Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | ### BEGIN INIT INFO |
| 3 | # Provides: dnsmasq |
| 4 | # Required-Start: $network $remote_fs $syslog |
| 5 | # Required-Stop: $network $remote_fs $syslog |
| 6 | # Default-Start: 2 3 4 5 |
| 7 | # Default-Stop: 0 1 6 |
| 8 | # Description: DHCP and DNS server |
| 9 | ### END INIT INFO |
| 10 | |
Simon Kelley | 332c41e | 2016-05-01 22:36:46 +0100 | [diff] [blame] | 11 | # Don't exit on error status |
| 12 | set +e |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 13 | |
| 14 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
| 15 | DAEMON=/usr/sbin/dnsmasq |
| 16 | NAME=dnsmasq |
| 17 | DESC="DNS forwarder and DHCP server" |
| 18 | |
| 19 | # Most configuration options in /etc/default/dnsmasq are deprecated |
| 20 | # but still honoured. |
| 21 | ENABLED=1 |
| 22 | if [ -r /etc/default/$NAME ]; then |
| 23 | . /etc/default/$NAME |
| 24 | fi |
| 25 | |
| 26 | # Get the system locale, so that messages are in the correct language, and the |
| 27 | # charset for IDN is correct |
| 28 | if [ -r /etc/default/locale ]; then |
| 29 | . /etc/default/locale |
| 30 | export LANG |
| 31 | fi |
| 32 | |
Simon Kelley | 332c41e | 2016-05-01 22:36:46 +0100 | [diff] [blame] | 33 | # The following test ensures the dnsmasq service is not started, when the |
| 34 | # package 'dnsmasq' is removed but not purged, even if the dnsmasq-base |
| 35 | # package is still in place. |
Simon Kelley | 9bb3998 | 2016-07-16 22:06:01 +0100 | [diff] [blame] | 36 | test -e /usr/share/dnsmasq/installed-marker || exit 0 |
Simon Kelley | 332c41e | 2016-05-01 22:36:46 +0100 | [diff] [blame] | 37 | |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 38 | test -x $DAEMON || exit 0 |
| 39 | |
| 40 | # Provide skeleton LSB log functions for backports which don't have LSB functions. |
| 41 | if [ -f /lib/lsb/init-functions ]; then |
| 42 | . /lib/lsb/init-functions |
| 43 | else |
| 44 | log_warning_msg () { |
| 45 | echo "${@}." |
| 46 | } |
| 47 | |
| 48 | log_success_msg () { |
| 49 | echo "${@}." |
| 50 | } |
| 51 | |
| 52 | log_daemon_msg () { |
| 53 | echo -n "${1}: $2" |
| 54 | } |
| 55 | |
| 56 | log_end_msg () { |
| 57 | if [ $1 -eq 0 ]; then |
| 58 | echo "." |
| 59 | elif [ $1 -eq 255 ]; then |
| 60 | /bin/echo -e " (warning)." |
| 61 | else |
| 62 | /bin/echo -e " failed!" |
| 63 | fi |
| 64 | } |
| 65 | fi |
| 66 | |
| 67 | # RESOLV_CONF: |
| 68 | # If the resolvconf package is installed then use the resolv conf file |
| 69 | # that it provides as the default. Otherwise use /etc/resolv.conf as |
| 70 | # the default. |
| 71 | # |
| 72 | # If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit |
| 73 | # filename is set there then this inhibits the use of the resolvconf-provided |
| 74 | # information. |
| 75 | # |
| 76 | # Note that if the resolvconf package is installed it is not possible to |
| 77 | # override it just by configuration in /etc/dnsmasq.conf, it is necessary |
| 78 | # to set IGNORE_RESOLVCONF=yes in /etc/default/dnsmasq. |
| 79 | |
| 80 | if [ ! "$RESOLV_CONF" ] && |
| 81 | [ "$IGNORE_RESOLVCONF" != "yes" ] && |
| 82 | [ -x /sbin/resolvconf ] |
