- Updated create_unbound_ad_servers and unbound_cache scripts from

Yuri Voinov in the source/contrib directory. Added
  warmup.cmd (and .sh): warm up the DNS cache with your MRU domains.


git-svn-id: file:///svn/unbound/trunk@3131 be551aaa-1e26-0410-a405-d3ace91eadb9

contrib/README

@@ -19,6 +19,10 @@ distribution but may be helpful.
 	Contributed by Ilya Bakulin, 2012-08-28.
 * patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise
   it is treated as insecure).  The RSAMD5 algorithm is deprecated (RFC6725).
+* create_unbound_ad_servers.sh: shell script to enter anti-ad server lists.
 * create_unbound_ad_servers.cmd: windows script to enter anti-ad server lists.
+* unbound_cache.sh: shell script to save and load the cache.
 * unbound_cache.cmd: windows script to save and load the cache.
+* warmup.sh: shell script to warm up DNS cache by your own MRU domains.
+* warmup.cmd: windows script to warm up DNS cache by your own MRU domains.
 

contrib/create_unbound_ad_servers.cmd

@@ -12,14 +12,11 @@ set work_dir=%TEMP%
 set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
 
 rem Check Wget installed
-for /f "delims=" %%a in ('where wget') do @set wget="%%a"
-if /I %wget% == "" (
-echo Wget not found. If installed, add path to PATH environment variable.
-exit 1
-)
+for /f "delims=" %%a in ('where wget') do @set wget=%%a
+if /I "%wget%"=="" echo Wget not found. If installed, add path to PATH environment variable. & exit 1
 echo Wget found: %wget%
 
-%wget% -O %work_dir%\yoyo_ad_servers %list_addr%
+"%wget%" -O %work_dir%\yoyo_ad_servers %list_addr%
 
 del /Q /F /S %dst_dir%\unbound_ad_servers
 

contrib/create_unbound_ad_servers.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# Convert the Yoyo.org anti-ad server listing
+# into an unbound dns spoof redirection list.
+# Modified by Y.Voinov (c) 2014
+
+# Note: Wget required!
+
+# Variables
+dst_dir="/etc/opt/csw/unbound"
+work_dir="/tmp"
+list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
+
+# OS commands
+CAT=`which cat`
+ECHO=`which echo`
+WGET=`which wget`
+
+# Check Wget installed
+if [ ! -f $WGET ]; then
+ echo "Wget not found. Exiting..."
+ exit 1
+fi
+
+$WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \
+$CAT $work_dir/yoyo_ad_servers | \
+while read line ; \
+ do \
+   $ECHO "local-zone: \"$line\" redirect" ;\
+   $ECHO "local-data: \"$line A 127.0.0.1\"" ;\
+ done > \
+$dst_dir/unbound_ad_servers
+
+echo "Done."
+#  then add an include line to your unbound.conf pointing to the full path of
+#  the unbound_ad_servers file:
+#
+#   include: $dst_dir/unbound_ad_servers
+#

contrib/unbound_cache.sh

@@ -0,0 +1,135 @@
+#!/sbin/sh
+#
+# --------------------------------------------------------------
+# -- DNS cache save/load script
+# --
+# -- Version 1.0
+# -- By Yuri Voinov (c) 2006, 2014
+# --------------------------------------------------------------
+#
+# ident   "@(#)unbound_cache.sh     1.1     14/04/26 YV"
+#
+
+#############
+# Variables #
+#############
+
+# Installation base dir
+CONF="/etc/opt/csw/unbound"
+BASE="/opt/csw"
+
+# Unbound binaries
+UC="$BASE/sbin/unbound-control"
+FNAME="unbound_cache.dmp"
+
+# OS utilities
+BASENAME=`which basename`
+CAT=`which cat`
+CUT=`which cut`
+ECHO=`which echo`
+GETOPT=`which getopt`
+ID=`which id`
+PRINTF=`which printf`
+
+###############
+# Subroutines #
+###############
+
+usage_note ()
+{
+# Script usage note
+ $ECHO "Usage: `$BASENAME $0` [-s] or [-l] or [-r] or [-h]"
+ $ECHO
+ $ECHO "l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value."
+ $ECHO "s - Save - save Unbound DNS cache contents to plain file with domain names."
+ $ECHO "r - Reload - reloadind new cache entries and refresh existing cache"
+ $ECHO "h - this screen."
+ $ECHO "Note: Run without any arguments will be in default mode."
+ $ECHO "      Also, unbound-control must be configured."
+ exit 0
+}
+
+root_check ()
+{
+ if [ ! `$ID | $CUT -f1 -d" "` = "uid=0(root)" ]; then
+  $ECHO "ERROR: You must be super-user to run this script."
+  exit 1
+ fi
+}
+
+check_uc ()
+{
+ if [ ! -f "$UC" ]; then
+  $ECHO .
+  $ECHO "ERROR: $UC not found. Exiting..."
+  exit 1
+ fi
+}
+
+check_saved_file ()
+{
+ if [ ! -f "$CONF/$FNAME" ]; then
+  $ECHO .
+  $ECHO "ERROR: File $CONF/$FNAME does not exists. Save it first."
+  exit 1
+ fi
+}
+
+save_cache ()
+{
+ # Save unbound cache
+ $PRINTF "Saving cache in $CONF/$FNAME..."
+ $UC dump_cache>$CONF/$FNAME
+ $ECHO "ok"
+}
+
+load_cache ()
+{
+ # Load saved cache contents and warmup DNS cache
+ $PRINTF "Loading cache from saved $CONF/$FNAME..."
+ check_saved_file
+ $CAT $CONF/$FNAME|$UC load_cache
+}
+
+reload_cache ()
+{
+ # Reloading and refresh existing cache and saved dump
+ save_cache
+ load_cache
+}
+
+##############
+# Main block #
+##############
+
+# Root check
+root_check
+
+# Check unbound-control
+check_uc
+
+# Check command-line arguments
+if [ "x$1" = "x" ]; then
+# If arguments list empty, load cache by default
+ load_cache
+else
+ arg_list=$1
+ # Parse command line
+ set -- `$GETOPT sSlLrRhH: $arg_list` || {
+  usage_note 1>&2
+ }
+
+  # Read arguments
+ for i in $arg_list
+  do
+   case $i in
+    -s | -S) save_cache;;
+    -l | -L) load_cache;;
+    -r | -R) reload_cache;;
+    -h | -H | \?) usage_note;;
+   esac
+   break
+  done
+fi
+
+exit 0

contrib/warmup.cmd

@@ -0,0 +1,68 @@
+@echo off
+
+rem --------------------------------------------------------------
+rem -- Warm up DNS cache script by your own MRU domains
+rem --
+rem -- Version 1.0
+rem -- By Yuri Voinov (c) 2014
+rem --------------------------------------------------------------
+
+rem Check dig installed
+for /f "delims=" %%a in ('where dig') do @set dig=%%a
+if /I "%dig%"=="" echo Dig not found. If installed, add path to PATH environment variable. & exit 1
+echo Dig found: %dig%
+
+echo Warming up cache by MRU domains...
+rem dig -f my_domains 1>nul 2>nul
+rem echo Done.
+
+for %%a in (
+mail.ru
+my.mail.ru
+mra.mail.ru
+agent.mail.ru
+news.mail.ru
+icq.com
+lenta.ru
+gazeta.ru
+peerbet.ru
+www.opennet.ru
+snob.ru
+artlebedev.ru
+mail.google.com
+translate.google.com
+drive.google.com
+google.com
+google.kz
+drive.google.com
+blogspot.com
+farmanager.com
+forum.farmanager.com
+plugring.farmanager.com
+symantec.com
+symantecliveupdate.com
+shalla.de
+torstatus.blutmagie.de
+torproject.org
+dnscrypt.org
+unbound.net
+getsharex.com
+skype.com
+vlc.org
+aimp.ru
+mozilla.org
+libreoffice.org
+piriform.com
+raidcall.com
+nvidia.com
+intel.com
+microsoft.com
+windowsupdate.com
+ru.wikipedia.org
+www.bbc.co.uk
+tengrinews.kz
+) do "%dig%" %%a 1>nul 2>nul
+
+echo Saving cache...
+unbound_cache.cmd -s
+echo Done.

