pfSense

<?php

/* $Id$ */

/*

	services_dnsmasq.php

	part of m0n0wall (http://m0n0.ch/wall)

	Copyright (C) 2003-2004 Bob Zoller <bob@kludgebox.com> and Manuel Kasper <mk@neon1.net>.

	Copyright (C) 2013-2015 Electric Sheep Fencing, LP

	All rights reserved.

	Redistribution and use in source and binary forms, with or without

	modification, are permitted provided that the following conditions are met:

	1. Redistributions of source code must retain the above copyright notice,

	   this list of conditions and the following disclaimer.

	2. Redistributions in binary form must reproduce the above copyright

	   notice, this list of conditions and the following disclaimer in the

	   documentation and/or other materials provided with the distribution.

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,

	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,

	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

	POSSIBILITY OF SUCH DAMAGE.

*/

/*

	pfSense_MODULE: dnsforwarder

*/

##|+PRIV

##|*IDENT=page-services-dnsforwarder

##|*NAME=Services: DNS Forwarder page

##|*DESCR=Allow access to the 'Services: DNS Forwarder' page.

##|*MATCH=services_dnsmasq.php*

##|-PRIV

require("guiconfig.inc");

require_once("functions.inc");

require_once("filter.inc");

require_once("shaper.inc");

require_once("system.inc");

$pconfig['enable'] = isset($config['dnsmasq']['enable']);

$pconfig['regdhcp'] = isset($config['dnsmasq']['regdhcp']);

$pconfig['regdhcpstatic'] = isset($config['dnsmasq']['regdhcpstatic']);

$pconfig['dhcpfirst'] = isset($config['dnsmasq']['dhcpfirst']);

$pconfig['strict_order'] = isset($config['dnsmasq']['strict_order']);

$pconfig['domain_needed'] = isset($config['dnsmasq']['domain_needed']);

$pconfig['no_private_reverse'] = isset($config['dnsmasq']['no_private_reverse']);

$pconfig['port'] = $config['dnsmasq']['port'];

$pconfig['custom_options'] = $config['dnsmasq']['custom_options'];

$pconfig['strictbind'] = isset($config['dnsmasq']['strictbind']);

if (!empty($config['dnsmasq']['interface']))

	$pconfig['interface'] = explode(",", $config['dnsmasq']['interface']);

else

	$pconfig['interface'] = array();

if (!is_array($config['dnsmasq']['hosts']))

	$config['dnsmasq']['hosts'] = array();

if (!is_array($config['dnsmasq']['domainoverrides']))

	$config['dnsmasq']['domainoverrides'] = array();

$a_hosts = &$config['dnsmasq']['hosts'];

$a_domainOverrides = &$config['dnsmasq']['domainoverrides'];

if ($_POST) {

	$pconfig = $_POST;

	unset($input_errors);

	$config['dnsmasq']['enable'] = ($_POST['enable']) ? true : false;

	$config['dnsmasq']['regdhcp'] = ($_POST['regdhcp']) ? true : false;

	$config['dnsmasq']['regdhcpstatic'] = ($_POST['regdhcpstatic']) ? true : false;

	$config['dnsmasq']['dhcpfirst'] = ($_POST['dhcpfirst']) ? true : false;

	$config['dnsmasq']['strict_order'] = ($_POST['strict_order']) ? true : false;

	$config['dnsmasq']['domain_needed'] = ($_POST['domain_needed']) ? true : false;

	$config['dnsmasq']['no_private_reverse'] = ($_POST['no_private_reverse']) ? true : false;

	$config['dnsmasq']['custom_options'] = str_replace("\r\n", "\n", $_POST['custom_options']);

	$config['dnsmasq']['strictbind'] = ($_POST['strictbind']) ? true : false;

	if (isset($_POST['enable']) && isset($config['unbound']['enable'])) {

		if ($_POST['port'] == $config['unbound']['port'])

			$input_errors[] = "The DNS Resolver is enabled using this port. Choose a non-conflicting port, or disable DNS Resolver.";

