OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: fog on September 24, 2021, 08:51:08 am
-
It is possible to ad or modify unbound dns host overrides periodically by a crontab script?
I have to call 'ipsec leases' which get:
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
Leases in pool '172.16.0.0/16', usage: 2/65534, 2 online
172.16.0.1 online 'gateway2'
172.16.0.2 online 'gateway1'
Now I have to add or modify host overrides:
gateway2 example.com A 172.16.0.1
gateway1 example.com A 172.16.0.2
There doesn't seem to be a solution to add a static mapping https://forum.opnsense.org/index.php?topic=24667.0
-
As described in https://docs.opnsense.org/manual/unbound.html#advanced-configurations
I created "/usr/local/etc/unbound.opnsense.d/ipsec.conf" with
local-data: "gateway1.example.com A 172.16.0.1"
local-data: "gateway1.example.com A 172.16.0.2"
and restarted unbound:
configctl unbound restart
I have to make a cron job to check changes to "ipsec leases" and then update ipsec.conf and restart unbound.
-
my script /root/ipsecdns.sh:
#!/bin/sh
#set -x
ipsecconf=/usr/local/etc/unbound.opnsense.d/ipsec.conf
tmpipsecconf=/tmp/ipsec.conf
rm -f $tmpipsecconf
#split at space
set -f; IFS=' '
ipsec leases | grep " 172.16" |sed "s/'//g" | while read line
do
set -- $line
ip=$1; name=$3
echo "local-data: \"${name}.ipsec.example.com A ${ip}\"" >>${tmpipsecconf}
done
set +f; unset IFS
cat ${tmpipsecconf}
if cmp -s "$ipsecconf" "$tmpipsecconf"; then
printf 'The file "%s" is the same as "%s"\n' "$ipsecconf" "$tmpipsecconf"
else
printf 'The file "%s" is different from "%s"\n' "$ipsecconf" "$tmpipsecconf"
mv -f $tmpipsecconf $ipsecconf
configctl unbound restart
fi
add /usr/local/opnsense/service/conf/actions.d/actions_ipsecdns.conf
[reload]
command:/root/ipsecdns.sh > /root/ipsecdns_out.txt 2>&1
parameter:
type:script
message:mobile IPSEC DNS update
restart configd
service configd restart
And add cron job on the gui: System>Settings>Cron