#!/bin/sh

#

# unbound	This shell script takes care of starting and stopping

#		unbound (DNS server).

#

# chkconfig:   - 14 86

# description:	unbound is a Domain Name Server (DNS) \

#		that is used to resolve host names to IP addresses.

### BEGIN INIT INFO

# Provides: unbound

# Required-Start: $network $local_fs

# Required-Stop: $network $local_fs

# Default-Start:

# Default-Stop: 0 1 2 3 4 5 6

# Should-Start: $syslog

# Should-Stop: $syslog

# Short-Description: unbound recursive Domain Name Server.

# Description:  unbound is a Domain Name Server (DNS) 

#		that is used to resolve host names to IP addresses.

### END INIT INFO

# Source function library.

. /etc/rc.d/init.d/functions

exec="/usr/sbin/unbound"

config="/etc/unbound/unbound.conf"

pidfile="/var/run/unbound/unbound.pid"

piddir=`dirname $pidfile`

[ -e /etc/sysconfig/unbound ] && . /etc/sysconfig/unbound

[ -e /etc/sysconfig/dnssec ] && . /etc/sysconfig/dnssec

lockfile=/var/lock/subsys/unbound

[ -x /usr/sbin/dnssec-configure ] && [ -r "$config" ] &&

  [ /etc/sysconfig/dnssec -nt "$config" ] && \

    /usr/sbin/dnssec-configure -u --norestart --dnssec="$DNSSEC" --dlv="$DLV"

start() {

    [ -x $exec ] || exit 5

    [ -f $config ] || exit 6

    # /var/run could (and should) be tmpfs

    [ -d $piddir ] || mkdir $piddir

    if [ -f /var/lib/unbound/root.anchor -a -f /usr/sbin/unbound-anchor ]

    then

	/sbin/runuser --command="/usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem" --shell /bin/sh unbound

    fi

    if [ ! -f /etc/unbound/unbound_control.key ]

    then

	echo -n $"Generating unbound control key and certificate: "

	/usr/sbin/unbound-control-setup -d /etc/unbound/ > /dev/null 2> /dev/null

	chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem

	[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \

	    [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*

	echo

    else

	# old init script created these as root instead of unbound.

	if [ -G /etc/unbound/unbound_control.key ]

	then

	    chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem

	    [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \

		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*

	    echo

	fi

    fi

    unbound-checkconf $config > /dev/null

    RETVAL=$?

    if [ $RETVAL != 0 ]

    then

	echo "Error in /etc/unbound/unbound.conf, aborted"

	exit 6

    fi

    echo -n $"Starting unbound: "

    # if not running, start it up here

    daemon --pidfile=$pidfile $exec -c $config

    retval=$?

    [ $retval -eq 0 ] && touch $lockfile

    echo

}

stop() {

    echo -n $"Stopping unbound: "

    # stop it here, often "killproc unbound"

    killproc -p $pidfile unbound

    retval=$?

    [ $retval -eq 0 ] && rm -f $lockfile

    echo

}

restart() {

    unbound-checkconf $config > /dev/null

    RETVAL=$?

    if [ $RETVAL != 0 ]

    then

	echo "Error in /etc/unbound/unbound.conf, aborted"

	exit 6

    fi

    stop

    start

}

reload() {

    #kill -HUP `cat $pidfile`

    # See rhbz#489278

    restart

}

force_reload() {

    restart

}

rh_status() {

    # run checks to determine if the service is running or use generic status

    status -p $pidfile unbound

}

rh_status_q() {

    rh_status -p $pidfile >/dev/null 2>&1

}

case "$1" in

    start)

        start

        ;;

    stop)

        stop

        ;;

    restart)

        restart

        ;;

    reload)

        reload

        ;;

    force-reload)

        force_reload

        ;;

    status)

        rh_status

        ;;

    condrestart|try-restart)

        rh_status_q || exit 0

        restart

        ;;

    *)

        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"

        exit 2

esac

exit $?