/src/usr/local/www/services_unbound.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/services_unbound.php @ 1d06b51d

1	7ed0e844	Warren Baker	<?php
2			/*
3	c5d81585	Renato Botelho	* services_unbound.php
4	df6cb8fe	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	0284d79e	jim-p	* Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2014 Warren Baker (warren@pfsense.org)
10			* All rights reserved.
11	df6cb8fe	Stephen Beaver	*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	df6cb8fe	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	df6cb8fe	Stephen Beaver	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	df6cb8fe	Stephen Beaver	*/
24	7ed0e844	Warren Baker
25			##\|+PRIV
26	0b8328c5	jim-p	##\|*IDENT=page-services-dnsresolver
27	5230f468	jim-p	##\|*NAME=Services: DNS Resolver
28	7ed0e844	Warren Baker	##\|*DESCR=Allow access to the 'Services: DNS Resolver' page.
29			##\|MATCH=services_unbound.php
30	9c8a7b13	Stephen Beaver	##\|-PRIV
31	7ed0e844	Warren Baker
32			require_once("guiconfig.inc");
33			require_once("unbound.inc");
34	c6d03f09	doktornotor	require_once("pfsense-utils.inc");
35	4dbcf2fb	Renato Botelho	require_once("system.inc");
36	7ed0e844	Warren Baker
37	c6c398c6	jim-p	init_config_arr(array('unbound', 'hosts'));
38			init_config_arr(array('unbound', 'domainoverrides'));
39			$a_unboundcfg = &$config['unbound'];
40			$a_hosts = &$a_unboundcfg['hosts'];
41	932711c7	Matt Smith	$a_domainOverrides = &$a_unboundcfg['domainoverrides'];
42	7ed0e844	Warren Baker
43	932711c7	Matt Smith	if (isset($a_unboundcfg['enable'])) {
44	fe9d4894	Renato Botelho	$pconfig['enable'] = true;
45	be11b6f1	Warren Baker	}
46	1fa69c27	jim-p	if (isset($a_unboundcfg['enablessl'])) {
47			$pconfig['enablessl'] = true;
48			}
49	932711c7	Matt Smith	if (isset($a_unboundcfg['dnssec'])) {
50	fe9d4894	Renato Botelho	$pconfig['dnssec'] = true;
51	be11b6f1	Warren Baker	}
52	4b1fb10d	BBcan177	if (isset($a_unboundcfg['python'])) {
53			$pconfig['python'] = true;
54			}
55	932711c7	Matt Smith	if (isset($a_unboundcfg['forwarding'])) {
56	fe9d4894	Renato Botelho	$pconfig['forwarding'] = true;
57	be11b6f1	Warren Baker	}
58	cd738219	jim-p	if (isset($a_unboundcfg['forward_tls_upstream'])) {
59			$pconfig['forward_tls_upstream'] = true;
60			}
61	932711c7	Matt Smith	if (isset($a_unboundcfg['regdhcp'])) {
62	fe9d4894	Renato Botelho	$pconfig['regdhcp'] = true;
63	be11b6f1	Warren Baker	}
64	932711c7	Matt Smith	if (isset($a_unboundcfg['regdhcpstatic'])) {
65	fe9d4894	Renato Botelho	$pconfig['regdhcpstatic'] = true;
66	be11b6f1	Warren Baker	}
67	0cc17a06	Lorenz Schori	if (isset($a_unboundcfg['regovpnclients'])) {
68			$pconfig['regovpnclients'] = true;
69			}
70	615ae81f	Renato Botelho
71	4b1fb10d	BBcan177	$pconfig['python_order'] = $a_unboundcfg['python_order'];
72			$pconfig['python_script'] = $a_unboundcfg['python_script'];
73	932711c7	Matt Smith	$pconfig['port'] = $a_unboundcfg['port'];
74	1fa69c27	jim-p	$pconfig['sslport'] = $a_unboundcfg['sslport'];
75			$pconfig['sslcertref'] = $a_unboundcfg['sslcertref'];
76	932711c7	Matt Smith	$pconfig['custom_options'] = base64_decode($a_unboundcfg['custom_options']);
77	615ae81f	Renato Botelho
78	932711c7	Matt Smith	if (empty($a_unboundcfg['active_interface'])) {
79	2783e408	Renato Botelho	$pconfig['active_interface'] = array();
80	be11b6f1	Warren Baker	} else {
81	932711c7	Matt Smith	$pconfig['active_interface'] = explode(",", $a_unboundcfg['active_interface']);
82	be11b6f1	Warren Baker	}
83	51c224bc	sbeaver
84	932711c7	Matt Smith	if (empty($a_unboundcfg['outgoing_interface'])) {
85	2783e408	Renato Botelho	$pconfig['outgoing_interface'] = array();
86	be11b6f1	Warren Baker	} else {
87	932711c7	Matt Smith	$pconfig['outgoing_interface'] = explode(",", $a_unboundcfg['outgoing_interface']);
88	be11b6f1	Warren Baker	}
