From dbed5be4c453c000d3e228173690923264b29860 Mon Sep 17 00:00:00 2001
From: Mohd Husaam Mehdi <husaam.mehdi@iopsys.eu>
Date: Wed, 28 Aug 2024 19:04:48 +0530
Subject: [PATCH] unbound: generate default uci and set conf file

* add uci-defaults script to generate unbound config that makes
  it work with odhcpd and lets it forward (not resolve) queries
  to dns servers provided via upstream dhcp
* update dhcp UCI to use unbound
---
 net/unbound/Makefile                  |  4 +-
 net/unbound/files/unbound.uci_default | 73 +++++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 2 deletions(-)
 create mode 100644 net/unbound/files/unbound.uci_default

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 06fd877edc..9f332ca9d2 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -215,8 +215,6 @@ define Package/unbound-daemon/install
 	$(INSTALL_DATA) ./files/root.key $(1)/etc/unbound/root.key
 	$(INSTALL_CONF) ./files/unbound_ext.conf $(1)/etc/unbound/unbound_ext.conf
 	$(INSTALL_CONF) ./files/unbound_srv.conf $(1)/etc/unbound/unbound_srv.conf
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_CONF) ./files/unbound.uci $(1)/etc/config/unbound
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
 	$(INSTALL_BIN)  ./files/unbound.ntpd $(1)/etc/hotplug.d/ntp/25-unbound
 	$(INSTALL_DIR) $(1)/etc/init.d
@@ -229,6 +227,8 @@ define Package/unbound-daemon/install
 	$(INSTALL_DATA) ./files/odhcpd.awk $(1)/usr/lib/unbound/odhcpd.awk
 	$(INSTALL_DATA) ./files/stopping.sh $(1)/usr/lib/unbound/stopping.sh
 	$(INSTALL_DATA) ./files/unbound.sh $(1)/usr/lib/unbound/unbound.sh
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/unbound.uci_default $(1)/etc/uci-defaults/16-generate-unbound-config
 endef
 
 define Package/libunbound/install
diff --git a/net/unbound/files/unbound.uci_default b/net/unbound/files/unbound.uci_default
new file mode 100644
index 0000000000..7360700c58
--- /dev/null
+++ b/net/unbound/files/unbound.uci_default
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+if [ -s "/etc/config/unbound" ]; then
+	if uci -q get unbound.@unbound[0] >/dev/null; then
+		# return if there is any valid content
+		exit 0
+	fi
+fi
+
+# generate a fresh unbound UCI config
+UNBOUND_CONF=/etc/config/unbound
+
+rm -rf "$UNBOUND_CONF"
+touch "$UNBOUND_CONF"
+
+# salient features of this UCI are:
+# 1) dhcp_link is odhcpd
+# 2) unbound_control is 1
+#    in IOWRT dnsmasq and unbound are not intended to coexist
+#    so odhcpd will handle DHCPv4 and v6 so dhcp_link and
+#    unbound_control is set accordingly to facilitate interaction
+#    between unbound and odhcpd, which is needed for DHCP-DNS
+#    please see openwrt unbound configuration help for more details
+#    
+# 3) forward_zone has resolv_conf set to '1'
+#    we want the network to use DNS server provided by upstream DHCP
+uci -q batch <<-EOF >/dev/null
+set unbound.ub_main=unbound
+set unbound.ub_main.add_extra_dns='0'
+set unbound.ub_main.add_local_fqdn='1'
+set unbound.ub_main.add_wan_fqdn='0'
+set unbound.ub_main.dhcp_link='odhcpd'
+set unbound.ub_main.dhcp4_slaac6='0'
+set unbound.ub_main.dns64='0'
+set unbound.ub_main.dns64_prefix='64:ff9b::/96'
+set unbound.ub_main.domain='lan'
+set unbound.ub_main.domain_type='static'
+set unbound.ub_main.edns_size='1232'
+set unbound.ub_main.extended_stats='0'
+set unbound.ub_main.hide_binddata='1'
+set unbound.ub_main.interface_auto='1'
+set unbound.ub_main.listen_port='53'
+set unbound.ub_main.localservice='1'
+set unbound.ub_main.manual_conf='0'
+set unbound.ub_main.num_threads='1'
+set unbound.ub_main.protocol='default'
+set unbound.ub_main.query_minimize='0'
+set unbound.ub_main.query_min_strict='0'
+set unbound.ub_main.rate_limit='0'
+set unbound.ub_main.rebind_localhost='0'
+set unbound.ub_main.rebind_protection='1'
+set unbound.ub_main.recursion='default'
+set unbound.ub_main.resource='default'
+set unbound.ub_main.root_age='9'
+set unbound.ub_main.ttl_min='120'
+set unbound.ub_main.ttl_neg_max='1000'
+set unbound.ub_main.unbound_control='1'
+set unbound.ub_main.validator='0'
+set unbound.ub_main.validator_ntp='1'
+set unbound.ub_main.verbosity='1'
+add_list unbound.ub_main.iface_trig='lan'
+add_list unbound.ub_main.iface_trig='wan'
+set unbound.ub_main.iface_wan='wan'
+set unbound.fwd_isp=zone
+set unbound.fwd_isp.enabled='1'
+set unbound.fwd_isp.fallback='1'
+set unbound.fwd_isp.resolv_conf='1'
+set unbound.fwd_isp.zone_type='forward_zone'
+add_list unbound.fwd_isp.zone_name='.'
+commit unbound
+EOF
+
+exit 0
-- 
GitLab