Revision 5c7c369f
Added by Chris Buechler over 10 years ago
| conf.default/config.xml | ||
|---|---|---|
| 274 | 274 |
<custom_options/> |
| 275 | 275 |
<hideidentity/> |
| 276 | 276 |
<hideversion/> |
| 277 |
<hardenglue/> |
|
| 278 | 277 |
<dnssecstripped/> |
| 279 | 278 |
</unbound> |
| 280 | 279 |
</pfsense> |
| etc/inc/unbound.inc | ||
|---|---|---|
| 213 | 213 |
$port = (is_port($config['unbound']['port'])) ? $config['unbound']['port'] : "53"; |
| 214 | 214 |
$hide_identity = isset($config['unbound']['hideidentity']) ? "yes" : "no"; |
| 215 | 215 |
$hide_version = isset($config['unbound']['hideversion']) ? "yes" : "no"; |
| 216 |
$harden_glue = isset($config['unbound']['hardenglue']) ? "yes" : "no"; |
|
| 217 | 216 |
$harden_dnssec_stripped = isset($config['unbound']['dnssecstripped']) ? "yes" : "no"; |
| 218 | 217 |
$prefetch = isset($config['unbound']['prefetch']) ? "yes" : "no"; |
| 219 | 218 |
$prefetch_key = isset($config['unbound']['prefetchkey']) ? "yes" : "no"; |
| ... | ... | |
| 290 | 289 |
verbosity: {$verbosity}
|
| 291 | 290 |
hide-identity: {$hide_identity}
|
| 292 | 291 |
hide-version: {$hide_version}
|
| 293 |
harden-glue: {$harden_glue}
|
|
| 292 |
harden-glue: yes
|
|
| 294 | 293 |
do-ip4: yes |
| 295 | 294 |
do-ip6: yes |
| 296 | 295 |
do-udp: yes |
| usr/local/www/services_unbound_advanced.php | ||
|---|---|---|
| 58 | 58 |
if (isset($config['unbound']['prefetchkey'])) {
|
| 59 | 59 |
$pconfig['prefetchkey'] = true; |
| 60 | 60 |
} |
| 61 |
if (isset($config['unbound']['hardenglue'])) {
|
|
| 62 |
$pconfig['hardenglue'] = true; |
|
| 63 |
} |
|
| 64 | 61 |
if (isset($config['unbound']['dnssecstripped'])) {
|
| 65 | 62 |
$pconfig['dnssecstripped'] = true; |
| 66 | 63 |
} |
| ... | ... | |
| 153 | 150 |
} else {
|
| 154 | 151 |
unset($config['unbound']['prefetchkey']); |
| 155 | 152 |
} |
| 156 |
if (isset($_POST['hardenglue'])) {
|
|
| 157 |
$config['unbound']['hardenglue'] = true; |
|
| 158 |
} else {
|
|
| 159 |
unset($config['unbound']['hardenglue']); |
|
| 160 |
} |
|
| 161 | 153 |
if (isset($_POST['dnssecstripped'])) {
|
| 162 | 154 |
$config['unbound']['dnssecstripped'] = true; |
| 163 | 155 |
} else {
|
| ... | ... | |
| 257 | 249 |
<?=sprintf(gettext("DNSKEYs are fetched earlier in the validation process when a %sDelegation signer%s is encountered. This helps lower the latency of requests but does utilize a little more CPU."), "<a href='http://en.wikipedia.org/wiki/List_of_DNS_record_types'>", "</a>");?>
|
| 258 | 250 |
</td> |
| 259 | 251 |
</tr> |
| 260 |
<tr> |
|
| 261 |
<td width="22%" valign="top" class="vncell"><?=gettext("Harden Glue");?></td>
|
|
| 262 |
<td width="78%" class="vtable"> |
|
| 263 |
<input name="hardenglue" type="checkbox" id="hardenglue" value="yes" <?php if (isset($pconfig['hardenglue'])) echo "checked=\"checked\"";?> /><br /> |
|
| 264 |
<?=gettext("Only trust glue if it is within the server's authority.");?>
|
|
| 265 |
</td> |
|
| 266 |
</tr> |
|
| 267 | 252 |
<tr> |
| 268 | 253 |
<td width="22%" valign="top" class="vncell"><?=gettext("Harden DNSSEC data");?></td>
|
| 269 | 254 |
<td width="78%" class="vtable"> |
Also available in: Unified diff
Remove the harden-glue option entirely and hard code it to yes. Ticket #4402