376 |
376 |
$harden_dnssec_stripped = isset($unboundcfg['dnssecstripped']) ? "yes" : "no";
|
377 |
377 |
$prefetch = isset($unboundcfg['prefetch']) ? "yes" : "no";
|
378 |
378 |
$prefetch_key = isset($unboundcfg['prefetchkey']) ? "yes" : "no";
|
379 |
|
$dns_record_cache = isset($unboundcfg['dnsrecordcache']) ? "yes" : "no";
|
|
379 |
if (is_null($unboundcfg['dnsrecordcache']) || ($unboundcfg['dnsrecordcache'] == '0')) {
|
|
380 |
$dns_record_cache = "no";
|
|
381 |
} else {
|
|
382 |
$dns_record_cache = "yes";
|
|
383 |
}
|
|
384 |
if ($unboundcfg['dnsrecordcache'] == '1') {
|
|
385 |
$dns_record_cache_ttl = "serve-expired-client-timeout: 0";
|
|
386 |
}
|
380 |
387 |
$sock_queue_timeout = empty($unboundcfg['sock_queue_timeout']) ? '0' : $unboundcfg['sock_queue_timeout'];
|
381 |
388 |
$aggressivensec = isset($unboundcfg['aggressivensec']) ? "yes" : "no";
|
382 |
389 |
$outgoing_num_tcp = isset($unboundcfg['outgoing_num_tcp']) ? $unboundcfg['outgoing_num_tcp'] : "10";
|
... | ... | |
531 |
538 |
prefetch-key: {$prefetch_key}
|
532 |
539 |
use-caps-for-id: {$use_caps}
|
533 |
540 |
serve-expired: {$dns_record_cache}
|
|
541 |
{$dns_record_cache_ttl}
|
534 |
542 |
sock-queue-timeout: {$sock_queue_timeout}
|
535 |
543 |
aggressive-nsec: {$aggressivensec}
|
536 |
544 |
|
537 |
|
-- /usr/local/www/services_unbound_advanced.php 2025-09-21 19:05:38.754169000 +0100
|
|
545 |
++ /usr/local/www/services_unbound_advanced.php 2025-09-21 20:43:39.841217000 +0100
|
... | ... | |
49 |
49 |
$pconfig['prefetch'] = config_path_enabled('unbound', 'prefetch');
|
50 |
50 |
$pconfig['prefetchkey'] = config_path_enabled('unbound', 'prefetchkey');
|
51 |
51 |
$pconfig['dnssecstripped'] = config_path_enabled('unbound', 'dnssecstripped');
|
52 |
|
$pconfig['dnsrecordcache'] = config_path_enabled('unbound', 'dnsrecordcache');
|
|
52 |
$pconfig['dnsrecordcache'] = config_get_path('unbound/dnsrecordcache', 0);
|
53 |
53 |
$pconfig['sock_queue_timeout'] = config_get_path('unbound/sock_queue_timeout', 0);
|
54 |
54 |
$pconfig['aggressivensec'] = config_path_enabled('unbound', 'aggressivensec');
|
55 |
55 |
|
... | ... | |
173 |
173 |
} else {
|
174 |
174 |
config_del_path('unbound/dnssecstripped');
|
175 |
175 |
}
|
176 |
|
if (isset($_POST['dnsrecordcache'])) {
|
177 |
|
config_set_path('unbound/dnsrecordcache', true);
|
178 |
|
} else {
|
179 |
|
config_del_path('unbound/dnsrecordcache');
|
180 |
|
}
|
|
176 |
config_set_path('unbound/dnsrecordcache', $_POST['dnsrecordcache']);
|
181 |
177 |
config_set_path('unbound/sock_queue_timeout', $_POST['sock_queue_timeout']);
|
182 |
178 |
if (isset($_POST['aggressivensec'])) {
|
183 |
179 |
config_set_path('unbound/aggressivensec', true);
|
... | ... | |
315 |
311 |
$pconfig['dnssecstripped']
|
316 |
312 |
))->setHelp('If such data is absent, the zone becomes bogus. If Disabled and no DNSSEC data is received, then the zone is made insecure. Requires DNSSEC enabled. ');
|
317 |
313 |
|
318 |
|
$section->addInput(new Form_Checkbox(
|
|
314 |
$section->addInput(new Form_Select(
|
319 |
315 |
'dnsrecordcache',
|
320 |
316 |
'Serve Expired',
|
321 |
|
'Serve cache records even with TTL of 0',
|
322 |
|
$pconfig['dnsrecordcache']
|
323 |
|
))->setHelp('When enabled, allows unbound to serve one query even with a TTL of 0, if TTL is 0 then new record will be requested in the background when the cache is served to ensure cache is updated without latency on service of the DNS request.');
|
|
317 |
$pconfig['dnsrecordcache'],
|
|
318 |
array_combine(array("0", "1", "2"), array("Off: Unbound Default", "Serve Expired/Stale - Old behaviour", "Serve Stale - RFC8767"))
|
|
319 |
))->setHelp('When enabled, allows unbound cache to serve one query even with a TTL of 0, if TTL is 0 then new record will be requested in the background when the cache is served to ensure cache is updated without latency on service of the DNS request.');
|
324 |
320 |
|
325 |
321 |
$section->addInput(new Form_Input(
|
326 |
322 |
'sock_queue_timeout',
|