diff options
Diffstat (limited to 'net/unbound/files/rootzone.sh')
| -rw-r--r-- | net/unbound/files/rootzone.sh | 31 |
1 files changed, 9 insertions, 22 deletions
diff --git a/net/unbound/files/rootzone.sh b/net/unbound/files/rootzone.sh index d085fed4e..cc2edf695 100644 --- a/net/unbound/files/rootzone.sh +++ b/net/unbound/files/rootzone.sh @@ -14,23 +14,11 @@ # ############################################################################## # -# This component needs to be used within the unbound.sh as an include. It uses -# defaults and UCI scope variables defined there. It will copy root.key back -# to /etc/unbound/ periodically, but avoid ROM flash abuse (UCI option). +# This component will copy root.key back to /etc/unbound/ periodically, but +# avoid ROM flash abuse (UCI option). # ############################################################################## -rootzone_uci() { - local cfg=$1 - - # This will likely be called outside of "start_service()" context - config_get_bool UNBOUND_B_DNSSEC "$cfg" validator 0 - config_get_bool UNBOUND_B_NTP_BOOT "$cfg" validator_ntp 1 - config_get UNBOUND_N_ROOT_AGE "$cfg" root_age 9 -} - -############################################################################## - roothints_update() { # TODO: Might not be implemented. Unbound doesn't natively update hints. # Unbound philosophy is built in root hints are good for machine life. @@ -42,12 +30,16 @@ roothints_update() { rootkey_update() { local basekey_date rootkey_date rootkey_age filestuff + local dnssec=$( uci_get unbound.@unbound[0].validator ) + local dnssec_ntp=$( uci_get unbound.@unbound[0].validator_ntp ) + local dnssec_age=$( uci_get unbound.@unbound[0].root_age ) + - if [ "$UNBOUND_N_ROOT_AGE" -gt 90 -o "$UNBOUND_B_DNSSEC" -lt 1 ] ; then + if [ "$dnssec_age" -gt 90 -o "$dnssec" -lt 1 ] ; then # Feature disabled return 0 - elif [ "$UNBOUND_B_NTP_BOOT" -gt 0 -a ! -f "$UNBOUND_TIMEFILE" ] ; then + elif [ "$dnssec_ntp" -gt 0 -a ! -f "$UNBOUND_TIMEFILE" ] ; then # We don't have time yet return 0 fi @@ -79,7 +71,7 @@ rootkey_update() { fi - if [ "$rootkey_age" -gt "$UNBOUND_N_ROOT_AGE" ] ; then + if [ "$rootkey_age" -gt "$dnssec_age" ] ; then filestuff=$( cat $UNBOUND_KEYFILE ) @@ -106,11 +98,6 @@ rootkey_update() { ############################################################################## rootzone_update() { - # Partial UCI fetch for this functional group - config_load unbound - config_foreach rootzone_uci unbound - - # You need root.hints and root.key to boot strap recursion roothints_update rootkey_update } |