/src/usr/local/www/services_unbound.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/services_unbound.php @ a7e50981

1	7ed0e844	Warren Baker	<?php
2			/*
3	c5d81585	Renato Botelho	* services_unbound.php
4	df6cb8fe	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f2f85c3	Luiz Otavio O Souza	* Copyright (c) 2014-2022 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2014 Warren Baker (warren@pfsense.org)
10			* All rights reserved.
11	df6cb8fe	Stephen Beaver	*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	df6cb8fe	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	df6cb8fe	Stephen Beaver	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	df6cb8fe	Stephen Beaver	*/
24	7ed0e844	Warren Baker
25			##\|+PRIV
26	0b8328c5	jim-p	##\|*IDENT=page-services-dnsresolver
27	5230f468	jim-p	##\|*NAME=Services: DNS Resolver
28	7ed0e844	Warren Baker	##\|*DESCR=Allow access to the 'Services: DNS Resolver' page.
29			##\|MATCH=services_unbound.php
30	9c8a7b13	Stephen Beaver	##\|-PRIV
31	7ed0e844	Warren Baker
32			require_once("guiconfig.inc");
33			require_once("unbound.inc");
34	c6d03f09	doktornotor	require_once("pfsense-utils.inc");
35	4dbcf2fb	Renato Botelho	require_once("system.inc");
36	7ed0e844	Warren Baker
37	c6c398c6	jim-p	init_config_arr(array('unbound', 'hosts'));
38			init_config_arr(array('unbound', 'domainoverrides'));
39			$a_unboundcfg = &$config['unbound'];
40			$a_hosts = &$a_unboundcfg['hosts'];
41	932711c7	Matt Smith	$a_domainOverrides = &$a_unboundcfg['domainoverrides'];
42	7ed0e844	Warren Baker
43	932711c7	Matt Smith	if (isset($a_unboundcfg['enable'])) {
44	fe9d4894	Renato Botelho	$pconfig['enable'] = true;
45	be11b6f1	Warren Baker	}
46	1fa69c27	jim-p	if (isset($a_unboundcfg['enablessl'])) {
47			$pconfig['enablessl'] = true;
48			}
49	283f9e8c	jim-p	if (isset($a_unboundcfg['strictout'])) {
50			$pconfig['strictout'] = true;
51			}
52	932711c7	Matt Smith	if (isset($a_unboundcfg['dnssec'])) {
53	fe9d4894	Renato Botelho	$pconfig['dnssec'] = true;
54	be11b6f1	Warren Baker	}
55	4b1fb10d	BBcan177	if (isset($a_unboundcfg['python'])) {
56			$pconfig['python'] = true;
57			}
58	932711c7	Matt Smith	if (isset($a_unboundcfg['forwarding'])) {
59	fe9d4894	Renato Botelho	$pconfig['forwarding'] = true;
60	be11b6f1	Warren Baker	}
61	cd738219	jim-p	if (isset($a_unboundcfg['forward_tls_upstream'])) {
62			$pconfig['forward_tls_upstream'] = true;
63			}
64	932711c7	Matt Smith	if (isset($a_unboundcfg['regdhcp'])) {
65	fe9d4894	Renato Botelho	$pconfig['regdhcp'] = true;
66	be11b6f1	Warren Baker	}
67	932711c7	Matt Smith	if (isset($a_unboundcfg['regdhcpstatic'])) {
68	fe9d4894	Renato Botelho	$pconfig['regdhcpstatic'] = true;
69	be11b6f1	Warren Baker	}
70	0cc17a06	Lorenz Schori	if (isset($a_unboundcfg['regovpnclients'])) {
71			$pconfig['regovpnclients'] = true;
72			}
73	615ae81f	Renato Botelho
74	4b1fb10d	BBcan177	$pconfig['python_order'] = $a_unboundcfg['python_order'];
75			$pconfig['python_script'] = $a_unboundcfg['python_script'];
76	932711c7	Matt Smith	$pconfig['port'] = $a_unboundcfg['port'];
77	298df54d	Viktor G	$pconfig['tlsport'] = $a_unboundcfg['tlsport'];
78	1fa69c27	jim-p	$pconfig['sslcertref'] = $a_unboundcfg['sslcertref'];
79	932711c7	Matt Smith	$pconfig['custom_options'] = base64_decode($a_unboundcfg['custom_options']);
80	615ae81f	Renato Botelho
81	932711c7	Matt Smith	if (empty($a_unboundcfg['active_interface'])) {
82	2783e408	Renato Botelho	$pconfig['active_interface'] = array();
83	be11b6f1	Warren Baker	} else {
84	932711c7	Matt Smith	$pconfig['active_interface'] = explode(",", $a_unboundcfg['active_interface']);
85	be11b6f1	Warren Baker	}
86	51c224bc	sbeaver
87	932711c7	Matt Smith	if (empty($a_unboundcfg['outgoing_interface'])) {
88	2783e408	Renato Botelho	$pconfig['outgoing_interface'] = array();
89	be11b6f1	Warren Baker	} else {
90	932711c7	Matt Smith	$pconfig['outgoing_interface'] = explode(",", $a_unboundcfg['outgoing_interface']);
91	be11b6f1	Warren Baker	}
92	615ae81f	Renato Botelho
93	ca47c065	NOYB	if (empty($a_unboundcfg['system_domain_local_zone_type'])) {
94			$pconfig['system_domain_local_zone_type'] = "transparent";
95			} else {
96			$pconfig['system_domain_local_zone_type'] = $a_unboundcfg['system_domain_local_zone_type'];
