Jimmy-Z/pfsense-dnsmasq-cn.sh

## pfsense-dnsmasq-cn.sh
#!/bin/sh

# call this in cron: /conf/pfsense-dnsmasq-cn.sh > /tmp/dnscn.debug 2>&1
# it would be nice if pfsense provided some kind of ppp post-up hook interface

PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/sbin

WORKDIR="$(mktemp -d)"
OUTDIR="/conf/dnsmasq.d"

# get DNS from PPP log, be sure to leave "DNS Server Override" enabled
#	otherwise pfSense will not retrieve DNS over PPP
# it's OK since:
#	you can tell dnsmasq to ignore them by using "no-resolv"
#	the system will only use the rest when the first name server times out, source:
#		https://www.freebsd.org/cgi/man.cgi?resolv.conf
PRIDNS="$(clog /var/log/ppp.log|grep PRIDNS|grep -v 0.0.0.0|tail -n 1|awk '{print $NF}')"
SECDNS="$(clog /var/log/ppp.log|grep SECDNS|grep -v 0.0.0.0|tail -n 1|awk '{print $NF}')"

echo "PPP DNS: $PRIDNS $SECDNS"

# CAUTION: the base dnsmasq conf should be able to resolve this
BASE_URL='https://dev.tencent.com/u/felixonmars/p/dnsmasq-china-list/git/raw/master/'

CONF_WITH_SERVERS="accelerated-domains.china google.china apple.china"
CONF_SIMPLE="bogus-nxdomain.china"

# use curl instead of git
cd "$WORKDIR"
curl --fail-early $(printf " -OJLf ${BASE_URL}%s.conf" ${CONF_WITH_SERVERS} ${CONF_SIMPLE})
if test $? -ne 0 ; then
	echo failed to retrieve conf, give up
	rm -r "$WORKDIR"
	exit 1
fi
cd -

for _conf in ${CONF_SIMPLE}; do
	cp "$WORKDIR/$_conf.conf" "$OUTDIR/$_conf.conf"
done

for _dns in PRI SEC; do
	for _conf in ${CONF_WITH_SERVERS}; do
		cp "$WORKDIR/$_conf.conf" "$OUTDIR/$_conf.$_dns.conf"
	done

	__dns=$(eval "echo \$${_dns}DNS")
	sed -i '' "s|^\(server.*\)/[^/]*$|\1/${__dns}|" $OUTDIR/*.$_dns.conf
done

# yeah this is the pfSense way
pfSsh.php playback svc restart dnsmasq

rm -r "$WORKDIR"
	#!/bin/sh

	# call this in cron: /conf/pfsense-dnsmasq-cn.sh > /tmp/dnscn.debug 2>&1
	# it would be nice if pfsense provided some kind of ppp post-up hook interface

	PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/sbin

	WORKDIR="$(mktemp -d)"
	OUTDIR="/conf/dnsmasq.d"

	# get DNS from PPP log, be sure to leave "DNS Server Override" enabled
	# otherwise pfSense will not retrieve DNS over PPP
	# it's OK since:
	# you can tell dnsmasq to ignore them by using "no-resolv"
	# the system will only use the rest when the first name server times out, source:
	# https://www.freebsd.org/cgi/man.cgi?resolv.conf
	PRIDNS="$(clog /var/log/ppp.log\|grep PRIDNS\|grep -v 0.0.0.0\|tail -n 1\|awk '{print $NF}')"
	SECDNS="$(clog /var/log/ppp.log\|grep SECDNS\|grep -v 0.0.0.0\|tail -n 1\|awk '{print $NF}')"

	echo "PPP DNS: $PRIDNS $SECDNS"

	# CAUTION: the base dnsmasq conf should be able to resolve this
	BASE_URL='https://dev.tencent.com/u/felixonmars/p/dnsmasq-china-list/git/raw/master/'

	CONF_WITH_SERVERS="accelerated-domains.china google.china apple.china"
	CONF_SIMPLE="bogus-nxdomain.china"

	# use curl instead of git
	cd "$WORKDIR"
	curl --fail-early $(printf " -OJLf ${BASE_URL}%s.conf" ${CONF_WITH_SERVERS} ${CONF_SIMPLE})
	if test $? -ne 0 ; then
	echo failed to retrieve conf, give up
	rm -r "$WORKDIR"
	exit 1
	fi
	cd -

	for _conf in ${CONF_SIMPLE}; do
	cp "$WORKDIR/$_conf.conf" "$OUTDIR/$_conf.conf"
	done

	for _dns in PRI SEC; do
	for _conf in ${CONF_WITH_SERVERS}; do
	cp "$WORKDIR/$_conf.conf" "$OUTDIR/$_conf.$_dns.conf"
	done

	__dns=$(eval "echo \$${_dns}DNS")
	sed -i '' "s\|^\(server.\)/[^/]$\|\1/${__dns}\|" $OUTDIR/*.$_dns.conf
	done

	# yeah this is the pfSense way
	pfSsh.php playback svc restart dnsmasq

	rm -r "$WORKDIR"