/src/usr/local/www/services_unbound.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/services_unbound.php @ dd4ea276

1	7ed0e844	Warren Baker	<?php
2			/*
3	c5d81585	Renato Botelho	* services_unbound.php
4	df6cb8fe	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f585441	Luiz Souza	* Copyright (c) 2014-2021 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2014 Warren Baker (warren@pfsense.org)
10			* All rights reserved.
11	df6cb8fe	Stephen Beaver	*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	df6cb8fe	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	df6cb8fe	Stephen Beaver	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	df6cb8fe	Stephen Beaver	*/
24	7ed0e844	Warren Baker
25			##\|+PRIV
26	0b8328c5	jim-p	##\|*IDENT=page-services-dnsresolver
27	5230f468	jim-p	##\|*NAME=Services: DNS Resolver
28	7ed0e844	Warren Baker	##\|*DESCR=Allow access to the 'Services: DNS Resolver' page.
29			##\|MATCH=services_unbound.php
30	9c8a7b13	Stephen Beaver	##\|-PRIV
31	7ed0e844	Warren Baker
32			require_once("guiconfig.inc");
33			require_once("unbound.inc");
34	c6d03f09	doktornotor	require_once("pfsense-utils.inc");
35	4dbcf2fb	Renato Botelho	require_once("system.inc");
36	7ed0e844	Warren Baker
37	c6c398c6	jim-p	init_config_arr(array('unbound', 'hosts'));
38			init_config_arr(array('unbound', 'domainoverrides'));
39			$a_unboundcfg = &$config['unbound'];
40			$a_hosts = &$a_unboundcfg['hosts'];
41	932711c7	Matt Smith	$a_domainOverrides = &$a_unboundcfg['domainoverrides'];
42	7ed0e844	Warren Baker
43	932711c7	Matt Smith	if (isset($a_unboundcfg['enable'])) {
44	fe9d4894	Renato Botelho	$pconfig['enable'] = true;
45	be11b6f1	Warren Baker	}
46	1fa69c27	jim-p	if (isset($a_unboundcfg['enablessl'])) {
47			$pconfig['enablessl'] = true;
48			}
49	932711c7	Matt Smith	if (isset($a_unboundcfg['dnssec'])) {
50	fe9d4894	Renato Botelho	$pconfig['dnssec'] = true;
51	be11b6f1	Warren Baker	}
52	4b1fb10d	BBcan177	if (isset($a_unboundcfg['python'])) {
53			$pconfig['python'] = true;
54			}
55	932711c7	Matt Smith	if (isset($a_unboundcfg['forwarding'])) {
56	fe9d4894	Renato Botelho	$pconfig['forwarding'] = true;
57	be11b6f1	Warren Baker	}
58	cd738219	jim-p	if (isset($a_unboundcfg['forward_tls_upstream'])) {
59			$pconfig['forward_tls_upstream'] = true;
60			}
61	932711c7	Matt Smith	if (isset($a_unboundcfg['regdhcp'])) {
62	fe9d4894	Renato Botelho	$pconfig['regdhcp'] = true;
63	be11b6f1	Warren Baker	}
64	932711c7	Matt Smith	if (isset($a_unboundcfg['regdhcpstatic'])) {
65	fe9d4894	Renato Botelho	$pconfig['regdhcpstatic'] = true;
66	be11b6f1	Warren Baker	}
67	0cc17a06	Lorenz Schori	if (isset($a_unboundcfg['regovpnclients'])) {
68			$pconfig['regovpnclients'] = true;
69			}
70	615ae81f	Renato Botelho
71	4b1fb10d	BBcan177	$pconfig['python_order'] = $a_unboundcfg['python_order'];
72			$pconfig['python_script'] = $a_unboundcfg['python_script'];
73	932711c7	Matt Smith	$pconfig['port'] = $a_unboundcfg['port'];
74	298df54d	Viktor G	$pconfig['tlsport'] = $a_unboundcfg['tlsport'];
75	1fa69c27	jim-p	$pconfig['sslcertref'] = $a_unboundcfg['sslcertref'];
76	932711c7	Matt Smith	$pconfig['custom_options'] = base64_decode($a_unboundcfg['custom_options']);
77	615ae81f	Renato Botelho
78	932711c7	Matt Smith	if (empty($a_unboundcfg['active_interface'])) {
79	2783e408	Renato Botelho	$pconfig['active_interface'] = array();
80	be11b6f1	Warren Baker	} else {
81	932711c7	Matt Smith	$pconfig['active_interface'] = explode(",", $a_unboundcfg['active_interface']);
82	be11b6f1	Warren Baker	}
83	51c224bc	sbeaver
