2017-04-27 07:03:55 +00:00
|
|
|
#! /usr/bin/env bash
|
2015-07-05 23:39:54 +00:00
|
|
|
|
2019-09-22 13:38:22 +00:00
|
|
|
KEYS_DIR="/opt/encrypted-dns/etc/keys"
|
2016-08-24 22:42:13 +00:00
|
|
|
ZONES_DIR="/opt/unbound/etc/unbound/zones"
|
2015-07-12 12:52:07 +00:00
|
|
|
|
2019-05-16 15:47:33 +00:00
|
|
|
reserved=134217728
|
2019-08-05 14:13:56 +00:00
|
|
|
availableMemory=$((1024 * $( (grep -F MemAvailable /proc/meminfo || grep -F MemTotal /proc/meminfo) | sed 's/[^0-9]//g')))
|
2019-05-12 11:13:06 +00:00
|
|
|
if [ $availableMemory -le $((reserved * 2)) ]; then
|
2016-04-21 08:21:40 +00:00
|
|
|
echo "Not enough memory" >&2
|
2015-07-05 23:39:54 +00:00
|
|
|
exit 1
|
|
|
|
|
fi
|
2019-05-12 11:13:06 +00:00
|
|
|
availableMemory=$((availableMemory - reserved))
|
2019-10-26 20:22:46 +00:00
|
|
|
msg_cache_size=$((availableMemory / 4))
|
2019-05-12 11:13:06 +00:00
|
|
|
rr_cache_size=$((availableMemory / 3))
|
2015-07-05 23:39:54 +00:00
|
|
|
nproc=$(nproc)
|
2019-05-12 11:07:02 +00:00
|
|
|
if [ "$nproc" -gt 1 ]; then
|
2019-05-12 11:13:06 +00:00
|
|
|
threads=$((nproc - 1))
|
2015-07-05 23:39:54 +00:00
|
|
|
else
|
|
|
|
|
threads=1
|
|
|
|
|
fi
|
|
|
|
|
|
2015-07-12 12:52:07 +00:00
|
|
|
provider_name=$(cat "$KEYS_DIR/provider_name")
|
|
|
|
|
|
2015-07-05 23:39:54 +00:00
|
|
|
sed \
|
|
|
|
|
-e "s/@MSG_CACHE_SIZE@/${msg_cache_size}/" \
|
2015-07-12 12:52:07 +00:00
|
|
|
-e "s/@PROVIDER_NAME@/${provider_name}/" \
|
2015-07-05 23:39:54 +00:00
|
|
|
-e "s/@RR_CACHE_SIZE@/${rr_cache_size}/" \
|
|
|
|
|
-e "s/@THREADS@/${threads}/" \
|
2016-10-02 02:52:35 +00:00
|
|
|
-e "s#@ZONES_DIR@#${ZONES_DIR}#" \
|
2015-07-05 23:39:54 +00:00
|
|
|
> /opt/unbound/etc/unbound/unbound.conf << EOT
|
|
|
|
|
server:
|
|
|
|
|
verbosity: 1
|
|
|
|
|
num-threads: @THREADS@
|
2015-11-28 12:52:35 +00:00
|
|
|
interface: 127.0.0.1@553
|
2015-07-05 23:39:54 +00:00
|
|
|
so-reuseport: yes
|
2020-09-08 16:49:33 +00:00
|
|
|
edns-buffer-size: 1232
|
2015-07-05 23:39:54 +00:00
|
|
|
delay-close: 10000
|
2020-01-31 19:17:42 +00:00
|
|
|
cache-min-ttl: 3600
|
2015-07-05 23:39:54 +00:00
|
|
|
cache-max-ttl: 86400
|
|
|
|
|
do-daemonize: no
|
|
|
|
|
username: "_unbound"
|
|
|
|
|
log-queries: no
|
|
|
|
|
hide-version: yes
|
|
|
|
|
identity: "DNSCrypt"
|
|
|
|
|
harden-short-bufsize: yes
|
|
|
|
|
harden-large-queries: yes
|
|
|
|
|
harden-glue: yes
|
|
|
|
|
harden-dnssec-stripped: yes
|
|
|
|
|
harden-below-nxdomain: yes
|
|
|
|
|
harden-referral-path: no
|
|
|
|
|
do-not-query-localhost: no
|
|
|
|
|
prefetch: yes
|
|
|
|
|
prefetch-key: yes
|
2019-05-27 22:07:43 +00:00
|
|
|
qname-minimisation: yes
|
2015-07-05 23:39:54 +00:00
|
|
|
rrset-roundrobin: yes
|
|
|
|
|
minimal-responses: yes
|
2020-12-12 11:29:27 +00:00
|
|
|
udp-connect: no
|
2015-07-05 23:39:54 +00:00
|
|
|
chroot: "/opt/unbound/etc/unbound"
|
|
|
|
|
directory: "/opt/unbound/etc/unbound"
|
|
|
|
|
auto-trust-anchor-file: "var/root.key"
|
|
|
|
|
num-queries-per-thread: 4096
|
|
|
|
|
outgoing-range: 8192
|
|
|
|
|
msg-cache-size: @MSG_CACHE_SIZE@
|
|
|
|
|
rrset-cache-size: @RR_CACHE_SIZE@
|
2015-07-12 12:54:26 +00:00
|
|
|
neg-cache-size: 4M
|
2016-12-16 07:53:46 +00:00
|
|
|
serve-expired: yes
|
2019-12-16 18:10:11 +00:00
|
|
|
serve-expired-ttl: 86400
|
2020-01-27 18:30:21 +00:00
|
|
|
serve-expired-ttl-reset: yes
|
2015-07-05 23:39:54 +00:00
|
|
|
access-control: 0.0.0.0/0 allow
|
|
|
|
|
access-control: ::0/0 allow
|
2019-12-04 18:24:44 +00:00
|
|
|
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
|
2019-12-06 20:04:12 +00:00
|
|
|
aggressive-nsec: yes
|
2020-12-13 21:11:48 +00:00
|
|
|
val-bogus-ttl: 600
|
2015-07-05 23:39:54 +00:00
|
|
|
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "1." static
|
2019-12-09 23:22:27 +00:00
|
|
|
local-zone: "10.in-addr.arpa." static
|
|
|
|
|
local-zone: "127.in-addr.arpa." static
|
|
|
|
|
local-zone: "16.172.in-addr.arpa." static
|
|
|
|
|
