diff options
Diffstat (limited to 'external/unbound/contrib')
26 files changed, 0 insertions, 3213 deletions
diff --git a/external/unbound b/external/unbound new file mode 160000 +Subproject 193bdc4ee3fe2b0d17e547e86512528c2614483 diff --git a/external/unbound/contrib/README b/external/unbound/contrib/README deleted file mode 100644 index 7ccae735d..000000000 --- a/external/unbound/contrib/README +++ /dev/null @@ -1,33 +0,0 @@ -These files are contributed to unbound, and are not part of the official -distribution but may be helpful. - -* rc_d_unbound: FreeBSD compatible /etc/rc.d script. -* parseunbound.pl: perl script to run from cron that parses statistics from - the log file and stores them. -* unbound.spec and unbound.init: RPM specfile and Linux rc.d initfile. -* update-anchor.sh: shell script that uses unbound-host to update a set - of trust anchor files. Run from cron twice a month. -* unbound_munin_ : plugin for munin statistics report -* unbound_cacti.tar.gz : setup files for cacti statistics report -* selinux: the .fc and .te files for SElinux protection of the unbound daemon -* unbound.plist: launchd configuration file for MacOSX. -* build-unbound-localzone-from-hosts.pl: perl script to turn /etc/hosts into - a local-zone and local-data include file for unbound.conf. -* unbound-host.nagios.patch: makes unbound-host return status that fits right - in with the nagios monitoring framework. Contributed by Migiel de Vos. -* patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise - it is treated as insecure). The RSAMD5 algorithm is deprecated (RFC6725). -* create_unbound_ad_servers.sh: shell script to enter anti-ad server lists. -* create_unbound_ad_servers.cmd: windows script to enter anti-ad server lists. -* unbound_cache.sh: shell script to save and load the cache. -* unbound_cache.cmd: windows script to save and load the cache. -* warmup.sh: shell script to warm up DNS cache by your own MRU domains. -* warmup.cmd: windows script to warm up DNS cache by your own MRU domains. -* aaaa-filter-iterator.patch: adds config option aaaa-filter: yes that - works like the BIND feature (removes AAAA records unless AAAA-only domain). - Useful for certain 'broken IPv6 default route' scenarios. - Patch from Stephane Lapie for ASAHI Net. -* unbound_smf22.tar.gz: Solaris SMF installation/removal scripts. - Contributed by Yuri Voinov. -* unbound.socket and unbound.service: systemd files for unbound, install them - in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. diff --git a/external/unbound/contrib/aaaa-filter-iterator.patch b/external/unbound/contrib/aaaa-filter-iterator.patch deleted file mode 100644 index 0647f4979..000000000 --- a/external/unbound/contrib/aaaa-filter-iterator.patch +++ /dev/null @@ -1,413 +0,0 @@ -Index: trunk/doc/unbound.conf.5.in -=================================================================== ---- trunk/doc/unbound.conf.5.in (revision 3587) -+++ trunk/doc/unbound.conf.5.in (working copy) -@@ -593,6 +593,13 @@ - possible. Best effort approach, full QNAME and original QTYPE will be sent when - upstream replies with a RCODE other than NOERROR. Default is off. - .TP -+.B aaaa\-filter: \fI<yes or no> -+Activate behavior similar to BIND's AAAA-filter. -+This forces the dropping of all AAAA records, unless in the case of -+explicit AAAA queries, when no A records have been confirmed. -+This also causes an additional A query to be sent for each AAAA query. -+This breaks DNSSEC! -+.TP - .B private\-address: \fI<IP address or subnet> - Give IPv4 of IPv6 addresses or classless subnets. These are addresses - on your private network, and are not allowed to be returned for -Index: trunk/iterator/iter_scrub.c -=================================================================== ---- trunk/iterator/iter_scrub.c (revision 3587) -+++ trunk/iterator/iter_scrub.c (working copy) -@@ -617,6 +617,32 @@ - } - - /** -+ * ASN: Lookup A records from rrset cache. -+ * @param qinfo: the question originally asked. -+ * @param env: module environment with config and cache. -+ * @param ie: iterator environment with private address data. -+ * @return 0 if no A record found, 1 if A record found. -+ */ -+static int -+asn_lookup_a_record_from_cache(struct query_info* qinfo, -+ struct module_env* env, struct iter_env* ATTR_UNUSED(ie)) -+{ -+ struct ub_packed_rrset_key* akey; -+ -+ /* get cached A records for queried name */ -+ akey = rrset_cache_lookup(env->rrset_cache, qinfo->qname, -+ qinfo->qname_len, LDNS_RR_TYPE_A, qinfo->qclass, -+ 0, *env->now, 0); -+ if(akey) { /* we had some. */ -+ log_rrset_key(VERB_ALGO, "ASN-AAAA-filter: found A record", -+ akey); -+ lock_rw_unlock(&akey->entry.lock); -+ return 1; -+ } -+ return 0; -+} -+ -+/** - * Given a response event, remove suspect RRsets from the response. - * "Suspect" rrsets are potentially poison. Note that this routine expects - * the response to be in a "normalized" state -- that is, all "irrelevant" -@@ -635,6 +661,7 @@ - struct query_info* qinfo, uint8_t* zonename, struct module_env* env, - struct iter_env* ie) - { -+ int found_a_record = 0; /* ASN: do we have a A record? */ - int del_addi = 0; /* if additional-holding rrsets are deleted, we - do not trust the normalized additional-A-AAAA any more */ - struct rrset_parse* rrset, *prev; -@@ -670,6 +697,13 @@ - rrset = rrset->rrset_all_next; - } - -+ /* ASN: Locate any A record we can find */ -+ if((ie->aaaa_filter) && (qinfo->qtype == LDNS_RR_TYPE_AAAA)) { -+ found_a_record = asn_lookup_a_record_from_cache(qinfo, -+ env, ie); -+ } -+ /* ASN: End of added code */ -+ - /* At this point, we brutally remove ALL rrsets that aren't - * children of the originating zone. The idea here is that, - * as far as we know, the server that we contacted is ONLY -@@ -681,6 +715,24 @@ - rrset = msg->rrset_first; - while(rrset) { - -+ /* ASN: For AAAA records only... */ -+ if((ie->aaaa_filter) && (rrset->type == LDNS_RR_TYPE_AAAA)) { -+ /* ASN: If this is not a AAAA query, then remove AAAA -+ * records, no questions asked. If this IS a AAAA query -+ * then remove AAAA records if we have an A record. -+ * Otherwise, leave things be. */ -+ if((qinfo->qtype != LDNS_RR_TYPE_AAAA) || -+ (found_a_record)) { -+ remove_rrset("ASN-AAAA-filter: removing AAAA " -+ "for record", pkt, msg, prev, &rrset); -+ continue; -+ } -+ log_nametypeclass(VERB_ALGO, "ASN-AAAA-filter: " -+ "keep AAAA for", zonename, -+ LDNS_RR_TYPE_AAAA, qinfo->qclass); -+ } -+ /* ASN: End of added code */ -+ - /* remove private addresses */ - if( (rrset->type == LDNS_RR_TYPE_A || - rrset->type == LDNS_RR_TYPE_AAAA)) { -Index: trunk/iterator/iter_utils.c -=================================================================== ---- trunk/iterator/iter_utils.c (revision 3587) -+++ trunk/iterator/iter_utils.c (working copy) -@@ -175,6 +175,7 @@ - } - iter_env->supports_ipv6 = cfg->do_ip6; - iter_env->supports_ipv4 = cfg->do_ip4; -+ iter_env->aaaa_filter = cfg->aaaa_filter; - return 1; - } - -Index: trunk/iterator/iterator.c -=================================================================== ---- trunk/iterator/iterator.c (revision 3587) -+++ trunk/iterator/iterator.c (working copy) -@@ -1776,6 +1776,53 @@ - - return 0; - } -+ -+/** -+ * ASN: This event state was added as an intermediary step between -+ * QUERYTARGETS_STATE and the next step, in order to cast a subquery for the -+ * purpose of caching A records for the queried name. -+ * -+ * @param qstate: query state. -+ * @param iq: iterator query state. -+ * @param ie: iterator shared global environment. -+ * @param id: module id. -+ * @return true if the event requires more request processing immediately, -+ * false if not. This state only returns true when it is generating -+ * a SERVFAIL response because the query has hit a dead end. -+ */ -+static int -+asn_processQueryAAAA(struct module_qstate* qstate, struct iter_qstate* iq, -+ struct iter_env* ATTR_UNUSED(ie), int id) -+{ -+ struct module_qstate* subq = NULL; -+ -+ log_assert(iq->fetch_a_for_aaaa == 0); -+ -+ /* flag the query properly in order to not loop */ -+ iq->fetch_a_for_aaaa = 1; -+ -+ /* re-throw same query, but with a different type */ -+ if(!generate_sub_request(iq->qchase.qname, -+ iq->qchase.qname_len, LDNS_RR_TYPE_A, -+ iq->qchase.qclass, qstate, id, iq, -+ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { -+ log_nametypeclass(VERB_ALGO, "ASN-AAAA-filter: failed " -+ "preloading of A record for", -+ iq->qchase.qname, LDNS_RR_TYPE_A, -+ iq->qchase.qclass); -+ return error_response(qstate, id, LDNS_RCODE_SERVFAIL); -+ } -+ log_nametypeclass(VERB_ALGO, "ASN-AAAA-filter: " -+ "preloading records in cache for", -+ iq->qchase.qname, LDNS_RR_TYPE_A, -+ iq->qchase.qclass); -+ -+ /* set this query as waiting */ -+ qstate->ext_state[id] = module_wait_subquery; -+ /* at this point break loop */ -+ return 0; -+} -+/* ASN: End of added code */ - - /** - * This is the request event state where the request will be sent to one of -@@ -1823,6 +1870,13 @@ - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - -+ /* ASN: If we have a AAAA query, then also query for A records */ -+ if((ie->aaaa_filter) && (iq->qchase.qtype == LDNS_RR_TYPE_AAAA) && -+ (iq->fetch_a_for_aaaa == 0)) { -+ return next_state(iq, ASN_FETCH_A_FOR_AAAA_STATE); -+ } -+ /* ASN: End of added code */ -+ - /* Make sure we have a delegation point, otherwise priming failed - * or another failure occurred */ - if(!iq->dp) { -@@ -2922,6 +2976,61 @@ - return 0; - } - -+/** -+ * ASN: Do final processing on responses to A queries originated from AAAA -+ * queries. Events reach this state after the iterative resolution algorithm -+ * terminates. -+ * This is required down the road to decide whether to scrub AAAA records -+ * from the results or not. -+ * -+ * @param qstate: query state. -+ * @param id: module id. -+ * @param forq: super query state. -+ */ -+static void -+asn_processAAAAResponse(struct module_qstate* qstate, int id, -+ struct module_qstate* super) -+{ -+ /*struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id];*/ -+ struct iter_qstate* super_iq = (struct iter_qstate*)super->minfo[id]; -+ struct delegpt_ns* dpns = NULL; -+ int error = (qstate->return_rcode != LDNS_RCODE_NOERROR); -+ -+ log_assert(super_iq->fetch_a_for_aaaa > 0); -+ -+ /* let super go to evaluation of targets after this */ -+ super_iq->state = QUERYTARGETS_STATE; -+ -+ log_query_info(VERB_ALGO, "ASN-AAAA-filter: processAAAAResponse", -+ &qstate->qinfo); -+ log_query_info(VERB_ALGO, "ASN-AAAA-filter: processAAAAResponse super", -+ &super->qinfo); -+ -+ if(super_iq->dp) -+ dpns = delegpt_find_ns(super_iq->dp, -+ qstate->qinfo.qname, qstate->qinfo.qname_len); -+ if (!dpns) { -+ /* not interested */ -+ verbose(VERB_ALGO, "ASN-AAAA-filter: subq: %s, but parent not " -+ "interested%s", (error ? "error, but" : "success"), -+ (super_iq->dp ? "anymore" : " (was reset)")); -+ log_query_info(VERB_ALGO, "ASN-AAAA-filter: superq", &super->qinfo); -+ if(super_iq->dp && error) -+ delegpt_log(VERB_ALGO, super_iq->dp); -+ return; -+ } else if (error) { -+ verbose(VERB_ALGO, "ASN-AAAA-filter: mark as failed, " -+ "and go to target query."); -+ /* see if the failure did get (parent-lame) info */ -+ if(!cache_fill_missing(super->env, -+ super_iq->qchase.qclass, super->region, -+ super_iq->dp)) -+ log_err("ASN-AAAA-filter: out of memory adding missing"); -+ dpns->resolved = 1; /* mark as failed */ -+ } -+} -+/* ASN: End of added code */ -+ - /* - * Return priming query results to interestes super querystates. - * -@@ -2941,6 +3050,9 @@ - else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*) - super->minfo[id])->state == DSNS_FIND_STATE) - processDSNSResponse(qstate, id, super); -+ else if (super->qinfo.qtype == LDNS_RR_TYPE_AAAA && ((struct iter_qstate*) -+ super->minfo[id])->state == ASN_FETCH_A_FOR_AAAA_STATE) -+ asn_processAAAAResponse(qstate, id, super); - else if(qstate->return_rcode != LDNS_RCODE_NOERROR) - error_supers(qstate, id, super); - else if(qstate->is_priming) -@@ -2978,6 +3090,9 @@ - case INIT_REQUEST_3_STATE: - cont = processInitRequest3(qstate, iq, id); - break; -+ case ASN_FETCH_A_FOR_AAAA_STATE: -+ cont = asn_processQueryAAAA(qstate, iq, ie, id); -+ break; - case QUERYTARGETS_STATE: - cont = processQueryTargets(qstate, iq, ie, id); - break; -@@ -3270,6 +3385,8 @@ - return "INIT REQUEST STATE (stage 2)"; - case INIT_REQUEST_3_STATE: - return "INIT REQUEST STATE (stage 3)"; -+ case ASN_FETCH_A_FOR_AAAA_STATE: -+ return "ASN_FETCH_A_FOR_AAAA_STATE"; - case QUERYTARGETS_STATE : - return "QUERY TARGETS STATE"; - case PRIME_RESP_STATE : -@@ -3294,6 +3411,7 @@ - case INIT_REQUEST_STATE : - case INIT_REQUEST_2_STATE : - case INIT_REQUEST_3_STATE : -+ case ASN_FETCH_A_FOR_AAAA_STATE : - case QUERYTARGETS_STATE : - case COLLECT_CLASS_STATE : - return 0; -Index: trunk/iterator/iterator.h -=================================================================== ---- trunk/iterator/iterator.h (revision 3587) -+++ trunk/iterator/iterator.h (working copy) -@@ -113,6 +113,9 @@ - */ - int* target_fetch_policy; - -+ /** ASN: AAAA-filter flag */ -+ int aaaa_filter; -+ - /** ip6.arpa dname in wireformat, used for qname-minimisation */ - uint8_t* ip6arpa_dname; - }; -@@ -163,6 +166,14 @@ - INIT_REQUEST_3_STATE, - - /** -+ * This state is responsible for intercepting AAAA queries, -+ * and launch a A subquery on the same target, to populate the -+ * cache with A records, so the AAAA filter scrubbing logic can -+ * work. -+ */ -+ ASN_FETCH_A_FOR_AAAA_STATE, -+ -+ /** - * Each time a delegation point changes for a given query or a - * query times out and/or wakes up, this state is (re)visited. - * This state is reponsible for iterating through a list of -@@ -346,6 +357,13 @@ - */ - int refetch_glue; - -+ /** -+ * ASN: This is a flag that, if true, means that this query is -+ * for fetching A records to populate cache and determine if we must -+ * return AAAA records or not. -+ */ -+ int fetch_a_for_aaaa; -+ - /** list of pending queries to authoritative servers. */ - struct outbound_list outlist; - -Index: trunk/pythonmod/interface.i -=================================================================== ---- trunk/pythonmod/interface.i (revision 3587) -+++ trunk/pythonmod/interface.i (working copy) -@@ -632,6 +632,7 @@ - int harden_dnssec_stripped; - int harden_referral_path; - int use_caps_bits_for_id; -+ int aaaa_filter; /* ASN */ - struct config_strlist* private_address; - struct config_strlist* private_domain; - size_t unwanted_threshold; -Index: trunk/util/config_file.c -=================================================================== ---- trunk/util/config_file.c (revision 3587) -+++ trunk/util/config_file.c (working copy) -@@ -176,6 +176,7 @@ - cfg->harden_referral_path = 0; - cfg->harden_algo_downgrade = 0; - cfg->use_caps_bits_for_id = 0; -+ cfg->aaaa_filter = 0; /* ASN: default is disabled */ - cfg->caps_whitelist = NULL; - cfg->private_address = NULL; - cfg->private_domain = NULL; -Index: trunk/util/config_file.h -=================================================================== ---- trunk/util/config_file.h (revision 3587) -+++ trunk/util/config_file.h (working copy) -@@ -179,6 +179,8 @@ - int harden_algo_downgrade; - /** use 0x20 bits in query as random ID bits */ - int use_caps_bits_for_id; -+ /** ASN: enable AAAA filter? */ -+ int aaaa_filter; - /** 0x20 whitelist, domains that do not use capsforid */ - struct config_strlist* caps_whitelist; - /** strip away these private addrs from answers, no DNS Rebinding */ -Index: trunk/util/configlexer.lex -=================================================================== ---- trunk/util/configlexer.lex (revision 3587) -+++ trunk/util/configlexer.lex (working copy) -@@ -267,6 +267,7 @@ - use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } - caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } - unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } -+aaaa-filter{COLON} { YDVAR(1, VAR_AAAA_FILTER) } - private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } - private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } - prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } -Index: trunk/util/configparser.y -=================================================================== ---- trunk/util/configparser.y (revision 3587) -+++ trunk/util/configparser.y (working copy) -@@ -92,6 +92,7 @@ - %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT - %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR - %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS -+%token VAR_AAAA_FILTER - %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE - %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE - %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE -@@ -169,6 +170,7 @@ - server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size | - server_harden_referral_path | server_private_address | - server_private_domain | server_extended_statistics | -+ server_aaaa_filter | - server_local_data_ptr | server_jostle_timeout | - server_unwanted_reply_threshold | server_log_time_ascii | - server_domain_insecure | server_val_sig_skew_min | -@@ -893,6 +895,15 @@ - yyerror("out of memory"); - } - ; -+server_aaaa_filter: VAR_AAAA_FILTER STRING_ARG -+ { -+ OUTYY(("P(server_aaaa_filter:%s)\n", $2)); -+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) -+ yyerror("expected yes or no."); -+ else cfg_parser->cfg->aaaa_filter = (strcmp($2, "yes")==0); -+ free($2); -+ } -+ ; - server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG - { - OUTYY(("P(server_private_address:%s)\n", $2)); diff --git a/external/unbound/contrib/build-unbound-localzone-from-hosts.pl b/external/unbound/contrib/build-unbound-localzone-from-hosts.pl deleted file mode 100644 index c11bbc330..000000000 --- a/external/unbound/contrib/build-unbound-localzone-from-hosts.pl +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/perl -WT - -use strict; -use warnings; - -my $hostsfile = '/etc/hosts'; -my $localzonefile = '/etc/unbound/localzone.conf.new'; - -my $localzone = 'example.com'; - -open( HOSTS,"<${hostsfile}" ) or die( "Could not open ${hostsfile}: $!" ); -open( ZONE,">${localzonefile}" ) or die( "Could not open ${localzonefile}: $!" ); - -print ZONE "server:\n\n"; -print ZONE "local-zone: \"${localzone}\" transparent\n\n"; - -my %ptrhash; - -while ( my $hostline = <HOSTS> ) { - - # Skip comments - if ( $hostline !~ "^#" and $hostline !~ '^\s+$' ) { - - my @entries = split( /\s+/, $hostline ); - - my $ip; - - my $count = 0; - foreach my $entry ( @entries ) { - if ( $count == 0 ) { - $ip = $entry; - } else { - - if ( $count == 1) { - - # Only return localhost for 127.0.0.1 and ::1 - if ( ($ip ne '127.0.0.1' and $ip ne '::1') or $entry =~ 'localhost' ) { - if ( ! defined $ptrhash{$ip} ) { - $ptrhash{$ip} = $entry; - print ZONE "local-data-ptr: \"$ip $entry\"\n"; - } - } - - } - - # Use AAAA for IPv6 addresses - my $a = 'A'; - if ( $ip =~ ':' ) { - $a = 'AAAA'; - } - - print ZONE "local-data: \"$entry ${a} $ip\"\n"; - - } - $count++; - } - print ZONE "\n"; - - - } -} - - - - -__END__ - diff --git a/external/unbound/contrib/create_unbound_ad_servers.cmd b/external/unbound/contrib/create_unbound_ad_servers.cmd deleted file mode 100644 index 91d18db3e..000000000 --- a/external/unbound/contrib/create_unbound_ad_servers.cmd +++ /dev/null @@ -1,33 +0,0 @@ -@Echo off
-rem Convert the Yoyo.org anti-ad server listing
-rem into an unbound dns spoof redirection list.
-rem Written by Y.Voinov (c) 2014
-
-rem Note: Wget required!
-
-rem Variables
-set prefix="C:\Program Files (x86)"
-set dst_dir=%prefix%\Unbound
-set work_dir=%TEMP%
-set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
-
-rem Check Wget installed
-for /f "delims=" %%a in ('where wget') do @set wget=%%a
-if /I "%wget%"=="" echo Wget not found. If installed, add path to PATH environment variable. & exit 1
-echo Wget found: %wget%
-
-"%wget%" -O %work_dir%\yoyo_ad_servers %list_addr%
-
-del /Q /F /S %dst_dir%\unbound_ad_servers
-
-for /F "eol=; tokens=*" %%a in (%work_dir%\yoyo_ad_servers) do (
-echo local-zone: %%a redirect>>%dst_dir%\unbound_ad_servers
-echo local-data: "%%a A 127.0.0.1">>%dst_dir%\unbound_ad_servers
-)
-
-echo Done.