	}

	if ($_POST['port']) {

		if(is_port($_POST['port']))

			$config['dnsmasq']['port'] = $_POST['port'];

		else

			$input_errors[] = gettext("You must specify a valid port number");

	}

	else if (isset($config['dnsmasq']['port']))

		unset($config['dnsmasq']['port']);

	if (is_array($_POST['interface']))

		$config['dnsmasq']['interface'] = implode(",", $_POST['interface']);

	elseif (isset($config['dnsmasq']['interface']))

		unset($config['dnsmasq']['interface']);

	if ($config['dnsmasq']['custom_options']) {

		$args = '';

		foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c)

			$args .= escapeshellarg("--{$c}") . " ";

		exec("/usr/local/sbin/dnsmasq --test $args", $output, $rc);

		if ($rc != 0)

			$input_errors[] = gettext("Invalid custom options");

	}

	if (!$input_errors) {

		write_config();

		$retval = 0;

		$retval = services_dnsmasq_configure();

		$savemsg = get_std_save_message($retval);

		// Relaod filter (we might need to sync to CARP hosts)

		filter_configure();

		/* Update resolv.conf in case the interface bindings exclude localhost. */

		system_resolvconf_generate();

		/* Start or restart dhcpleases when it's necessary */

		system_dhcpleases_configure();

		if ($retval == 0)

			clear_subsystem_dirty('hosts');

	}

}

if ($_GET['act'] == "del") {

	if ($_GET['type'] == 'host') {

		if ($a_hosts[$_GET['id']]) {

			unset($a_hosts[$_GET['id']]);

			write_config();

			mark_subsystem_dirty('hosts');

			header("Location: services_dnsmasq.php");

			exit;

		}

	}

	elseif ($_GET['type'] == 'doverride') {

		if ($a_domainOverrides[$_GET['id']]) {

			unset($a_domainOverrides[$_GET['id']]);

			write_config();

			mark_subsystem_dirty('hosts');

			header("Location: services_dnsmasq.php");

			exit;

		}

	}

}

function build_if_list() {

	$interface_addresses = get_possible_listen_ips(true);

	$iflist = array('options' => array(), 'selected' => array());

	$iflist['options'][""]	= "All";

	if (empty($pconfig['interface']) || empty($pconfig['interface'][0]))

		array_push($iflist['selected'], "");

	foreach ($interface_addresses as $laddr => $ldescr) {

		$iflist['options'][$laddr] = htmlspecialchars($ldescr);

		if ($pconfig['interface'] && in_array($laddr, $pconfig['interface']))

			array_push($iflist['selected'], $laddr);

	}

	unset($interface_addresses);

	return($iflist);

}

$closehead = false;

$pgtitle = array(gettext("Services"),gettext("DNS forwarder"));

$shortcut_section = "forwarder";

include("head.inc");

if ($input_errors)

	print_input_errors($input_errors);

if ($savemsg)

	print_info_box($savemsg, 'success');

if (is_subsystem_dirty('hosts'))

	print_info_box_np(gettext("The DNS forwarder configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));

require('classes/Form.class.php');

$form = new Form();

$section = new Form_Section('General DNS Forwarder Options');

$section->addInput(new Form_Checkbox(

	'enable',

	'Enable',

	'Enable DNS forwarder',

	$pconfig['enable']

))->toggles('.toggle-dhcp', 'disable');

$section->addInput(new Form_Checkbox(

	'regdhcp',

	'DHCP Registration',

	'Register DHCP leases in DNS forwarder',

	$pconfig['regdhcp']

))->setHelp(sprintf("If this option is set, then machines that specify".

			" their hostname when requesting a DHCP lease will be registered".

			" in the DNS forwarder, so that their name can be resolved.".

			" You should also set the domain in %sSystem:".

