Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame] | 1 | # -*- shell-script -*- |
| 2 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
| 3 | DAEMON=/usr/sbin/dnsmasq |
| 4 | NAME=dnsmasq |
| 5 | DESC="DNS forwarder and DHCP server" |
| 6 | INSTANCE="${2}" |
| 7 | |
| 8 | # Most configuration options in /etc/default/dnsmasq are deprecated |
| 9 | # but still honoured. |
| 10 | if [ -r /etc/default/${NAME}${INSTANCE:+.${INSTANCE}} ]; then |
| 11 | . /etc/default/${NAME}${INSTANCE:+.${INSTANCE}} |
| 12 | fi |
| 13 | |
| 14 | # Get the system locale, so that messages are in the correct language, and the |
| 15 | # charset for IDN is correct |
| 16 | if [ -r /etc/default/locale ]; then |
| 17 | . /etc/default/locale |
| 18 | export LANG |
| 19 | fi |
| 20 | |
| 21 | # RESOLV_CONF: |
| 22 | # If the resolvconf package is installed then use the resolv conf file |
| 23 | # that it provides as the default. Otherwise use /etc/resolv.conf as |
| 24 | # the default. |
| 25 | # |
| 26 | # If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit |
| 27 | # filename is set there then this inhibits the use of the resolvconf-provided |
| 28 | # information. |
| 29 | # |
| 30 | # Note that if the resolvconf package is installed it is not possible to |
| 31 | # override it just by configuration in /etc/dnsmasq.conf, it is necessary |
| 32 | # to set IGNORE_RESOLVCONF=yes in /etc/default/dnsmasq. |
| 33 | |
| 34 | if [ ! "${RESOLV_CONF}" ] && |
| 35 | [ "${IGNORE_RESOLVCONF}" != "yes" ] && |
| 36 | [ -x /sbin/resolvconf ] |
| 37 | then |
| 38 | RESOLV_CONF=/run/dnsmasq/resolv.conf |
| 39 | fi |
| 40 | |
| 41 | for INTERFACE in ${DNSMASQ_INTERFACE}; do |
| 42 | DNSMASQ_INTERFACES="${DNSMASQ_INTERFACES} -i ${INTERFACE}" |
| 43 | done |
| 44 | |
| 45 | for INTERFACE in ${DNSMASQ_EXCEPT}; do |
| 46 | DNSMASQ_INTERFACES="${DNSMASQ_INTERFACES} -I ${INTERFACE}" |
| 47 | done |
| 48 | |
| 49 | if [ ! "${DNSMASQ_USER}" ]; then |
| 50 | DNSMASQ_USER="dnsmasq" |
| 51 | fi |
| 52 | |
| 53 | # This tells dnsmasq to ignore DNS requests that don't come from a local network. |
| 54 | # It's automatically ignored if --interface --except-interface, --listen-address |
| 55 | # or --auth-server exist in the configuration, so for most installations, it will |
| 56 | # have no effect, but for otherwise-unconfigured installations, it stops dnsmasq |
| 57 | # from being vulnerable to DNS-reflection attacks. |
| 58 | |
| 59 | DNSMASQ_OPTS="${DNSMASQ_OPTS} --local-service" |
| 60 | |
| 61 | # If the dns-root-data package is installed, then the trust anchors will be |
| 62 | # available in ROOT_DS, in BIND zone-file format. Reformat as dnsmasq |
| 63 | # --trust-anchor options. |
| 64 | |
| 65 | ROOT_DS="/usr/share/dns/root.ds" |
| 66 | |
| 67 | if [ -f ${ROOT_DS} ]; then |
| 68 | DNSMASQ_OPTS="$DNSMASQ_OPTS `env LC_ALL=C sed -rne "s/^([.a-zA-Z0-9]+)([[:space:]]+[0-9]+)*([[:space:]]+IN)*[[:space:]]+DS[[:space:]]+/--trust-anchor=\1,/;s/[[:space:]]+/,/gp" $ROOT_DS | tr '\n' ' '`" |
| 69 | fi |
| 70 | |
| 71 | checkconfig() |
| 72 | { |
| 73 | ${DAEMON} --test ${CONFIG_DIR:+ -7 ${CONFIG_DIR}} ${DNSMASQ_OPTS:+ ${DNSMASQ_OPTS}} >/dev/null 2>&1 |
| 74 | } |
| 75 | |
| 76 | start_resolvconf() |
| 77 | { |
| 78 | # If interface "lo" is explicitly disabled in /etc/default/dnsmasq |
| 79 | # Then dnsmasq won't be providing local DNS, so don't add it to |
| 80 | # the resolvconf server set. |
| 81 | for interface in ${DNSMASQ_EXCEPT}; do |
| 82 | [ ${interface} = lo ] && return |
| 83 | done |
| 84 | |
| 85 | # Also skip this if DNS functionality is disabled in /etc/dnsmasq.conf |
| 86 | if grep -qs '^port=0' /etc/dnsmasq.conf; then |
| 87 | return |
| 88 | fi |
| 89 | |
| 90 | if [ -x /sbin/resolvconf ] ; then |
| 91 | echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.${NAME}${INSTANCE:+.${INSTANCE}} |
| 92 | fi |
| 93 | return 0 |
| 94 | } |
| 95 | |
| 96 | stop_resolvconf() |
| 97 | { |
| 98 | if [ -x /sbin/resolvconf ] ; then |
| 99 | /sbin/resolvconf -d lo.${NAME}${INSTANCE:+.${INSTANCE}} |
| 100 | fi |
| 101 | return 0 |
| 102 | } |