97			}
98
99	c6c398c6	jim-p	init_config_arr(array('cert'));
100			$a_cert = &$config['cert'];
101	1fa69c27	jim-p	$certs_available = false;
102
103			if (is_array($a_cert) && count($a_cert)) {
104			$certs_available = true;
105			} else {
106			$a_cert = array();
107			}
108	13541a81	Steve Beaver
109			if ($_POST['apply']) {
110			$retval = 0;
111			$retval \|= services_unbound_configure();
112			if ($retval == 0) {
113			clear_subsystem_dirty('unbound');
114			}
115			/* Update resolv.conf in case the interface bindings exclude localhost. */
116			system_resolvconf_generate();
117			/* Start or restart dhcpleases when it's necessary */
118			system_dhcpleases_configure();
119			}
120
121			if ($_POST['save']) {
122			$pconfig = $_POST;
123			unset($input_errors);
124
125			if (isset($pconfig['enable']) && isset($config['dnsmasq']['enable'])) {
126			if ($pconfig['port'] == $config['dnsmasq']['port']) {
127			$input_errors[] = gettext("The DNS Forwarder is enabled using this port. Choose a non-conflicting port, or disable the DNS Forwarder.");
128	fe9d4894	Renato Botelho	}
129	13541a81	Steve Beaver	}
130	615ae81f	Renato Botelho
131	1fa69c27	jim-p	if (isset($pconfig['enablessl']) && (!$certs_available \|\| empty($pconfig['sslcertref']))) {
132			$input_errors[] = gettext("Acting as an SSL/TLS server requires a valid server certificate");
133			}
134
135	13541a81	Steve Beaver	// forwarding mode requires having valid DNS servers
136			if (isset($pconfig['forwarding'])) {
137			$founddns = false;
138	f0c51530	jim-p	foreach (get_dns_nameservers(false, true) as $dns_server) {
139			if (!ip_in_subnet($dns_server, "127.0.0.0/8")) {
140			$founddns = true;
141	7b03ef63	Chris Buechler	}
142			}
143	13541a81	Steve Beaver	if ($founddns == false) {
144	9a51687d	Danilo-Z	$input_errors[] = gettext("At least one DNS server must be specified under System > General Setup to enable Forwarding mode.");
145	fe9d4894	Renato Botelho	}
146	13541a81	Steve Beaver	}
147	7ed0e844	Warren Baker
148	13541a81	Steve Beaver	if (empty($pconfig['active_interface'])) {
149			$input_errors[] = gettext("One or more Network Interfaces must be selected for binding.");
150	f0c51530	jim-p	} elseif (($config['system']['dnslocalhost'] != 'remote') && (!in_array("lo0", $pconfig['active_interface']) && !in_array("all", $pconfig['active_interface']))) {
151	13541a81	Steve Beaver	$input_errors[] = gettext("This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces.");
152			}
153	7ed0e844	Warren Baker
154	13541a81	Steve Beaver	if (empty($pconfig['outgoing_interface'])) {
155			$input_errors[] = gettext("One or more Outgoing Network Interfaces must be selected.");
156			}
157	fff4a9d1	Warren Baker
158	13541a81	Steve Beaver	if ($pconfig['port'] && !is_port($pconfig['port'])) {
159			$input_errors[] = gettext("A valid port number must be specified.");
160			}
161	298df54d	Viktor G	if ($pconfig['tlsport'] && !is_port($pconfig['tlsport'])) {
162	1fa69c27	jim-p	$input_errors[] = gettext("A valid SSL/TLS port number must be specified.");
163			}
164	7ed0e844	Warren Baker
165	13541a81	Steve Beaver	if (is_array($pconfig['active_interface']) && !empty($pconfig['active_interface'])) {
166			$display_active_interface = $pconfig['active_interface'];
167			$pconfig['active_interface'] = implode(",", $pconfig['active_interface']);
168			}
169	932711c7	Matt Smith
170	c6d03f09	doktornotor	if ((isset($pconfig['regdhcp']) \|\| isset($pconfig['regdhcpstatic'])) && !is_dhcp_server_enabled()) {
171			$input_errors[] = gettext("DHCP Server must be enabled for DHCP Registration to work in DNS Resolver.");
172			}
173
174	4541f84d	jim-p	if (($pconfig['system_domain_local_zone_type'] == "redirect") && isset($pconfig['regdhcp'])) {
175			$input_errors[] = gettext('A System Domain Local Zone Type of "redirect" is not compatible with dynamic DHCP Registration.');
176			}
177
178	13541a81	Steve Beaver	$display_custom_options = $pconfig['custom_options'];
179			$pconfig['custom_options'] = base64_encode(str_replace("\r\n", "\n", $pconfig['custom_options']));
180	188609c6	Warren Baker
181	13541a81	Steve Beaver	if (is_array($pconfig['outgoing_interface']) && !empty($pconfig['outgoing_interface'])) {
