svn commit: r268840 - head/usr.sbin/unbound/local-setup
Dag-Erling Smørgrav
des at FreeBSD.org
Fri Jul 18 12:33:23 UTC 2014
Author: des
Date: Fri Jul 18 12:33:22 2014
New Revision: 268840
URL: http://svnweb.freebsd.org/changeset/base/268840
Log:
Use a combination of unblock-lan-zones (r268839) and domain-insecure
to fix reverse lookups on networks using private addresses.
Modified:
head/usr.sbin/unbound/local-setup/local-unbound-setup.sh
Modified: head/usr.sbin/unbound/local-setup/local-unbound-setup.sh
==============================================================================
--- head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Fri Jul 18 11:32:44 2014 (r268839)
+++ head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Fri Jul 18 12:33:22 2014 (r268840)
@@ -33,6 +33,7 @@
user=""
unbound_conf=""
forward_conf=""
+lanzones_conf=""
workdir=""
confdir=""
chrootdir=""
@@ -59,6 +60,7 @@ set_defaults() {
: ${confdir:=${workdir}/conf.d}
: ${unbound_conf:=${workdir}/unbound.conf}
: ${forward_conf:=${workdir}/forward.conf}
+ : ${lanzones_conf:=${workdir}/lan-zones.conf}
: ${anchor:=${workdir}/root.key}
: ${pidfile:=/var/run/local_unbound.pid}
: ${resolv_conf:=/etc/resolv.conf}
@@ -73,7 +75,8 @@ set_defaults() {
#
set_chrootdir() {
chrootdir="${workdir}"
- for file in "${unbound_conf}" "${forward_conf}" "${anchor}" ; do
+ for file in "${unbound_conf}" "${forward_conf}" \
+ "${lanzones_conf}" "${anchor}" ; do
if [ "${file#${workdir%/}/}" = "${file}" ] ; then
echo "warning: ${file} is outside ${workdir}" >&2
chrootdir=""
@@ -171,6 +174,7 @@ gen_resolvconf_conf() {
#
gen_forward_conf() {
echo "# Generated by $self"
+ echo "# Do not edit this file."
echo "forward-zone:"
echo " name: ."
for forwarder ; do
@@ -183,6 +187,42 @@ gen_forward_conf() {
}
#
+# Generate lan-zones.conf
+#
+gen_lanzones_conf() {
+ echo "# Generated by $self"
+ echo "# Do not edit this file."
+ echo "server:"
+ echo " # Unblock reverse lookups for LAN addresses"
+ echo " unblock-lan-zones: yes"
+ echo " domain-insecure: 10.in-addr.arpa."
+ echo " domain-insecure: 127.in-addr.arpa."
+ echo " domain-insecure: 16.172.in-addr.arpa."
+ echo " domain-insecure: 17.172.in-addr.arpa."
+ echo " domain-insecure: 18.172.in-addr.arpa."
+ echo " domain-insecure: 19.172.in-addr.arpa."
+ echo " domain-insecure: 20.172.in-addr.arpa."
+ echo " domain-insecure: 21.172.in-addr.arpa."
+ echo " domain-insecure: 22.172.in-addr.arpa."
+ echo " domain-insecure: 23.172.in-addr.arpa."
+ echo " domain-insecure: 24.172.in-addr.arpa."
+ echo " domain-insecure: 25.172.in-addr.arpa."
+ echo " domain-insecure: 26.172.in-addr.arpa."
+ echo " domain-insecure: 27.172.in-addr.arpa."
+ echo " domain-insecure: 28.172.in-addr.arpa."
+ echo " domain-insecure: 29.172.in-addr.arpa."
+ echo " domain-insecure: 30.172.in-addr.arpa."
+ echo " domain-insecure: 31.172.in-addr.arpa."
+ echo " domain-insecure: 168.192.in-addr.arpa."
+ echo " domain-insecure: 254.169.in-addr.arpa."
+ echo " domain-insecure: d.f.ip6.arpa."
+ echo " domain-insecure: 8.e.ip6.arpa."
+ echo " domain-insecure: 9.e.ip6.arpa."
+ echo " domain-insecure: a.e.ip6.arpa."
+ echo " domain-insecure: b.e.ip6.arpa."
+}
+
+#
# Generate unbound.conf
#
gen_unbound_conf() {
@@ -197,6 +237,9 @@ gen_unbound_conf() {
if [ -f "${forward_conf}" ] ; then
echo "include: ${forward_conf}"
fi
+ if [ -f "${lanzones_conf}" ] ; then
+ echo "include: ${lanzones_conf}"
+ fi
if [ -d "${confdir}" ] ; then
echo "include: ${confdir}/*.conf"
fi
@@ -323,6 +366,13 @@ main() {
fi
#
+ # Generate lan-zones.conf.
+ #
+ local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX")
+ gen_lanzones_conf >"${tmp_lanzones_conf}"
+ replace "${lanzones_conf}" "${tmp_lanzones_conf}"
+
+ #
# Generate unbound.conf.
#
local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX")
More information about the svn-src-head
mailing list