89	615ae81f	Renato Botelho
90	ca47c065	NOYB	if (empty($a_unboundcfg['system_domain_local_zone_type'])) {
91			$pconfig['system_domain_local_zone_type'] = "transparent";
92			} else {
93			$pconfig['system_domain_local_zone_type'] = $a_unboundcfg['system_domain_local_zone_type'];
94			}
95
96	c6c398c6	jim-p	init_config_arr(array('cert'));
97			$a_cert = &$config['cert'];
98	1fa69c27	jim-p	$certs_available = false;
99
100			if (is_array($a_cert) && count($a_cert)) {
101			$certs_available = true;
102			} else {
103			$a_cert = array();
104			}
105	13541a81	Steve Beaver
106			if ($_POST['apply']) {
107			$retval = 0;
108			$retval \|= services_unbound_configure();
109			if ($retval == 0) {
110			clear_subsystem_dirty('unbound');
111			}
112			/* Update resolv.conf in case the interface bindings exclude localhost. */
113			system_resolvconf_generate();
114			/* Start or restart dhcpleases when it's necessary */
115			system_dhcpleases_configure();
116			}
117
118			if ($_POST['save']) {
119			$pconfig = $_POST;
120			unset($input_errors);
121
122			if (isset($pconfig['enable']) && isset($config['dnsmasq']['enable'])) {
123			if ($pconfig['port'] == $config['dnsmasq']['port']) {
124			$input_errors[] = gettext("The DNS Forwarder is enabled using this port. Choose a non-conflicting port, or disable the DNS Forwarder.");
125	fe9d4894	Renato Botelho	}
126	13541a81	Steve Beaver	}
127	615ae81f	Renato Botelho
128	1fa69c27	jim-p	if (isset($pconfig['enablessl']) && (!$certs_available \|\| empty($pconfig['sslcertref']))) {
129			$input_errors[] = gettext("Acting as an SSL/TLS server requires a valid server certificate");
130			}
131
132	13541a81	Steve Beaver	// forwarding mode requires having valid DNS servers
133			if (isset($pconfig['forwarding'])) {
134			$founddns = false;
135			if (isset($config['system']['dnsallowoverride'])) {
136			$dns_servers = get_dns_servers();
137			if (is_array($dns_servers)) {
138			foreach ($dns_servers as $dns_server) {
139			if (!ip_in_subnet($dns_server, "127.0.0.0/8")) {
140	7b03ef63	Chris Buechler	$founddns = true;
141			}
142			}
143			}
144	13541a81	Steve Beaver	}
145			if (is_array($config['system']['dnsserver'])) {
146			foreach ($config['system']['dnsserver'] as $dnsserver) {
147			if (is_ipaddr($dnsserver)) {
148			$founddns = true;
149			}
150	7b03ef63	Chris Buechler	}
151			}
152	13541a81	Steve Beaver	if ($founddns == false) {
153			$input_errors[] = gettext("At least one DNS server must be specified under System > General Setup to enable Forwarding mode.");
154	fe9d4894	Renato Botelho	}
155	13541a81	Steve Beaver	}
156	7ed0e844	Warren Baker
157	13541a81	Steve Beaver	if (empty($pconfig['active_interface'])) {
158			$input_errors[] = gettext("One or more Network Interfaces must be selected for binding.");
159			} else if (!isset($config['system']['dnslocalhost']) && (!in_array("lo0", $pconfig['active_interface']) && !in_array("all", $pconfig['active_interface']))) {
160			$input_errors[] = gettext("This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces.");
161			}
162	7ed0e844	Warren Baker
163	13541a81	Steve Beaver	if (empty($pconfig['outgoing_interface'])) {
164			$input_errors[] = gettext("One or more Outgoing Network Interfaces must be selected.");
165			}
166	fff4a9d1	Warren Baker
167	13541a81	Steve Beaver	if ($pconfig['port'] && !is_port($pconfig['port'])) {
168			$input_errors[] = gettext("A valid port number must be specified.");
169			}
170	1fa69c27	jim-p	if ($pconfig['sslport'] && !is_port($pconfig['sslport'])) {
171			$input_errors[] = gettext("A valid SSL/TLS port number must be specified.");
172			}
173	7ed0e844	Warren Baker
174	13541a81	Steve Beaver	if (is_array($pconfig['active_interface']) && !empty($pconfig['active_interface'])) {
175			$display_active_interface = $pconfig['active_interface'];