182			$display_outgoing_interface = $pconfig['outgoing_interface'];
183			$pconfig['outgoing_interface'] = implode(",", $pconfig['outgoing_interface']);
184			}
185	7ed0e844	Warren Baker
186	13541a81	Steve Beaver	$test_output = array();
187			if (test_unbound_config($pconfig, $test_output)) {
188			$input_errors[] = gettext("The generated config file cannot be parsed by unbound. Please correct the following errors:");
189			$input_errors = array_merge($input_errors, $test_output);
190			}
191	932711c7	Matt Smith
192	13541a81	Steve Beaver	if (!$input_errors) {
193			$a_unboundcfg['enable'] = isset($pconfig['enable']);
194	1fa69c27	jim-p	$a_unboundcfg['enablessl'] = isset($pconfig['enablessl']);
195	13541a81	Steve Beaver	$a_unboundcfg['port'] = $pconfig['port'];
196	298df54d	Viktor G	$a_unboundcfg['tlsport'] = $pconfig['tlsport'];
197	1fa69c27	jim-p	$a_unboundcfg['sslcertref'] = $pconfig['sslcertref'];
198	283f9e8c	jim-p	$a_unboundcfg['strictout'] = isset($pconfig['strictout']);
199	13541a81	Steve Beaver	$a_unboundcfg['dnssec'] = isset($pconfig['dnssec']);
200	4b1fb10d	BBcan177
201			$a_unboundcfg['python'] = isset($pconfig['python']);
202			if (isset($pconfig['python'])) {
203			$a_unboundcfg['python_order'] = $pconfig['python_order'];
204			$a_unboundcfg['python_script'] = $pconfig['python_script'];
205			} else {
206			if (isset($a_unboundcfg['python_order'])) {
207			unset($a_unboundcfg['python_order']);
208			}
209			if (isset($a_unboundcfg['python_script'])) {
210			unset($a_unboundcfg['python_script']);
211			}
212			}
213
214	13541a81	Steve Beaver	$a_unboundcfg['forwarding'] = isset($pconfig['forwarding']);
215	cd738219	jim-p	$a_unboundcfg['forward_tls_upstream'] = isset($pconfig['forward_tls_upstream']);
216	13541a81	Steve Beaver	$a_unboundcfg['regdhcp'] = isset($pconfig['regdhcp']);
217			$a_unboundcfg['regdhcpstatic'] = isset($pconfig['regdhcpstatic']);
218	0cc17a06	Lorenz Schori	$a_unboundcfg['regovpnclients'] = isset($pconfig['regovpnclients']);
219	13541a81	Steve Beaver	$a_unboundcfg['active_interface'] = $pconfig['active_interface'];
220			$a_unboundcfg['outgoing_interface'] = $pconfig['outgoing_interface'];
221			$a_unboundcfg['system_domain_local_zone_type'] = $pconfig['system_domain_local_zone_type'];
222			$a_unboundcfg['custom_options'] = $pconfig['custom_options'];
223
224			write_config(gettext("DNS Resolver configured."));
225			mark_subsystem_dirty('unbound');
226	2783e408	Renato Botelho	}
227	13541a81	Steve Beaver
228			$pconfig['active_interface'] = $display_active_interface;
229			$pconfig['outgoing_interface'] = $display_outgoing_interface;
230			$pconfig['custom_options'] = $display_custom_options;
231	7ed0e844	Warren Baker	}
232
233	13541a81	Steve Beaver
234	c154cd7d	NOYB	if ($pconfig['custom_options']) {
235			$customoptions = true;
236			} else {
237			$customoptions = false;
238			}
239
240	13541a81	Steve Beaver	if ($_POST['act'] == "del") {
241			if ($_POST['type'] == 'host') {
242			if ($a_hosts[$_POST['id']]) {
243			unset($a_hosts[$_POST['id']]);
244	18278432	doktornotor	write_config(gettext("Host override deleted from DNS Resolver."));
245	2783e408	Renato Botelho	mark_subsystem_dirty('unbound');
246			header("Location: services_unbound.php");
247			exit;
248			}
249	13541a81	Steve Beaver	} elseif ($_POST['type'] == 'doverride') {
250			if ($a_domainOverrides[$_POST['id']]) {
251			unset($a_domainOverrides[$_POST['id']]);
252	18278432	doktornotor	write_config(gettext("Domain override deleted from DNS Resolver."));
253	2783e408	Renato Botelho	mark_subsystem_dirty('unbound');
254			header("Location: services_unbound.php");
255			exit;
256			}
257			}
258	f2bc186f	Warren Baker	}
259
260	7aeae838	Matt Smith	function build_if_list($selectedifs) {
261	51c224bc	sbeaver	$interface_addresses = get_possible_listen_ips(true);
262			$iflist = array('options' => array(), 'selected' => array());
263
264	4bb7c0d1	bruno	$iflist['options']['all'] = gettext("All");
265	7aeae838	Matt Smith	if (empty($selectedifs) \|\| empty($selectedifs[0]) \|\| in_array("all", $selectedifs)) {
266	7275a7a2	Stephen Beaver	array_push($iflist['selected'], "all");
267	7aeae838	Matt Smith	}
268	51c224bc	sbeaver
269			foreach ($interface_addresses as $laddr => $ldescr) {