			" General setup%s to the proper value.",'<a href="system.php">','</a>'))

	->addClass('toggle-dhcp');

$section->addInput(new Form_Checkbox(

	'regdhcpstatic',

	'Static DHCP',

	'Register DHCP static mappings in DNS forwarder',

	$pconfig['regdhcpstatic']

))->setHelp(sprintf("If this option is set, then DHCP static mappings will ".

					"be registered in the DNS forwarder, so that their name can be ".

					"resolved. You should also set the domain in %s".

					"System: General setup%s to the proper value.",'<a href="system.php">','</a>'))

	->addClass('toggle-dhcp');

$section->addInput(new Form_Checkbox(

	'dhcpfirst',

	'Prefer DHCP',

	'Resolve DHCP mappings first',

	$pconfig['dhcpfirst']

))->setHelp(sprintf("If this option is set, then DHCP mappings will ".

					"be resolved before the manual list of names below. This only ".

					"affects the name given for a reverse lookup (PTR)."))

	->addClass('toggle-dhcp');

$group = new Form_Group('DNS Query Forwarding');

$group->add(new Form_Checkbox(

	'strict_order',

	'DNS Query Forwarding',

	'Query DNS servers sequentially',

	$pconfig['strict_order']

))->setHelp(sprintf("If this option is set, %s DNS Forwarder (dnsmasq) will ".

					"query the DNS servers sequentially in the order specified (<i>System - General Setup - DNS Servers</i>), ".

					"rather than all at once in parallel. ", $g['product_name']));

$group->add(new Form_Checkbox(

	'domain_needed',

	null,

	'Require domain',

	$pconfig['domain_needed']

))->setHelp(sprintf("If this option is set, %s DNS Forwarder (dnsmasq) will ".

					"not forward A or AAAA queries for plain names, without dots or domain parts, to upstream name servers.	 ".

					"If the name is not known from /etc/hosts or DHCP then a \"not found\" answer is returned. ", $g['product_name']));

$group->add(new Form_Checkbox(

	'no_private_reverse',

	null,

	'Do not forward private reverse lookups',

	$pconfig['no_private_reverse']

))->setHelp(sprintf("If this option is set, %s DNS Forwarder (dnsmasq) will ".

					"not forward reverse DNS lookups (PTR) for private addresses (RFC 1918) to upstream name servers.  ".

					"Any entries in the Domain Overrides section forwarding private \"n.n.n.in-addr.arpa\" names to a specific server are still forwarded. ".

					"If the IP to name is not known from /etc/hosts, DHCP or a specific domain override then a \"not found\" answer is immediately returned. ", $g['product_name']));

$section->add($group);

$section->addInput(new Form_Input(

	'port',

	'Listen Port',

	'number',

	$pconfig['port'],

	['placeholder' => '53']

))->setHelp('The port used for responding to DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 53.');

$iflist = build_if_list();

$section->addInput(new Form_Select(

	'interface',

	'Interfaces',

	$iflist['selected'],

	$iflist['options'],

	true

))->setHelp('Interface IPs used by the DNS Forwarder for responding to queries from clients. If an interface has both IPv4 and IPv6 IPs, both are used. Queries to other interface IPs not selected below are discarded. ' .

			'The default behavior is to respond to queries on every available IPv4 and IPv6 address.');

$section->addInput(new Form_Checkbox(

	'strictbind',

	'Strict binding',

	'Strict interface binding',

	$pconfig['strictbind']

))->setHelp('If this option is set, the DNS forwarder will only bind to the interfaces containing the IP addresses selected above, ' .

					'rather than binding to all interfaces and discarding queries to other addresses.' . '<br /><br />' .

					'This option does NOT work with IPv6. If set, dnsmasq will not bind to IPv6 addresses.');

$section->addInput(new Form_TextArea(

	'custom_options',

	'Custom options',

	$pconfig['custom_options']

))->setHelp('Enter any additional options you would like to add to the dnsmasq configuration here, separated by a space or newline')

	->addClass('advanced');

$form->add($section);

print($form);

print_info_box(sprintf("If the DNS forwarder is enabled, the DHCP".

	" service (if enabled) will automatically serve the LAN IP".

