mirror of
https://github.com/pi-hole/dnsmasq.git
synced 2025-12-19 10:18:25 +00:00
44 lines
1.5 KiB
Plaintext
Executable File
44 lines
1.5 KiB
Plaintext
Executable File
#!/lib/runit/invoke-run
|
|
|
|
readonly name=dnsmasq
|
|
readonly daemon=/usr/sbin/dnsmasq
|
|
readonly marker=/usr/share/dnsmasq/installed-marker
|
|
|
|
test -e "${marker}" || exec sv down "${name}"
|
|
test -x "${daemon}" || exec sv down "${name}"
|
|
|
|
if [ ! "${RESOLV_CONF:-}" ] &&
|
|
[ "${IGNORE_RESOLVCONF:-}" != "yes" ] &&
|
|
[ -x /sbin/resolvconf ]
|
|
then
|
|
RESOLV_CONF=/run/dnsmasq/resolv.conf
|
|
fi
|
|
|
|
# This tells dnsmasq to ignore DNS requests that don't come from a local network.
|
|
# It's automatically ignored if --interface --except-interface, --listen-address
|
|
# or --auth-server exist in the configuration, so for most installations, it will
|
|
# have no effect, but for otherwise-unconfigured installations, it stops dnsmasq
|
|
# from being vulnerable to DNS-reflection attacks.
|
|
|
|
DNSMASQ_OPTS="${DNSMASQ_OPTS:-} --local-service"
|
|
|
|
# If the dns-root-data package is installed, then the trust anchors will be
|
|
# available in $ROOT_DS, in BIND zone-file format. Reformat as dnsmasq
|
|
# --trust-anchor options.
|
|
|
|
ROOT_DS="/usr/share/dns/root.ds"
|
|
|
|
if [ -f $ROOT_DS ]; then
|
|
DNSMASQ_OPTS="$DNSMASQ_OPTS `env LC_ALL=C sed -rne "s/^([.a-zA-Z0-9]+)([[:space:]]+[0-9]+)*([[:space:]]+IN)*[[:space:]]+DS[[:space:]]+/--trust-anchor=\1,/;s/[[:space:]]+/,/gp" $ROOT_DS | tr '\n' ' '`"
|
|
fi
|
|
|
|
mkdir -p /run/dnsmasq
|
|
chown dnsmasq:nogroup /run/dnsmasq
|
|
[ -x /sbin/restorecon ] && /sbin/restorecon /run/dnsmasq
|
|
exec "${daemon}" \
|
|
--keep-in-foreground \
|
|
--log-facility=/dev/stdout \
|
|
${RESOLV_CONF:+ -r $RESOLV_CONF} \
|
|
${DNSMASQ_OPTS} \
|
|
-u dnsmasq
|