-rem then add an include line to your unbound.conf pointing to the full path of
-rem the unbound_ad_servers file:
-rem
-rem include: $dst_dir/unbound_ad_servers
-rem
diff --git a/external/unbound/contrib/create_unbound_ad_servers.sh b/external/unbound/contrib/create_unbound_ad_servers.sh deleted file mode 100644 index c3b05c60c..000000000 --- a/external/unbound/contrib/create_unbound_ad_servers.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -# -# Convert the Yoyo.org anti-ad server listing -# into an unbound dns spoof redirection list. -# Modified by Y.Voinov (c) 2014 - -# Note: Wget required! - -# Variables -dst_dir="/etc/opt/csw/unbound" -work_dir="/tmp" -list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" - -# OS commands -CAT=`which cat` -ECHO=`which echo` -WGET=`which wget` - -# Check Wget installed -if [ ! -f $WGET ]; then - echo "Wget not found. Exiting..." - exit 1 -fi - -$WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \ -$CAT $work_dir/yoyo_ad_servers | \ -while read line ; \ - do \ - $ECHO "local-zone: \"$line\" redirect" ;\ - $ECHO "local-data: \"$line A 127.0.0.1\"" ;\ - done > \ -$dst_dir/unbound_ad_servers - -echo "Done." -# then add an include line to your unbound.conf pointing to the full path of -# the unbound_ad_servers file: -# -# include: $dst_dir/unbound_ad_servers -# diff --git a/external/unbound/contrib/parseunbound.pl b/external/unbound/contrib/parseunbound.pl deleted file mode 100644 index 6a6a76d6f..000000000 --- a/external/unbound/contrib/parseunbound.pl +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/local/bin/perl -w -# -# Script to parse the output from the unbound namedaemon. -# Unbound supports a threading model, and outputs a multiline log-blob for -# every thread. -# -# This script should parse all threads of the once, and store it -# in a local cached file for speedy results when queried lots. -# -use strict; -use POSIX qw(SEEK_END); -use Storable; -use FileHandle; -use Carp qw(croak carp); -use constant UNBOUND_CACHE => "/var/tmp/unbound-cache.stor"; - -my $run_from_cron = @ARGV && $ARGV[0] eq "--cron" && shift; -my $DEBUG = -t STDERR; - -# NB. VERY IMPORTANTES: set this when running this script. -my $numthreads = 4; - -### if cache exists, read it in. and is newer than 3 minutes -if ( -r UNBOUND_CACHE ) { - my $result = retrieve(UNBOUND_CACHE); - if (-M _ < 3/24/60 && !$run_from_cron ) { - print STDERR "Cached results:\n" if $DEBUG; - print join("\n", @$result), "\n"; - exit; - } -} -my $logfile = shift or die "Usage: parseunbound.pl --cron unboundlogfile"; -my $in = new FileHandle $logfile or die "Cannot open $logfile: $!\n"; - -# there is a special key 'thread' that indicates the thread. its not used, but returned anyway. -my @records = ('thread', 'queries', 'cachehits', 'recursions', 'recursionavg', - 'outstandingmax', 'outstandingavg', 'outstandingexc', - 'median25', 'median50', 'median75', - 'us_0', 'us_1', 'us_2', 'us_4', 'us_8', 'us_16', 'us_32', - 'us_64', 'us_128', 'us_256', 'us_512', 'us_1024', 'us_2048', - 'us_4096', 'us_8192', 'us_16384', 'us_32768', 'us_65536', - 'us_131072', 'us_262144', 'us_524288', 's_1', 's_2', 's_4', - 's_8', 's_16', 's_32', 's_64', 's_128', 's_256', 's_512'); -# Stats hash containing one or more keys. for every thread, 1 key. -my %allstats = (); # key="$threadid", stats={key => value} -my %startstats = (); # when we got a queries entry for this thread -my %donestats = (); # same, but only when we got a histogram entry for it -# stats hash contains name/value pairs of the actual numbers for that thread. -my $offset = 0; -my $inthread=0; -my $inpid; - -# We should continue looping untill we meet these conditions: -# a) more total queries than the previous run (which defaults to 0) AND -# b) parsed all $numthreads threads in the log. -my $numqueries = $previousresult ? $previousresult->[1] : 0; - -# Main loop -while ( scalar keys %startstats < $numthreads || scalar keys %donestats < $numthreads) { - $offset += 10000; - if ( $offset > -s $logfile or $offset > 10_000_000 ) { - die "Cannot find stats in $logfile\n"; - } - $in->seek(-$offset, SEEK_END) or croak "cannot seek $logfile: $!\n"; - - for my $line ( <$in> ) { - chomp($line); - - #[1208777234] unbound[6705:0] - if ($line =~ m/^\[\d+\] unbound\[\d+:(\d+)\]/) { - $inthread = $1; - if ($inthread + 1 > $numthreads) { - die "Hey. lazy. change \$numthreads in this script to ($inthread)\n"; - } - } - # this line doesn't contain a pid:thread. skip. - else { - next; - } - - if ( $line =~ m/info: server stats for thread \d+: (\d+) queries, (\d+) answers from cache, (\d+) recursions/ ) { - $startstats{$inthread} = 1; - $allstats{$inthread}->{thread} = $inthread; - $allstats{$inthread}->{queries} = $1; - $allstats{$inthread}->{cachehits} = $2; - $allstats{$inthread}->{recursions} = $3; - } - elsif ( $line =~ m/info: server stats for thread (\d+): requestlist max (\d+) avg ([0-9\.]+) exceeded (\d+)/ ) { - $allstats{$inthread}->{outstandingmax} = $2; - $allstats{$inthread}->{outstandingavg} = int($3); # This is a float; rrdtool only handles ints. - $allstats{$inthread}->{outstandingexc} = $4; - } - elsif ( $line =~ m/info: average recursion processing time ([0-9\.]+) sec/ ) { - $allstats{$inthread}->{recursionavg} = int($1 * 1000); # change sec to milisec. - } - elsif ( $line =~ m/info: histogram of recursion processing times/ ) { - next; - } - elsif ( $line =~ m/info: \[25%\]=([0-9\.]+) median\[50%\]=([0-9\.]+) \[75%\]=([0-9\.]+)/ ) { - $allstats{$inthread}->{median25} = int($1 * 1000000); # change seconds to usec - $allstats{$inthread}->{median50} = int($2 * 1000000); - $allstats{$inthread}->{median75} = int($3 * 1000000); - } - elsif ( $line =~ m/info: lower\(secs\) upper\(secs\) recursions/ ) { - # since after this line we're unsure if we get these numbers - # at all, we sould consider this marker as the end of the - # block. Chances that we're parsing a file halfway written - # at this stage are small. Bold statement. - $donestats{$inthread} = 1; - next; - } - elsif ( $line =~ m/info:\s+(\d+)\.(\d+)\s+(\d+)\.(\d+)\s+(\d+)/ ) { - my ($froms, $fromus, $toms, $tous, $counter) = ($1, $2, $3, $4, $5); - my $prefix = ''; - if ($froms > 0) { - $allstats{$inthread}->{'s_' . int($froms)} = $counter; - } else { - $allstats{$inthread}->{'us_' . int($fromus)} = $counter; - } - } - } -} - -my @result; -# loop on the records we want to store -for my $key ( @records ) { - my $sum = 0; - # these are the different threads parsed - foreach my $thread ( 0 .. $numthreads - 1 ) { - $sum += ($allstats{$thread}->{$key} || 0); - } - print STDERR "$key = " . $sum . "\n" if $DEBUG; - push @result, $sum; -} -print join("\n", @result), "\n"; -store \@result, UNBOUND_CACHE; - -if ($DEBUG) { - print STDERR "Threads: " . (scalar keys %allstats) . "\n"; -} diff --git a/external/unbound/contrib/patch_rsamd5_enable.diff b/external/unbound/contrib/patch_rsamd5_enable.diff deleted file mode 100644 index dfd4a7b9f..000000000 --- a/external/unbound/contrib/patch_rsamd5_enable.diff +++ /dev/null @@ -1,22 +0,0 @@ -Index: validator/val_secalgo.c -=================================================================== ---- validator/val_secalgo.c (revision 2759) -+++ validator/val_secalgo.c (working copy) -@@ -153,7 +153,7 @@ - switch(id) { - case LDNS_RSAMD5: - /* RFC 6725 deprecates RSAMD5 */ -- return 0; -+ return 1; - case LDNS_DSA: - case LDNS_DSA_NSEC3: - case LDNS_RSASHA1: -@@ -617,7 +617,7 @@ - switch(id) { - case LDNS_RSAMD5: - /* RFC 6725 deprecates RSAMD5 */ -- return 0; -+ return 1; - case LDNS_DSA: - case LDNS_DSA_NSEC3: - case LDNS_RSASHA1: diff --git a/external/unbound/contrib/rc_d_unbound b/external/unbound/contrib/rc_d_unbound deleted file mode 100755 index 56516147f..000000000 --- a/external/unbound/contrib/rc_d_unbound +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -# -# unbound freebsd startup rc.d script, modified from the named script. -# uses the default unbound installation path and pidfile location. -# copy this to /etc/rc.d/unbound -# and put unbound_enable="YES" into rc.conf -# - -# PROVIDE: unbound -# REQUIRE: SERVERS cleanvar -# KEYWORD: shutdown - -. /etc/rc.subr - -name="unbound" -rcvar=`set_rcvar` - -load_rc_config $name - -command="/usr/local/sbin/unbound" -pidfile=${unbound_pidfile:-"/usr/local/etc/unbound/unbound.pid"} -command_args=${unbound_flags:-"-c /usr/local/etc/unbound/unbound.conf"} -extra_commands="reload" - -run_rc_command "$1" diff --git a/external/unbound/contrib/selinux/unbound.fc b/external/unbound/contrib/selinux/unbound.fc deleted file mode 100644 index f7e63eada..000000000 --- a/external/unbound/contrib/selinux/unbound.fc +++ /dev/null @@ -1,4 +0,0 @@ -/etc/unbound(/.*)? system_u:object_r:unbound_conf_t:s0 -/etc/rc\.d/init\.d/unbound -- system_u:object_r:unbound_initrc_exec_t:s0 -/usr/sbin/unbound -- system_u:object_r:unbound_exec_t:s0 -/var/run/unbound(/.*)? system_u:object_r:unbound_var_run_t:s0 diff --git a/external/unbound/contrib/selinux/unbound.te b/external/unbound/contrib/selinux/unbound.te deleted file mode 100644 index d407ed351..000000000 --- a/external/unbound/contrib/selinux/unbound.te +++ /dev/null @@ -1,42 +0,0 @@ -policy_module(unbound, 0.1.0) - -type unbound_t; -type unbound_conf_t; -type unbound_exec_t; -type unbound_initrc_exec_t; -type unbound_var_run_t; - -init_daemon_domain(unbound_t, unbound_exec_t) -init_script_file(unbound_initrc_exec_t) - -role system_r types unbound_t; - -# XXX -# unbound-{checkconf,control} are not protected. Do we need protect them? - -# Unbound daemon - -auth_use_nsswitch(unbound_t) -dev_read_urand(unbound_t) -corenet_all_recvfrom_unlabeled(unbound_t) -corenet_tcp_bind_all_nodes(unbound_t) -corenet_tcp_bind_dns_port(unbound_t) -corenet_tcp_bind_rndc_port(unbound_t) -corenet_udp_bind_all_nodes(unbound_t) -corenet_udp_bind_all_unreserved_ports(unbound_t) -corenet_udp_bind_dns_port(unbound_t) -files_read_etc_files(unbound_t) -files_pid_file(unbound_var_run_t) -files_type(unbound_conf_t) -libs_use_ld_so(unbound_t) -libs_use_shared_libs(unbound_t) -logging_send_syslog_msg(unbound_t) -manage_files_pattern(unbound_t, unbound_var_run_t, unbound_var_run_t) -miscfiles_read_localization(unbound_t) -read_files_pattern(unbound_t, unbound_conf_t, unbound_conf_t) - -allow unbound_t self:capability { setuid chown net_bind_service setgid dac_override }; -allow unbound_t self:tcp_socket create_stream_socket_perms; -allow unbound_t self:udp_socket create_socket_perms; - -################################################### diff --git a/external/unbound/contrib/unbound-host.nagios.patch b/external/unbound/contrib/unbound-host.nagios.patch deleted file mode 100644 index 5b249b636..000000000 --- a/external/unbound/contrib/unbound-host.nagios.patch +++ /dev/null @@ -1,134 +0,0 @@ -Index: smallapp/unbound-host.c -=================================================================== ---- smallapp/unbound-host.c (revision 2115) -+++ smallapp/unbound-host.c (working copy) -@@ -62,9 +62,18 @@ - #include "libunbound/unbound.h" - #include <ldns/ldns.h> - -+/** status variable ala nagios */ -+#define FINAL_STATUS_OK 0 -+#define FINAL_STATUS_WARNING 1 -+#define FINAL_STATUS_CRITICAL 2 -+#define FINAL_STATUS_UNKNOWN 3 -+ - /** verbosity for unbound-host app */ - static int verb = 0; - -+/** variable to determine final output */ -+static int final_status = FINAL_STATUS_UNKNOWN; -+ - /** Give unbound-host usage, and exit (1). */ - static void - usage() -@@ -93,7 +102,7 @@ - printf("Version %s\n", PACKAGE_VERSION); - printf("BSD licensed, see LICENSE in source package for details.\n"); - printf("Report bugs to %s\n", PACKAGE_BUGREPORT); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - - /** determine if str is ip4 and put into reverse lookup format */ -@@ -138,7 +147,7 @@ - *res = strdup(buf); - if(!*res) { - fprintf(stderr, "error: out of memory\n"); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - return 1; - } -@@ -158,7 +167,7 @@ - } - if(!res) { - fprintf(stderr, "error: out of memory\n"); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - return res; - } -@@ -172,7 +181,7 @@ - if(r == 0 && strcasecmp(t, "TYPE0") != 0 && - strcmp(t, "") != 0) { - fprintf(stderr, "error unknown type %s\n", t); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - return r; - } -@@ -191,7 +200,7 @@ - if(r == 0 && strcasecmp(c, "CLASS0") != 0 && - strcmp(c, "") != 0) { - fprintf(stderr, "error unknown class %s\n", c); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - return r; - } -@@ -207,6 +216,19 @@ - return "(insecure)"; - } - -+/** update the final status for the exit code */ -+void -+update_final_status(struct ub_result* result) -+{ -+ if (final_status == FINAL_STATUS_UNKNOWN || final_status == FINAL_STATUS_OK) { -+ if (result->secure) final_status = FINAL_STATUS_OK; -+ else if (result->bogus) final_status = FINAL_STATUS_CRITICAL; -+ else final_status = FINAL_STATUS_WARNING; -+ } -+ else if (final_status == FINAL_STATUS_WARNING && result->bogus) -+ final_status = FINAL_STATUS_CRITICAL; -+} -+ - /** nice string for type */ - static void - pretty_type(char* s, size_t len, int t) -@@ -353,7 +375,7 @@ - } else { - fprintf(stderr, "could not parse " - "reply packet to ANY query\n"); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - ldns_pkt_free(p); - -@@ -388,9 +410,10 @@ - ret = ub_resolve(ctx, q, t, c, &result); - if(ret != 0) { - fprintf(stderr, "resolve error: %s\n", ub_strerror(ret)); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - pretty_output(q, t, c, result, docname); -+ update_final_status(result); - ret = result->nxdomain; - ub_resolve_free(result); - return ret; -@@ -427,7 +450,7 @@ - { - if(r != 0) { - fprintf(stderr, "error: %s\n", ub_strerror(r)); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - } - -@@ -448,7 +471,7 @@ - ctx = ub_ctx_create(); - if(!ctx) { - fprintf(stderr, "error: out of memory\n"); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - - /* parse the options */ -@@ -509,5 +532,5 @@ - usage(); - - lookup(ctx, argv[0], qtype, qclass); -- return 0; -+ return final_status; - } diff --git a/external/unbound/contrib/unbound.init b/external/unbound/contrib/unbound.init deleted file mode 100644 index 747f94e93..000000000 --- a/external/unbound/contrib/unbound.init +++ /dev/null @@ -1,139 +0,0 @@ -#!