| 83 | then |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 84 | RESOLV_CONF=/run/dnsmasq/resolv.conf |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 85 | fi |
| 86 | |
| 87 | for INTERFACE in $DNSMASQ_INTERFACE; do |
| 88 | DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -i $INTERFACE" |
| 89 | done |
| 90 | |
| 91 | for INTERFACE in $DNSMASQ_EXCEPT; do |
| 92 | DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -I $INTERFACE" |
| 93 | done |
| 94 | |
| 95 | if [ ! "$DNSMASQ_USER" ]; then |
| 96 | DNSMASQ_USER="dnsmasq" |
| 97 | fi |
| 98 | |
Simon Kelley | 1a9a348 | 2014-03-05 15:01:08 +0000 | [diff] [blame] | 99 | # This tells dnsmasq to ignore DNS requests that don't come from a local network. |
| 100 | # It's automatically ignored if --interface --except-interface, --listen-address |
| 101 | # or --auth-server exist in the configuration, so for most installations, it will |
| 102 | # have no effect, but for otherwise-unconfigured installations, it stops dnsmasq |
| 103 | # from being vulnerable to DNS-reflection attacks. |
| 104 | |
| 105 | DNSMASQ_OPTS="$DNSMASQ_OPTS --local-service" |
| 106 | |
Simon Kelley | c43b8a6 | 2014-09-07 19:34:39 +0100 | [diff] [blame] | 107 | # If the dns-root-data package is installed, then the trust anchors will be |
| 108 | # available in $ROOT_DS, in BIND zone-file format. Reformat as dnsmasq |
| 109 | # --trust-anchor options. |
| 110 | |
| 111 | ROOT_DS="/usr/share/dns/root.ds" |
| 112 | |
| 113 | if [ -f $ROOT_DS ]; then |
Simon Kelley | 39d8550 | 2017-12-14 21:23:34 +0000 | [diff] [blame] | 114 | DNSMASQ_OPTS="$DNSMASQ_OPTS `env LC_ALL=C sed -rne "s/^([.a-zA-Z0-9]+)([[:space:]]+[0-9]+)*([[:space:]]+IN)*[[:space:]]+DS[[:space:]]+/--trust-anchor=\1,/;s/[[:space:]]+/,/gp" $ROOT_DS | tr '\n' ' '`" |
Simon Kelley | c43b8a6 | 2014-09-07 19:34:39 +0100 | [diff] [blame] | 115 | fi |
| 116 | |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 117 | start() |
| 118 | { |
| 119 | # Return |
| 120 | # 0 if daemon has been started |
| 121 | # 1 if daemon was already running |
| 122 | # 2 if daemon could not be started |
| 123 | |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 124 | # /run may be volatile, so we need to ensure that |
| 125 | # /run/dnsmasq exists here as well as in postinst |
| 126 | if [ ! -d /run/dnsmasq ]; then |
| 127 | mkdir /run/dnsmasq || return 2 |
| 128 | chown dnsmasq:nogroup /run/dnsmasq || return 2 |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 129 | fi |
| 130 | |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 131 | start-stop-daemon --start --quiet --pidfile /run/dnsmasq/$NAME.pid --exec $DAEMON --test > /dev/null || return 1 |
| 132 | start-stop-daemon --start --quiet --pidfile /run/dnsmasq/$NAME.pid --exec $DAEMON -- \ |
| 133 | -x /run/dnsmasq/$NAME.pid \ |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 134 | ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \ |
| 135 | ${MAILTARGET:+ -t $MAILTARGET} \ |
| 136 | ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \ |
| 137 | ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \ |
| 138 | ${DHCP_LEASE:+ -l $DHCP_LEASE} \ |
| 139 | ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \ |
| 140 | ${RESOLV_CONF:+ -r $RESOLV_CONF} \ |
| 141 | ${CACHESIZE:+ -c $CACHESIZE} \ |
| 142 | ${CONFIG_DIR:+ -7 $CONFIG_DIR} \ |