176			$pconfig['active_interface'] = implode(",", $pconfig['active_interface']);
177			}
178	932711c7	Matt Smith
179	c6d03f09	doktornotor	if ((isset($pconfig['regdhcp']) \|\| isset($pconfig['regdhcpstatic'])) && !is_dhcp_server_enabled()) {
180			$input_errors[] = gettext("DHCP Server must be enabled for DHCP Registration to work in DNS Resolver.");
181			}
182
183	4541f84d	jim-p	if (($pconfig['system_domain_local_zone_type'] == "redirect") && isset($pconfig['regdhcp'])) {
184			$input_errors[] = gettext('A System Domain Local Zone Type of "redirect" is not compatible with dynamic DHCP Registration.');
185			}
186
187	13541a81	Steve Beaver	$display_custom_options = $pconfig['custom_options'];
188			$pconfig['custom_options'] = base64_encode(str_replace("\r\n", "\n", $pconfig['custom_options']));
189	188609c6	Warren Baker
190	13541a81	Steve Beaver	if (is_array($pconfig['outgoing_interface']) && !empty($pconfig['outgoing_interface'])) {
191			$display_outgoing_interface = $pconfig['outgoing_interface'];
192			$pconfig['outgoing_interface'] = implode(",", $pconfig['outgoing_interface']);
193			}
194	7ed0e844	Warren Baker
195	13541a81	Steve Beaver	$test_output = array();
196			if (test_unbound_config($pconfig, $test_output)) {
197			$input_errors[] = gettext("The generated config file cannot be parsed by unbound. Please correct the following errors:");
198			$input_errors = array_merge($input_errors, $test_output);
199			}
200	932711c7	Matt Smith
201	13541a81	Steve Beaver	if (!$input_errors) {
202			$a_unboundcfg['enable'] = isset($pconfig['enable']);
203	1fa69c27	jim-p	$a_unboundcfg['enablessl'] = isset($pconfig['enablessl']);
204	13541a81	Steve Beaver	$a_unboundcfg['port'] = $pconfig['port'];
205	1fa69c27	jim-p	$a_unboundcfg['sslport'] = $pconfig['sslport'];
206			$a_unboundcfg['sslcertref'] = $pconfig['sslcertref'];
207	13541a81	Steve Beaver	$a_unboundcfg['dnssec'] = isset($pconfig['dnssec']);
208	4b1fb10d	BBcan177
209			$a_unboundcfg['python'] = isset($pconfig['python']);
210			if (isset($pconfig['python'])) {
211			$a_unboundcfg['python_order'] = $pconfig['python_order'];
212			$a_unboundcfg['python_script'] = $pconfig['python_script'];
213			} else {
214			if (isset($a_unboundcfg['python_order'])) {
215			unset($a_unboundcfg['python_order']);
216			}
217			if (isset($a_unboundcfg['python_script'])) {
218			unset($a_unboundcfg['python_script']);
219			}
220			}
221
222	13541a81	Steve Beaver	$a_unboundcfg['forwarding'] = isset($pconfig['forwarding']);
223	cd738219	jim-p	$a_unboundcfg['forward_tls_upstream'] = isset($pconfig['forward_tls_upstream']);
224	13541a81	Steve Beaver	$a_unboundcfg['regdhcp'] = isset($pconfig['regdhcp']);
225			$a_unboundcfg['regdhcpstatic'] = isset($pconfig['regdhcpstatic']);
226	0cc17a06	Lorenz Schori	$a_unboundcfg['regovpnclients'] = isset($pconfig['regovpnclients']);
227	13541a81	Steve Beaver	$a_unboundcfg['active_interface'] = $pconfig['active_interface'];
228			$a_unboundcfg['outgoing_interface'] = $pconfig['outgoing_interface'];
229			$a_unboundcfg['system_domain_local_zone_type'] = $pconfig['system_domain_local_zone_type'];
230			$a_unboundcfg['custom_options'] = $pconfig['custom_options'];
231
232			write_config(gettext("DNS Resolver configured."));
233			mark_subsystem_dirty('unbound');
234	2783e408	Renato Botelho	}
235	13541a81	Steve Beaver
236			$pconfig['active_interface'] = $display_active_interface;
237			$pconfig['outgoing_interface'] = $display_outgoing_interface;
238			$pconfig['custom_options'] = $display_custom_options;
239	7ed0e844	Warren Baker	}
240
241	13541a81	Steve Beaver
242	c154cd7d	NOYB	if ($pconfig['custom_options']) {
243			$customoptions = true;
244			} else {
245			$customoptions = false;
246			}
247
248	13541a81	Steve Beaver	if ($_POST['act'] == "del") {