/bin/sh -# -# unbound This shell script takes care of starting and stopping -# unbound (DNS server). -# -# chkconfig: - 14 86 -# description: unbound is a Domain Name Server (DNS) \ -# that is used to resolve host names to IP addresses. - -### BEGIN INIT INFO -# Provides: $named unbound -# Required-Start: $network $local_fs -# Required-Stop: $network $local_fs -# Should-Start: $syslog -# Should-Stop: $syslog -# Short-Description: unbound recursive Domain Name Server. -# Description: unbound is a Domain Name Server (DNS) -# that is used to resolve host names to IP addresses. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -exec="/usr/sbin/unbound" -prog="unbound" -config="/var/unbound/unbound.conf" -pidfile="/var/unbound/unbound.pid" -rootdir="/var/unbound" - -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -lockfile=/var/lock/subsys/$prog - -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting $prog: " - - # setup root jail - if [ -s /etc/localtime ]; then - [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; - if [ ! -e ${rootdir}/etc/localtime ] || /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then - cp -fp /etc/localtime ${rootdir}/etc/localtime - fi; - fi; - if [ -s /etc/resolv.conf ]; then - [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; - if [ ! -e ${rootdir}/etc/resolv.conf ] || /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then - cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf - fi; - fi; - if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then - [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; - [ -e ${rootdir}/dev/log ] || touch ${rootdir}/dev/log - mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; - fi; - if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then - [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; - [ -e ${rootdir}/dev/random ] || touch ${rootdir}/dev/random - mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; - fi; - - # if not running, start it up here - daemon $exec - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - # stop it here, often "killproc $prog" - killproc -p $pidfile $prog - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then - umount ${rootdir}/dev/log >/dev/null 2>&1 - fi; - if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then - umount ${rootdir}/dev/random >/dev/null 2>&1 - fi; - return $retval -} - -restart() { - stop - start -} - -reload() { - kill -HUP `cat $pidfile` -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status -p $pidfile $prog -} - -rh_status_q() { - rh_status -p $pidfile >/dev/null 2>&1 -} - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/external/unbound/contrib/unbound.init_fedora b/external/unbound/contrib/unbound.init_fedora deleted file mode 100644 index 9f7e4422b..000000000 --- a/external/unbound/contrib/unbound.init_fedora +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh -# -# unbound This shell script takes care of starting and stopping -# unbound (DNS server). -# -# chkconfig: - 14 86 -# description: unbound is a Domain Name Server (DNS) \ -# that is used to resolve host names to IP addresses. - -### BEGIN INIT INFO -# Provides: unbound -# Required-Start: $network $local_fs -# Required-Stop: $network $local_fs -# Should-Start: $syslog -# Should-Stop: $syslog -# Short-Description: unbound recursive Domain Name Server. -# Description: unbound is a Domain Name Server (DNS) -# that is used to resolve host names to IP addresses. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -exec="/usr/sbin/unbound" -config="/var/lib/unbound/unbound.conf" -rootdir="/var/lib/unbound" -pidfile="/var/run/unbound/unbound.pid" - -[ -e /etc/sysconfig/unbound ] && . /etc/sysconfig/unbound - -lockfile=/var/lock/subsys/unbound - -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting unbound: " - - if [ ! -e ${rootdir}/etc/resolv.conf ] || /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then - cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf - fi; - if [ ! -e ${rootdir}/etc/localtime ] || /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then - cp -fp /etc/localtime ${rootdir}/etc/localtime - fi; - mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; - mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; - mount --bind -n /var/run/unbound ${rootdir}/var/run/unbound >/dev/null 2>&1; - - # if not running, start it up here - daemon $exec - retval=$? - [ $retval -eq 0 ] && touch $lockfile - echo -} - -stop() { - echo -n $"Stopping unbound: " - # stop it here, often "killproc unbound" - killproc -p $pidfile unbound - retval=$? - [ $retval -eq 0 ] && rm -f $lockfile - for mountfile in /dev/log /dev/random /etc/localtime /etc/resolv.conf /var/run/unbound - do - if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}''${mountfile}'' /proc/mounts; then - umount ${rootdir}$mountfile >/dev/null 2>&1 - fi; - done - echo -} - -restart() { - stop - start -} - -reload() { - kill -HUP `cat $pidfile` -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status -p $pidfile unbound -} - -rh_status_q() { - rh_status -p $pidfile >/dev/null 2>&1 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - restart - ;; - reload) - reload - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/external/unbound/contrib/unbound.plist b/external/unbound/contrib/unbound.plist deleted file mode 100644 index 15e1162be..000000000 --- a/external/unbound/contrib/unbound.plist +++ /dev/null @@ -1,42 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd > -<plist version="1.0"> -<!-- -Unbound plist file for use by MacOSX launchd(8) using launchctl(1). -Copy this file to /Library/LaunchDaemons. Launchd keeps unbound running. - -Setup your unbound.conf with the following additional settings. -server: - do-daemonize: no - username: "" - chroot: "" - directory: "" -These actions are performed by launchd (for the option values, see below). - ---> -<dict> - <key>Label</key> - <string>unbound</string> - - <key>ProgramArguments</key> - <array> - <string>unbound</string> - </array> - - <key>UserName</key> - <string>unbound</string> - - <key>RootDirectory</key> - <string>/usr/local/etc/unbound</string> - - <key>WorkingDirectory</key> - <string>/usr/local/etc/unbound</string> - - <key>KeepAlive</key> - <true/> - - <key>RunAtLoad</key> - <true/> - -</dict> -</plist> diff --git a/external/unbound/contrib/unbound.spec b/external/unbound/contrib/unbound.spec deleted file mode 100644 index 6ddc5f18d..000000000 --- a/external/unbound/contrib/unbound.spec +++ /dev/null @@ -1,112 +0,0 @@ -Summary: Validating, recursive, and caching DNS resolver -Name: unbound -Version: 1.4.18 -Release: 1%{?dist} -License: BSD -Url: http://www.nlnetlabs.nl/unbound/ -Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz -#Source1: unbound.init -Group: System Environment/Daemons -Requires: ldns -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: flex, openssl-devel, expat-devel, ldns-devel - -%description -Unbound is a validating, recursive, and caching DNS resolver. - -The C implementation of Unbound is developed and maintained by NLnet -Labs. It is based on ideas and algorithms taken from a java prototype -developed by Verisign labs, Nominet, Kirei and ep.net. - -Unbound is designed as a set of modular components, so that also -DNSSEC (secure DNS) validation and stub-resolvers (that do not run -as a server, but are linked into an application) are easily possible. - -The source code is under a BSD License. - -%prep -%setup -q - -# configure with /var/unbound/unbound.conf so that all default chroot, -# pidfile and config file are in /var/unbound, ready for chroot jail set up. -%configure --with-conf-file=%{_localstatedir}/%{name}/unbound.conf --disable-rpath - -%build -#%{__make} %{?_smp_mflags} -make - -%install -rm -rf %{buildroot} -%{__make} DESTDIR=%{buildroot} install -install -d 0700 %{buildroot}%{_localstatedir}/%{name} -install -d 0755 %{buildroot}%{_initrddir} -install -m 0755 contrib/unbound.init %{buildroot}%{_initrddir}/unbound -# add symbolic link from /etc/unbound.conf -> /var/unbound/unbound.conf -ln -s %{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf -# remove static library from install (fedora packaging guidelines) -rm -f %{buildroot}%{_libdir}/libunbound.a %{buildroot}%{_libdir}/libunbound.la - -%clean -rm -rf ${RPM_BUILD_ROOT} - -%files -%defattr(-,root,root,-) -%doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES -%attr(0755,root,root) %{_initrddir}/%{name} -%attr(0700,%{name},%{name}) %dir %{_localstatedir}/%{name} -%attr(0644,%{name},%{name}) %config(noreplace) %{_localstatedir}/%{name}/unbound.conf -%attr(0644,%{name},%{name}) %config(noreplace) %{_sysconfdir}/unbound.conf -%{_sbindir}/* -%{_mandir}/*/* -%{_includedir}/* -%{_libdir}/libunbound* - -%pre -getent group unbound >/dev/null || groupadd -r unbound -getent passwd unbound >/dev/null || \ -useradd -r -g unbound -d /var/unbound -s /sbin/nologin \ - -c "unbound name daemon" unbound -exit 0 - -%post -# This adds the proper /etc/rc*.d links for the script -/sbin/chkconfig --add %{name} - -%preun -if [ $1 -eq 0 ]; then - /sbin/service %{name} stop >/dev/null 2>&1 - /sbin/chkconfig --del %{name} - # remove root jail - rm -f /var/unbound/dev/log /var/unbound/dev/random /var/unbound/etc/localtime /var/unbound/etc/resolv.conf >/dev/null 2>&1 - rmdir /var/unbound/dev >/dev/null 2>&1 || : - rmdir /var/unbound/etc >/dev/null 2>&1 || : - rmdir /var/unbound >/dev/null 2>&1 || : -fi - -%postun -if [ "$1" -ge "1" ]; then - /sbin/service %{name} condrestart >/dev/null 2>&1 || : -fi - -%changelog -* Thu Jul 13 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8 -- ldns required and ldns-devel required for build, no more ldns-builtin. - -* Thu Mar 17 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8 -- removed --disable-gost, assume recent openssl on the destination platform. - -* Wed Mar 16 2011 Harold Jones <hajones@verisign.com> - 1.4.8 -- Bump version number to latest -- Add expat-devel to BuildRequires -- Added --disable-gost for building on CentOS 5.x -- Added --with-ldns-builtin for CentOS 5.x - -* Thu May 22 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.0.0 -- contrib changes from Patrick Vande Walle. - -* Thu Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12 -- Using parts from ports collection entry by Jaap Akkerhuis. -- Using Fedoraproject wiki guidelines. - -* Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11 -- Initial version. diff --git a/external/unbound/contrib/unbound.spec_fedora b/external/unbound/contrib/unbound.spec_fedora deleted file mode 100644 index e7e9ac073..000000000 --- a/external/unbound/contrib/unbound.spec_fedora +++ /dev/null @@ -1,433 +0,0 @@ -# not ready yet -%{?!with_python: %global with_python 1} - -%if %{with_python} -%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} -%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} -%endif - -Summary: Validating, recursive, and caching DNS(SEC) resolver -Name: unbound -Version: 1.4.13 -Release: 1%{?dist} -License: BSD -Url: http://www.nlnetlabs.nl/unbound/ -Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz -Source1: unbound.init -Source2: unbound.conf -Source3: unbound.munin -Source4: unbound_munin_ -Source5: root.key -Patch1: unbound-1.2-glob.patch - -Group: System Environment/Daemons -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: flex, openssl-devel , ldns-devel >= 1.5.0, -BuildRequires: libevent-devel expat-devel -%if %{with_python} -BuildRequires: python-devel swig -%endif -# Required for SVN versions -# BuildRequires: bison - -Requires(post): chkconfig -Requires(preun): chkconfig -Requires(preun): initscripts -Requires(postun): initscripts -Requires: ldns >= 1.5.0 -Requires(pre): shadow-utils - -Obsoletes: dnssec-conf < 1.27-2 -Provides: dnssec-conf = 1.27-1 - -%description -Unbound is a validating, recursive, and caching DNS(SEC) resolver. - -The C implementation of Unbound is developed and maintained by NLnet -Labs. It is based on ideas and algorithms taken from a java prototype -developed by Verisign labs, Nominet, Kirei and ep.net. - -Unbound is designed as a set of modular components, so that also -DNSSEC (secure DNS) validation and stub-resolvers (that do not run -as a server, but are linked into an application) are easily possible. - -%package munin -Summary: Plugin for the munin / munin-node monitoring package -Group: System Environment/Daemons -Requires: munin-node -Requires: %{name} = %{version}-%{release}, bc - -%description munin -Plugin for the munin / munin-node monitoring package - -%package devel -Summary: Development package that includes the unbound header files -Group: Development/Libraries -Requires: %{name}-libs = %{version}-%{release}, openssl-devel, ldns-devel - -%description devel -The devel package contains the unbound library and the include files - -%package libs -Summary: Libraries used by the unbound server and client applications -Group: Applications/System -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig -Requires: openssl - -%description libs -Contains libraries used by the unbound server and client applications - -%if %{with_python} -%package python -Summary: Python modules and extensions for unbound -Group: Applications/System -Requires: %{name}-libs = %{version}-%{release} - -%description python -Python modules and extensions for unbound -%endif - -%prep -%setup -q -%patch1 -p1 - -%build -%configure --with-ldns= --with-libevent --with-pthreads --with-ssl \ - --disable-rpath --disable-static \ - --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \ - --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \ -%if %{with_python} - --with-pythonmodule --with-pyunbound \ -%endif - --enable-sha2 --disable-gost -%{__make} %{?