This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 3ec3329dffe9e045c37b1b3d048947bb59cd6fa6 (commit) from 4a46575628378e447f6aec0771cc4cc0f2743a3a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 3ec3329dffe9e045c37b1b3d048947bb59cd6fa6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jul 16 11:14:41 2019 +0200
unbound: rework dns-forwader handling
add check if red interface has an IPv4 address before test the servers at red up and simply remove forwarders at down process.
This also fix the hung at dhcpd shutdown.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/aarch64/initscripts | 2 +- config/rootfiles/common/armv5tel/initscripts | 2 +- config/rootfiles/common/i586/initscripts | 2 +- config/rootfiles/common/x86_64/initscripts | 2 +- config/rootfiles/core/135/filelists/files | 1 + config/rootfiles/core/135/update.sh | 1 + .../networking/red.down/05-remove-dns-forwarders | 4 ++ .../networking/red.down/05-update-dns-forwarders | 4 -- src/initscripts/system/unbound | 44 ++++++++++++++++++++-- 9 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 src/initscripts/networking/red.down/05-remove-dns-forwarders delete mode 100644 src/initscripts/networking/red.down/05-update-dns-forwarders
Difference in files: diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index b731a70c1..260a961fe 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green etc/rc.d/init.d/networking/orange etc/rc.d/init.d/networking/red #etc/rc.d/init.d/networking/red.down -etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders +etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders etc/rc.d/init.d/networking/red.down/10-ipsec etc/rc.d/init.d/networking/red.down/10-miniupnpd etc/rc.d/init.d/networking/red.down/10-ovpn diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index b731a70c1..260a961fe 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green etc/rc.d/init.d/networking/orange etc/rc.d/init.d/networking/red #etc/rc.d/init.d/networking/red.down -etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders +etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders etc/rc.d/init.d/networking/red.down/10-ipsec etc/rc.d/init.d/networking/red.down/10-miniupnpd etc/rc.d/init.d/networking/red.down/10-ovpn diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index df4f859f1..88ec789bc 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -49,7 +49,7 @@ etc/rc.d/init.d/networking/red.down/10-static-routes etc/rc.d/init.d/networking/red.down/20-firewall #etc/rc.d/init.d/networking/red.up etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup -etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders +etc/rc.d/init.d/networking/red.up/05-remove-dns-forwarders etc/rc.d/init.d/networking/red.up/10-miniupnpd etc/rc.d/init.d/networking/red.up/10-multicast etc/rc.d/init.d/networking/red.up/10-static-routes diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index df4f859f1..d74fb743b 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -41,7 +41,7 @@ etc/rc.d/init.d/networking/green etc/rc.d/init.d/networking/orange etc/rc.d/init.d/networking/red #etc/rc.d/init.d/networking/red.down -etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders +etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders etc/rc.d/init.d/networking/red.down/10-ipsec etc/rc.d/init.d/networking/red.down/10-miniupnpd etc/rc.d/init.d/networking/red.down/10-ovpn diff --git a/config/rootfiles/core/135/filelists/files b/config/rootfiles/core/135/filelists/files index 3d868d324..d8df9f65b 100644 --- a/config/rootfiles/core/135/filelists/files +++ b/config/rootfiles/core/135/filelists/files @@ -6,6 +6,7 @@ etc/unbound/root.hints etc/rc.d/helper/azure-setup etc/rc.d/init.d/cloud-init etc/rc.d/init.d/functions +etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders etc/rc.d/init.d/partresize etc/rc.d/init.d/unbound etc/sysctl.conf diff --git a/config/rootfiles/core/135/update.sh b/config/rootfiles/core/135/update.sh index 56854d2c9..55f72fc4e 100644 --- a/config/rootfiles/core/135/update.sh +++ b/config/rootfiles/core/135/update.sh @@ -35,6 +35,7 @@ done rm -vf \ /etc/rc.d/init.d/aws \ /etc/rc.d/rcsysinit.d/S74aws + /etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
# Stop services /etc/init.d/squid stop diff --git a/src/initscripts/networking/red.down/05-remove-dns-forwarders b/src/initscripts/networking/red.down/05-remove-dns-forwarders new file mode 100644 index 000000000..671cca9df --- /dev/null +++ b/src/initscripts/networking/red.down/05-remove-dns-forwarders @@ -0,0 +1,4 @@ +#!/bin/bash + +# Remove DNS forwarders for unbound +exec /etc/init.d/unbound remove-forwarders diff --git a/src/initscripts/networking/red.down/05-update-dns-forwarders b/src/initscripts/networking/red.down/05-update-dns-forwarders deleted file mode 100644 index 7f35696f5..000000000 --- a/src/initscripts/networking/red.down/05-update-dns-forwarders +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -# Update DNS forwarders for unbound -exec /etc/init.d/unbound update-forwarders diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 5d3c5062f..dbcfc951f 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -41,6 +41,22 @@ read_name_servers() { done 2>/dev/null | xargs echo }
+check_red_has_carrier_and_ip() { + # Interface configured ? + [ ! -e "/var/ipfire/red/iface" ] && return 0; + + # Interface present ? + [ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0; + + # has carrier ? + [ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0; + + # has ip ? + [ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0; + + return 1; +} + config_header() { echo "# This file is automatically generated and any changes" echo "# will be overwritten. DO NOT EDIT!" @@ -48,7 +64,8 @@ config_header() { }
update_forwarders() { - if [ "${USE_FORWARDERS}" = "1" -a -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then + check_red_has_carrier_and_ip + if [ "${USE_FORWARDERS}" = "1" -a "${?}" = "1" ]; then local forwarders local broken_forwarders
@@ -131,6 +148,13 @@ update_forwarders() { unbound-control -q forward off }
+remove_forwarders() { + enable_dnssec + echo "local recursor" > /var/ipfire/red/dns + unbound-control -q forward off + +} + own_hostname() { local hostname=$(hostname -f) # 1.1.1.1 is reserved for unused green, skip this @@ -473,7 +497,8 @@ disable_dnssec() { fix_time_if_dns_fail() { # If DNS still not work try to init ntp with # hardcoded ntp.ipfire.org (81.3.27.46) - if [ -e "/var/ipfire/red/iface" -a "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ]; then + check_red_has_carrier_and_ip + if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then host 0.ipfire.pool.ntp.org > /dev/null 2>&1 if [ "${?}" != "0" ]; then boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..." @@ -807,6 +832,19 @@ case "$1" in fix_time_if_dns_fail ;;
+ remove-forwarders) + # Do not try updating forwarders when unbound is not running + if ! pgrep unbound &>/dev/null; then + exit 0 + fi + + remove_forwarders + + unbound-control flush_negative > /dev/null + unbound-control flush_bogus > /dev/null + ;; + + test-name-server) ns=${2}
@@ -848,7 +886,7 @@ case "$1" in ;;
*) - echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}" + echo "Usage: $0 {start|stop|restart|status|update-forwarders|remove-forwarders|test-name-server|resolve}" exit 1 ;; esac
hooks/post-receive -- IPFire 2.x development tree