84	932711c7	Matt Smith	if (empty($a_unboundcfg['outgoing_interface'])) {
85	2783e408	Renato Botelho	$pconfig['outgoing_interface'] = array();
86	be11b6f1	Warren Baker	} else {
87	932711c7	Matt Smith	$pconfig['outgoing_interface'] = explode(",", $a_unboundcfg['outgoing_interface']);
88	be11b6f1	Warren Baker	}
89	615ae81f	Renato Botelho
90	ca47c065	NOYB	if (empty($a_unboundcfg['system_domain_local_zone_type'])) {
91			$pconfig['system_domain_local_zone_type'] = "transparent";
92			} else {
93			$pconfig['system_domain_local_zone_type'] = $a_unboundcfg['system_domain_local_zone_type'];
94			}
95
96	c6c398c6	jim-p	init_config_arr(array('cert'));
97			$a_cert = &$config['cert'];
98	1fa69c27	jim-p	$certs_available = false;
99
100			if (is_array($a_cert) && count($a_cert)) {
101			$certs_available = true;
102			} else {
103			$a_cert = array();
104			}
105	13541a81	Steve Beaver
106			if ($_POST['apply']) {
107			$retval = 0;
108			$retval \|= services_unbound_configure();
109			if ($retval == 0) {
110			clear_subsystem_dirty('unbound');
111			}
112			/* Update resolv.conf in case the interface bindings exclude localhost. */
113			system_resolvconf_generate();
114			/* Start or restart dhcpleases when it's necessary */
115			system_dhcpleases_configure();
116			}
117
118			if ($_POST['save']) {
119			$pconfig = $_POST;
120			unset($input_errors);
121
122			if (isset($pconfig['enable']) && isset($config['dnsmasq']['enable'])) {
123			if ($pconfig['port'] == $config['dnsmasq']['port']) {
124			$input_errors[] = gettext("The DNS Forwarder is enabled using this port. Choose a non-conflicting port, or disable the DNS Forwarder.");
125	fe9d4894	Renato Botelho	}
126	13541a81	Steve Beaver	}
127	615ae81f	Renato Botelho
128	1fa69c27	jim-p	if (isset($pconfig['enablessl']) && (!$certs_available \|\| empty($pconfig['sslcertref']))) {
129			$input_errors[] = gettext("Acting as an SSL/TLS server requires a valid server certificate");
130			}
131
132	13541a81	Steve Beaver	// forwarding mode requires having valid DNS servers
133			if (isset($pconfig['forwarding'])) {
134			$founddns = false;
135	f0c51530	jim-p	foreach (get_dns_nameservers(false, true) as $dns_server) {
136			if (!ip_in_subnet($dns_server, "127.0.0.0/8")) {
137			$founddns = true;
138	7b03ef63	Chris Buechler	}
139			}
140	13541a81	Steve Beaver	if ($founddns == false) {
141			$input_errors[] = gettext("At least one DNS server must be specified under System > General Setup to enable Forwarding mode.");
142	fe9d4894	Renato Botelho	}
143	13541a81	Steve Beaver	}
144	7ed0e844	Warren Baker
145	13541a81	Steve Beaver	if (empty($pconfig['active_interface'])) {
146			$input_errors[] = gettext("One or more Network Interfaces must be selected for binding.");
147	f0c51530	jim-p	} elseif (($config['system']['dnslocalhost'] != 'remote') && (!in_array("lo0", $pconfig['active_interface']) && !in_array("all", $pconfig['active_interface']))) {
148	13541a81	Steve Beaver	$input_errors[] = gettext("This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces.");
149			}
150	7ed0e844	Warren Baker
151	13541a81	Steve Beaver	if (empty($pconfig['outgoing_interface'])) {
152			$input_errors[] = gettext("One or more Outgoing Network Interfaces must be selected.");
153			}
154	fff4a9d1	Warren Baker
155	13541a81	Steve Beaver	if ($pconfig['port'] && !is_port($pconfig['port'])) {
156			$input_errors[] = gettext("A valid port number must be specified.");
157			}
158	298df54d	Viktor G	if ($pconfig['tlsport'] && !is_port($pconfig['tlsport'])) {