_smp_mflags} - -%install -rm -rf %{buildroot} -%{__make} DESTDIR=%{buildroot} install -install -d 0755 %{buildroot}%{_initrddir} -install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound -install -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound -# Install munin plugin and its softlinks -install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d -install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound -install -d 0755 %{buildroot}%{_datadir}/munin/plugins/ -install -m 0755 %{SOURCE4} %{buildroot}%{_datadir}/munin/plugins/unbound -for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unbound_munin_by_type unbound_munin_by_class unbound_munin_by_opcode unbound_munin_by_rcode unbound_munin_by_flags unbound_munin_histogram; do - ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin -done - -# install root and DLV key -install -m 0644 %{SOURCE5} %{SOURCE6} %{buildroot}%{_sysconfdir}/unbound/ - -# remove static library from install (fedora packaging guidelines) -rm %{buildroot}%{_libdir}/*.la -%if %{with_python} -rm %{buildroot}%{python_sitearch}/*.la -%endif - -mkdir -p %{buildroot}%{_localstatedir}/run/unbound - -%clean -rm -rf ${RPM_BUILD_ROOT} - -%files -%defattr(-,root,root,-) -%doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES -%attr(0755,root,root) %{_initrddir}/%{name} -%attr(0755,root,root) %dir %{_sysconfdir}/%{name} -%ghost %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name} -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key -%{_sbindir}/* -%{_mandir}/*/* - -%if %{with_python} -%files python -%defattr(-,root,root,-) -%{python_sitearch}/* -%doc libunbound/python/examples/* -%doc pythonmod/examples/* -%endif - -%files munin -%defattr(-,root,root,-) -%config(noreplace) %{_sysconfdir}/munin/plugin-conf.d/unbound -%{_datadir}/munin/plugins/unbound* - -%files devel -%defattr(-,root,root,-) -%{_libdir}/libunbound.so -%{_includedir}/unbound.h -%doc README - -%files libs -%defattr(-,root,root,-) -%{_libdir}/libunbound.so.* -%doc doc/README doc/LICENSE - -%pre -getent group unbound >/dev/null || groupadd -r unbound -getent passwd unbound >/dev/null || \ -useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \ --c "Unbound DNS resolver" unbound -exit 0 - -%post -/sbin/chkconfig --add %{name} - -%post libs -p /sbin/ldconfig - -%preun -if [ "$1" -eq 0 ]; then - /sbin/service %{name} stop >/dev/null 2>&1 - /sbin/chkconfig --del %{name} -fi - -%postun -if [ "$1" -ge "1" ]; then - /sbin/service %{name} condrestart >/dev/null 2>&1 || : -fi - -%postun libs -p /sbin/ldconfig - -%changelog -* Tue Sep 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.13-1 -- Updated to 1.4.13 -- Fix install location of pythonmod from sitelib to sitearch -- Removed patches merged in by upstream -- Removed versioned openssl dep, it differs per branch - -* Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-3 -- Added pythonmod docs and examples -- Fix for python module load in the server (Tom Hendrikx) -- No longer enable --enable-debug as it causes degraded performance - under load. - -* Mon Jul 18 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-1 -- Updated to 1.4.12 - -* Sun Jul 03 2011 Paul Wouters <paul@xelerance.com> - 1.4.11-1 -- Updated to 1.4.11 -- removed integrated CVE patch -- updated stock unbound.conf for new options introduced - -* Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.10-1 -- Added ghost for /var/run/unbound (bz#656710) - -* Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-3 -- rebuilt - -* Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2 -- Applied patch for CVE-2011-1922 DoS vulnerability - -* Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-1 -- Updated to 1.4.9 - -* Sat Feb 12 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-2 -- rebuilt - -* Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1 -- Updated to 1.4.8 -- Enable root key for DNSSEC -- Fix unbound-munin to use proper file (could cause excessive logging) -- Build unbound-python per default -- Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl - -* Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-4 -- Revert last build - it was on the wrong branch - -* Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-3 -- Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines - (see comments in inbound.conf) - -* Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-2 -- Bump release - forgot to upload the new tar ball. - -* Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-1 -- Upgraded to 1.4.5 - -* Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-2 -- Added accidentally omitted svn patches to cvs - -* Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-1 -- Upgraded to 1.4.4 with svn patches -- Obsolete dnssec-conf to ensure it is de-installed - -* Thu Mar 11 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1 -- Update to 1.4.3 that fixes 64bit crasher - -* Tue Mar 09 2010 Paul Wouters <paul@xelerance.com> - 1.4.2-1 -- Updated to 1.4.2 -- Updated unbound.conf with new options -- Enabled pre-fetching DNSKEY records (DNSSEC speedup) -- Enabled re-fetching popular records before they expire -- Enabled logging of DNSSEC validation errors - -* Mon Mar 01 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-5 -- Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues - with pthreads - -* Wed Feb 24 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-3 -- Change make/configure lines to attempt to fix -lphtread linking issue - -* Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2 -- Removed dependency for dnssec-conf -- Added ISC DLV key (formerly in dnssec-conf) -- Fixup old DLV locations in unbound.conf file via %%post -- Fix parent child disagreement handling and no-ipv6 present [svn r1953] - -* Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-1 -- Updated to 1.4.1 -- Changed %%define to %%global - -* Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2 -- Bump version - -* Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-1 -- Upgraded to 1.3.4. Security fix with validating NSEC3 records - -* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2 -- rebuilt with new openssl - -* Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1 -- Updated to 1.3.3 - -* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2 -- Added missing glob patch to cvs -- Place python macros within the %%with_python check - -* Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1 -- Updated to 1.3.0 -- Added unbound-python sub package. disabled for now -- Patch from svn to fix DLV lookups -- Patches from svn to detect wrong truncated response from BIND 9.6.1 with - minimal-responses) -- Added Default-Start and Default-Stop to unbound.init -- Re-enabled --enable-sha2 -- Re-enabled glob.patch - -* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7 -- unbound-iterator.patch was not committed - -* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6 -- Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793 - -* Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5 -- Use --nocheck to avoid giving an error on missing unbound-remote certs/keys - -* Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4 -- enable DNSSEC only if it is enabled in sysconfig/dnssec - -* Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3 -- add DNSSEC support to initscript and enabled it per default -- add requires dnssec-conf - -* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1 -- updated to 1.2.1 - -* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2 -- rebuild with new openssl - -* Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1 -- Updated to 1.2.0 -- Added dependency on minimum SSL for CVE-2008-5077 -- Added dependency on bc for unbound-munin -- Added minimum requirement of libevent 1.4.5. Crashes with older versions - (note: libevent is stale in EL-4 and not in EL-5, needs fixing there) -- Removed dependency on selinux-policy (will get used when available) -- Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt -- Enable unwanted-reply-threshold to mitigate against a Kaminsky attack -- Enable val-clean-additional to drop addition unsigned data from signed - response. -- Removed patches (got merged into upstream) - -* Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7 -- Modified scandir patch to silently fail when wildcard matches nothing -- Patch to allow unbound-checkconf to find empty wildcard matches - -* Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6 -- Added scandir patch for trusted-keys-file: option, which - is used to load multiple dnssec keys in bind file format - -* Mon Dec 8 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4 -- Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules. - -* Mon Dec 1 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3 -- We did not own the /etc/unbound directory (#474020) -- Fixed cvs anomalies - -* Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2 -- removed all obsolete chroot related stuff -- label control certs after generation correctly - -* Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1 -- Updated to unbound 1.1.1 which fixes a crasher and - addresses nlnetlabs bug #219 - -* Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3 -- Remove the chroot, obsoleted by SElinux -- Add additional munin plugin links supported by unbound plugin -- Move configuration directory from /var/lib/unbound to /etc/unbound -- Modified unbound.init and unbound.conf to account for chroot changes -- Updated unbound.conf with new available options -- Enabled dns-0x20 protection per default - -* Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2 -- unbound-1.1.0-log_open.patch - - make sure log is opened before chroot call - - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 -- removed /dev/log and /var/run/unbound and /etc/resolv.conf from - chroot, not needed -- don't mount files in chroot, it causes problems during updates -- fixed typo in default config file - -* Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1 -- Updated to version 1.1.0 -- Updated unbound.conf's statistics options and remote-control - to work properly for munin -- Added unbound-munin package -- Generate unbound remote-control key/certs on first startup -- Required ldns is now 1.4.0 - -* Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5 -- Only call ldconfig in -libs package -- Move configure into build section -- devel subpackage should only depend on libs subpackage - -* Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4 -- Fix CFLAGS getting lost in build -- Don't enable interface-automatic:yes because that - causes unbound to listen on 0.0.0.0 instead of 127.0.0.1 - -* Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3 -- Split off unbound-libs, make build verbose - -* Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2 -- FSB compliance, chroot fixes, initscript fixes - -* Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1 -- Upgraded to 1.0.2 - -* Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1 -- upgraded to new release - -* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2 -- Build against ldns-1.3.0 - -* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1 -- Split of -devel package, fixed dependencies, make rpmlint happy - -* Thu Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12 -- Using parts from ports collection entry by Jaap Akkerhuis. -- Using Fedoraproject wiki guidelines. - -* Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11 -- Initial version. diff --git a/external/unbound/contrib/unbound_cache.cmd b/external/unbound/contrib/unbound_cache.cmd deleted file mode 100644 index 532162b16..000000000 --- a/external/unbound/contrib/unbound_cache.cmd +++ /dev/null @@ -1,105 +0,0 @@ -@echo off
-rem --------------------------------------------------------------
-rem -- DNS cache save/load script
-rem --
-rem -- Version 1.2
-rem -- By Yuri Voinov (c) 2014
-rem --------------------------------------------------------------
-
-rem Variables
-set prefix="C:\Program Files (x86)"
-set program_path=%prefix%\Unbound
-set uc=%program_path%\unbound-control.exe
-set fname="unbound_cache.dmp"
-
-rem Check Unbound installed
-if exist %uc% goto start
-echo Unbound control not found. Exiting...
-exit 1
-
-:start
-
-rem arg1 - command (optional)
-rem arg2 - file name (optional)
-set arg1=%1
-set arg2=%2
-
-if /I "%arg1%" == "-h" goto help
-
-if "%arg1%" == "" (
-echo Loading cache from %program_path%\%fname%
-dir /a %program_path%\%fname%
-type %program_path%\%fname%|%uc% load_cache
-goto end
-)
-
-if defined %arg2% (goto Not_Defined) else (goto Defined)
-
-rem If file not specified; use default dump file
-:Not_defined
-if /I "%arg1%" == "-s" (
-echo Saving cache to %program_path%\%fname%
-%uc% dump_cache>%program_path%\%fname%
-dir /a %program_path%\%fname%
-echo ok
-goto end
-)
-
-if /I "%arg1%" == "-l" (
-echo Loading cache from %program_path%\%fname%
-dir /a %program_path%\%fname%
-type %program_path%\%fname%|%uc% load_cache
-goto end
-)
-
-if /I "%arg1%" == "-r" (
-echo Saving cache to %program_path%\%fname%
-dir /a %program_path%\%fname%
-%uc% dump_cache>%program_path%\%fname%
-echo ok
-echo Loading cache from %program_path%\%fname%
-type %program_path%\%fname%|%uc% load_cache
-goto end
-)
-
-rem If file name specified; use this filename
-:Defined
-if /I "%arg1%" == "-s" (
-echo Saving cache to %arg2%
-%uc% dump_cache>%arg2%
-dir /a %arg2%
-echo ok
-goto end
-)
-
-if /I "%arg1%" == "-l" (
-echo Loading cache from %arg2%
-dir /a %arg2%
-type %arg2%|%uc% load_cache
-goto end
-)
-
-if /I "%arg1%" == "-r" (
-echo Saving cache to %arg2%
-dir /a %arg2%
-%uc% dump_cache>%arg2%
-echo ok
-echo Loading cache from %arg2%
-type %arg2%|%uc% load_cache
-goto end
-)
-
-:help
-echo Usage: unbound_cache.cmd [-s] or [-l] or [-r] or [-h] [filename]
-echo.
-echo l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value.
-echo s - Save - save Unbound DNS cache contents to plain file with domain names.
-echo r - Reload - reloadind new cache entries and refresh existing cache
-echo h - this screen.
-echo filename - file to save/load dumped cache. If not specified, %program_path%\%fname% will be used instead.
-echo Note: Run without any arguments will be in default mode.
-echo Also, unbound-control must be configured.
