unbound @@ -19,9 +20,18 @@ PROG=/usr/sbin/unbound ############################################################################## +boot() { + UNBOUND_BOOT=1 + start "$@" +} + +############################################################################## + start_service() { - # WAIT! Unbound often takes its time writing closure stats to syslog - pidof $PROG && sleep 1 + if [ -n "$UNBOUND_BOOT" ] ; then + # Load procd triggers (rc) and use event IFUP to really start + return 0 + fi # complex UCI work unbound_start @@ -37,13 +47,17 @@ start_service() { stop_service() { unbound_stop + + # Wait! on restart Unbound may take time writing closure stats to syslog + pidof $PROG && sleep 1 } ############################################################################## service_triggers() { + # use soft reload to prevent continuous stop-start and cache flush procd_add_reload_trigger "unbound" - procd_add_raw_trigger "interface.*" 2000 /etc/init.d/unbound restart + procd_add_raw_trigger "interface.*.up" 2000 /etc/init.d/unbound reload } ############################################################################## diff --git a/net/unbound/files/unbound.ntpd b/net/unbound/files/unbound.ntpd index 5c7191656d..d744cb0670 100755 --- a/net/unbound/files/unbound.ntpd +++ b/net/unbound/files/unbound.ntpd @@ -20,6 +20,7 @@ if [ "$ACTION" = stratum -a ! -f "$UNBOUND_TIMEFILE" ] ; then echo "ntpd: $( date )" > $UNBOUND_TIMEFILE /etc/init.d/unbound enabled && /etc/init.d/unbound restart + # Yes, hard RESTART. We need to be absolutely sure to enable DNSSEC. fi ############################################################################## diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index d918152d7c..4daefda4d1 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -315,7 +315,7 @@ unbound_mkdir() { # Debian-like package dns-root-data cp -p /usr/share/dns/root.hints $UNBOUND_HINTFILE - else + elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "iterator will use built-in root hints" fi fi @@ -329,7 +329,7 @@ unbound_mkdir() { elif [ -x $UNBOUND_ANCHOR ] ; then $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE - else + elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "validator will use built-in trust anchor" fi fi @@ -526,7 +526,7 @@ unbound_conf() { echo } >> $UNBOUND_CONFFILE - else + elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "default memory resource consumption" fi @@ -602,7 +602,9 @@ unbound_conf() { ;; *) - logger -t unbound -s "default recursion configuration" + if [ ! -f "$UNBOUND_TIMEFILE" ] ; then + logger -t unbound -s "default recursion configuration" + fi ;; esac @@ -822,7 +824,11 @@ unbound_uci() { if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then UNBOUND_D_DHCP_LINK=dnsmasq - logger -t unbound -s "Please use 'dhcp_link' selector instead" + + + if [ ! -f "$UNBOUND_TIMEFILE" ] ; then + logger -t unbound -s "Please use 'dhcp_link' selector instead" + fi fi fi @@ -835,7 +841,7 @@ unbound_uci() { fi - if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then + if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "cannot forward to dnsmasq" fi fi @@ -849,7 +855,7 @@ unbound_uci() { fi - if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then + if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then logger -t unbound -s "cannot receive records from odhcpd" fi fi -- 2.30.2