contrib/warmup.sh

@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# --------------------------------------------------------------
+# -- Warm up DNS cache script by your own MRU domains
+# --
+# -- Version 1.0
+# -- By Yuri Voinov (c) 2014
+# --------------------------------------------------------------
+
+dig=`which dig`
+
+echo "Warming up cache by MRU domains..."
+$dig -f - >/dev/null 2>&1 <<EOT
+mail.ru
+my.mail.ru
+mra.mail.ru
+agent.mail.ru
+news.mail.ru
+icq.com
+lenta.ru
+gazeta.ru
+peerbet.ru
+www.opennet.ru
+snob.ru
+artlebedev.ru
+mail.google.com
+translate.google.com
+drive.google.com
+google.com
+google.kz
+drive.google.com
+blogspot.com
+farmanager.com
+forum.farmanager.com
+plugring.farmanager.com
+symantec.com
+symantecliveupdate.com
+shalla.de
+torstatus.blutmagie.de
+torproject.org
+dnscrypt.org
+unbound.net
+getsharex.com
+skype.com
+vlc.org
+aimp.ru
+mozilla.org
+libreoffice.org
+piriform.com
+raidcall.com
+nvidia.com
+intel.com
+microsoft.com
+windowsupdate.com
+ru.wikipedia.org
+www.bbc.co.uk
+tengrinews.kz
+EOT
+echo "Done."
+
+echo "Saving cache..."
+/usr/local/bin/unbound_cache.sh -s
+echo "Done."
+
+exit 0

doc/Changelog

@@ -1,3 +1,8 @@
+16 May 2014: Wouter
+	- Updated create_unbound_ad_servers and unbound_cache scripts from
+	  Yuri Voinov in the source/contrib directory. Added
+	  warmup.cmd (and .sh): warm up the DNS cache with your MRU domains.
+
 9 May 2014: Wouter
 	- Implement draft-ietf-dnsop-rfc6598-rfc6303-01.
 	- iana portlist updated.

winrc/unbound-control-setup.cmd

@@ -63,10 +63,7 @@ rem end of options
 
 rem Check OpenSSL installed
 for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a
-if /I %SSL_PROGRAM%=="" (
-echo SSL not found. If installed, add path to PATH environment variable.
-exit 1
-)
+if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1
 echo SSL found: %SSL_PROGRAM%
 
 set arg=%1
@@ -83,7 +80,7 @@ echo %SVR_BASE%.key exists
 goto next
 )
 echo generating %SVR_BASE%.key
-%SSL_PROGRAM% genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
+"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
 
 :next
 if exist %CTL_BASE%.key (
@@ -91,7 +88,7 @@ echo %CTL_BASE%.key exists
 goto next2
 )
 echo generating %CTL_BASE%.key
-%SSL_PROGRAM% genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
+"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
 
 :next2
 rem create self-signed cert for server
@@ -111,9 +108,9 @@ exit 1
 )
 
 echo create %SVR_BASE%.pem (self signed certificate)
-%SSL_PROGRAM% req -key %SVR_BASE%.key -config request.cfg  -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
+"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg  -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
 rem create trusted usage pem
-%SSL_PROGRAM% x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
+"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
 
 rem create client request and sign it
 if exist request.cfg (del /F /Q /S request.cfg)
@@ -132,21 +129,21 @@ exit 1
 )
 
 echo create %CTL_BASE%.pem (signed client certificate)
-%SSL_PROGRAM% req -key %CTL_BASE%.key -config request.cfg -new | %SSL_PROGRAM% x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
+"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
 
 if not exist %CTL_BASE%.pem (
 echo could not create %CTL_BASE%.pem
 exit 1
 )
 rem create trusted usage pem
-rem %SSL_PROGRAM% x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
+rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
 
-rem see details with %SSL_PROGRAM% x509 -noout -text < %SVR_BASE%.pem
+rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem
 rem echo "create %CTL_BASE%_browser.pfx (web client certificate)"
 rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:"
 rem echo "preferences - advanced - encryption - view certificates - your certs"
 rem echo "empty password is used, simply click OK on the password dialog box."
-rem %SSL_PROGRAM% pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
+rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
 
 rem remove crap
 del /F /Q /S request.cfg
@@ -164,4 +161,4 @@ echo 	-d dir	use directory to store keys and certificates.
 echo 		default: %DESTDIR%
 echo please run this command using the same user id that the 
 echo unbound daemon uses, it needs read privileges.
-exit 1
+exit 1