-exit 1
-
-:end
-exit 0
diff --git a/external/unbound/contrib/unbound_cache.sh b/external/unbound/contrib/unbound_cache.sh deleted file mode 100644 index fd2b4811d..000000000 --- a/external/unbound/contrib/unbound_cache.sh +++ /dev/null @@ -1,174 +0,0 @@ -#!/sbin/sh - -# -------------------------------------------------------------- -# -- DNS cache save/load script -# -- -# -- Version 1.2 -# -- By Yuri Voinov (c) 2006, 2014 -# -------------------------------------------------------------- -# -# ident "@(#)unbound_cache.sh 1.2 14/10/30 YV" -# - -############# -# Variables # -############# - -# Installation base dir -CONF="/etc/opt/csw/unbound" -BASE="/opt/csw" - -# Unbound binaries -UC="$BASE/sbin/unbound-control" -FNAME="unbound_cache.dmp" - -# OS utilities -BASENAME=`which basename` -CAT=`which cat` -CUT=`which cut` -ECHO=`which echo` -EXPR=`which expr` -GETOPT=`which getopt` -ID=`which id` -LS=`which ls` - -############### -# Subroutines # -############### - -usage_note () -{ -# Script usage note - $ECHO "Usage: `$BASENAME $0` [-s] or [-l] or [-r] or [-h] [filename]" - $ECHO . - $ECHO "l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value." - $ECHO "s - Save - save Unbound DNS cache contents to plain file with domain names." - $ECHO "r - Reload - reloadind new cache entries and refresh existing cache" - $ECHO "h - this screen." - $ECHO "filename - file to save/load dumped cache. If not specified, $CONF/$FNAME will be used instead." - $ECHO "Note: Run without any arguments will be in default mode." - $ECHO " Also, unbound-control must be configured." - exit 0 -} - -root_check () -{ - if [ ! `$ID | $CUT -f1 -d" "` = "uid=0(root)" ]; then - $ECHO "ERROR: You must be super-user to run this script." - exit 1 - fi -} - -check_uc () -{ - if [ ! -f "$UC" ]; then - $ECHO . - $ECHO "ERROR: $UC not found. Exiting..." - exit 1 - fi -} - -check_saved_file () -{ - filename=$1 - if [ ! -z "$filename" -a ! -f "$filename" ]; then - $ECHO . - $ECHO "ERROR: File $filename does not exists. Save it first." - exit 1 - elif [ ! -f "$CONF/$FNAME" ]; then - $ECHO . - $ECHO "ERROR: File $CONF/$FNAME does not exists. Save it first." - exit 1 - fi -} - -save_cache () -{ - # Save unbound cache - filename=$1 - if [ -z "$filename" ]; then - $ECHO "Saving cache in $CONF/$FNAME..." - $UC dump_cache>$CONF/$FNAME - $LS -lh $CONF/$FNAME - else - $ECHO "Saving cache in $filename..." - $UC dump_cache>$filename - $LS -lh $filename - fi - $ECHO "ok" -} - -load_cache () -{ - # Load saved cache contents and warmup cache - filename=$1 - if [ -z "$filename" ]; then - $ECHO "Loading cache from saved $CONF/$FNAME..." - $LS -lh $CONF/$FNAME - check_saved_file $filename - $CAT $CONF/$FNAME|$UC load_cache - else - $ECHO "Loading cache from saved $filename..." - $LS -lh $filename - check_saved_file $filename - $CAT $filename|$UC load_cache - fi -} - -reload_cache () -{ - # Reloading and refresh existing cache and saved dump - filename=$1 - save_cache $filename - load_cache $filename -} - -############## -# Main block # -############## - -# Root check -root_check - -# Check unbound-control -check_uc - -# Check command-line arguments -if [ "x$*" = "x" ]; then - # If arguments list empty,load cache by default - load_cache -else - arg_list=$* - # Parse command line - set -- `$GETOPT sSlLrRhH: $arg_list` || { - usage_note 1>&2 - } - - # Read arguments - for i in $arg_list - do - case $i in - -s | -S) save="1";; - -l | -L) save="0";; - -r | -R) save="2";; - -h | -H | \?) usage_note;; - *) shift - file=$1 - break;; - esac - shift - done - - # Remove trailing -- - shift `$EXPR $OPTIND - 1` -fi - -if [ "$save" = "1" ]; then - save_cache $file -elif [ "$save" = "0" ]; then - load_cache $file -elif [ "$save" = "2" ]; then - reload_cache $file -fi - -exit 0 diff --git a/external/unbound/contrib/unbound_cacti.tar.gz b/external/unbound/contrib/unbound_cacti.tar.gz Binary files differdeleted file mode 100644 index cc29476c6..000000000 --- a/external/unbound/contrib/unbound_cacti.tar.gz +++ /dev/null diff --git a/external/unbound/contrib/unbound_munin_ b/external/unbound/contrib/unbound_munin_ deleted file mode 100755 index 5d3dff8e8..000000000 --- a/external/unbound/contrib/unbound_munin_ +++ /dev/null @@ -1,559 +0,0 @@ -#!/bin/sh -# -# plugin for munin to monitor usage of unbound servers. -# To install copy this to /usr/local/share/munin/plugins/unbound_munin_ -# and use munin-node-configure (--suggest, --shell). -# -# (C) 2008 W.C.A. Wijngaards. BSD Licensed. -# -# To install; enable statistics and unbound-control in unbound.conf -# server: extended-statistics: yes -# statistics-cumulative: no -# statistics-interval: 0 -# remote-control: control-enable: yes -# Run the command unbound-control-setup to generate the key files. -# -# Environment variables for this script -# statefile - where to put temporary statefile. -# unbound_conf - where the unbound.conf file is located. -# unbound_control - where to find unbound-control executable. -# spoof_warn - what level to warn about spoofing -# spoof_crit - what level to crit about spoofing -# -# You can set them in your munin/plugin-conf.d/plugins.conf file -# with: -# [unbound*] -# user root -# env.statefile /usr/local/var/munin/plugin-state/unbound-state -# env.unbound_conf /usr/local/etc/unbound/unbound.conf -# env.unbound_control /usr/local/sbin/unbound-control -# env.spoof_warn 1000 -# env.spoof_crit 100000 -# -# This plugin can create different graphs depending on what name -# you link it as (with ln -s) into the plugins directory -# You can link it multiple times. -# If you are only a casual user, the _hits and _by_type are most interesting, -# possibly followed by _by_rcode. -# -# unbound_munin_hits - base volume, cache hits, unwanted traffic -# unbound_munin_queue - to monitor the internal requestlist -# unbound_munin_memory - memory usage -# unbound_munin_by_type - incoming queries by type -# unbound_munin_by_class - incoming queries by class -# unbound_munin_by_opcode - incoming queries by opcode -# unbound_munin_by_rcode - answers by rcode, validation status -# unbound_munin_by_flags - incoming queries by flags -# unbound_munin_histogram - histogram of query resolving times -# -# Magic markers - optional - used by installation scripts and -# munin-config: (originally contrib family but munin-node-configure ignores it) -# -#%# family=auto -#%# capabilities=autoconf suggest - -# POD documentation -: <<=cut -=head1 NAME - -unbound_munin_ - Munin plugin to monitor the Unbound DNS resolver. - -=head1 APPLICABLE SYSTEMS - -System with unbound daemon. - -=head1 CONFIGURATION - - [unbound*] - user root - env.statefile /usr/local/var/munin/plugin-state/unbound-state - env.unbound_conf /usr/local/etc/unbound/unbound.conf - env.unbound_control /usr/local/sbin/unbound-control - env.spoof_warn 1000 - env.spoof_crit 100000 - -Use the .env settings to override the defaults. - -=head1 USAGE - -Can be used to present different graphs. Use ln -s for that name in -the plugins directory to enable the graph. -unbound_munin_hits - base volume, cache hits, unwanted traffic -unbound_munin_queue - to monitor the internal requestlist -unbound_munin_memory - memory usage -unbound_munin_by_type - incoming queries by type -unbound_munin_by_class - incoming queries by class -unbound_munin_by_opcode - incoming queries by opcode -unbound_munin_by_rcode - answers by rcode, validation status -unbound_munin_by_flags - incoming queries by flags -unbound_munin_histogram - histogram of query resolving times - -=head1 AUTHOR - -Copyright 2008 W.C.A. Wijngaards - -=head1 LICENSE - -BSD - -=cut - -state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state} -conf=${unbound_conf:-/usr/local/etc/unbound/unbound.conf} -ctrl=${unbound_control:-/usr/local/sbin/unbound-control} -warn=${spoof_warn:-1000} -crit=${spoof_crit:-100000} -lock=$state.lock - -# number of seconds between polling attempts. -# makes the statefile hang around for at least this many seconds, -# so that multiple links of this script can share the results. -lee=55 - -# to keep things within 19 characters -ABBREV="-e s/total/t/ -e s/thread/t/ -e s/num/n/ -e s/query/q/ -e s/answer/a/ -e s/unwanted/u/ -e s/requestlist/ql/ -e s/type/t/ -e s/class/c/ -e s/opcode/o/ -e s/rcode/r/ -e s/edns/e/ -e s/mem/m/ -e s/cache/c/ -e s/mod/m/" - -# get value from $1 into return variable $value -get_value ( ) { - value="`grep '^'$1'=' $state | sed -e 's/^.*=//'`" - if test "$value"x = ""x; then - value="0" - fi -} - -# download the state from the unbound server. -get_state ( ) { - # obtain lock for fetching the state - # because there is a race condition in fetching and writing to file - - # see if the lock is stale, if so, take it - if test -f $lock ; then - pid="`cat $lock 2>&1`" - kill -0 "$pid" >/dev/null 2>&1 - if test $? -ne 0 -a "$pid" != $$ ; then - echo $$ >$lock - fi - fi - - i=0 - while test ! -f $lock || test "`cat $lock 2>&1`" != $$; do - while test -f $lock; do - # wait - i=`expr $i + 1` - if test $i -gt 1000; then - sleep 1; - fi - if test $i -gt 1500; then - echo "error locking $lock" "=" `cat $lock` - rm -f $lock - exit 1 - fi - done - # try to get it - if echo $$ >$lock ; then : ; else break; fi - done - # do not refetch if the file exists and only LEE seconds old - if test -f $state; then - now=`date +%s` - get_value "time.now" - value="`echo $value | sed -e 's/\..*$//'`" - if test $now -lt `expr $value + $lee`; then - rm -f $lock - return - fi - fi - $ctrl -c $conf stats > $state - if test $? -ne 0; then - echo "error retrieving data from unbound server" - rm -f $lock - exit 1 - fi - rm -f $lock -} - -if test "$1" = "autoconf" ; then - if test ! -f $conf; then - echo no "($conf does not exist)" - exit 1 - fi - if test ! -d `dirname $state`; then - echo no "(`dirname $state` directory does not exist)" - exit 1 - fi - echo yes - exit 0 -fi - -if test "$1" = "suggest" ; then - echo "hits" - echo "queue" - echo "memory" - echo "by_type" - echo "by_class" - echo "by_opcode" - echo "by_rcode" - echo "by_flags" - echo "histogram" - exit 0 -fi - -# determine my type, by name -id=`echo $0 | sed -e 's/^.*unbound_munin_//'` -if test "$id"x = ""x; then - # some default to keep people sane. - id="hits" -fi - -# if $1 exists in statefile, config is echoed with label $2 -exist_config ( ) { - mn=`echo $1 | sed $ABBREV | tr . _` - if grep '^'$1'=' $state >/dev/null 2>&1; then - echo "$mn.label $2" - echo "$mn.min 0" - echo "$mn.type ABSOLUTE" - fi -} - -# print label and min 0 for a name $1 in unbound format -p_config ( ) { - mn=`echo $1 | sed $ABBREV | tr . _` - echo $mn.label "$2" - echo $mn.min 0 - echo $mn.type $3 -} - -if test "$1" = "config" ; then - if test ! -f $state; then - get_state - fi - case $id in - hits) - echo "graph_title Unbound DNS traffic and cache hits" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | - sed -e 's/=.