270			$iflist['options'][$laddr] = htmlspecialchars($ldescr);
271
272	20db3e1a	Phil Davis	if ($selectedifs && in_array($laddr, $selectedifs)) {
273	51c224bc	sbeaver	array_push($iflist['selected'], $laddr);
274	20db3e1a	Phil Davis	}
275	51c224bc	sbeaver	}
276
277			unset($interface_addresses);
278
279			return($iflist);
280			}
281
282	c8f6b745	k-paulius	$pgtitle = array(gettext("Services"), gettext("DNS Resolver"), gettext("General Settings"));
283	edcd7535	Phil Davis	$pglinks = array("", "@self", "@self");
284	db88a3a2	Phil Davis	$shortcut_section = "resolver";
285	7ed0e844	Warren Baker
286	51c224bc	sbeaver	include_once("head.inc");
287	7ed0e844	Warren Baker
288	20db3e1a	Phil Davis	if ($input_errors) {
289	51c224bc	sbeaver	print_input_errors($input_errors);
290	20db3e1a	Phil Davis	}
291	51c224bc	sbeaver
292	44c42356	Phil Davis	if ($_POST['apply']) {
293			print_apply_result_box($retval);
294	20db3e1a	Phil Davis	}
295	51c224bc	sbeaver
296	7aeae838	Matt Smith	if (is_subsystem_dirty('unbound')) {
297	359cc8d9	NOYB	print_apply_box(gettext("The DNS resolver configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect."));
298	7aeae838	Matt Smith	}
299
300	51c224bc	sbeaver	$tab_array = array();
301	c8f6b745	k-paulius	$tab_array[] = array(gettext("General Settings"), true, "services_unbound.php");
302			$tab_array[] = array(gettext("Advanced Settings"), false, "services_unbound_advanced.php");
303	51c224bc	sbeaver	$tab_array[] = array(gettext("Access Lists"), false, "/services_unbound_acls.php");
304			display_top_tabs($tab_array, true);
305
306			$form = new Form();
307
308			$section = new Form_Section('General DNS Resolver Options');
309
310			$section->addInput(new Form_Checkbox(
311			'enable',
312			'Enable',
313			'Enable DNS resolver',
314			$pconfig['enable']
315			));
316
317			$section->addInput(new Form_Input(
318			'port',
319			'Listen Port',
320	d5a9e030	NOYB	'number',
321	3e568739	NOYB	$pconfig['port'],
322			['placeholder' => '53']
323	51c224bc	sbeaver	))->setHelp('The port used for responding to DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 53.');
324
325	1fa69c27	jim-p	$section->addInput(new Form_Checkbox(
326			'enablessl',
327			'Enable SSL/TLS Service',
328			'Respond to incoming SSL/TLS queries from local clients',
329			$pconfig['enablessl']
330			))->setHelp('Configures the DNS Resolver to act as a DNS over SSL/TLS server which can answer queries from clients which also support DNS over TLS. ' .
331			'Activating this option disables automatic interface response routing behavior, thus it works best with specific interface bindings.' );
332
333			if ($certs_available) {
334			$section->addInput($input = new Form_Select(
335			'sslcertref',
336			'SSL/TLS Certificate',
337			$pconfig['sslcertref'],
338	192d769c	Viktor G	cert_build_list('cert', 'IPsec')
339	1fa69c27	jim-p	))->setHelp('The server certificate to use for SSL/TLS service. The CA chain will be determined automatically.');
340			} else {
341			$section->addInput(new Form_StaticText(
342			'SSL/TLS Certificate',
343			sprintf('No Certificates have been defined. A certificate is required before SSL/TLS can be enabled. %1$s Create or Import %2$s a Certificate.',
344			'<a href="system_certmanager.php">', '</a>')
345			));
346			}
347
348			$section->addInput(new Form_Input(
349	298df54d	Viktor G	'tlsport',
350	1fa69c27	jim-p	'SSL/TLS Listen Port',
351			'number',
352	298df54d	Viktor G	$pconfig['tlsport'],
353	1fa69c27	jim-p	['placeholder' => '853']
354			))->setHelp('The port used for responding to SSL/TLS DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 853.');
355
356	7aeae838	Matt Smith	$activeiflist = build_if_list($pconfig['active_interface']);
357	51c224bc	sbeaver
358			$section->addInput(new Form_Select(
359			'active_interface',
360	24b82516	Phil Davis	'*Network Interfaces',
361	7aeae838	Matt Smith	$activeiflist['selected'],
362			$activeiflist['options'],
363	51c224bc	sbeaver	true
364	57625777	PiBa-NL	))->addClass('general', 'resizable')->setHelp('Interface IPs used by the DNS Resolver for responding to queries from clients. If an interface has both IPv4 and IPv6 IPs, both are used. Queries to other interface IPs not selected below are discarded. ' .
