This updates to the head of the unbound tree, adding Ilya Bakulin's code to
support unbound-control over a unix domain socket rather than SSL. I don't
see many standard cases needing the SSL socket any more, so I've removed
the code from the rc.d script that automatically generates SSL keys when
control-enable is used, if somebody wants to control from a remote machine
they can always do this themselves.
Any comments/OKs?
Index: etc/unbound.conf
===
RCS file: /cvs/src/etc/unbound.conf,v
retrieving revision 1.4
diff -u -p -r1.4 unbound.conf
--- etc/unbound.conf2 Apr 2014 21:43:30 - 1.4
+++ etc/unbound.conf17 Feb 2015 00:53:05 -
@@ -37,6 +37,11 @@ server:
#
#tcp-upstream: yes
+remote-control:
+ control-enable: yes
+ control-use-cert: no
+ control-interface: /var/run/unbound.sock
+
# Use an upstream forwarder (recursive resolver) for specific zones.
# Example addresses given below are public resolvers valid as of 2014/03.
#
Index: etc/rc.d/unbound
===
RCS file: /cvs/src/etc/rc.d/unbound,v
retrieving revision 1.2
diff -u -p -r1.2 unbound
--- etc/rc.d/unbound29 Dec 2014 11:17:43 - 1.2
+++ etc/rc.d/unbound17 Feb 2015 00:53:05 -
@@ -8,16 +8,9 @@ daemon_flags=-c /var/unbound/etc/unboun
. /etc/rc.d/rc.subr
pexp=unbound${daemon_flags:+ ${daemon_flags}}
+rc_reload=NO
rc_pre() {
- if grep '^[[:space:]]*control-enable:[[:space:]]*yes' \
- /var/unbound/etc/unbound.conf /dev/null 21 \
- ! [[ -f /var/unbound/etc/unbound_server.key ||
- -f /var/unbound/etc/unbound_server.pem ||
- -f /var/unbound/etc/unbound_control.key ||
- -f /var/unbound/etc/unbound_control.pem ]]; then
- /usr/sbin/unbound-control-setup 2 /dev/null
- fi
if grep '^[[:space:]]*auto-trust-anchor-file:' \
/var/unbound/etc/unbound.conf /dev/null 21; then
/usr/sbin/unbound-anchor -v || true
Index: usr.sbin/unbound/Makefile.in
===
RCS file: /cvs/src/usr.sbin/unbound/Makefile.in,v
retrieving revision 1.13
diff -u -p -r1.13 Makefile.in
--- usr.sbin/unbound/Makefile.in11 Dec 2014 16:26:58 - 1.13
+++ usr.sbin/unbound/Makefile.in17 Feb 2015 00:53:05 -
@@ -459,8 +459,8 @@ strip:
$(STRIP) unbound$(EXEEXT)
$(STRIP) unbound-checkconf$(EXEEXT)
$(STRIP) unbound-control$(EXEEXT)
- $(STRIP) unbound-host$(EXEEXT)
- $(STRIP) unbound-anchor$(EXEEXT)
+ $(STRIP) unbound-host$(EXEEXT) || $(STRIP) .libs/unbound-host$(EXEEXT)
+ $(STRIP) unbound-anchor$(EXEEXT) || $(STRIP)
.libs/unbound-anchor$(EXEEXT)
pythonmod-install:
$(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG)
@@ -579,6 +579,7 @@ depend:
-e
's?$$(srcdir)/util/configlexer.c?util/configlexer.c?g' \
-e
's?$$(srcdir)/util/configparser.c?util/configparser.c?g' \
-e
's?$$(srcdir)/util/configparser.h?util/configparser.h?g' \
+ -e 's?$$(srcdir)/dnstap/dnstap_config.h??g' \
-e
's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \
-e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \
$(DEPEND_TMP)
@@ -692,13 +693,14 @@ iter_utils.lo iter_utils.o: $(srcdir)/it
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h
$(srcdir)/ldns/sbuffer.h
listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c
config.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h
$(srcdir)/services/outside_network.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h
$(srcdir)/util/net_help.h \
- $(srcdir)/ldns/sbuffer.h
+ $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/net_help.h $(srcdir)/ldns/sbuffer.h
localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h
$(srcdir)/services/localzone.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/regional.h
$(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/data/msgencode.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h
$(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h
$(srcdir)/util/rbtree.h \
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h
$(srcdir)/util/storage/lruhash.h