local-zone: "168.192.in-addr.arpa." static
|
2019-12-09 23:31:12 +00:00
|
|
|
local-zone: "f.f.ip6.arpa." static
|
|
|
|
|
local-zone: "8.e.f.ip6.arpa." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "airdream." static
|
|
|
|
|
local-zone: "api." static
|
|
|
|
|
local-zone: "bbrouter." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "belkin." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "blinkap." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "corp." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "davolink." static
|
|
|
|
|
local-zone: "dearmyrouter." static
|
|
|
|
|
local-zone: "dhcp." static
|
|
|
|
|
local-zone: "dlink." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "domain." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "envoy." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "example." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "grp." static
|
|
|
|
|
local-zone: "gw==." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "home." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "hub." static
|
|
|
|
|
local-zone: "internal." static
|
|
|
|
|
local-zone: "intra." static
|
2019-12-24 10:00:58 +00:00
|
|
|
local-zone: "intranet." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "invalid." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "ksyun." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "lan." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "loc." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "local." static
|
|
|
|
|
local-zone: "localdomain." static
|
2019-12-26 10:17:35 +00:00
|
|
|
local-zone: "localhost." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "localnet." static
|
|
|
|
|
local-zone: "modem." static
|
|
|
|
|
local-zone: "mynet." static
|
|
|
|
|
local-zone: "myrouter." static
|
|
|
|
|
local-zone: "novalocal." static
|
2019-12-24 10:00:58 +00:00
|
|
|
local-zone: "onion." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "openstacklocal." static
|
|
|
|
|
local-zone: "priv." static
|
2019-12-24 10:00:58 +00:00
|
|
|
local-zone: "private." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "prv." static
|
|
|
|
|
local-zone: "router." static
|
|
|
|
|
local-zone: "telus." static
|
2015-07-05 23:39:54 +00:00
|
|
|
local-zone: "test." static
|
2019-12-09 11:11:24 +00:00
|
|
|
local-zone: "totolink." static
|
|
|
|
|
local-zone: "wlan_ap." static
|
|
|
|
|
local-zone: "workgroup." static
|
|
|
|
|
local-zone: "zghjccbob3n0." static
|
2015-07-12 12:52:07 +00:00
|
|
|
local-zone: "@PROVIDER_NAME@." refuse
|
2015-11-28 11:59:25 +00:00
|
|
|
|
2016-08-24 22:42:13 +00:00
|
|
|
include: "@ZONES_DIR@/*.conf"
|
2016-08-24 20:36:21 +00:00
|
|
|
|
2015-11-28 11:59:25 +00:00
|
|
|
remote-control:
|
|
|
|
|
control-enable: yes
|
|
|
|
|
control-interface: 127.0.0.1
|
2019-12-04 18:24:44 +00:00
|
|
|
|
|
|
|
|
auth-zone:
|
|
|
|
|
name: "."
|
|
|
|
|
url: "https://www.internic.net/domain/root.zone"
|
|
|
|
|
fallback-enabled: yes
|
|
|
|
|
for-downstream: no
|
|
|
|
|
for-upstream: yes
|
|
|
|
|
zonefile: "var/root.zone"
|
2015-07-05 23:39:54 +00:00
|
|
|
EOT
|
|
|
|
|
|
2019-08-05 14:13:56 +00:00
|
|
|
mkdir -p /opt/unbound/etc/unbound/dev &&
|
|
|
|
|
cp -a /dev/random /dev/urandom /opt/unbound/etc/unbound/dev/
|
2015-07-05 23:39:54 +00:00
|
|
|
|
2019-08-05 14:13:56 +00:00
|
|
|
mkdir -p -m 700 /opt/unbound/etc/unbound/var &&
|
|
|
|
|
chown _unbound:_unbound /opt/unbound/etc/unbound/var &&
|
|
|
|
|
/opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key
|
2015-07-05 23:39:54 +00:00
|
|
|
|
2015-11-28 12:19:39 +00:00
|
|
|
if [ ! -f /opt/unbound/etc/unbound/unbound_control.pem ]; then
|
2019-10-01 17:55:57 +00:00
|
|
|
/opt/unbound/sbin/unbound-control-setup 2> /dev/null || :
|
2015-11-28 12:19:39 +00:00
|
|
|
fi
|
|
|
|
|
|
2016-08-24 22:42:13 +00:00
|
|
|
mkdir -p /opt/unbound/etc/unbound/zones
|
|
|
|
|
|
2015-07-05 23:39:54 +00:00
|
|
|
exec /opt/unbound/sbin/unbound
|