	" address as a DNS server to DHCP clients so they will use".

	" the forwarder. The DNS forwarder will use the DNS servers".

	" entered in %sSystem: General setup%s".

	" or those obtained via DHCP or PPP on WAN if the "Allow".

	" DNS server list to be overridden by DHCP/PPP on WAN"".

	" is checked. If you don't use that option (or if you use".

	" a static IP address on WAN), you must manually specify at".

	" least one DNS server on the %sSystem:".

	"General setup%s page.",'<a href="system.php">','</a>','<a href="system.php">','</a>'));

?>

<div class="panel panel-default">

	<div class="panel-heading"><h2><?=gettext("Host Overrides")?></h2></div>

	<div class="panel-body table-responsive">

		<table class="table table-striped table-hover table-condensed">

			<thead>

				<tr>

					<th><?=gettext("Host")?></th>

					<th><?=gettext("Domain")?></th>

					<th><?=gettext("IP")?></th>

					<th><?=gettext("Description")?></th>

					<th></th>

				</tr>

			</thead>

			<tbody>

<?php

foreach ($a_hosts as $i => $hostent):

?>

				<tr>

					<td>

						<?=strtolower($hostent['host'])?>

					</td>

					<td>

						<?=strtolower($hostent['domain'])?>

					</td>

					<td>

						<?=$hostent['ip']?>

					</td>

					<td>

						<?=htmlspecialchars($hostent['descr'])?>

					</td>

					<td>

						<a href="services_dnsmasq_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a>

						<a href="services_dnsmasq.php?type=host&amp;act=del&amp;id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext('Delete')?></a>

					</td>

				</tr>

<?php

	if ($hostent['aliases']['item'] && is_array($hostent['aliases']['item'])):

		foreach ($hostent['aliases']['item'] as $i => $alias):

?>

				<tr>

					<td>

						<?=strtolower($alias['host'])?>

					</td>

					<td>

						<?=strtolower($alias['domain'])?>

					</td>

					<td>

						Alias for <?=$hostent['host'] ? $hostent['host'] . '.' . $hostent['domain'] : $hostent['domain']?>

					</td>

					<td>

						<?=htmlspecialchars($alias['description'])?>

					</td>

					<td>

						<a href="services_dnsmasq_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a>

					</td>

				</tr>

<?php

		endforeach;

	endif;

endforeach;

?>

			</tbody>

		</table>

	</div>

</div>

<nav class="action-buttons">

	<a href="services_dnsmasq_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a>

</nav>

<?php

print_info_box(gettext("Entries in this section override individual results from the forwarders.") .

				gettext("Use these for changing DNS results or for adding custom DNS records."));

?>

<div class="panel panel-default">

	<div class="panel-heading"><h2><?=gettext("Domain Overrides")?></h2></div>

	<div class="panel-body table-responsive">

		<table class="table table-striped table-hover table-condensed">

			<thead>

				<tr>

					<th><?=gettext("Domain")?></th>

					<th><?=gettext("IP")?></th>

					<th><?=gettext("Description")?></th>

					<th></th>

				</tr>

			</thead>

			<tbody>

<?php

foreach ($a_domainOverrides as $i => $doment):

?>

				<tr>

					<td>

						<?=strtolower($doment['domain'])?>

					</td>

					<td>

						<?=$doment['ip']?>

					</td>

					<td>

						<?=htmlspecialchars($doment['descr'])?>

					</td>

					<td>

						<a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a>

						<a href="services_dnsmasq.php?act=del&amp;type=doverride&amp;id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext('Delete')?></a>

					</td>

				</tr>

<?php

endforeach;

?>

			</tbody>

		</table>

	</div>

</div>

<nav class="action-buttons">

	<a href="services_dnsmasq_domainoverride_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a>

</nav>

<?php

print_info_box(gettext("Entries in this area override an entire domain, and subdomains, by specifying an".

						" authoritative DNS server to be queried for that domain."));

include("foot.inc");