249			if ($_POST['type'] == 'host') {
250			if ($a_hosts[$_POST['id']]) {
251			unset($a_hosts[$_POST['id']]);
252	18278432	doktornotor	write_config(gettext("Host override deleted from DNS Resolver."));
253	2783e408	Renato Botelho	mark_subsystem_dirty('unbound');
254			header("Location: services_unbound.php");
255			exit;
256			}
257	13541a81	Steve Beaver	} elseif ($_POST['type'] == 'doverride') {
258			if ($a_domainOverrides[$_POST['id']]) {
259			unset($a_domainOverrides[$_POST['id']]);
260	18278432	doktornotor	write_config(gettext("Domain override deleted from DNS Resolver."));
261	2783e408	Renato Botelho	mark_subsystem_dirty('unbound');
262			header("Location: services_unbound.php");
263			exit;
264			}
265			}
266	f2bc186f	Warren Baker	}
267
268	7aeae838	Matt Smith	function build_if_list($selectedifs) {
269	51c224bc	sbeaver	$interface_addresses = get_possible_listen_ips(true);
270			$iflist = array('options' => array(), 'selected' => array());
271
272	4bb7c0d1	bruno	$iflist['options']['all'] = gettext("All");
273	7aeae838	Matt Smith	if (empty($selectedifs) \|\| empty($selectedifs[0]) \|\| in_array("all", $selectedifs)) {
274	7275a7a2	Stephen Beaver	array_push($iflist['selected'], "all");
275	7aeae838	Matt Smith	}
276	51c224bc	sbeaver
277			foreach ($interface_addresses as $laddr => $ldescr) {
278			$iflist['options'][$laddr] = htmlspecialchars($ldescr);
279
280	20db3e1a	Phil Davis	if ($selectedifs && in_array($laddr, $selectedifs)) {
281	51c224bc	sbeaver	array_push($iflist['selected'], $laddr);
282	20db3e1a	Phil Davis	}
283	51c224bc	sbeaver	}
284
285			unset($interface_addresses);
286
287			return($iflist);
288			}
289
290	c8f6b745	k-paulius	$pgtitle = array(gettext("Services"), gettext("DNS Resolver"), gettext("General Settings"));
291	edcd7535	Phil Davis	$pglinks = array("", "@self", "@self");
292	db88a3a2	Phil Davis	$shortcut_section = "resolver";
293	7ed0e844	Warren Baker
294	51c224bc	sbeaver	include_once("head.inc");
295	7ed0e844	Warren Baker
296	20db3e1a	Phil Davis	if ($input_errors) {
297	51c224bc	sbeaver	print_input_errors($input_errors);
298	20db3e1a	Phil Davis	}
299	51c224bc	sbeaver
300	44c42356	Phil Davis	if ($_POST['apply']) {
301			print_apply_result_box($retval);
302	20db3e1a	Phil Davis	}
303	51c224bc	sbeaver
304	7aeae838	Matt Smith	if (is_subsystem_dirty('unbound')) {
305	359cc8d9	NOYB	print_apply_box(gettext("The DNS resolver configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect."));
306	7aeae838	Matt Smith	}
307
308	51c224bc	sbeaver	$tab_array = array();
309	c8f6b745	k-paulius	$tab_array[] = array(gettext("General Settings"), true, "services_unbound.php");
310			$tab_array[] = array(gettext("Advanced Settings"), false, "services_unbound_advanced.php");
311	51c224bc	sbeaver	$tab_array[] = array(gettext("Access Lists"), false, "/services_unbound_acls.php");
312			display_top_tabs($tab_array, true);
313
314			$form = new Form();
315
316			$section = new Form_Section('General DNS Resolver Options');
317
318			$section->addInput(new Form_Checkbox(
319			'enable',
320			'Enable',
321			'Enable DNS resolver',
322			$pconfig['enable']
323			));
324
325			$section->addInput(new Form_Input(
326			'port',
327			'Listen Port',
328	d5a9e030	NOYB	'number',
329	3e568739	NOYB	$pconfig['port'],
330			['placeholder' => '53']
331	51c224bc	sbeaver	))->setHelp('The port used for responding to DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 53.');
332
333	1fa69c27	jim-p	$section->addInput(new Form_Checkbox(
334			'enablessl',
335			'Enable SSL/TLS Service',
336			'Respond to incoming SSL/TLS queries from local clients',
337			$pconfig['enablessl']
338			))->setHelp('Configures the DNS Resolver to act as a DNS over SSL/TLS server which can answer queries from clients which also support DNS over TLS. ' .