365	51c224bc	sbeaver	'The default behavior is to respond to queries on every available IPv4 and IPv6 address.');
366
367	7aeae838	Matt Smith	$outiflist = build_if_list($pconfig['outgoing_interface']);
368
369	51c224bc	sbeaver	$section->addInput(new Form_Select(
370			'outgoing_interface',
371	24b82516	Phil Davis	'*Outgoing Network Interfaces',
372	7aeae838	Matt Smith	$outiflist['selected'],
373			$outiflist['options'],
374	51c224bc	sbeaver	true
375	57625777	PiBa-NL	))->addClass('general', 'resizable')->setHelp('Utilize different network interface(s) that the DNS Resolver will use to send queries to authoritative servers and receive their replies. By default all interfaces are used.');
376	51c224bc	sbeaver
377	283f9e8c	jim-p	$section->addInput(new Form_Checkbox(
378			'strictout',
379			'Strict Outgoing Network Interface Binding',
380			'Do not send recursive queries if none of the selected Outgoing Network Interfaces are available.',
381			$pconfig['strictout']
382			))->setHelp('By default the DNS Resolver sends recursive DNS requests over any available interfaces if none of the selected Outgoing Network Interfaces are available. This option makes the DNS Resolver refuse recursive queries.');
383
384	ca47c065	NOYB	$section->addInput(new Form_Select(
385			'system_domain_local_zone_type',
386	24b82516	Phil Davis	'*System Domain Local Zone Type',
387	ca47c065	NOYB	$pconfig['system_domain_local_zone_type'],
388	9a83872f	NOYB	unbound_local_zone_types()
389	e18a693e	Viktor G	))->setHelp('The local-zone type used for the %1$s system domain (System \| General Setup \| Domain). Transparent is the default.', $g['product_label']);
390	ca47c065	NOYB
391	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
392			'dnssec',
393			'DNSSEC',
394			'Enable DNSSEC Support',
395			$pconfig['dnssec']
396			));
397
398	4b1fb10d	BBcan177	$section->addInput(new Form_Checkbox(
399			'python',
400			'Python Module',
401			'Enable Python Module',
402			$pconfig['python']
403			))->setHelp('Enable the Python Module.');
404
405			$python_files = glob("{$g['unbound_chroot_path']}/*.py");
406			$python_scripts = array();
407			if (!empty($python_files)) {
408			foreach ($python_files as $file) {
409			$file = pathinfo($file, PATHINFO_FILENAME);
410			$python_scripts[$file] = $file;
411			}
412			}
413			else {
414			$python_scripts = array('' => 'No Python Module scripts found');
415			}
416
417			$section->addInput(new Form_Select(
418			'python_order',
419			'Python Module Order',
420			$pconfig['python_order'],
421			[ 'pre_validator' => 'Pre Validator', 'post_validator' => 'Post Validator' ]
422			))->setHelp('Select the Python Module ordering.');
423
424			$section->addInput(new Form_Select(
425			'python_script',
426			'Python Module Script',
427			$pconfig['python_script'],
428			$python_scripts
429			))->setHelp('Select the Python module script to utilize.');
430
431	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
432			'forwarding',
433			'DNS Query Forwarding',
434			'Enable Forwarding Mode',
435			$pconfig['forwarding']
436	d2a2f018	Steve Beaver	))->setHelp('If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under'.
437	349e7c67	Viktor G	' %1$sSystem > General Setup%2$s or those obtained via dynamic ' .
438			'interfaces such as DHCP, PPP, or OpenVPN (if DNS Server Override ' .
439			'is enabled there).','<a href="system.php">','</a>');
440	51c224bc	sbeaver
441	cd738219	jim-p	$section->addInput(new Form_Checkbox(
442			'forward_tls_upstream',
443			null,
444	1fa69c27	jim-p	'Use SSL/TLS for outgoing DNS Queries to Forwarding Servers',
445	cd738219	jim-p	$pconfig['forward_tls_upstream']
446			))->setHelp('When set in conjunction with DNS Query Forwarding, queries to all upstream forwarding DNS servers will be sent using SSL/TLS on the default port of 853. Note that ALL configured forwarding servers MUST support SSL/TLS queries on port 853.');
447
448	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
449			'regdhcp',
450			'DHCP Registration',
451			'Register DHCP leases in the DNS Resolver',
452			$pconfig['regdhcp']
453	ecf4b407	Isaac McDonald	))->setHelp('If this option is set, then machines that specify their hostname when requesting an IPv4 DHCP lease will be registered'.
