From owner-svn-src-all@FreeBSD.ORG Fri Jul 18 12:33:23 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E2786BD9; Fri, 18 Jul 2014 12:33:22 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CFA342E76; Fri, 18 Jul 2014 12:33:22 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s6ICXMgb042849; Fri, 18 Jul 2014 12:33:22 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s6ICXMY9042848; Fri, 18 Jul 2014 12:33:22 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201407181233.s6ICXMY9042848@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Fri, 18 Jul 2014 12:33:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r268840 - head/usr.sbin/unbound/local-setup X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2014 12:33:23 -0000 Author: des Date: Fri Jul 18 12:33:22 2014 New Revision: 268840 URL: http://svnweb.freebsd.org/changeset/base/268840 Log: Use a combination of unblock-lan-zones (r268839) and domain-insecure to fix reverse lookups on networks using private addresses. Modified: head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Modified: head/usr.sbin/unbound/local-setup/local-unbound-setup.sh ============================================================================== --- head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Fri Jul 18 11:32:44 2014 (r268839) +++ head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Fri Jul 18 12:33:22 2014 (r268840) @@ -33,6 +33,7 @@ user="" unbound_conf="" forward_conf="" +lanzones_conf="" workdir="" confdir="" chrootdir="" @@ -59,6 +60,7 @@ set_defaults() { : ${confdir:=${workdir}/conf.d} : ${unbound_conf:=${workdir}/unbound.conf} : ${forward_conf:=${workdir}/forward.conf} + : ${lanzones_conf:=${workdir}/lan-zones.conf} : ${anchor:=${workdir}/root.key} : ${pidfile:=/var/run/local_unbound.pid} : ${resolv_conf:=/etc/resolv.conf} @@ -73,7 +75,8 @@ set_defaults() { # set_chrootdir() { chrootdir="${workdir}" - for file in "${unbound_conf}" "${forward_conf}" "${anchor}" ; do + for file in "${unbound_conf}" "${forward_conf}" \ + "${lanzones_conf}" "${anchor}" ; do if [ "${file#${workdir%/}/}" = "${file}" ] ; then echo "warning: ${file} is outside ${workdir}" >&2 chrootdir="" @@ -171,6 +174,7 @@ gen_resolvconf_conf() { # gen_forward_conf() { echo "# Generated by $self" + echo "# Do not edit this file." echo "forward-zone:" echo " name: ." for forwarder ; do @@ -183,6 +187,42 @@ gen_forward_conf() { } # +# Generate lan-zones.conf +# +gen_lanzones_conf() { + echo "# Generated by $self" + echo "# Do not edit this file." + echo "server:" + echo " # Unblock reverse lookups for LAN addresses" + echo " unblock-lan-zones: yes" + echo " domain-insecure: 10.in-addr.arpa." + echo " domain-insecure: 127.in-addr.arpa." + echo " domain-insecure: 16.172.in-addr.arpa." + echo " domain-insecure: 17.172.in-addr.arpa." + echo " domain-insecure: 18.172.in-addr.arpa." + echo " domain-insecure: 19.172.in-addr.arpa." + echo " domain-insecure: 20.172.in-addr.arpa." + echo " domain-insecure: 21.172.in-addr.arpa." + echo " domain-insecure: 22.172.in-addr.arpa." + echo " domain-insecure: 23.172.in-addr.arpa." + echo " domain-insecure: 24.172.in-addr.arpa." + echo " domain-insecure: 25.172.in-addr.arpa." + echo " domain-insecure: 26.172.in-addr.arpa." + echo " domain-insecure: 27.172.in-addr.arpa." + echo " domain-insecure: 28.172.in-addr.arpa." + echo " domain-insecure: 29.172.in-addr.arpa." + echo " domain-insecure: 30.172.in-addr.arpa." + echo " domain-insecure: 31.172.in-addr.arpa." + echo " domain-insecure: 168.192.in-addr.arpa." + echo " domain-insecure: 254.169.in-addr.arpa." + echo " domain-insecure: d.f.ip6.arpa." + echo " domain-insecure: 8.e.ip6.arpa." + echo " domain-insecure: 9.e.ip6.arpa." + echo " domain-insecure: a.e.ip6.arpa." + echo " domain-insecure: b.e.ip6.arpa." +} + +# # Generate unbound.conf # gen_unbound_conf() { @@ -197,6 +237,9 @@ gen_unbound_conf() { if [ -f "${forward_conf}" ] ; then echo "include: ${forward_conf}" fi + if [ -f "${lanzones_conf}" ] ; then + echo "include: ${lanzones_conf}" + fi if [ -d "${confdir}" ] ; then echo "include: ${confdir}/*.conf" fi @@ -323,6 +366,13 @@ main() { fi # + # Generate lan-zones.conf. + # + local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX") + gen_lanzones_conf >"${tmp_lanzones_conf}" + replace "${lanzones_conf}" "${tmp_lanzones_conf}" + + # # Generate unbound.conf. # local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX")