reckenrode · November 2, 2020 05:10
diff --git a/dhcpcd.conf b/dhcpcd.conf
 denyinterfaces igb1

 clientid 01:<macaddress>
 persistent

 # vendorclassid is set to blank to avoid sending the default of
 # dhcpcd-<version>:<os>:<machine>:<platform>
 vendorclassid

 option domain_name_servers, domain_name, domain_search
 option classless_static_routes
 option interface_mtu
 option rapid_commit

 require dhcp_server_identifier

 slaac private
 noipv6rs

 interface igb0
    ipv6rs
    ia_na 6715ced2
    ia_pd 21993d23 igb1/0/64/0
diff --git a/gistfile1.txt b/gistfile1.txt
 <printer>_DNS="<printer address>"
 <router>_DNS="<router address>"

 LOCAL_DATA="/usr/local/etc/unbound/local.d"
 LOCAL_DATA_CONFIG="$LOCAL_DATA/local-data.conf"

 DOH_ACCESS_CONFIG_DIR="/usr/local/etc/unbound/conf.d"
 DOH_ACCESS_CONFIG="$DOH_ACCESS_CONFIG_DIR/dot-doh-access"

 is_unbound_running() {
    status=$(service unbound status)
    if [ "$status" = "unbound is not running." ]; then
        return 1
    else
        return 0
    fi
 }

 get_ip6_address() {
    interface="$1"; prefix="$2"
    /sbin/ifconfig $interface | /usr/bin/awk '$1 == "inet6" && $2 ~ '"/$prefix/"' { print $2 }'
 }

 update_local_data() {
  domain="$1"; type="$2"; ip_address="$3"
  local_data="  local-data: \"$domain $type $ip_address\""
  if ! /usr/bin/grep --quiet "$local_data" "$LOCAL_DATA_CONFIG"; then
      local_data_config_tmp=$(TMPDIR="$LOCAL_DATA" mktemp)
      /usr/bin/touch "$LOCAL_DATA_CONFIG"
      /usr/bin/sed "/$domain/d" "$LOCAL_DATA_CONFIG" > "$local_data_config_tmp"
      /bin/mv "$local_data_config_tmp" "$LOCAL_DATA_CONFIG"
      /bin/chmod 0644 "$LOCAL_DATA_CONFIG"
      /usr/sbin/chown unbound:unbound "$LOCAL_DATA_CONFIG"
      echo "$local_data" >> "$LOCAL_DATA_CONFIG"
      if is_unbound_running; then
          /usr/local/sbin/unbound-control local_data_remove $domain > /dev/null
          /usr/local/sbin/unbound-control local_data "$domain $type $ip_address" > /dev/null
      fi
  fi
 }

 update_access_control_with_prefix() {
  prefix="$1"
  if ! /usr/bin/grep --quiet "$prefix" "$DOH_ACCESS_CONFIG"; then
    echo "  access-control: $prefix::/64 allow" > "$DOH_ACCESS_CONFIG"
    is_unbound_running && service unbound restart
  fi
 }

 update_local_data_using_prefix() {
  prefix="$1"

  <printer>_ip="$prefix:<printer /64>"
  <router>_ip=$(get_ip6_address igb1 $prefix)

  update_local_data $<printer>_DNS AAAA $<printer>_ip
  update_local_data $<router>_DNS AAAA $<router>_ip
 }

 if [ "$reason" = DELEGATED6 ]; then
  first_delegated_dhcp6_prefix=$(echo $new_delegated_dhcp6_prefix | /usr/bin/cut -d: -f1-4)
  update_local_data_using_prefix "$first_delegated_dhcp6_prefix"
  update_access_control_with_prefix "$first_delegated_dhcp6_prefix"
 fi
diff --git a/radvd.conf b/radvd.conf
 interface igb1
 {
    AdvSendAdvert on;
    AdvOtherConfigFlag on;
    AdvDefaultLifetime 5400;
    MaxRtrAdvInterval 1800;

    prefix ::/64
    {
        AdvPreferredLifetime 604800;
        AdvValidLifetime 2592000;
        DecrementLifetimes on;
    };

    RDNSS <router>
    {
        AdvRDNSSLifetime 2592000;
    };

