aboutsummaryrefslogtreecommitdiffstats
path: root/main/unbound/migrate-dnscache-to-unbound
blob: babbcd4d18ebd93decb9736b10f46bc674550a94 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#!/bin/sh


to_subnet() {
	pref=$1
	case "$pref" in
	*.*.*.*) echo $pref/32;;
	*.*.*) echo $pref.0/24;;
	*.*) echo $pref.0.0/16;;
	*) echo $pref.0.0.0/8;;
	esac
}

gen_config() {
	echo "# Config generated by $0, $(date)"
	echo "server:"
	echo -e "\troot-hints: /etc/unbound/root.hints\n"

	[ -n "$IP" ] && echo -e "\tinterface: $IP\n"
	[ -n "$IPSEND" ] && echo -e "\toutgoing-interface: $IPSEND\n"

	for i in $access_control; do
		echo -e "\taccess-control: $i allow"
	done
	echo ""

	# stub zones
	local zonefile ip
	local fwdtype="stub"
	if [ -n "$FORWARDONLY" ]; then
		fwdtype="forward"
	fi
	for zonefile in "$root"/etc/dnscache/servers/*; do
		local zone=${zonefile##*/}
		case "$zone" in
			'@'|'*'|*.apk-new) continue;;
		esac
		echo "${fwdtype}-zone:"
		echo -e "\tname: ${zone}"
		for ip in $(cat $zonefile); do
			echo -e "\t${fwdtype}-addr: $ip"
		done
		echo ""
	done
}

usage() {
	cat >&2 <<EOF
usage: $0 [-h] [-r ROOT]
Migrate dnscache configuration to unbound

This tool will install unbound, migrate the configuration, stop dnscache
and start unbound and remove traces of dnscache.

Options:
 -c  Only dump the config to stdout and exit
 -h  Show this help
 -k  Keep unbound.conf.backup and keep dnscache config
 -r  Look for dnscache config in ROOT/etc/dnscache

EOF
}

root=${ROOT:-/}
dump_config=false
quiet=false
keep_backup=false
while getopts "chr:" opt; do
	case "$opt" in
	'c') dump_config=true;;
	'h') usage; exit;;
	'k') keep_backup=true;;
	'r') root="$OPTARG";;
	'q') quiet=true; quiet_opt=--quiet;;
	esac
done
unbound_conf=${UNBOUND_CONF:-${root%/}/etc/unbound/unbound.conf}

# read dnscache config
if ! [ -f "$root"/etc/conf.d/dnscache ] && ! [ -d "$root"/etc/dnscache ]; then
	echo "No dnscache config found"
	exit 1
fi

confd="$root"/etc/conf.d/dnscache
if [ -r "$confd" ]; then
	. "$confd"
fi

interface="$IP"
outgoing_interface="$IPSEND"

for i in "$root"/etc/dnscache/ip/*; do
	[ -f "$i" ] || continue
	access_control="$access_control $(to_subnet ${i##*/})"
done

if $dump_config; then
	gen_config
	exit 0
fi

# install unbound if needed
if ! apk info -e unbound; then
	apk add $quiet_opt unbound
fi

# generate config
if [ -f "$unbound_conf" ]; then
	$quiet || echo "Backing up $unbound_conf" >&2
	mv "$unbound_conf" "${unbound_conf}".backup
fi

$quiet || echo "Generating $unbound_conf" >&2
gen_config > "$unbound_conf"

# stop dnscache and start unbound
if /etc/init.d/dnscache --quiet status 2>/dev/null; then
	/etc/init.d/dnscache $quiet_opt stop
	if ! /etc/init.d/unbound $quiet_opt start; then
		echo "Failed to start unbound. Starting up dnscache again"
		/etc/init.d/dnscache $quiet_opt start
		exit 1
	fi
fi

# update runlevels
errors=0
if rc-update | grep -q -w dnscache; then
	runlevels=$(rc-update | awk '$1 == "dnscache" { FS="|"; $0 = $0; print $2 }')
	for level in $runlevels; do
		rc-update $quiet_opt add unbound $level \
			|| errors=$(($errors + 1))
		rc-update $quiet_opt del dnscache $level \
			|| errors=$(($errors + 1))
	done
fi

# cleanup if requested
if [ $errors -eq 0 ] && ! $keep_backup ; then
	$quiet || echo "Purging dnscache and dnscache config" >&2
	apk del --purge $quiet_opt dnscache
	rm -rf $root/etc/dnscache $root/etc/conf.d/dnscache
	$quiet || echo "Purging ${unbound_conf}.backup" >&2
	rm -rf ${unbound_conf}.backup
fi

exit $errors