339			'Activating this option disables automatic interface response routing behavior, thus it works best with specific interface bindings.' );
340
341			if ($certs_available) {
342			$section->addInput($input = new Form_Select(
343			'sslcertref',
344			'SSL/TLS Certificate',
345			$pconfig['sslcertref'],
346	192d769c	Viktor G	cert_build_list('cert', 'IPsec')
347	1fa69c27	jim-p	))->setHelp('The server certificate to use for SSL/TLS service. The CA chain will be determined automatically.');
348			} else {
349			$section->addInput(new Form_StaticText(
350			'SSL/TLS Certificate',
351			sprintf('No Certificates have been defined. A certificate is required before SSL/TLS can be enabled. %1$s Create or Import %2$s a Certificate.',
352			'<a href="system_certmanager.php">', '</a>')
353			));
354			}
355
356			$section->addInput(new Form_Input(
357			'sslport',
358			'SSL/TLS Listen Port',
359			'number',
360			$pconfig['sslport'],
361			['placeholder' => '853']
362			))->setHelp('The port used for responding to SSL/TLS DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 853.');
363
364	7aeae838	Matt Smith	$activeiflist = build_if_list($pconfig['active_interface']);
365	51c224bc	sbeaver
366			$section->addInput(new Form_Select(
367			'active_interface',
368	24b82516	Phil Davis	'*Network Interfaces',
369	7aeae838	Matt Smith	$activeiflist['selected'],
370			$activeiflist['options'],
371	51c224bc	sbeaver	true
372	57625777	PiBa-NL	))->addClass('general', 'resizable')->setHelp('Interface IPs used by the DNS Resolver for responding to queries from clients. If an interface has both IPv4 and IPv6 IPs, both are used. Queries to other interface IPs not selected below are discarded. ' .
373	51c224bc	sbeaver	'The default behavior is to respond to queries on every available IPv4 and IPv6 address.');
374
375	7aeae838	Matt Smith	$outiflist = build_if_list($pconfig['outgoing_interface']);
376
377	51c224bc	sbeaver	$section->addInput(new Form_Select(
378			'outgoing_interface',
379	24b82516	Phil Davis	'*Outgoing Network Interfaces',
380	7aeae838	Matt Smith	$outiflist['selected'],
381			$outiflist['options'],
382	51c224bc	sbeaver	true
383	57625777	PiBa-NL	))->addClass('general', 'resizable')->setHelp('Utilize different network interface(s) that the DNS Resolver will use to send queries to authoritative servers and receive their replies. By default all interfaces are used.');
384	51c224bc	sbeaver
385	ca47c065	NOYB	$section->addInput(new Form_Select(
386			'system_domain_local_zone_type',
387	24b82516	Phil Davis	'*System Domain Local Zone Type',
388	ca47c065	NOYB	$pconfig['system_domain_local_zone_type'],
389	9a83872f	NOYB	unbound_local_zone_types()
390	ca47c065	NOYB	))->setHelp('The local-zone type used for the pfSense system domain (System \| General Setup \| Domain). Transparent is the default. Local-Zone type descriptions are available in the unbound.conf(5) manual pages.');
391
392	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
393			'dnssec',
394			'DNSSEC',
395			'Enable DNSSEC Support',
396			$pconfig['dnssec']
397			));
398
399	4b1fb10d	BBcan177	$section->addInput(new Form_Checkbox(
400			'python',
401			'Python Module',
402			'Enable Python Module',
403			$pconfig['python']
404			))->setHelp('Enable the Python Module.');
405
406			$python_files = glob("{$g['unbound_chroot_path']}/*.py");
407			$python_scripts = array();
408			if (!empty($python_files)) {
409			foreach ($python_files as $file) {
410			$file = pathinfo($file, PATHINFO_FILENAME);
411			$python_scripts[$file] = $file;
412			}
413			}
414			else {
415			$python_scripts = array('' => 'No Python Module scripts found');
416			}
417
418			$section->addInput(new Form_Select(
419			'python_order',
420			'Python Module Order',
421			$pconfig['python_order'],
422			[ 'pre_validator' => 'Pre Validator', 'post_validator' => 'Post Validator' ]
423			))->setHelp('Select the Python Module ordering.');
424
425			$section->addInput(new Form_Select(
426			'python_script',
427			'Python Module Script',
428			$pconfig['python_script'],
429			$python_scripts
430			))->setHelp('Select the Python module script to utilize.');
431
432	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
433			'forwarding',
434			'DNS Query Forwarding',
435			'Enable Forwarding Mode',
436			$pconfig['forwarding']
437	d2a2f018	Steve Beaver	))->setHelp('If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under'.
438	702fa4d0	Phil Davis	' %1$sSystem > General Setup%2$s or those obtained via DHCP/PPP on WAN'.
439	d2a2f018	Steve Beaver	' (if DNS Server Override is enabled there).','<a href="system.php">','</a>');
440	51c224bc	sbeaver
441	cd738219	jim-p	$section->addInput(new Form_Checkbox(
442			'forward_tls_upstream',
443			null,
444	1fa69c27	jim-p	'Use SSL/TLS for outgoing DNS Queries to Forwarding Servers',
445	cd738219	jim-p	$pconfig['forward_tls_upstream']
446			))->setHelp('When set in conjunction with DNS Query Forwarding, queries to all upstream forwarding DNS servers will be sent using SSL/TLS on the default port of 853. Note that ALL configured forwarding servers MUST support SSL/TLS queries on port 853.');
447
448	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
449			'regdhcp',
450			'DHCP Registration',
451			'Register DHCP leases in the DNS Resolver',
452			$pconfig['regdhcp']
453	ecf4b407	Isaac McDonald	))->setHelp('If this option is set, then machines that specify their hostname when requesting an IPv4 DHCP lease will be registered'.