454	e7d76457	Isaac McDonald	' in the DNS Resolver so that their name can be resolved.'.
455	77cbaeae	Ryan Dlugosz	' Note that this will cause the Resolver to reload and flush its resolution cache whenever a DHCP lease is issued.'.
456	d2a2f018	Steve Beaver	' The domain in %1$sSystem > General Setup%2$s should also be set to the proper value.','<a href="system.php">','</a>');
457	51c224bc	sbeaver
458			$section->addInput(new Form_Checkbox(
459			'regdhcpstatic',
460			'Static DHCP',
461			'Register DHCP static mappings in the DNS Resolver',
462			$pconfig['regdhcpstatic']
463	d2a2f018	Steve Beaver	))->setHelp('If this option is set, then DHCP static mappings will be registered in the DNS Resolver, so that their name can be resolved. '.
464			'The domain in %1$sSystem > General Setup%2$s should also be set to the proper value.','<a href="system.php">','</a>');
465	51c224bc	sbeaver
466	0cc17a06	Lorenz Schori	$section->addInput(new Form_Checkbox(
467			'regovpnclients',
468			'OpenVPN Clients',
469			'Register connected OpenVPN clients in the DNS Resolver',
470			$pconfig['regovpnclients']
471	3b88d971	Viktor G	))->setHelp(sprintf('If this option is set, then the common name (CN) of connected OpenVPN clients will be ' .
472			'registered in the DNS Resolver, so that their name can be resolved. This only works for OpenVPN ' .
473			'servers (Remote Access SSL/TLS or User Auth with Username as Common Name option) operating ' .
474			'in "tun" mode. The domain in %sSystem: General Setup%s should also be set to the proper value.',
475			'<a href="system.php">','</a>'));
476	0cc17a06	Lorenz Schori
477	2c95f1cd	Phil Davis	$btnadv = new Form_Button(
478			'btnadvcustom',
479	faab522f	Renato Botelho	'Custom options',
480	3314e626	jim-p	null,
481			'fa-cog'
482	51c224bc	sbeaver	);
483
484	49d3b157	NOYB	$btnadv->setAttribute('type','button')->addClass('btn-info btn-sm');
485	51c224bc	sbeaver
486			$section->addInput(new Form_StaticText(
487	2c95f1cd	Phil Davis	'Display Custom Options',
488			$btnadv
489	51c224bc	sbeaver	));
490
491	1fcfea39	Stephen Beaver	$section->addInput(new Form_Textarea (
492	51c224bc	sbeaver	'custom_options',
493			'Custom options',
494			$pconfig['custom_options']
495	e78ecb96	NOYB	))->setHelp('Enter any additional configuration parameters to add to the DNS Resolver configuration here, separated by a newline.');
496	51c224bc	sbeaver
497			$form->add($section);
498			print($form);
499			?>
500	932711c7	Matt Smith
501	8fd9052f	Colin Fleming	<script type="text/javascript">
502	51c224bc	sbeaver	//<![CDATA[
503	20db3e1a	Phil Davis	events.push(function() {
504	51c224bc	sbeaver
505	2c95f1cd	Phil Davis	// Show advanced custom options ==============================================
506			var showadvcustom = false;
507
508			function show_advcustom(ispageload) {
509			var text;
510			// On page load decide the initial state based on the data.
511			if (ispageload) {
512	28e3d579	NewEraCracker	showadvcustom = <?=($customoptions ? 'true' : 'false');?>;
513	2c95f1cd	Phil Davis	} else {
514			// It was a click, swap the state.
