From owner-svn-src-all@FreeBSD.ORG Fri Jul 18 20:36:11 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E0DE7B9; Fri, 18 Jul 2014 20:36:11 +0000 (UTC) Received: from thebighonker.lerctr.org (thebighonker.lerctr.org [IPv6:2001:470:1f0f:3ad:223:7dff:fe9e:6e8a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "thebighonker.lerctr.org", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1B3CE2C19; Fri, 18 Jul 2014 20:36:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lerctr.org; s=lerami; h=Message-ID:References:In-Reply-To:Subject:Cc:To:From:Date:Content-Transfer-Encoding:Content-Type:MIME-Version; bh=F0uIIk74fyZ3ChvrhtAnw5S8Y+yOPQ/QkwEE1IYHGVo=; b=Uc2IxlYHdVorn+MDFrD9nOtq0p53siJCPoWsGGKXerNs0lDoeemawJXB0++B8FLEdXZW5ozyXN7HvKemGYce813BtuUEaZfFr5DbUX3GR0k5+GPXIrgGJiNYqMHjVpXX6q+Ggyy1vcynL/ypWaKVYx+BmCLnWykb0JmL4zP0F/0=; Received: from localhost.lerctr.org ([127.0.0.1]:49247 helo=webmail.lerctr.org) by thebighonker.lerctr.org with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82_1-5b7a7c0-XX (FreeBSD)) (envelope-from ) id 1X8Esx-0006g3-T3; Fri, 18 Jul 2014 15:36:09 -0500 Received: from host.alcatel.com ([198.205.55.139]) by webmail.lerctr.org with HTTP (HTTP/1.1 POST); Fri, 18 Jul 2014 15:36:07 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Fri, 18 Jul 2014 15:36:07 -0500 From: Larry Rosenman To: =?UTF-8?Q?Dag-Erling_Sm=C3=83=C2=B8rgrav?= Subject: Re: svn commit: r268840 - head/usr.sbin/unbound/local-setup In-Reply-To: <201407181233.s6ICXMY9042848@svn.freebsd.org> References: <201407181233.s6ICXMY9042848@svn.freebsd.org> Message-ID: <10526bac1382f78c76281a0613e8ff5f@thebighonker.lerctr.org> X-Sender: ler@lerctr.org User-Agent: Roundcube Webmail/1.0.1 X-Spam-Score: -2.1 (--) X-LERCTR-Spam-Score: -2.1 (--) X-Spam-Report: SpamScore (-2.1/5.0) ALL_TRUSTED=-1, BAYES_00=-1.9, KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001 X-LERCTR-Spam-Report: SpamScore (-2.1/5.0) ALL_TRUSTED=-1, BAYES_00=-1.9, KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, owner-svn-src-all@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2014 20:36:11 -0000 should this be noted in UPDATING to re-gen the files locally or something? On 2014-07-18 07:33, Dag-Erling Smørgrav wrote: > Author: des > Date: Fri Jul 18 12:33:22 2014 > New Revision: 268840 > URL: http://svnweb.freebsd.org/changeset/base/268840 > > Log: > Use a combination of unblock-lan-zones (r268839) and domain-insecure > to fix reverse lookups on networks using private addresses. > > Modified: > head/usr.sbin/unbound/local-setup/local-unbound-setup.sh > > Modified: head/usr.sbin/unbound/local-setup/local-unbound-setup.sh > ============================================================================== > --- head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Fri Jul > 18 11:32:44 2014 (r268839) > +++ head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Fri Jul > 18 12:33:22 2014 (r268840) > @@ -33,6 +33,7 @@ > user="" > unbound_conf="" > forward_conf="" > +lanzones_conf="" > workdir="" > confdir="" > chrootdir="" > @@ -59,6 +60,7 @@ set_defaults() { > : ${confdir:=${workdir}/conf.d} > : ${unbound_conf:=${workdir}/unbound.conf} > : ${forward_conf:=${workdir}/forward.conf} > + : ${lanzones_conf:=${workdir}/lan-zones.conf} > : ${anchor:=${workdir}/root.key} > : ${pidfile:=/var/run/local_unbound.pid} > : ${resolv_conf:=/etc/resolv.conf} > @@ -73,7 +75,8 @@ set_defaults() { > # > set_chrootdir() { > chrootdir="${workdir}" > - for file in "${unbound_conf}" "${forward_conf}" "${anchor}" ; do > + for file in "${unbound_conf}" "${forward_conf}" \ > + "${lanzones_conf}" "${anchor}" ; do > if [ "${file#${workdir%/}/}" = "${file}" ] ; then > echo "warning: ${file} is outside ${workdir}" >&2 > chrootdir="" > @@ -171,6 +174,7 @@ gen_resolvconf_conf() { > # > gen_forward_conf() { > echo "# Generated by $self" > + echo "# Do not edit this file." > echo "forward-zone:" > echo " name: ." > for forwarder ; do > @@ -183,6 +187,42 @@ gen_forward_conf() { > } > > # > +# Generate lan-zones.conf > +# > +gen_lanzones_conf() { > + echo "# Generated by $self" > + echo "# Do not edit this file." > + echo "server:" > + echo " # Unblock reverse lookups for LAN addresses" > + echo " unblock-lan-zones: yes" > + echo " domain-insecure: 10.in-addr.arpa." > + echo " domain-insecure: 127.in-addr.arpa." > + echo " domain-insecure: 16.172.in-addr.arpa." > + echo " domain-insecure: 17.172.in-addr.arpa." > + echo " domain-insecure: 18.172.in-addr.arpa." > + echo " domain-insecure: 19.172.in-addr.arpa." > + echo " domain-insecure: 20.172.in-addr.arpa." > + echo " domain-insecure: 21.172.in-addr.arpa." > + echo " domain-insecure: 22.172.in-addr.arpa." > + echo " domain-insecure: 23.172.in-addr.arpa." > + echo " domain-insecure: 24.172.in-addr.arpa." > + echo " domain-insecure: 25.172.in-addr.arpa." > + echo " domain-insecure: 26.172.in-addr.arpa." > + echo " domain-insecure: 27.172.in-addr.arpa." > + echo " domain-insecure: 28.172.in-addr.arpa." > + echo " domain-insecure: 29.172.in-addr.arpa." > + echo " domain-insecure: 30.172.in-addr.arpa." > + echo " domain-insecure: 31.172.in-addr.arpa." > + echo " domain-insecure: 168.192.in-addr.arpa." > + echo " domain-insecure: 254.169.in-addr.arpa." > + echo " domain-insecure: d.f.ip6.arpa." > + echo " domain-insecure: 8.e.ip6.arpa." > + echo " domain-insecure: 9.e.ip6.arpa." > + echo " domain-insecure: a.e.ip6.arpa." > + echo " domain-insecure: b.e.ip6.arpa." > +} > + > +# > # Generate unbound.conf > # > gen_unbound_conf() { > @@ -197,6 +237,9 @@ gen_unbound_conf() { > if [ -f "${forward_conf}" ] ; then > echo "include: ${forward_conf}" > fi > + if [ -f "${lanzones_conf}" ] ; then > + echo "include: ${lanzones_conf}" > + fi > if [ -d "${confdir}" ] ; then > echo "include: ${confdir}/*.conf" > fi > @@ -323,6 +366,13 @@ main() { > fi > > # > + # Generate lan-zones.conf. > + # > + local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX") > + gen_lanzones_conf >"${tmp_lanzones_conf}" > + replace "${lanzones_conf}" "${tmp_lanzones_conf}" > + > + # > # Generate unbound.conf. > # > local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX") > _______________________________________________ > svn-src-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: ler@lerctr.org US Mail: 108 Turvey Cove, Hutto, TX 78634-5688