454	e7d76457	Isaac McDonald	' in the DNS Resolver so that their name can be resolved.'.
455	d2a2f018	Steve Beaver	' The domain in %1$sSystem > General Setup%2$s should also be set to the proper value.','<a href="system.php">','</a>');
456	51c224bc	sbeaver
457			$section->addInput(new Form_Checkbox(
458			'regdhcpstatic',
459			'Static DHCP',
460			'Register DHCP static mappings in the DNS Resolver',
461			$pconfig['regdhcpstatic']
462	d2a2f018	Steve Beaver	))->setHelp('If this option is set, then DHCP static mappings will be registered in the DNS Resolver, so that their name can be resolved. '.
463			'The domain in %1$sSystem > General Setup%2$s should also be set to the proper value.','<a href="system.php">','</a>');
464	51c224bc	sbeaver
465	0cc17a06	Lorenz Schori	$section->addInput(new Form_Checkbox(
466			'regovpnclients',
467			'OpenVPN Clients',
468			'Register connected OpenVPN clients in the DNS Resolver',
469			$pconfig['regovpnclients']
470	48384795	Lorenz Schori	))->setHelp(sprintf('If this option is set, then the common name (CN) of connected OpenVPN clients will be registered in the DNS Resolver, so that their name can be resolved. This only works for OpenVPN servers (Remote Access SSL/TLS) operating in "tun" mode. '.
471	0cc17a06	Lorenz Schori	'The domain in %sSystem: General Setup%s should also be set to the proper value.','<a href="system.php">','</a>'));
472
473	2c95f1cd	Phil Davis	$btnadv = new Form_Button(
474			'btnadvcustom',
475	faab522f	Renato Botelho	'Custom options',
476	3314e626	jim-p	null,
477			'fa-cog'
478	51c224bc	sbeaver	);
479
480	49d3b157	NOYB	$btnadv->setAttribute('type','button')->addClass('btn-info btn-sm');
481	51c224bc	sbeaver
482			$section->addInput(new Form_StaticText(
483	2c95f1cd	Phil Davis	'Display Custom Options',
484			$btnadv
485	51c224bc	sbeaver	));
486
487	1fcfea39	Stephen Beaver	$section->addInput(new Form_Textarea (
488	51c224bc	sbeaver	'custom_options',
489			'Custom options',
490			$pconfig['custom_options']
491	e78ecb96	NOYB	))->setHelp('Enter any additional configuration parameters to add to the DNS Resolver configuration here, separated by a newline.');
492	51c224bc	sbeaver
493			$form->add($section);
494			print($form);
495			?>
496	932711c7	Matt Smith
497	8fd9052f	Colin Fleming	<script type="text/javascript">
498	51c224bc	sbeaver	//<![CDATA[
499	20db3e1a	Phil Davis	events.push(function() {
500	51c224bc	sbeaver
501	2c95f1cd	Phil Davis	// Show advanced custom options ==============================================
502			var showadvcustom = false;
503
504			function show_advcustom(ispageload) {
505			var text;
506			// On page load decide the initial state based on the data.
507			if (ispageload) {
508	28e3d579	NewEraCracker	showadvcustom = <?=($customoptions ? 'true' : 'false');?>;
509	2c95f1cd	Phil Davis	} else {
510			// It was a click, swap the state.
511			showadvcustom = !showadvcustom;
512			}
513
514			hideInput('custom_options', !showadvcustom);
515
516			if (showadvcustom) {
517			text = "<?=gettext('Hide Custom Options');?>";
518			} else {
519			text = "<?=gettext('Display Custom Options');?>";
520			}
521			$('#btnadvcustom').html('<i class="fa fa-cog"></i> ' + text);
522			}
523
524	d3a3eef0	Francisco Cavalcante	// If the enable checkbox is not checked, hide all inputs
525			function hideGeneral() {
526	51c224bc	sbeaver	var hide = ! $('#enable').prop('checked');
527
528	d3a3eef0	Francisco Cavalcante	hideMultiClass('general', hide);
529			hideInput('port', hide);
530			hideSelect('system_domain_local_zone_type', hide);
531			hideCheckbox('dnssec', hide);
532			hideCheckbox('forwarding', hide);
533			hideCheckbox('regdhcp', hide);
534			hideCheckbox('regdhcpstatic', hide);
535	0cc17a06	Lorenz Schori	hideCheckbox('regovpnclients', hide);
536	2c95f1cd	Phil Davis	hideInput('btnadvcustom', hide);
537			hideInput('custom_options', hide \|\| !showadvcustom);
538	51c224bc	sbeaver	}
539
540	2c95f1cd	Phil Davis	// Un-hide additional controls
541			$('#btnadvcustom').click(function(event) {
542			show_advcustom();
543	51c224bc	sbeaver	});
544
545	d3a3eef0	Francisco Cavalcante	// When 'enable' is clicked, disable/enable the following hide inputs
546	51c224bc	sbeaver	$('#enable').click(function() {
547	d3a3eef0	Francisco Cavalcante	hideGeneral();
548	51c224bc	sbeaver	});
549
550			// On initial load
551	20db3e1a	Phil Davis	if ($('#custom_options').val().length == 0) {
552	df6cb8fe	Stephen Beaver	hideInput('custom_options', true);
553			}
554
555	d3a3eef0	Francisco Cavalcante	hideGeneral();
556	2c95f1cd	Phil Davis	show_advcustom(true);
557	51c224bc	sbeaver
558	4b1fb10d	BBcan177	// When the Python Module 'enable' is clicked, disable/enable the Python Module options
559			function show_python_script() {
560			var python = $('#python').prop('checked');
561			hideInput('python_order', !python);
562			hideInput('python_script', !python);
563			}
564			show_python_script();
565			$('#python').click(function () {
566			show_python_script();
567			});
568
569	51c224bc	sbeaver	});
570			//]]>
571			</script>
572
573			<div class="panel panel-default">
574	f17594c7	Sjon Hortensius	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Host Overrides")?></h2></div>
575	51c224bc	sbeaver	<div class="panel-body table-responsive">
576	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
577	51c224bc	sbeaver	<thead>
578	2783e408	Renato Botelho	<tr>
579	51c224bc	sbeaver	<th><?=gettext("Host")?></th>
580	eb267378	stilez	<th><?=gettext("Parent domain of host")?></th>
581	40e21a7f	stilez	<th><?=gettext("IP to return for host")?></th>
582	51c224bc	sbeaver	<th><?=gettext("Description")?></th>
583	21d973b2	Phil Davis	<th><?=gettext("Actions")?></th>
584	2783e408	Renato Botelho	</tr>
585	51c224bc	sbeaver	</thead>
586			<tbody>
587			<?php
588			$i = 0;
589			foreach ($a_hosts as $hostent):
590			?>
591	2783e408	Renato Botelho	<tr>
592	51c224bc	sbeaver	<td>
593	c8a7d17c	NOYB	<?=$hostent['host']?>
594	51c224bc	sbeaver	</td>
595			<td>
596	c8a7d17c	NOYB	<?=$hostent['domain']?>
597	51c224bc	sbeaver	</td>
598			<td>
599	de038a27	Stephen Beaver	<?=$hostent['ip']?>
600	51c224bc	sbeaver	</td>
601			<td>
602			<?=htmlspecialchars($hostent['descr'])?>
603			</td>
604			<td>
605	33f0b0d5	Stephen Beaver	<a class="fa fa-pencil" title="<?=gettext('Edit host override')?>" href="services_unbound_host_edit.php?id=<?=$i?>"></a>
606	13541a81	Steve Beaver	<a class="fa fa-trash" title="<?=gettext('Delete host override')?>" href="services_unbound.php?type=host&act=del&id=<?=$i?>" usepost></a>
607	51c224bc	sbeaver	</td>
608	2783e408	Renato Botelho	</tr>
609	51c224bc	sbeaver
610			<?php
611			if ($hostent['aliases']['item'] && is_array($hostent['aliases']['item'])):
612			foreach ($hostent['aliases']['item'] as $alias):
613			?>
614	2783e408	Renato Botelho	<tr>
615	51c224bc	sbeaver	<td>
616	c8a7d17c	NOYB	<?=$alias['host']?>
617	51c224bc	sbeaver	</td>
618			<td>
619	c8a7d17c	NOYB	<?=$alias['domain']?>
620	51c224bc	sbeaver	</td>
621			<td>
622	4bb7c0d1	bruno	<?=gettext("Alias for ");?><?=$hostent['host'] ? $hostent['host'] . '.' . $hostent['domain'] : $hostent['domain']?>
623	51c224bc	sbeaver	</td>
624			<td>
625	39bd0b51	Stephen Beaver	<i class="fa fa-angle-double-right text-info"></i>
626	51c224bc	sbeaver	<?=htmlspecialchars($alias['description'])?>
627			</td>
628			<td>
629	1c10ce97	PiBa-NL	<a class="fa fa-pencil" title="<?=gettext('Edit host override')?>" href="services_unbound_host_edit.php?id=<?=$i?>"></a>
630	51c224bc	sbeaver	</td>
631	2783e408	Renato Botelho	</tr>
632	51c224bc	sbeaver	<?php
633			endforeach;
634			endif;
635			$i++;
636			endforeach;
637			?>
638			</tbody>
639			</table>
640			</div>
641			</div>
642
643	de55303c	stilez	<span class="help-block">
644			Enter any individual hosts for which the resolver's standard DNS lookup process should be overridden and a specific
645	179377b0	robjarsen	IPv4 or IPv6 address should automatically be returned by the resolver. Standard and also non-standard names and parent domains
646			can be entered, such as 'test', 'mycompany.localdomain', '1.168.192.in-addr.arpa', or 'somesite.com'. Any lookup attempt for
647			the host will automatically return the given IP address, and the usual lookup server for the domain will not be queried for
648	b9304b9a	stilez	the host's records.