515			showadvcustom = !showadvcustom;
516			}
517
518			hideInput('custom_options', !showadvcustom);
519
520			if (showadvcustom) {
521			text = "<?=gettext('Hide Custom Options');?>";
522			} else {
523			text = "<?=gettext('Display Custom Options');?>";
524			}
525			$('#btnadvcustom').html('<i class="fa fa-cog"></i> ' + text);
526			}
527
528	d3a3eef0	Francisco Cavalcante	// If the enable checkbox is not checked, hide all inputs
529			function hideGeneral() {
530	51c224bc	sbeaver	var hide = ! $('#enable').prop('checked');
531
532	d3a3eef0	Francisco Cavalcante	hideMultiClass('general', hide);
533			hideInput('port', hide);
534			hideSelect('system_domain_local_zone_type', hide);
535	283f9e8c	jim-p	hideCheckbox('strictout', hide);
536	d3a3eef0	Francisco Cavalcante	hideCheckbox('dnssec', hide);
537			hideCheckbox('forwarding', hide);
538			hideCheckbox('regdhcp', hide);
539			hideCheckbox('regdhcpstatic', hide);
540	0cc17a06	Lorenz Schori	hideCheckbox('regovpnclients', hide);
541	2c95f1cd	Phil Davis	hideInput('btnadvcustom', hide);
542			hideInput('custom_options', hide \|\| !showadvcustom);
543	51c224bc	sbeaver	}
544
545	2c95f1cd	Phil Davis	// Un-hide additional controls
546			$('#btnadvcustom').click(function(event) {
547			show_advcustom();
548	51c224bc	sbeaver	});
549
550	d3a3eef0	Francisco Cavalcante	// When 'enable' is clicked, disable/enable the following hide inputs
551	51c224bc	sbeaver	$('#enable').click(function() {
552	d3a3eef0	Francisco Cavalcante	hideGeneral();
553	51c224bc	sbeaver	});
554
555			// On initial load
556	20db3e1a	Phil Davis	if ($('#custom_options').val().length == 0) {
557	df6cb8fe	Stephen Beaver	hideInput('custom_options', true);
558			}
559
560	d3a3eef0	Francisco Cavalcante	hideGeneral();
561	2c95f1cd	Phil Davis	show_advcustom(true);
562	51c224bc	sbeaver
563	4b1fb10d	BBcan177	// When the Python Module 'enable' is clicked, disable/enable the Python Module options
564			function show_python_script() {
565			var python = $('#python').prop('checked');
566			hideInput('python_order', !python);
567			hideInput('python_script', !python);
568			}
569			show_python_script();
570			$('#python').click(function () {
571			show_python_script();
572			});
573
574	51c224bc	sbeaver	});
575			//]]>
576			</script>
577
578			<div class="panel panel-default">
579	f17594c7	Sjon Hortensius	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Host Overrides")?></h2></div>
580	51c224bc	sbeaver	<div class="panel-body table-responsive">
581	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
582	51c224bc	sbeaver	<thead>
583	2783e408	Renato Botelho	<tr>
584	51c224bc	sbeaver	<th><?=gettext("Host")?></th>
585	eb267378	stilez	<th><?=gettext("Parent domain of host")?></th>
586	40e21a7f	stilez	<th><?=gettext("IP to return for host")?></th>
587	51c224bc	sbeaver	<th><?=gettext("Description")?></th>
588	21d973b2	Phil Davis	<th><?=gettext("Actions")?></th>
589	2783e408	Renato Botelho	</tr>
590	51c224bc	sbeaver	</thead>
591			<tbody>
592			<?php
593			$i = 0;
594			foreach ($a_hosts as $hostent):
595			?>
596	2783e408	Renato Botelho	<tr>
597	51c224bc	sbeaver	<td>
598	c8a7d17c	NOYB	<?=$hostent['host']?>
599	51c224bc	sbeaver	</td>
600			<td>
601	c8a7d17c	NOYB	<?=$hostent['domain']?>
602	51c224bc	sbeaver	</td>
603			<td>
604	de038a27	Stephen Beaver	<?=$hostent['ip']?>
605	51c224bc	sbeaver	</td>
606			<td>
607			<?=htmlspecialchars($hostent['descr'])?>
608			</td>
609			<td>
610	33f0b0d5	Stephen Beaver	<a class="fa fa-pencil" title="<?=gettext('Edit host override')?>" href="services_unbound_host_edit.php?id=<?=$i?>"></a>
611	13541a81	Steve Beaver	<a class="fa fa-trash" title="<?=gettext('Delete host override')?>" href="services_unbound.php?type=host&act=del&id=<?=$i?>" usepost></a>
612	51c224bc	sbeaver	</td>
613	2783e408	Renato Botelho	</tr>
614	51c224bc	sbeaver
615			<?php
616	e19ef9c9	jim-p	foreach (array_get_path($hostent, 'aliases/item', []) as $alias):
617	51c224bc	sbeaver	?>
618	2783e408	Renato Botelho	<tr>
619	51c224bc	sbeaver	<td>
620	c8a7d17c	NOYB	<?=$alias['host']?>
621	51c224bc	sbeaver	</td>
622			<td>
623	c8a7d17c	NOYB	<?=$alias['domain']?>
624	51c224bc	sbeaver	</td>
625			<td>
626	4bb7c0d1	bruno	<?=gettext("Alias for ");?><?=$hostent['host'] ? $hostent['host'] . '.' . $hostent['domain'] : $hostent['domain']?>
627	51c224bc	sbeaver	</td>
628			<td>
629	39bd0b51	Stephen Beaver	<i class="fa fa-angle-double-right text-info"></i>
630	51c224bc	sbeaver	<?=htmlspecialchars($alias['description'])?>
631			</td>
632			<td>
633	1c10ce97	PiBa-NL	<a class="fa fa-pencil" title="<?=gettext('Edit host override')?>" href="services_unbound_host_edit.php?id=<?=$i?>"></a>
634	51c224bc	sbeaver	</td>
635	2783e408	Renato Botelho	</tr>
636	51c224bc	sbeaver	<?php
637	e19ef9c9	jim-p	endforeach;
638	51c224bc	sbeaver	$i++;
639			endforeach;
640			?>
641			</tbody>
642			</table>
643			</div>
644			</div>
645
646	de55303c	stilez	<span class="help-block">
647			Enter any individual hosts for which the resolver's standard DNS lookup process should be overridden and a specific
648	179377b0	robjarsen	IPv4 or IPv6 address should automatically be returned by the resolver. Standard and also non-standard names and parent domains
649	c948bc45	jim-p	can be entered, such as 'test', 'nas.home.arpa', 'mycompany.localdomain', '1.168.192.in-addr.arpa', or 'somesite.com'. Any lookup attempt for
650	179377b0	robjarsen	the host will automatically return the given IP address, and the usual lookup server for the domain will not be queried for
651	b9304b9a	stilez	the host's records.
