Site Navigation

Date:      Fri, 18 Jul 2014 15:36:07 -0500
From:      Larry Rosenman <ler@lerctr.org>
To:        =?UTF-8?Q?Dag-Erling_Sm=C3=83=C2=B8rgrav?= <des@freebsd.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, owner-svn-src-all@freebsd.org
Subject:   Re: svn commit: r268840 - head/usr.sbin/unbound/local-setup
Message-ID:  <10526bac1382f78c76281a0613e8ff5f@thebighonker.lerctr.org>
In-Reply-To: <201407181233.s6ICXMY9042848@svn.freebsd.org>
References:  <201407181233.s6ICXMY9042848@svn.freebsd.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

should this be noted in UPDATING to re-gen the files locally or 
something?



On 2014-07-18 07:33, Dag-Erling Smørgrav wrote:
> Author: des
> Date: Fri Jul 18 12:33:22 2014
> New Revision: 268840
> URL: http://svnweb.freebsd.org/changeset/base/268840
> 
> Log:
>   Use a combination of unblock-lan-zones (r268839) and domain-insecure
>   to fix reverse lookups on networks using private addresses.
> 
> Modified:
>   head/usr.sbin/unbound/local-setup/local-unbound-setup.sh
> 
> Modified: head/usr.sbin/unbound/local-setup/local-unbound-setup.sh
> ==============================================================================
> --- head/usr.sbin/unbound/local-setup/local-unbound-setup.sh	Fri Jul
> 18 11:32:44 2014	(r268839)
> +++ head/usr.sbin/unbound/local-setup/local-unbound-setup.sh	Fri Jul
> 18 12:33:22 2014	(r268840)
> @@ -33,6 +33,7 @@
>  user=""
>  unbound_conf=""
>  forward_conf=""
> +lanzones_conf=""
>  workdir=""
>  confdir=""
>  chrootdir=""
> @@ -59,6 +60,7 @@ set_defaults() {
>  	: ${confdir:=${workdir}/conf.d}
>  	: ${unbound_conf:=${workdir}/unbound.conf}
>  	: ${forward_conf:=${workdir}/forward.conf}
> +	: ${lanzones_conf:=${workdir}/lan-zones.conf}
>  	: ${anchor:=${workdir}/root.key}
>  	: ${pidfile:=/var/run/local_unbound.pid}
>  	: ${resolv_conf:=/etc/resolv.conf}
> @@ -73,7 +75,8 @@ set_defaults() {
>  #
>  set_chrootdir() {
>  	chrootdir="${workdir}"
> -	for file in "${unbound_conf}" "${forward_conf}" "${anchor}" ; do
> +	for file in "${unbound_conf}" "${forward_conf}" \
> +	    "${lanzones_conf}" "${anchor}" ; do
>  		if [ "${file#${workdir%/}/}" = "${file}" ] ; then
>  			echo "warning: ${file} is outside ${workdir}" >&2
>  			chrootdir=""
> @@ -171,6 +174,7 @@ gen_resolvconf_conf() {
>  #
>  gen_forward_conf() {
>  	echo "# Generated by $self"
> +	echo "# Do not edit this file."
>  	echo "forward-zone:"
>  	echo "        name: ."
>  	for forwarder ; do
> @@ -183,6 +187,42 @@ gen_forward_conf() {
>  }
> 
>  #
> +# Generate lan-zones.conf
> +#
> +gen_lanzones_conf() {
> +	echo "# Generated by $self"
> +	echo "# Do not edit this file."
> +	echo "server:"
> +	echo "        # Unblock reverse lookups for LAN addresses"
> +	echo "        unblock-lan-zones: yes"
> +	echo "        domain-insecure: 10.in-addr.arpa."
> +	echo "        domain-insecure: 127.in-addr.arpa."
> +	echo "        domain-insecure: 16.172.in-addr.arpa."
> +	echo "        domain-insecure: 17.172.in-addr.arpa."
> +	echo "        domain-insecure: 18.172.in-addr.arpa."
> +	echo "        domain-insecure: 19.172.in-addr.arpa."
> +	echo "        domain-insecure: 20.172.in-addr.arpa."
> +	echo "        domain-insecure: 21.172.in-addr.arpa."
> +	echo "        domain-insecure: 22.172.in-addr.arpa."
> +	echo "        domain-insecure: 23.172.in-addr.arpa."
> +	echo "        domain-insecure: 24.172.in-addr.arpa."
> +	echo "        domain-insecure: 25.172.in-addr.arpa."
> +	echo "        domain-insecure: 26.172.in-addr.arpa."
> +	echo "        domain-insecure: 27.172.in-addr.arpa."
> +	echo "        domain-insecure: 28.172.in-addr.arpa."
> +	echo "        domain-insecure: 29.172.in-addr.arpa."
> +	echo "        domain-insecure: 30.172.in-addr.arpa."
> +	echo "        domain-insecure: 31.172.in-addr.arpa."
> +	echo "        domain-insecure: 168.192.in-addr.arpa."
> +	echo "        domain-insecure: 254.169.in-addr.arpa."
> +	echo "        domain-insecure: d.f.ip6.arpa."
> +	echo "        domain-insecure: 8.e.ip6.arpa."
> +	echo "        domain-insecure: 9.e.ip6.arpa."
> +	echo "        domain-insecure: a.e.ip6.arpa."
> +	echo "        domain-insecure: b.e.ip6.arpa."
> +}
> +
> +#
>  # Generate unbound.conf
>  #
>  gen_unbound_conf() {
> @@ -197,6 +237,9 @@ gen_unbound_conf() {
>  	if [ -f "${forward_conf}" ] ; then
>  		echo "include: ${forward_conf}"
>  	fi
> +	if [ -f "${lanzones_conf}" ] ; then
> +		echo "include: ${lanzones_conf}"
> +	fi
>  	if [ -d "${confdir}" ] ; then
>  		echo "include: ${confdir}/*.conf"
>  	fi
> @@ -323,6 +366,13 @@ main() {
>  	fi
> 
>  	#
> +	# Generate lan-zones.conf.
> +	#
> +	local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX")
> +	gen_lanzones_conf >"${tmp_lanzones_conf}"
> +	replace "${lanzones_conf}" "${tmp_lanzones_conf}"
> +
> +	#
>  	# Generate unbound.conf.
>  	#
>  	local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX")
> _______________________________________________
> svn-src-all@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c)     E-Mail: ler@lerctr.org
US Mail: 108 Turvey Cove, Hutto, TX 78634-5688

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10526bac1382f78c76281a0613e8ff5f>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact