1
|
<?php
|
2
|
/* $Id$ */
|
3
|
/*
|
4
|
unbound.inc
|
5
|
part of the pfSense project (http://www.pfsense.com)
|
6
|
Copyright (C) 2011 Warren Baker
|
7
|
All rights reserved.
|
8
|
|
9
|
Redistribution and use in source and binary forms, with or without
|
10
|
modification, are permitted provided that the following conditions are met:
|
11
|
|
12
|
1. Redistributions of source code must retain the above copyright notice,
|
13
|
this list of conditions and the following disclaimer.
|
14
|
|
15
|
2. Redistributions in binary form must reproduce the above copyright
|
16
|
notice, this list of conditions and the following disclaimer in the
|
17
|
documentation and/or other materials provided with the distribution.
|
18
|
|
19
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
20
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
21
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
22
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
23
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
24
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
25
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
26
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
27
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
28
|
POSSIBILITY OF SUCH DAMAGE.
|
29
|
*/
|
30
|
|
31
|
/*
|
32
|
pfSense_BUILDER_BINARIES: /usr/local/sbin/unbound /usr/local/sbin/unbound-anchor
|
33
|
pfSense_BUILDER_BINARIES: /usr/local/sbin/unbound-checkconf /usr/local/sbin/unbound-control
|
34
|
pfSense_BUILDER_BINARIES: /usr/local/sbin/unbound-control-setup /usr/local/sbin/unbound-host
|
35
|
*/
|
36
|
|
37
|
|
38
|
function unbound_add_domain_overrides($pvt=false) {
|
39
|
global $config;
|
40
|
|
41
|
$domains = $config['unbound']['domainoverrides'];
|
42
|
|
43
|
|
44
|
$sorted_domains = msort($domains, "domain");
|
45
|
$result = array();
|
46
|
foreach($sorted_domains as $domain) {
|
47
|
$domain_key = current($domain);
|
48
|
if(!isset($result[$domain_key])) {
|
49
|
$result[$domain_key] = array();
|
50
|
}
|
51
|
$result[$domain_key][] = $domain['ip'];
|
52
|
}
|
53
|
|
54
|
// Domain overrides that have multiple entries need multiple stub-addr: added
|
55
|
$domain_entries = "";
|
56
|
foreach($result as $domain=>$ips) {
|
57
|
if($pvt == true) {
|
58
|
$domain_entries .= "private-domain: \"$domain\"\n";
|
59
|
$domain_entries .= "domain-insecure: \"$domain\"\n";
|
60
|
} else {
|
61
|
$domain_entries .= "stub-zone:\n";
|
62
|
$domain_entries .= "\tname: \"$domain\"\n";
|
63
|
foreach($ips as $ip) {
|
64
|
$domain_entries .= "\tstub-addr: $ip\n";
|
65
|
}
|
66
|
$domain_entries .= "\tstub-prime: no\n";
|
67
|
}
|
68
|
}
|
69
|
return $domain_entries;
|
70
|
}
|
71
|
|
72
|
|
73
|
function unbound_optimization() {
|
74
|
global $config;
|
75
|
|
76
|
$optimization_settings = array();
|
77
|
|
78
|
/* Set the number of threads equal to number of CPUs.
|
79
|
* Use 1 to disable threading, if for some reason this sysctl fails.
|
80
|
*/
|
81
|
$numprocs = intval(trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d" " -f2`));
|
82
|
if($numprocs > 0)
|
83
|
$optimization['number_threads'] = "num-threads: {$numprocs}";
|
84
|
else
|
85
|
$optimization['number_threads'] = "num-threads: 1";
|
86
|
|
87
|
// Slabs to help reduce lock contention.
|
88
|
if ($numprocs > 4) {
|
89
|
$optimization['msg_cache_slabs'] = "msg-cache-slabs: {$numprocs}";
|
90
|
$optimization['rrset_cache_slabs'] = "rrset-cache-slabs: {$numprocs}";
|
91
|
$optimization['infra_cache_slabs'] = "infra-cache-slabs: {$numprocs}";
|
92
|
$optimization['key_cache_slabs'] = "key-cache-slabs: {$numprocs}";
|
93
|
} else {
|
94
|
$optimization['msg_cache_slabs'] = "msg-cache-slabs: 4";
|
95
|
$optimization['rrset_cache_slabs'] = "rrset-cache-slabs: 4";
|
96
|
$optimization['infra_cache_slabs'] = "infra-cache-slabs: 4";
|
97
|
$optimization['key_cache_slabs'] = "key-cache-slabs: 4";
|
98
|
}
|
99
|
|
100
|
// Memory usage default of 4Mb
|
101
|
$optimization['msg_cache_size'] = "msg-cache-size: 4m";
|
102
|
$optimization['rrset_cache_size'] = "rrset-cache-size: 8m";
|
103
|
|
104
|
// More outgoing connections per thread otherwise assign a default of 4096 for a single thread
|
105
|
if($numprocs > 0) {
|
106
|
$or = (1024/$numprocs) - 50;
|
107
|
$optimization['outgoing_range'] = "outgoing-range: {$or}";
|
108
|
} else {
|
109
|
$optimization['outgoing_range'] = "outgoing-range: {4096}";
|
110
|
}
|
111
|
|
112
|
// Larger socket buffer for busy servers
|
113
|
// Check that it is set to 4MB (by default the OS has it configured to 4MB)
|
114
|
foreach ($config['sysctl']['item'] as $tunable) {
|
115
|
if ($tunable['tunable'] == 'kern.ipc.maxsockbuf') {
|
116
|
$so = floor(($tunable['value']/1024/1024)-1);
|
117
|
// Check to ensure that the number is not a negative
|
118
|
if ($so > 0)
|
119
|
$optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m";
|
120
|
else
|
121
|
unset($optimization['so_rcvbuf']);
|
122
|
}
|
123
|
}
|
124
|
// Safety check in case kern.ipc.maxsockbuf is deleted.
|
125
|
if(!isset($optimization['so_rcvbuf']))
|
126
|
$optimization['so_rcvbuf'] = "#so-rcvbuf: 4m";
|
127
|
|
128
|
return $optimization;
|
129
|
}
|
130
|
|
131
|
|
132
|
?>
|