    DNSSL <internal hostname>
    {
        AdvDNSSLLifetime 2592000;
    };
 };
	denyinterfaces igb1

	clientid 01:<macaddress>
	persistent

	# vendorclassid is set to blank to avoid sending the default of
	# dhcpcd-<version>:<os>:<machine>:<platform>
	vendorclassid

	option domain_name_servers, domain_name, domain_search
	option classless_static_routes
	option interface_mtu
	option rapid_commit

	require dhcp_server_identifier

	slaac private
	noipv6rs

	interface igb0
	ipv6rs
	ia_na 6715ced2
	ia_pd 21993d23 igb1/0/64/0
	<printer>_DNS="<printer address>"
	<router>_DNS="<router address>"

	LOCAL_DATA="/usr/local/etc/unbound/local.d"
	LOCAL_DATA_CONFIG="$LOCAL_DATA/local-data.conf"

	DOH_ACCESS_CONFIG_DIR="/usr/local/etc/unbound/conf.d"
	DOH_ACCESS_CONFIG="$DOH_ACCESS_CONFIG_DIR/dot-doh-access"

	is_unbound_running() {
	status=$(service unbound status)
	if [ "$status" = "unbound is not running." ]; then
	return 1
	else
	return 0
	fi
	}

	get_ip6_address() {
	interface="$1"; prefix="$2"
	/sbin/ifconfig $interface \| /usr/bin/awk '$1 == "inet6" && $2 ~ '"/$prefix/"' { print $2 }'
	}

	update_local_data() {
	domain="$1"; type="$2"; ip_address="$3"
	local_data=" local-data: \"$domain $type $ip_address\""
	if ! /usr/bin/grep --quiet "$local_data" "$LOCAL_DATA_CONFIG"; then
	local_data_config_tmp=$(TMPDIR="$LOCAL_DATA" mktemp)
	/usr/bin/touch "$LOCAL_DATA_CONFIG"
	/usr/bin/sed "/$domain/d" "$LOCAL_DATA_CONFIG" > "$local_data_config_tmp"
	/bin/mv "$local_data_config_tmp" "$LOCAL_DATA_CONFIG"
	/bin/chmod 0644 "$LOCAL_DATA_CONFIG"
	/usr/sbin/chown unbound:unbound "$LOCAL_DATA_CONFIG"
	echo "$local_data" >> "$LOCAL_DATA_CONFIG"
	if is_unbound_running; then
	/usr/local/sbin/unbound-control local_data_remove $domain > /dev/null
	/usr/local/sbin/unbound-control local_data "$domain $type $ip_address" > /dev/null
	fi
	fi
	}

	update_access_control_with_prefix() {
	prefix="$1"
	if ! /usr/bin/grep --quiet "$prefix" "$DOH_ACCESS_CONFIG"; then
	echo " access-control: $prefix::/64 allow" > "$DOH_ACCESS_CONFIG"
	is_unbound_running && service unbound restart
	fi
	}

	update_local_data_using_prefix() {
	prefix="$1"

	<printer>_ip="$prefix:<printer /64>"
	<router>_ip=$(get_ip6_address igb1 $prefix)

	update_local_data $<printer>_DNS AAAA $<printer>_ip
	update_local_data $<router>_DNS AAAA $<router>_ip
	}

	if [ "$reason" = DELEGATED6 ]; then
	first_delegated_dhcp6_prefix=$(echo $new_delegated_dhcp6_prefix \| /usr/bin/cut -d: -f1-4)
	update_local_data_using_prefix "$first_delegated_dhcp6_prefix"
	update_access_control_with_prefix "$first_delegated_dhcp6_prefix"
	fi
	interface igb1
	{
	AdvSendAdvert on;
	AdvOtherConfigFlag on;
	AdvDefaultLifetime 5400;
	MaxRtrAdvInterval 1800;

	prefix ::/64
	{
	AdvPreferredLifetime 604800;
	AdvValidLifetime 2592000;
	DecrementLifetimes on;
	};

	RDNSS <router>
	{
	AdvRDNSSLifetime 2592000;
	};

	DNSSL <internal hostname>
	{
	AdvDNSSLLifetime 2592000;
	};
	};