| 143 | ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} \ |
| 144 | || return 2 |
| 145 | } |
| 146 | |
| 147 | start_resolvconf() |
| 148 | { |
| 149 | # If interface "lo" is explicitly disabled in /etc/default/dnsmasq |
| 150 | # Then dnsmasq won't be providing local DNS, so don't add it to |
| 151 | # the resolvconf server set. |
| 152 | for interface in $DNSMASQ_EXCEPT |
| 153 | do |
| 154 | [ $interface = lo ] && return |
| 155 | done |
| 156 | |
Floris Bos | bc87e60 | 2017-04-11 14:19:57 +0100 | [diff] [blame] | 157 | # Also skip this if DNS functionality is disabled in /etc/dnsmasq.conf |
| 158 | if grep -qs '^port=0' /etc/dnsmasq.conf; then |
| 159 | return |
| 160 | fi |
| 161 | |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 162 | if [ -x /sbin/resolvconf ] ; then |
| 163 | echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME |
| 164 | fi |
| 165 | return 0 |
| 166 | } |
| 167 | |
| 168 | stop() |
| 169 | { |
| 170 | # Return |
| 171 | # 0 if daemon has been stopped |
| 172 | # 1 if daemon was already stopped |
| 173 | # 2 if daemon could not be stopped |
| 174 | # other if a failure occurred |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 175 | start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /run/dnsmasq/$NAME.pid --name $NAME |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 176 | } |
| 177 | |
| 178 | stop_resolvconf() |
| 179 | { |
| 180 | if [ -x /sbin/resolvconf ] ; then |
| 181 | /sbin/resolvconf -d lo.$NAME |
| 182 | fi |
| 183 | return 0 |
| 184 | } |
| 185 | |
| 186 | status() |
| 187 | { |
| 188 | # Return |
| 189 | # 0 if daemon is running |
| 190 | # 1 if daemon is dead and pid file exists |
| 191 | # 3 if daemon is not running |
| 192 | # 4 if daemon status is unknown |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 193 | start-stop-daemon --start --quiet --pidfile /run/dnsmasq/$NAME.pid --exec $DAEMON --test > /dev/null |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 194 | case "$?" in |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 195 | 0) [ -e "/run/dnsmasq/$NAME.pid" ] && return 1 ; return 3 ;; |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 196 | 1) return 0 ;; |
| 197 | *) return 4 ;; |
| 198 | esac |
| 199 | } |
| 200 | |
| 201 | case "$1" in |
| 202 | start) |
| 203 | test "$ENABLED" != "0" || exit 0 |
| 204 | log_daemon_msg "Starting $DESC" "$NAME" |
| 205 | start |
| 206 | case "$?" in |
| 207 | 0) |
| 208 | log_end_msg 0 |
| 209 | start_resolvconf |
| 210 | exit 0 |
| 211 | ;; |
| 212 | 1) |
| 213 | log_success_msg "(already running)" |
| 214 | exit 0 |
| 215 | ;; |
| 216 | *) |
| 217 | log_end_msg 1 |
| 218 | exit 1 |
| 219 | ;; |
| 220 | esac |
| 221 | ;; |
| 222 | stop) |
| 223 | stop_resolvconf |
| 224 | if [ "$ENABLED" != "0" ]; then |
| 225 | log_daemon_msg "Stopping $DESC" "$NAME" |
| 226 | fi |
| 227 | stop |
| 228 | RETVAL="$?" |
| 229 | if [ "$ENABLED" = "0" ]; then |
| 230 | case "$RETVAL" in |
| 231 | 0) log_daemon_msg "Stopping $DESC" "$NAME"; log_end_msg 0 ;; |
| 232 | esac |
| 233 | exit 0 |
| 234 | fi |
| 235 | case "$RETVAL" in |
| 236 | 0) log_end_msg 0 ; exit 0 ;; |
| 237 | 1) log_warning_msg "(not running)" ; exit 0 ;; |
| 238 | *) log_end_msg 1; exit 1 ;; |