*//'`; do - exist_config $x "queries handled by `basename $x .num.queries`" - done - p_config "total.num.queries" "total queries from clients" "ABSOLUTE" - p_config "total.num.cachehits" "cache hits" "ABSOLUTE" - p_config "total.num.prefetch" "cache prefetch" "ABSOLUTE" - p_config "num.query.tcp" "TCP queries" "ABSOLUTE" - p_config "num.query.tcpout" "TCP out queries" "ABSOLUTE" - p_config "num.query.ipv6" "IPv6 queries" "ABSOLUTE" - p_config "unwanted.queries" "queries that failed acl" "ABSOLUTE" - p_config "unwanted.replies" "unwanted or unsolicited replies" "ABSOLUTE" - echo "u_replies.warning $warn" - echo "u_replies.critical $crit" - echo "graph_info DNS queries to the recursive resolver. The unwanted replies could be innocent duplicate packets, late replies, or spoof threats." - ;; - queue) - echo "graph_title Unbound requestlist size" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel number of queries" - echo "graph_scale no" - echo "graph_category DNS" - p_config "total.requestlist.avg" "Average size of queue on insert" "GAUGE" - p_config "total.requestlist.max" "Max size of queue (in 5 min)" "GAUGE" - p_config "total.requestlist.overwritten" "Number of queries replaced by new ones" "GAUGE" - p_config "total.requestlist.exceeded" "Number of queries dropped due to lack of space" "GAUGE" - echo "graph_info The queries that did not hit the cache and need recursion service take up space in the requestlist. If there are too many queries, first queries get overwritten, and at last resort dropped." - ;; - memory) - echo "graph_title Unbound memory usage" - echo "graph_args --base 1024 -l 0" - echo "graph_vlabel memory used in bytes" - echo "graph_category DNS" - p_config "mem.cache.rrset" "RRset cache memory" "GAUGE" - p_config "mem.cache.message" "Message cache memory" "GAUGE" - p_config "mem.mod.iterator" "Iterator module memory" "GAUGE" - p_config "mem.mod.validator" "Validator module and key cache memory" "GAUGE" - p_config "msg.cache.count" "msg cache count" "GAUGE" - p_config "rrset.cache.count" "rrset cache count" "GAUGE" - p_config "infra.cache.count" "infra cache count" "GAUGE" - p_config "key.cache.count" "key cache count" "GAUGE" - echo "graph_info The memory used by unbound." - ;; - by_type) - echo "graph_title Unbound DNS queries by type" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.type" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - tp=`echo $nm | sed -e s/num.query.type.//` - p_config "$nm" "$tp" "ABSOLUTE" - done - echo "graph_info queries by DNS RR type queried for" - ;; - by_class) - echo "graph_title Unbound DNS queries by class" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.class" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - tp=`echo $nm | sed -e s/num.query.class.//` - p_config "$nm" "$tp" "ABSOLUTE" - done - echo "graph_info queries by DNS RR class queried for." - ;; - by_opcode) - echo "graph_title Unbound DNS queries by opcode" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.opcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - tp=`echo $nm | sed -e s/num.query.opcode.//` - p_config "$nm" "$tp" "ABSOLUTE" - done - echo "graph_info queries by opcode in the query packet." - ;; - by_rcode) - echo "graph_title Unbound DNS answers by return code" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel answer packets / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.answer.rcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - tp=`echo $nm | sed -e s/num.answer.rcode.//` - p_config "$nm" "$tp" "ABSOLUTE" - done - p_config "num.answer.secure" "answer secure" "ABSOLUTE" - p_config "num.answer.bogus" "answer bogus" "ABSOLUTE" - p_config "num.rrset.bogus" "num rrsets marked bogus" "ABSOLUTE" - echo "graph_info answers sorted by return value. rrsets bogus is the number of rrsets marked bogus per \${graph_period} by the validator" - ;; - by_flags) - echo "graph_title Unbound DNS incoming queries by flags" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - p_config "num.query.flags.QR" "QR (query reply) flag" "ABSOLUTE" - p_config "num.query.flags.AA" "AA (auth answer) flag" "ABSOLUTE" - p_config "num.query.flags.TC" "TC (truncated) flag" "ABSOLUTE" - p_config "num.query.flags.RD" "RD (recursion desired) flag" "ABSOLUTE" - p_config "num.query.flags.RA" "RA (rec avail) flag" "ABSOLUTE" - p_config "num.query.flags.Z" "Z (zero) flag" "ABSOLUTE" - p_config "num.query.flags.AD" "AD (auth data) flag" "ABSOLUTE" - p_config "num.query.flags.CD" "CD (check disabled) flag" "ABSOLUTE" - p_config "num.query.edns.present" "EDNS OPT present" "ABSOLUTE" - p_config "num.query.edns.DO" "DO (DNSSEC OK) flag" "ABSOLUTE" - echo "graph_info This graphs plots the flags inside incoming queries. For example, if QR, AA, TC, RA, Z flags are set, the query can be rejected. RD, AD, CD and DO are legitimately set by some software." - ;; - histogram) - echo "graph_title Unbound DNS histogram of reply time" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - echo hcache.label "cache hits" - echo hcache.min 0 - echo hcache.type ABSOLUTE - echo hcache.draw AREA - echo hcache.colour 999999 - echo h64ms.label "0 msec - 66 msec" - echo h64ms.min 0 - echo h64ms.type ABSOLUTE - echo h64ms.draw STACK - echo h64ms.colour 0000FF - echo h128ms.label "66 msec - 131 msec" - echo h128ms.min 0 - echo h128ms.type ABSOLUTE - echo h128ms.colour 1F00DF - echo h128ms.draw STACK - echo h256ms.label "131 msec - 262 msec" - echo h256ms.min 0 - echo h256ms.type ABSOLUTE - echo h256ms.draw STACK - echo h256ms.colour 3F00BF - echo h512ms.label "262 msec - 524 msec" - echo h512ms.min 0 - echo h512ms.type ABSOLUTE - echo h512ms.draw STACK - echo h512ms.colour 5F009F - echo h1s.label "524 msec - 1 sec" - echo h1s.min 0 - echo h1s.type ABSOLUTE - echo h1s.draw STACK - echo h1s.colour 7F007F - echo h2s.label "1 sec - 2 sec" - echo h2s.min 0 - echo h2s.type ABSOLUTE - echo h2s.draw STACK - echo h2s.colour 9F005F - echo h4s.label "2 sec - 4 sec" - echo h4s.min 0 - echo h4s.type ABSOLUTE - echo h4s.draw STACK - echo h4s.colour BF003F - echo h8s.label "4 sec - 8 sec" - echo h8s.min 0 - echo h8s.type ABSOLUTE - echo h8s.draw STACK - echo h8s.colour DF001F - echo h16s.label "8 sec - ..." - echo h16s.min 0 - echo h16s.type ABSOLUTE - echo h16s.draw STACK - echo h16s.colour FF0000 - echo "graph_info Histogram of the reply times for queries." - ;; - esac - - exit 0 -fi - -# do the stats itself -get_state - -# get the time elapsed -get_value "time.elapsed" -if test $value = 0 || test $value = "0.000000"; then - echo "error: time elapsed 0 or could not retrieve data" - exit 1 -fi -elapsed="$value" - -# print value for $1 -print_value ( ) { - mn=`echo $1 | sed $ABBREV | tr . _` - get_value $1 - echo "$mn.value" $value -} - -# print value if line already found in $2 -print_value_line ( ) { - mn=`echo $1 | sed $ABBREV | tr . _` - value="`echo $2 | sed -e 's/^.*=//'`" - echo "$mn.value" $value -} - - -case $id in -hits) - for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | - sed -e 's/=.*//'` total.num.queries \ - total.num.cachehits total.num.prefetch num.query.tcp \ - num.query.tcpout num.query.ipv6 unwanted.queries \ - unwanted.replies; do - if grep "^"$x"=" $state >/dev/null 2>&1; then - print_value $x - fi - done - ;; -queue) - for x in total.requestlist.avg total.requestlist.max \ - total.requestlist.overwritten total.requestlist.exceeded; do - print_value $x - done - ;; -memory) - for x in mem.cache.rrset mem.cache.message mem.mod.iterator \ - mem.mod.validator msg.cache.count rrset.cache.count \ - infra.cache.count key.cache.count; do - print_value $x - done - ;; -by_type) - for x in `grep "^num.query.type" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x - done - ;; -by_class) - for x in `grep "^num.query.class" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x - done - ;; -by_opcode) - for x in `grep "^num.query.opcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x - done - ;; -by_rcode) - for x in `grep "^num.answer.rcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x - done - print_value "num.answer.secure" - print_value "num.answer.bogus" - print_value "num.rrset.bogus" - ;; -by_flags) - for x in num.query.flags.QR num.query.flags.AA num.query.flags.TC num.query.flags.RD num.query.flags.RA num.query.flags.Z num.query.flags.AD num.query.flags.CD num.query.edns.present num.query.edns.DO; do - print_value $x - done - ;; -histogram) - get_value total.num.cachehits - echo hcache.value $value - r=0 - for x in histogram.000000.000000.to.000000.000001 \ - histogram.000000.000001.to.000000.000002 \ - histogram.000000.000002.to.000000.000004 \ - histogram.000000.000004.to.000000.000008 \ - histogram.000000.000008.to.000000.000016 \ - histogram.000000.000016.to.000000.000032 \ - histogram.000000.000032.to.000000.000064 \ - histogram.000000.000064.to.000000.000128 \ - histogram.000000.000128.to.000000.000256 \ - histogram.000000.000256.to.000000.000512 \ - histogram.000000.000512.to.000000.001024 \ - histogram.000000.001024.to.000000.002048 \ - histogram.000000.002048.to.000000.004096 \ - histogram.000000.004096.to.000000.008192 \ - histogram.000000.008192.to.000000.016384 \ - histogram.000000.016384.to.000000.032768 \ - histogram.000000.032768.to.000000.065536; do - get_value $x - r=`expr $r + $value` - done - echo h64ms.value $r - get_value histogram.000000.065536.to.000000.131072 - echo h128ms.value $value - get_value histogram.000000.131072.to.000000.262144 - echo h256ms.value $value - get_value histogram.000000.262144.to.000000.524288 - echo h512ms.value $value - get_value histogram.000000.524288.to.000001.000000 - echo h1s.value $value - get_value histogram.000001.000000.to.000002.000000 - echo h2s.value $value - get_value histogram.000002.000000.to.000004.000000 - echo h4s.value $value - get_value histogram.000004.000000.to.000008.000000 - echo h8s.value $value - r=0 - for x in histogram.000008.000000.to.000016.000000 \ - histogram.000016.000000.to.000032.000000 \ - histogram.000032.000000.to.000064.000000 \ - histogram.000064.000000.to.000128.000000 \ - histogram.000128.000000.to.000256.000000 \ - histogram.000256.000000.to.000512.000000 \ - histogram.000512.000000.to.001024.000000 \ - histogram.001024.000000.to.002048.000000 \ - histogram.002048.000000.to.004096.000000 \ - histogram.004096.000000.to.008192.000000 \ - histogram.008192.000000.to.016384.000000 \ - histogram.016384.000000.to.032768.000000 \ - histogram.032768.000000.to.065536.000000 \ - histogram.065536.000000.to.131072.000000 \ - histogram.131072.000000.to.262144.000000 \ - histogram.262144.000000.to.524288.000000; do - get_value $x - r=`expr $r + $value` - done - echo h16s.value $r - ;; -esac diff --git a/external/unbound/contrib/unbound_smf22.tar.gz b/external/unbound/contrib/unbound_smf22.tar.gz Binary files differdeleted file mode 100644 index 4845c3354..000000000 --- a/external/unbound/contrib/unbound_smf22.tar.gz +++ /dev/null diff --git a/external/unbound/contrib/update-anchor.sh b/external/unbound/contrib/update-anchor.sh deleted file mode 100755 index 95032a082..000000000 --- a/external/unbound/contrib/update-anchor.sh +++ /dev/null @@ -1,158 +0,0 @@ -#!/bin/sh -# update-anchor.sh, update a trust anchor. -# Copyright 2008, W.C.A. Wijngaards -# This file is BSD licensed, see doc/LICENSE. - -# which validating lookup to use. -ubhost=unbound-host - -usage ( ) -{ - echo "usage: update-anchor [-r hs] [-b] <zone name> <trust anchor file>" - echo " performs an update of trust anchor file" - echo " the trust anchor file is overwritten with the latest keys" - echo " the trust anchor file should contain only keys for one zone" - echo " -b causes keyfile to be made in bind format." - echo " without -b the file is made in unbound format." - echo " " - echo "alternate:" - echo " update-anchor [-r hints] [-b] -d directory" - echo " update all <zone>.anchor files in the directory." - echo " " - echo " name the files br.anchor se.anchor ..., and include them in" - echo " the validating resolver config file." - echo " put keys for the root in a file with the name root.anchor." - echo "" - echo "-r root.hints use different root hints. Strict option order." - echo "" - echo "Exit code 0 means anchors updated, 1 no changes, others are errors." - exit 2 -} - -if test $# -eq 0; then - usage -fi -bindformat="no" -filearg='-f' -roothints="" -if test X"$1" = "X-r"; then - shift - roothints="$1" - shift -fi -if test X"$1" = "X-b"; then - shift - bindformat="yes" - filearg='-F' -fi -if test $# -ne 2; then - echo "arguments wrong." - usage -fi - -do_update ( ) { - # arguments: <zonename> <keyfile> - zonename="$1" - keyfile="$2" - tmpfile="/tmp/update-anchor.