159	1fa69c27	jim-p	$input_errors[] = gettext("A valid SSL/TLS port number must be specified.");
160			}
161	7ed0e844	Warren Baker
162	13541a81	Steve Beaver	if (is_array($pconfig['active_interface']) && !empty($pconfig['active_interface'])) {
163			$display_active_interface = $pconfig['active_interface'];
164			$pconfig['active_interface'] = implode(",", $pconfig['active_interface']);
165			}
166	932711c7	Matt Smith
167	c6d03f09	doktornotor	if ((isset($pconfig['regdhcp']) \|\| isset($pconfig['regdhcpstatic'])) && !is_dhcp_server_enabled()) {
168			$input_errors[] = gettext("DHCP Server must be enabled for DHCP Registration to work in DNS Resolver.");
169			}
170
171	4541f84d	jim-p	if (($pconfig['system_domain_local_zone_type'] == "redirect") && isset($pconfig['regdhcp'])) {
172			$input_errors[] = gettext('A System Domain Local Zone Type of "redirect" is not compatible with dynamic DHCP Registration.');
173			}
174
175	13541a81	Steve Beaver	$display_custom_options = $pconfig['custom_options'];
176			$pconfig['custom_options'] = base64_encode(str_replace("\r\n", "\n", $pconfig['custom_options']));
177	188609c6	Warren Baker
178	13541a81	Steve Beaver	if (is_array($pconfig['outgoing_interface']) && !empty($pconfig['outgoing_interface'])) {
179			$display_outgoing_interface = $pconfig['outgoing_interface'];
180			$pconfig['outgoing_interface'] = implode(",", $pconfig['outgoing_interface']);
181			}
182	7ed0e844	Warren Baker
183	13541a81	Steve Beaver	$test_output = array();
184			if (test_unbound_config($pconfig, $test_output)) {
185			$input_errors[] = gettext("The generated config file cannot be parsed by unbound. Please correct the following errors:");
186			$input_errors = array_merge($input_errors, $test_output);
187			}
188	932711c7	Matt Smith
189	13541a81	Steve Beaver	if (!$input_errors) {
190			$a_unboundcfg['enable'] = isset($pconfig['enable']);
191	1fa69c27	jim-p	$a_unboundcfg['enablessl'] = isset($pconfig['enablessl']);
192	13541a81	Steve Beaver	$a_unboundcfg['port'] = $pconfig['port'];
193	298df54d	Viktor G	$a_unboundcfg['tlsport'] = $pconfig['tlsport'];
194	1fa69c27	jim-p	$a_unboundcfg['sslcertref'] = $pconfig['sslcertref'];
195	13541a81	Steve Beaver	$a_unboundcfg['dnssec'] = isset($pconfig['dnssec']);
196	4b1fb10d	BBcan177
197			$a_unboundcfg['python'] = isset($pconfig['python']);
198			if (isset($pconfig['python'])) {
199			$a_unboundcfg['python_order'] = $pconfig['python_order'];
200			$a_unboundcfg['python_script'] = $pconfig['python_script'];
201			} else {
202			if (isset($a_unboundcfg['python_order'])) {
203			unset($a_unboundcfg['python_order']);
204			}
205			if (isset($a_unboundcfg['python_script'])) {
206			unset($a_unboundcfg['python_script']);
207			}
208			}
209
210	13541a81	Steve Beaver	$a_unboundcfg['forwarding'] = isset($pconfig['forwarding']);
211	cd738219	jim-p	$a_unboundcfg['forward_tls_upstream'] = isset($pconfig['forward_tls_upstream']);
212	13541a81	Steve Beaver	$a_unboundcfg['regdhcp'] = isset($pconfig['regdhcp']);
213			$a_unboundcfg['regdhcpstatic'] = isset($pconfig['regdhcpstatic']);
214	0cc17a06	Lorenz Schori	$a_unboundcfg['regovpnclients'] = isset($pconfig['regovpnclients']);
215	13541a81	Steve Beaver	$a_unboundcfg['active_interface'] = $pconfig['active_interface'];
216			$a_unboundcfg['outgoing_interface'] = $pconfig['outgoing_interface'];
217			$a_unboundcfg['system_domain_local_zone_type'] = $pconfig['system_domain_local_zone_type'];
218			$a_unboundcfg['custom_options'] = $pconfig['custom_options'];
219
220			write_config(gettext("DNS Resolver configured."));
