Revision 34fc7cd6
Added by Viktor Gurov over 3 years ago
| src/etc/inc/unbound.inc | ||
|---|---|---|
| 129 | 129 |
|
| 130 | 130 |
unbound_generate_config($unboundcfg, $cfgsubdir); |
| 131 | 131 |
unbound_remote_control_setup($cfgsubdir); |
| 132 |
do_as_unbound_user("unbound-anchor", $cfgsubdir);
|
|
| 132 |
if (isset($unboundcfg['dnssec'])) {
|
|
| 133 |
do_as_unbound_user("unbound-anchor", $cfgsubdir);
|
|
| 134 |
} |
|
| 133 | 135 |
|
| 134 | 136 |
$rv = 0; |
| 135 | 137 |
exec("/usr/local/sbin/unbound-checkconf {$cfgdir}/unbound.conf 2>&1",
|
| ... | ... | |
| 596 | 598 |
create_unbound_chroot_path(); |
| 597 | 599 |
|
| 598 | 600 |
// Configure our Unbound service |
| 599 |
do_as_unbound_user("unbound-anchor");
|
|
| 601 |
if (isset($config['unbound']['dnssec'])) {
|
|
| 602 |
/* do not sync root.key file if DNSSEC is not enabled, |
|
| 603 |
* see https://redmine.pfsense.org/issues/12985 */ |
|
| 604 |
do_as_unbound_user("unbound-anchor");
|
|
| 605 |
} |
|
| 600 | 606 |
unbound_remote_control_setup(); |
| 601 | 607 |
unbound_generate_config(); |
| 602 | 608 |
do_as_unbound_user("start");
|
| ... | ... | |
| 644 | 650 |
mwexec("/usr/bin/su -m unbound -c '/usr/local/sbin/unbound-control -c {$g['unbound_chroot_path']}/unbound.conf reload'", true);
|
| 645 | 651 |
break; |
| 646 | 652 |
case "unbound-anchor": |
| 647 |
if (!isset($config['unbound']['dnssec'])) {
|
|
| 648 |
/* do not sync root.key file if DNSSEC is not enabled, |
|
| 649 |
* see https://redmine.pfsense.org/issues/12985 */ |
|
| 650 |
break; |
|
| 651 |
} |
|
| 652 | 653 |
$root_key_file = "{$g['unbound_chroot_path']}{$param1}/root.key";
|
| 653 | 654 |
// sanity check root.key because unbound-anchor will fail without manual removal otherwise. redmine #5334 |
| 654 | 655 |
if (file_exists($root_key_file)) {
|
Also available in: Unified diff
Improve unbound DNSSEC option check. Issue #12985