649	de55303c	stilez	</span>
650
651	c10cb196	Stephen Beaver	<nav class="action-buttons">
652	782922c2	Stephen Beaver	<a href="services_unbound_host_edit.php" class="btn btn-sm btn-success">
653	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
654	782922c2	Stephen Beaver	<?=gettext('Add')?>
655			</a>
656	51c224bc	sbeaver	</nav>
657
658			<div class="panel panel-default">
659	f17594c7	Sjon Hortensius	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Domain Overrides")?></h2></div>
660	51c224bc	sbeaver	<div class="panel-body table-responsive">
661	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
662	51c224bc	sbeaver	<thead>
663	2783e408	Renato Botelho	<tr>
664	51c224bc	sbeaver	<th><?=gettext("Domain")?></th>
665	b9304b9a	stilez	<th><?=gettext("Lookup Server IP Address")?></th>
666	51c224bc	sbeaver	<th><?=gettext("Description")?></th>
667	21d973b2	Phil Davis	<th><?=gettext("Actions")?></th>
668	2783e408	Renato Botelho	</tr>
669	51c224bc	sbeaver	</thead>
670
671			<tbody>
672			<?php
673			$i = 0;
674			foreach ($a_domainOverrides as $doment):
675			?>
676	2783e408	Renato Botelho	<tr>
677	51c224bc	sbeaver	<td>
678	c8a7d17c	NOYB	<?=$doment['domain']?>
679	51c224bc	sbeaver	</td>
680			<td>
681			<?=$doment['ip']?>
682			</td>
683			<td>
684			<?=htmlspecialchars($doment['descr'])?>
685			</td>
686			<td>
687	33f0b0d5	Stephen Beaver	<a class="fa fa-pencil" title="<?=gettext('Edit domain override')?>" href="services_unbound_domainoverride_edit.php?id=<?=$i?>"></a>
688	13541a81	Steve Beaver	<a class="fa fa-trash" title="<?=gettext('Delete domain override')?>" href="services_unbound.php?act=del&type=doverride&id=<?=$i?>" usepost></a>
689	51c224bc	sbeaver	</td>
690	2783e408	Renato Botelho	</tr>
691	51c224bc	sbeaver	<?php
692			$i++;
693			endforeach;
694			?>
695			</tbody>
696			</table>
697			</div>
698			</div>
699
700	1eb759ab	stilez	<span class="help-block">
701	179377b0	robjarsen	Enter any domains for which the resolver's standard DNS lookup process should be overridden and a different (non-standard)
702			lookup server should be queried instead. Non-standard, 'invalid' and local domains, and subdomains, can also be entered,
703			such as 'test', 'mycompany.localdomain', '1.168.192.in-addr.arpa', or 'somesite.com'. The IP address is treated as the
704	1eb759ab	stilez	authoritative lookup server for the domain (including all of its subdomains), and other lookup servers will not be queried.
705			</span>
706
707	c10cb196	Stephen Beaver	<nav class="action-buttons">
708	782922c2	Stephen Beaver	<a href="services_unbound_domainoverride_edit.php" class="btn btn-sm btn-success">
709	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
710	782922c2	Stephen Beaver	<?=gettext('Add')?>
711			</a>
712	51c224bc	sbeaver	</nav>
713	782922c2	Stephen Beaver
714	35681930	Stephen Beaver	<div class="infoblock">
715	702fa4d0	Phil Davis	<?php print_info_box(sprintf(gettext('If the DNS Resolver is enabled, the DHCP'.
716			' service (if enabled) will automatically serve the LAN IP'.
717			' address as a DNS server to DHCP clients so they will use'.
718			' the DNS Resolver. If Forwarding is enabled, the DNS Resolver will use the DNS servers'.
719			' entered in %1$sSystem > General Setup%2$s'.
720			' or those obtained via DHCP or PPP on WAN if "Allow'.
721			' DNS server list to be overridden by DHCP/PPP on WAN"'.
722			' is checked.'), '<a href="system.php">', '</a>'), 'info', false); ?>
723	782922c2	Stephen Beaver	</div>
724	82afb104	Stephen Beaver
725	6f65dc19	Chris Buechler	<?php include("foot.inc");

Project

General

Profile

pfSense