652	de55303c	stilez	</span>
653
654	c10cb196	Stephen Beaver	<nav class="action-buttons">
655	782922c2	Stephen Beaver	<a href="services_unbound_host_edit.php" class="btn btn-sm btn-success">
656	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
657	782922c2	Stephen Beaver	<?=gettext('Add')?>
658			</a>
659	51c224bc	sbeaver	</nav>
660
661			<div class="panel panel-default">
662	f17594c7	Sjon Hortensius	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Domain Overrides")?></h2></div>
663	51c224bc	sbeaver	<div class="panel-body table-responsive">
664	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
665	51c224bc	sbeaver	<thead>
666	2783e408	Renato Botelho	<tr>
667	51c224bc	sbeaver	<th><?=gettext("Domain")?></th>
668	b9304b9a	stilez	<th><?=gettext("Lookup Server IP Address")?></th>
669	51c224bc	sbeaver	<th><?=gettext("Description")?></th>
670	21d973b2	Phil Davis	<th><?=gettext("Actions")?></th>
671	2783e408	Renato Botelho	</tr>
672	51c224bc	sbeaver	</thead>
673
674			<tbody>
675			<?php
676			$i = 0;
677			foreach ($a_domainOverrides as $doment):
678			?>
679	2783e408	Renato Botelho	<tr>
680	51c224bc	sbeaver	<td>
681	c8a7d17c	NOYB	<?=$doment['domain']?>
682	51c224bc	sbeaver	</td>
683			<td>
684			<?=$doment['ip']?>
685			</td>
686			<td>
687			<?=htmlspecialchars($doment['descr'])?>
688			</td>
689			<td>
690	33f0b0d5	Stephen Beaver	<a class="fa fa-pencil" title="<?=gettext('Edit domain override')?>" href="services_unbound_domainoverride_edit.php?id=<?=$i?>"></a>
691	13541a81	Steve Beaver	<a class="fa fa-trash" title="<?=gettext('Delete domain override')?>" href="services_unbound.php?act=del&type=doverride&id=<?=$i?>" usepost></a>
692	51c224bc	sbeaver	</td>
693	2783e408	Renato Botelho	</tr>
694	51c224bc	sbeaver	<?php
695			$i++;
696			endforeach;
697			?>
698			</tbody>
699			</table>
700			</div>
701			</div>
702
703	1eb759ab	stilez	<span class="help-block">
704	179377b0	robjarsen	Enter any domains for which the resolver's standard DNS lookup process should be overridden and a different (non-standard)
705			lookup server should be queried instead. Non-standard, 'invalid' and local domains, and subdomains, can also be entered,
706	c948bc45	jim-p	such as 'test', 'nas.home.arpa', 'mycompany.localdomain', '1.168.192.in-addr.arpa', or 'somesite.com'. The IP address is treated as the
707	1eb759ab	stilez	authoritative lookup server for the domain (including all of its subdomains), and other lookup servers will not be queried.
708	9a51687d	Danilo-Z	If there are multiple authoritative DNS servers available for a domain then make a separate entry for each,
709	5fc9aa09	Viktor G	using the same domain name.
710	1eb759ab	stilez	</span>
711
712	c10cb196	Stephen Beaver	<nav class="action-buttons">
713	782922c2	Stephen Beaver	<a href="services_unbound_domainoverride_edit.php" class="btn btn-sm btn-success">
714	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
715	782922c2	Stephen Beaver	<?=gettext('Add')?>
716			</a>
717	51c224bc	sbeaver	</nav>
718	782922c2	Stephen Beaver
719	35681930	Stephen Beaver	<div class="infoblock">
720	702fa4d0	Phil Davis	<?php print_info_box(sprintf(gettext('If the DNS Resolver is enabled, the DHCP'.
721			' service (if enabled) will automatically serve the LAN IP'.
722			' address as a DNS server to DHCP clients so they will use'.
723			' the DNS Resolver. If Forwarding is enabled, the DNS Resolver will use the DNS servers'.
724			' entered in %1$sSystem > General Setup%2$s'.
725			' or those obtained via DHCP or PPP on WAN if "Allow'.
726			' DNS server list to be overridden by DHCP/PPP on WAN"'.
727			' is checked.'), '<a href="system.php">', '</a>'), 'info', false); ?>
728	782922c2	Stephen Beaver	</div>
729	82afb104	Stephen Beaver
730	6f65dc19	Chris Buechler	<?php include("foot.inc");

Project

General

Profile

pfSense