#!/bin/ash
#
# Refresh list of Internet root servers from Internic
# See https://www.iana.org/domains/root/files
#
# Allow echo with -n parameter: 
# shellcheck disable=SC2039
# shellcheck shell=dash

# Vars
REMOTE_URL='https://www.internic.net/domain/named.cache'
LOCAL_FILE='/etc/unbound/root-hints.cache'
FILE_USER=unbound
FILE_GROUP=unbound

# Make a temporary file to download the blocklist to
TEMP_FILE=$(mktemp /tmp/$(basename ${LOCAL_FILE}).XXXXXX)

# Download the file, if its newer then what we already have installed
echo -n "Checking Internic for root zone server updates since "
echo -n "$( date -r ${LOCAL_FILE} ) ... "
if curl --fail --silent --show-error --location --remote-time \
    --time-cond ${LOCAL_FILE} \
    --output "${TEMP_FILE}" \
    ${REMOTE_URL}
then
    echo "Done."
else
    echo Download failed!
    exit
fi

# Do we have a download (file exists and is greater then zero)?
if [ -s "${TEMP_FILE}" ]; then

    echo "Downloaded fresh root-hints from $( date -r "${TEMP_FILE}" )."
    echo -n 'Installing new root-hints ... '

    # Install the file
    cp -p -f -u "${TEMP_FILE}" "${LOCAL_FILE}" 
    touch -r "${TEMP_FILE}" "${LOCAL_FILE}" 
    chown ${FILE_USER}:${FILE_GROUP} "${LOCAL_FILE}"
    chmod 644 "${LOCAL_FILE}"
    echo 'Done.'

    # Check configuration
    cd /etc/unbound || exit
    echo -n 'Checking configuration ... '
    if unbound-checkconf /etc/unbound/unbound.conf > /dev/null
    then

        echo Ok

        # Reload configuration
        echo -n 'Restart the local server ... '
        /etc/init.d/unbound restart && echo Done
        echo -n 'Checking local server status ... '
        sleep 10 && unbound-control status -q && echo Ok

    else
        echo 'unbound server configuration has errors!'
        exit 1
    fi
else
    echo 'No new updates.'
fi

# Clean-up
rm "${TEMP_FILE}"

# -*- mode: sh; tab-width: 4; indent-tabs-mode: nil -*-