dns: preliminary support for unbound (bgo #699810)

The script is called synchronously from NetworkManager so it can handle asynchronicity itself. The long-term plan is to incorporate the script partially into the new plugin and partially into a dnssec-trigger library which will be used instead of dnssec-trigger daemon. https://bugzilla.gnome.org/show_bug.cgi?id=699810 Acked-By: Thomas Haller <thaller@redhat.com> Acked-By: Dan Williams <dcbw@redhat.com>
2024-09-06 09:04:55 +00:00 · 2014-04-03 12:39:45 +02:00 · 2014-04-03 12:39:45 +02:00 · 186e4dcf7a
parent 9c6ac81aa3
commit 186e4dcf7a
5 changed files with 133 additions and 0 deletions
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@ -203,6 +203,10 @@ Copyright (C) 2010 - 2013 Red Hat, Inc.
 	configuration if you are connected to a VPN, and then update
 	<filename>resolv.conf</filename> to point to the local
 	nameserver.</para>
+	<para><literal>unbound</literal>: NetworkManager will talk
+	to unbound and dnssec-triggerd, providing a "split DNS"
+	configuration with DNSSEC support. The /etc/resolv.conf
+	will be managed by dnssec-trigger daemon.</para>
 	<para><literal>none</literal>: NetworkManager will not
 	modify resolv.conf.</para>
 	</listitem>
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -104,6 +104,8 @@ nm_sources = \
 	\
 	dns-manager/nm-dns-dnsmasq.c \
 	dns-manager/nm-dns-dnsmasq.h \
+	dns-manager/nm-dns-unbound.c \
+	dns-manager/nm-dns-unbound.h \
 	dns-manager/nm-dns-manager.c \
 	dns-manager/nm-dns-manager.h \
 	dns-manager/nm-dns-plugin.c \
--- a/src/dns-manager/nm-dns-manager.c
+++ b/src/dns-manager/nm-dns-manager.c
@ -45,6 +45,7 @@

 #include "nm-dns-plugin.h"
 #include "nm-dns-dnsmasq.h"
+#include "nm-dns-unbound.h"

 #if HAVE_LIBSOUP
 #include <libsoup/soup.h>
@ -1103,6 +1104,9 @@ init_resolv_conf_mode (NMDnsManager *self)
 	} else if (!g_strcmp0 (mode, "dnsmasq")) {
 		priv->resolv_conf_mode = NM_DNS_MANAGER_RESOLV_CONF_PROXY;
 		priv->plugin = nm_dns_dnsmasq_new ();
+	} else if (!g_strcmp0 (mode, "unbound")) {
+		priv->resolv_conf_mode = NM_DNS_MANAGER_RESOLV_CONF_PROXY;
+		priv->plugin = nm_dns_unbound_new ();
 	} else {
 		priv->resolv_conf_mode = NM_DNS_MANAGER_RESOLV_CONF_EXPLICIT;
 		if (mode && g_strcmp0 (mode, "default") != 0)
--- a/src/dns-manager/nm-dns-unbound.c
+++ b/src/dns-manager/nm-dns-unbound.c
@ -0,0 +1,79 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ * Author: Pavel Šimerda <psimerda@redhat.com>
+ */
+#include "nm-dns-unbound.h"
+#include "NetworkManagerUtils.h"
+
+G_DEFINE_TYPE (NMDnsUnbound, nm_dns_unbound, NM_TYPE_DNS_PLUGIN)
+
+/*******************************************/
+
+static gboolean
+update (NMDnsPlugin *plugin,
+        const GSList *vpn_configs,
+        const GSList *dev_configs,
+        const GSList *other_configs,
+        const char *hostname)
+{
+	/* TODO: We currently call a script installed with the dnssec-trigger
+	 * package that queries all information itself. Later, the dependency
+	 * on that package will be optional and the only hard dependency will
+	 * be unbound.
+	 *
+	 * Unbound configuration should be later handled by this plugin directly,
+	 * without calling custom scripts. The dnssec-trigger functionality
+	 * may be eventually merged into NetworkManager.
+	 */
+	return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update") == 0;
+}
+
+static gboolean
+is_caching (NMDnsPlugin *plugin)
+{
+	return TRUE;
+}
+
+static const char *
+get_name (NMDnsPlugin *plugin)
+{
+	return "unbound";
+}
+
+/****************************************************************/
+
+NMDnsPlugin *
+nm_dns_unbound_new (void)
+{
+	return g_object_new (NM_TYPE_DNS_UNBOUND, NULL);
+}
+
+static void
+nm_dns_unbound_init (NMDnsUnbound *unbound)
+{
+}
+
+static void
+nm_dns_unbound_class_init (NMDnsUnboundClass *klass)
+{
+	NMDnsPluginClass *plugin_class = NM_DNS_PLUGIN_CLASS (klass);
+
+	plugin_class->update = update;
+	plugin_class->is_caching = is_caching;
+	plugin_class->get_name = get_name;
+}
--- a/src/dns-manager/nm-dns-unbound.h
+++ b/src/dns-manager/nm-dns-unbound.h
@ -0,0 +1,44 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ */
+#ifndef NM_DNS_UNBOUND_H
+#define NM_DNS_UNBOUND_H
+
+#include <glib-object.h>
+
+#include "nm-dns-plugin.h"
+
+#define NM_TYPE_DNS_UNBOUND            (nm_dns_unbound_get_type ())
+#define NM_DNS_UNBOUND(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_DNS_UNBOUND, NMDnsUnbound))
+#define NM_DNS_UNBOUND_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_DNS_UNBOUND, NMDnsUnboundClass))
+#define NM_IS_DNS_UNBOUND(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_DNS_UNBOUND))
+#define NM_IS_DNS_UNBOUND_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_DNS_UNBOUND))
+#define NM_DNS_UNBOUND_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_DNS_UNBOUND, NMDnsUnboundClass))
+
+typedef struct {
+	NMDnsPlugin parent;
+} NMDnsUnbound;
+
+typedef struct {
+	NMDnsPluginClass parent;
+} NMDnsUnboundClass;
+
+GType nm_dns_unbound_get_type (void);
+
+NMDnsPlugin *nm_dns_unbound_new (void);
+
+#endif /* NM_DNS_UNBOUND_H */