| raw e-mail | index | archive | help
Hello, I had a look at it and it appears people already thought of this: # ls -l /var/unbound/ total 24 drwxr-xr-x 2 unbound unbound 512 Nov 10 07:07 conf.d -rw-r--r-- 1 root unbound 193 Mar 27 07:25 control.conf -rw-r--r-- 1 root unbound 223 Mar 27 07:25 forward.conf -rw-r--r-- 1 root unbound 189 Mar 27 07:25 lan-zones.conf -rw-r--r-- 1 unbound unbound 758 Mar 27 07:25 root.key -rw-r--r-- 1 root unbound 411 Mar 27 07:25 unbound.conf In the conf.d directory I can put my customisations that get included via unbound.conf The only issue I found is that the logic in /etc/rc.d/local_unbound script is a bit buggy. With no config files in /var/unbound it generates correct config: # sysrc local_unbound_enable=YES # sysrc local_unbound_tls=YES # sysrc local_unbound_forwarders="1.0.0.1@853#one.one.one.one 1.1.1.1@853#one.one.one.one" # service local_unbound start Performing initial setup. destination: Extracting forwarders from /etc/resolv.conf. /var/unbound/forward.conf created /var/unbound/lan-zones.conf created /var/unbound/control.conf created /var/unbound/unbound.conf created /etc/resolvconf.conf created Original /etc/resolv.conf saved as /var/backups/resolv.conf. 20240327.070818 Starting local_unbound. However if I later decide for example, to disable TLS: # service local_unbound stop # sysrc local_unbound_tls=NO local_unbound_tls: YES -> NO # service local_unbound start Starting local_unbound. Waiting for nameserver to start... good No config files are updated and TLS is still enabled: # cat /var/unbound/forward.conf # This file was generated by local-unbound-setup. # Modifications will be overwritten. forward-zone: name: . forward-tls-upstream: yes forward-addr: 1.0.0.1@853#one.one.one.one forward-addr: 1.1.1.1@853#one.one.one.one This is due to this function in /etc/rc.d/local_unbound which runs setup only if unbound config file is missing. local_unbound_prestart() { # Create configuration file if [ ! -f ${local_unbound_config} ] ; then run_rc_command setup fi # Retrieve DNSSEC root key if [ ! -s ${local_unbound_anchor} ] ; then run_rc_command anchor fi } I guess the workaround is to "rm -f /var/unbound/*" after changes to rc.conf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>