net/unbound/files/rootzone.sh

   1 #!/bin/sh
   2 ##############################################################################
   3 #
   4 # This program is free software; you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License version 2 as
   6 # published by the Free Software Foundation.
   7 #
   8 # This program is distributed in the hope that it will be useful,
   9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11 # GNU General Public License for more details.
  12 #
  13 # Copyright (C) 2016 Eric Luehrsen
  14 #
  15 ##############################################################################
  16 #
  17 # This component needs to be used within the unbound.sh as an include. It uses
  18 # defaults and UCI scope variables defined there. It will copy root.key back
  19 # to /etc/unbound/ periodically, but avoid ROM flash abuse (UCI option).
  20 #
  21 ##############################################################################
  22
  23 rootzone_uci() {
  24   # TODO: Just structure to real UCI coming soon.
  25   echo
  26 }
  27
  28 ##############################################################################
  29
  30 roothints_update() {
  31   # TODO: Maybe this will not be implemented.
  32   echo
  33 }
  34
  35 ##############################################################################
  36
  37 rootkey_update() {
  38   local basekey_date rootkey_date rootkey_age filestuff
  39
  40   # TODO: Just structure to real UCI coming soon.
  41   if [ "$UNBOUND_N_ROOT_AGE" -gt 90 -o "$UNBOUND_B_DNSSEC" -lt 1 ] ; then
  42     # Feature disabled
  43     return 0
  44   fi
  45
  46
  47   if [ -f /etc/unbound/root.key ] ; then
  48     basekey_date=$( date -r /etc/unbound/root.key +%s )
  49
  50   else
  51     # No persistent storage key
  52     basekey_date=$( date -d 2000-01-01 +%s )
  53   fi
  54
  55
  56   if [ -f "$UNBOUND_KEYFILE" ] ; then
  57     # Unbound maintains it itself
  58     rootkey_date=$( date -r $UNBOUND_KEYFILE +%s )
  59     rootkey_age=$(( (rootkey_date - basekey_date) / 86440 ))
  60
  61   elif [ -x "$UNBOUND_ANCHOR" ] ; then
  62     # No tmpfs key - use unbound-anchor
  63     rootkey_date=$( date -I +%s )
  64     rootkey_age=$(( (rootkey_date - basekey_date) / 86440 ))
  65     $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
  66
  67   else
  68     # give up
  69     rootkey_age=0
  70   fi
  71
  72
  73   if [ "$rootkey_age" -gt "$UNBOUND_N_ROOT_AGE" ] ; then
  74     filestuff=$( cat $UNBOUND_KEYFILE )
  75
  76
  77     case "$filestuff" in
  78       *NOERROR*)
  79         # Header comment for drill and dig
  80         logger -t unbound -s "root.key updated after $rootkey_age days"
  81         cp -p $UNBOUND_KEYFILE /etc/unbound/root.key
  82         ;;
  83
  84       *"state=2 [  VALID  ]"*)
  85         # Comment inline to key for unbound-anchor
  86         logger -t unbound -s "root.key updated after $rootkey_age days"
  87         cp -p $UNBOUND_KEYFILE /etc/unbound/root.key
  88         ;;
  89
  90       *)
  91         logger -t unbound -s "root.key still $rootkey_age days old"
  92         ;;
  93     esac
  94   fi
  95 }
  96
  97 ##############################################################################
  98
  99 rootzone_update() {
 100   rootzone_uci
 101   roothints_update
 102   rootkey_update
 103 }
 104
 105 ##############################################################################
 106