$$" - tmp2=$tmpfile.2 - tmp3=$tmpfile.3 - rh="" - if test -n "$roothints"; then - echo "server: root-hints: '$roothints'" > $tmp3 - rh="-C $tmp3" - fi - $ubhost -v $rh $filearg "$keyfile" -t DNSKEY "$zonename" >$tmpfile - if test $? -ne 0; then - rm -f $tmpfile - echo "Error: Could not update zone $zonename anchor file $keyfile" - echo "Cause: $ubhost lookup failed" - echo " (Is the domain decommissioned? Is connectivity lost?)" - return 2 - fi - - # has the lookup been DNSSEC validated? - if grep '(secure)$' $tmpfile >/dev/null 2>&1; then - : - else - rm -f $tmpfile - echo "Error: Could not update zone $zonename anchor file $keyfile" - echo "Cause: result of lookup was not secure" - echo " (keys too far out of date? domain changed ownership? need root hints?)" - return 3 - fi - - if test $bindformat = "yes"; then - # are there any KSK keys on board? - echo 'trusted-keys {' > "$tmp2" - if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then - # store KSK keys in anchor file - grep '(secure)$' $tmpfile | \ - grep ' has DNSKEY record 257' | \ - sed -e 's/ (secure)$/";/' | \ - sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \ - sed -e 's/^\.\././' | sort >> "$tmp2" - else - # store all keys in the anchor file - grep '(secure)$' $tmpfile | \ - sed -e 's/ (secure)$/";/' | \ - sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \ - sed -e 's/^\.\././' | sort >> "$tmp2" - fi - echo '};' >> "$tmp2" - else #not bindformat - # are there any KSK keys on board? - if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then - # store KSK keys in anchor file - grep '(secure)$' $tmpfile | \ - grep ' has DNSKEY record 257' | \ - sed -e 's/ (secure)$//' | \ - sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \ - sed -e 's/^\.\././' | sort > "$tmp2" - else - # store all keys in the anchor file - grep '(secure)$' $tmpfile | \ - sed -e 's/ (secure)$//' | \ - sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \ - sed -e 's/^\.\././' | sort > "$tmp2" - fi - fi # endif-bindformat - - # copy over if changed - diff $tmp2 $keyfile >/dev/null 2>&1 - if test $? -eq 1; then # 0 means no change, 2 means trouble. - cat $tmp2 > $keyfile - no_updated=0 - echo "$zonename key file $keyfile updated." - else - echo "$zonename key file $keyfile unchanged." - fi - - rm -f $tmpfile $tmp2 $tmp3 -} - -no_updated=1 -if test X"$1" = "X-d"; then - tdir="$2" - echo "start updating in $2" - for x in $tdir/*.anchor; do - if test `basename "$x"` = "root.anchor"; then - zname="." - else - zname=`basename "$x" .anchor` - fi - do_update "$zname" "$x" - done - echo "done updating in $2" -else - # regular invocation - if test X"$1" = "X."; then - zname="$1" - else - # strip trailing dot from zone name - zname="`echo $1 | sed -e 's/\.$//'`" - fi - kfile="$2" - do_update $zname $kfile -fi -exit $no_updated diff --git a/external/unbound/contrib/validation-reporter.sh b/external/unbound/contrib/validation-reporter.sh deleted file mode 100755 index 7c1a4218b..000000000 --- a/external/unbound/contrib/validation-reporter.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/sh -# validation reporter - reports validation failures to a collection server. -# Copyright NLnet Labs, 2010 -# BSD license. - - -### -# Here is the configuration for the validation reporter -# it greps the failure lines out of the log and sends them to a server. - -# The pidfile for the reporter daemon. -pidfile="/var/run/validation-reporter.pid" - -# The logfile to watch for logged validation failures. -logfile="/var/log/unbound.log" - -# how to notify the upstream -# nc is netcat, it sends tcp to given host port. It makes a tcp connection -# and writes one log-line to it (grepped from the logfile). -# the notify command can be: "nc the.server.name.org 1234" -# the listening daemon could be: nc -lk 127.0.0.1 1234 >> outputfile & -notify_cmd="nc localhost 1234" - - -### -# Below this line is the code for the validation reporter, -# first the daemon itself, then the controller for the daemon. -reporter_daemon() { - trap "rm -f \"$pidfile\"" EXIT - tail -F $logfile | grep --line-buffered "unbound.*info: validation failure" | \ - while read x; do - echo "$x" | $notify_cmd - done -} - - -### -# controller for daemon. -start_daemon() { - echo "starting reporter" - nohup $0 rundaemon </dev/null >/dev/null 2>&1 & - echo $! > "$pidfile" -} - -kill_daemon() { - echo "stopping reporter" - if test -s "$pidfile"; then - kill `cat "$pidfile"` - # check it is really dead - if kill -0 `cat "$pidfile"` >/dev/null 2>&1; then - sleep 1 - while kill -0 `cat "$pidfile"` >/dev/null 2>&1; do - kill `cat "$pidfile"` >/dev/null 2>&1 - echo "waiting for reporter to stop" - sleep 1 - done - fi - fi -} - -get_status_daemon() { - if test -s "$pidfile"; then - if kill -0 `cat "$pidfile"`; then - return 0; - fi - fi - return 1; -} - -restart_daemon() { - kill_daemon - start_daemon -} - -condrestart_daemon() { - if get_status_daemon; then - echo "reporter ("`cat "$pidfile"`") is running" - exit 0 - fi - start_daemon - exit 0 -} - -status_daemon() { - if get_status_daemon; then - echo "reporter ("`cat "$pidfile"`") is running" - exit 0 - fi - echo "reporter is not running" - exit 1 -} - -case "$1" in - rundaemon) - reporter_daemon - ;; - start) - start_daemon - ;; - stop) - kill_daemon - ;; - restart) - restart_daemon - ;; - condrestart) - condrestart_daemon - ;; - status) - status_daemon - ;; - *) - echo "Usage: $0 {start|stop|restart|condrestart|status}" - exit 2 - ;; -esac -exit $? diff --git a/external/unbound/contrib/warmup.cmd b/external/unbound/contrib/warmup.cmd deleted file mode 100644 index cbbdebc72..000000000 --- a/external/unbound/contrib/warmup.cmd +++ /dev/null @@ -1,153 +0,0 @@ -@echo off
-
-rem --------------------------------------------------------------
-rem -- Warm up DNS cache script by your own MRU domains or from
-rem -- file when it specified as script argument.
-rem --
-rem -- Version 1.1
-rem -- By Yuri Voinov (c) 2014
-rem --------------------------------------------------------------
-
-rem DNS host address
-set address="127.0.0.1"
-
-rem Check dig installed
-for /f "delims=" %%a in ('where dig') do @set dig=%%a
-if /I "%dig%"=="" echo Dig not found. If installed, add path to PATH environment variable. & exit 1
-echo Dig found: %dig%
-
-set arg=%1%
-
-if defined %arg% (goto builtin) else (goto from_file)
-
-:builtin
-echo Warming up cache by MRU domains...
-for %%a in (
-2gis.ru
-admir.kz
-adobe.com
-agent.mail.ru
-aimp.ru
-akamai.com
-akamai.net
-almaty.tele2.kz
-aol.com
-apple.com
-arin.com
-artlebedev.ru
-auto.mail.ru
-beeline.kz
-bing.com
-blogspot.com
-comodo.com
-dnscrypt.org
-drive.google.com
-drive.mail.ru
-facebook.com
-farmanager.com
-fb.com
-firefox.com
-forum.farmanager.com
-gazeta.ru
-getsharex.com
-gismeteo.ru
-google.com
-google.kz
-google.ru
-googlevideo.com
-goto.kz
-iana.org
-icq.com
-imap.mail.ru
-instagram.com
-intel.com
-irr.kz
-java.com
-kaspersky.com
-kaspersky.ru
-kcell.kz
-krisha.kz
-lady.mail.ru
-lenta.ru
-libreoffice.org
-linkedin.com
-livejournal.com
-mail.google.com
-mail.ru
-microsoft.com
-mozilla.org
-mra.mail.ru
-munin-monitoring.org
-my.mail.ru
-news.bbcimg.co.uk
-news.mail.ru
-newsimg.bbc.net.uk
-nvidia.com
-odnoklassniki.ru
-ok.ru
-opencsw.org
-opendns.com
-opendns.org
-opennet.ru
-opera.com
-oracle.com
-peerbet.ru
-piriform.com
-plugring.farmanager.com
-privoxy.org
-qip.ru
-raidcall.com
-rambler.ru
-reddit.com
-ru.wikipedia.org
-shallalist.de
-skype.com
-snob.ru
-squid-cache.org
-squidclamav.darold.net
-squidguard.org
-ssl.comodo.com
-ssl.verisign.com
-symantec.com
-symantecliveupdate.com
-tele2.kz
-tengrinews.kz
-thunderbird.com
-torproject.org
-torstatus.blutmagie.de
-translate.google.com
-unbound.net
-verisign.com
-vk.com
-vk.me
-vk.ru
-vkontakte.com
-vkontakte.ru
-vlc.org
-watsapp.net
-weather.mail.ru
-windowsupdate.com
-www.baidu.com
-www.bbc.co.uk
-www.internic.net
-www.opennet.ru
-www.topgear.com
-ya.ru
-yahoo.com
-yandex.com
-yandex.ru
-youtube.com
-ytimg.com
-) do "%dig%" %%a @%address% 1>nul 2>nul
-goto end
-
-:from_file
-echo Warming up cache from %1% file...
-%dig% -f %arg% @%address% 1>nul 2>nul
-
-:end
-echo Saving cache...
-if exist unbound_cache.cmd unbound_cache.cmd -s
-echo Done.
-
-exit 0 diff --git a/external/unbound/contrib/warmup.sh b/external/unbound/contrib/warmup.sh deleted file mode 100644 index b4d9135a6..000000000 --- a/external/unbound/contrib/warmup.sh +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/sh - -# -------------------------------------------------------------- -# -- Warm up DNS cache script by your own MRU domains or from -# -- file when it specified as script argument. -# -- -# -- Version 1.1 -# -- By Yuri Voinov (c) 2014 -# -------------------------------------------------------------- - -# Default DNS host address -address="127.0.0.1" - -cat=`which cat` -dig=`which dig` - -if [ -z "$1" ]; then -echo "Warming up cache by MRU domains..." -$dig -f - @$address >/dev/null 2>&1 <<EOT -2gis.ru -admir.kz -adobe.com -agent.mail.ru -aimp.ru -akamai.com -akamai.net -almaty.tele2.kz -aol.com -apple.com -arin.com -artlebedev.ru -auto.mail.ru -beeline.kz -bing.com -blogspot.com -clamav.net -comodo.com -dnscrypt.org -drive.google.com -drive.mail.ru -facebook.com -farmanager.com -fb.com -firefox.com -forum.farmanager.com -gazeta.ru -getsharex.com -gismeteo.ru -google.com -google.kz -google.ru -googlevideo.com -goto.kz -iana.org -icq.com -imap.mail.ru -instagram.com -instagram.com -intel.com -irr.kz -java.com -kaspersky.com -kaspersky.ru -kcell.kz -krisha.kz -lady.mail.ru -lenta.ru -libreoffice.org -linkedin.com -livejournal.com -mail.google.com -mail.ru -microsoft.com -mozilla.org -mra.mail.ru -munin-monitoring.org -my.mail.ru -news.bbcimg.co.uk -news.mail.ru -newsimg.bbc.net.uk -nvidia.com -odnoklassniki.ru -ok.ru -opencsw.org -opendns.com -opendns.org -opennet.ru -opera.com -oracle.com -peerbet.ru -piriform.com -plugring.farmanager.com -privoxy.org -qip.ru -raidcall.com -rambler.ru -reddit.com -ru.wikipedia.org -shallalist.de -skype.com -snob.ru -squid-cache.org -squidclamav.darold.net -squidguard.org -ssl.comodo.com -ssl.verisign.com -symantec.com -symantecliveupdate.com -tele2.kz -tengrinews.kz -thunderbird.com -torproject.org -torstatus.blutmagie.de -translate.google.com -unbound.net -verisign.com -vk.com -vk.me -vk.ru -vkontakte.com -vkontakte.ru -vlc.org -watsapp.net -weather.mail.ru -windowsupdate.com -www.baidu.com -www.bbc.co.uk -www.internic.net -www.opennet.ru -www.topgear.com -ya.ru -yahoo.com -yandex.com -yandex.ru -youtube.com -ytimg.com -EOT -else - echo "Warming up cache from $1 file..." - $cat $1 | $dig -f - @$address >/dev/null 2>&1 -fi - -echo "Done." - -echo "Saving cache..." -script=`which unbound_cache.sh` -[ -f "$script" ] && $script -s -echo "Done." - -exit 0 |