This file is indexed.

/etc/NetworkManager/dispatcher.d/01-dnssec-trigger is in dnssec-trigger 0.13~svn685-4.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/bin/sh
#
# Script to notify dnssec-trigger that the DNS configuration in NetworkManager
# may have changed.

# Future versions of NetworkManager will have an active unbound/dnssec-trigger
# plugin. Don't intervene when the new plugin is being used.
if [ -e /etc/NetworkManager/NetworkManager.conf ]; then
    grep -q '^dns=unbound\>' /etc/NetworkManager/NetworkManager.conf && exit 0
fi

# Exec the dnssec-trigger update script that uses NetworkManager API to gather
# all the necessary information.
if [ -x /usr/lib/dnssec-trigger/dnssec-trigger-script ]; then
    exec /usr/lib/dnssec-trigger/dnssec-trigger-script --update
fi

# When dnssec-trigger-script is absent or not executable, the original
# shell-based dnssec trigger hook code below is run instead.
#
# NetworkManager trigger for in dispatcher.d
# config items
# set PATH correctly instead of absolute paths to binaries
PATH="/usr/sbin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin"

state_dir="/run/dnssec-trigger"
validate_forward_zones="no"

# implementation
ifname="$1"
action="$2"
domains=""
nameservers=""
global_nameservers=""
conn_zones_file="$state_dir/$CONNECTION_UUID"

################################################################
# get domains and nameservers if provided by connection going up
case "$action" in
    "vpn-up" )
        domains="`echo $VPN_IP4_DOMAINS $VPN_IP6_DOMAINS | tr " " "\n" | sort -u | tr "\n" " " | sed '$s/.$//'`"
        nameservers="`echo $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS`"
        ;;
    "up" )
        domains="`echo $IP4_DOMAINS $IP6_DOMAINS | tr " " "\n" | sort -u | tr "\n" " " | sed '$s/.$//'`"
        nameservers="`echo $IP4_NAMESERVERS $IP6_NAMESERVERS`"
        ;;
esac

#########################
# get global nameservers
# try to get nmcli version
NMCLI_VER=$(printf '%03d%03d%03d%03d\n' $(nmcli -v 2>/dev/null | sed 's/.*version \([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\).*/\1 \2 \3 \4/'))
# if nmcli exists
if [ -n "$NMCLI_VER" ]; then
    # if the version is greater or equal 0.9.9.0
    if [ $NMCLI_VER -ge 000009009000 ]; then
        global_nameservers="`nmcli -f IP4,IP6 dev show | fgrep 'DNS' | awk '{print $2;}'`"
    else
        global_nameservers="`nmcli -f IP4,IP6 dev list | fgrep 'DNS' | awk '{print $2;}'`"
    fi
# nmcli does not exist
else
    global_nameservers="`nm-tool | grep 'DNS:' | awk '{print $2;}'`"
fi
# fix whitespaces
global_nameservers="`echo $global_nameservers`"


############################################################
# configure global nameservers using dnssec-trigger-control
if [ -n "`pidof dnssec-triggerd`" ] ; then
    dnssec-trigger-control submit "$global_nameservers" > /dev/null 2>&1
    logger "dnssec-trigger-hook(networkmanager) $ifname $action added global DNS $global_nameservers"
else
    logger "dnssec-trigger-hook(networkmanager) $ifname $action NOT added global DNS - dnssec-triggerd is not running"
fi

######################################################
# add forward zones into unbound using unbound-control
if [ -n "`pidof unbound`" ]; then
    if [ -r "$conn_zones_file" ]; then
        for domain in `cat $conn_zones_file`; do
            # Remove forward zone from unbound
            if [ "$validate_forward_zones" = "no" ]; then
            	unbound-control forward_remove +i $domain > /dev/null 2>&1
	    else
            	unbound-control forward_remove $domain > /dev/null 2>&1
	    fi
            unbound-control flush_zone $domain > /dev/null 2>&1
            unbound-control flush_requestlist > /dev/null 2>&1

            logger "dnssec-trigger-hook(networkmanager) $ifname $action removed forward DNS zone $domain"
        done

        # Remove file with zones for this connection
        rm -f $conn_zones_file > /dev/null 2>&1
    fi

    if [ "$action" = "vpn-up" -o "$action" = "up" ]; then
        if [ -n "$domains" ]; then
            for domain in $domains; do
                # Add forward zone into unbound
                if [ "$validate_forward_zones" = "no" ]; then
                    unbound-control forward_add +i $domain $nameservers > /dev/null 2>&1
                else
                    unbound-control forward_add $domain $nameservers > /dev/null 2>&1
                fi
                unbound-control flush_zone $domain > /dev/null 2>&1
                unbound-control flush_requestlist > /dev/null 2>&1

                # Create zone info file
                mkdir -p $(dirname $conn_zones_file)
                echo $domain >> $conn_zones_file

                logger "dnssec-trigger-hook(networkmanager) $ifname $action added forward DNS zone $domain $nameservers"
            done
        fi
    fi
else
    logger "dnssec-trigger-hook(networkmanager) $ifname $action NOT added forward DNS zone(s) - unbound is not running"
fi
 
exit 0