| 239 | esac |
| 240 | ;; |
| 241 | restart|force-reload) |
| 242 | test "$ENABLED" != "0" || exit 1 |
| 243 | $DAEMON --test ${CONFIG_DIR:+ -7 $CONFIG_DIR} ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} >/dev/null 2>&1 |
| 244 | if [ $? -ne 0 ]; then |
| 245 | NAME="configuration syntax check" |
| 246 | RETVAL="2" |
| 247 | else |
| 248 | stop_resolvconf |
| 249 | stop |
| 250 | RETVAL="$?" |
| 251 | fi |
| 252 | log_daemon_msg "Restarting $DESC" "$NAME" |
| 253 | case "$RETVAL" in |
| 254 | 0|1) |
| 255 | sleep 2 |
| 256 | start |
| 257 | case "$?" in |
| 258 | 0) |
| 259 | log_end_msg 0 |
| 260 | start_resolvconf |
| 261 | exit 0 |
| 262 | ;; |
| 263 | *) |
| 264 | log_end_msg 1 |
| 265 | exit 1 |
| 266 | ;; |
| 267 | esac |
| 268 | ;; |
| 269 | *) |
| 270 | log_end_msg 1 |
| 271 | exit 1 |
| 272 | ;; |
| 273 | esac |
| 274 | ;; |
| 275 | status) |
| 276 | log_daemon_msg "Checking $DESC" "$NAME" |
| 277 | status |
| 278 | case "$?" in |
| 279 | 0) log_success_msg "(running)" ; exit 0 ;; |
| 280 | 1) log_success_msg "(dead, pid file exists)" ; exit 1 ;; |
| 281 | 3) log_success_msg "(not running)" ; exit 3 ;; |
| 282 | *) log_success_msg "(unknown)" ; exit 4 ;; |
| 283 | esac |
| 284 | ;; |
Simon Kelley | 760169f | 2012-03-09 14:27:49 +0000 | [diff] [blame] | 285 | dump-stats) |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 286 | kill -s USR1 `cat /run/dnsmasq/$NAME.pid` |
Simon Kelley | 760169f | 2012-03-09 14:27:49 +0000 | [diff] [blame] | 287 | ;; |
Simon Kelley | 2cd9a0d | 2012-06-11 21:56:10 +0100 | [diff] [blame] | 288 | systemd-start-resolvconf) |
| 289 | start_resolvconf |
| 290 | ;; |
| 291 | systemd-stop-resolvconf) |
| 292 | stop_resolvconf |
| 293 | ;; |
| 294 | systemd-exec) |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 295 | # /run may be volatile, so we need to ensure that |
| 296 | # /run/dnsmasq exists here as well as in postinst |
| 297 | if [ ! -d /run/dnsmasq ]; then |
| 298 | mkdir /run/dnsmasq || return 2 |
| 299 | chown dnsmasq:nogroup /run/dnsmasq || return 2 |
Simon Kelley | d92c53e | 2014-05-20 21:00:02 +0100 | [diff] [blame] | 300 | fi |
Simon Kelley | 4790115 | 2015-09-29 22:54:41 +0100 | [diff] [blame] | 301 | exec $DAEMON -x /run/dnsmasq/$NAME.pid \ |
Simon Kelley | 2cd9a0d | 2012-06-11 21:56:10 +0100 | [diff] [blame] | 302 | ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \ |
| 303 | ${MAILTARGET:+ -t $MAILTARGET} \ |
| 304 | ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \ |
| 305 | ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \ |
| 306 | ${DHCP_LEASE:+ -l $DHCP_LEASE} \ |
| 307 | ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \ |
| 308 | ${RESOLV_CONF:+ -r $RESOLV_CONF} \ |
| 309 | ${CACHESIZE:+ -c $CACHESIZE} \ |
| 310 | ${CONFIG_DIR:+ -7 $CONFIG_DIR} \ |
| 311 | ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} |
| 312 | ;; |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 313 | *) |
Simon Kelley | 760169f | 2012-03-09 14:27:49 +0000 | [diff] [blame] | 314 | echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|dump-stats|status}" >&2 |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 315 | exit 3 |
| 316 | ;; |
| 317 | esac |
| 318 | |
| 319 | exit 0 |
| 320 | |