221			mark_subsystem_dirty('unbound');
222	2783e408	Renato Botelho	}
223	13541a81	Steve Beaver
224			$pconfig['active_interface'] = $display_active_interface;
225			$pconfig['outgoing_interface'] = $display_outgoing_interface;
226			$pconfig['custom_options'] = $display_custom_options;
227	7ed0e844	Warren Baker	}
228
229	13541a81	Steve Beaver
230	c154cd7d	NOYB	if ($pconfig['custom_options']) {
231			$customoptions = true;
232			} else {
233			$customoptions = false;
234			}
235
236	13541a81	Steve Beaver	if ($_POST['act'] == "del") {
237			if ($_POST['type'] == 'host') {
238			if ($a_hosts[$_POST['id']]) {
239			unset($a_hosts[$_POST['id']]);
240	18278432	doktornotor	write_config(gettext("Host override deleted from DNS Resolver."));
241	2783e408	Renato Botelho	mark_subsystem_dirty('unbound');
242			header("Location: services_unbound.php");
243			exit;
244			}
245	13541a81	Steve Beaver	} elseif ($_POST['type'] == 'doverride') {
246			if ($a_domainOverrides[$_POST['id']]) {
247			unset($a_domainOverrides[$_POST['id']]);
248	18278432	doktornotor	write_config(gettext("Domain override deleted from DNS Resolver."));
249	2783e408	Renato Botelho	mark_subsystem_dirty('unbound');
250			header("Location: services_unbound.php");
251			exit;
252			}
253			}
254	f2bc186f	Warren Baker	}
255
256	7aeae838	Matt Smith	function build_if_list($selectedifs) {
257	51c224bc	sbeaver	$interface_addresses = get_possible_listen_ips(true);
258			$iflist = array('options' => array(), 'selected' => array());
259
260	4bb7c0d1	bruno	$iflist['options']['all'] = gettext("All");
261	7aeae838	Matt Smith	if (empty($selectedifs) \|\| empty($selectedifs[0]) \|\| in_array("all", $selectedifs)) {
262	7275a7a2	Stephen Beaver	array_push($iflist['selected'], "all");
263	7aeae838	Matt Smith	}
264	51c224bc	sbeaver
265			foreach ($interface_addresses as $laddr => $ldescr) {
266			$iflist['options'][$laddr] = htmlspecialchars($ldescr);
267
268	20db3e1a	Phil Davis	if ($selectedifs && in_array($laddr, $selectedifs)) {
269	51c224bc	sbeaver	array_push($iflist['selected'], $laddr);
270	20db3e1a	Phil Davis	}
271	51c224bc	sbeaver	}
272
273			unset($interface_addresses);
274
275			return($iflist);
276			}
277
278	c8f6b745	k-paulius	$pgtitle = array(gettext("Services"), gettext("DNS Resolver"), gettext("General Settings"));
279	edcd7535	Phil Davis	$pglinks = array("", "@self", "@self");
280	db88a3a2	Phil Davis	$shortcut_section = "resolver";
281	7ed0e844	Warren Baker
282	51c224bc	sbeaver	include_once("head.inc");
283	7ed0e844	Warren Baker
284	20db3e1a	Phil Davis	if ($input_errors) {
285	51c224bc	sbeaver	print_input_errors($input_errors);
286	20db3e1a	Phil Davis	}
287	51c224bc	sbeaver
288	44c42356	Phil Davis	if ($_POST['apply']) {
289			print_apply_result_box($retval);
290	20db3e1a	Phil Davis	}
291	51c224bc	sbeaver
292	7aeae838	Matt Smith	if (is_subsystem_dirty('unbound')) {
293	359cc8d9	NOYB	print_apply_box(gettext("The DNS resolver configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect."));
294	7aeae838	Matt Smith	}
295
296	51c224bc	sbeaver	$tab_array = array();
297	c8f6b745	k-paulius	$tab_array[] = array(gettext("General Settings"), true, "services_unbound.php");
298			$tab_array[] = array(gettext("Advanced Settings"), false, "services_unbound_advanced.php");
299	51c224bc	sbeaver	$tab_array[] = array(gettext("Access Lists"), false, "/services_unbound_acls.php");
300			display_top_tabs($tab_array, true);
301
302			$form = new Form();
303
304			$section = new Form_Section('General DNS Resolver Options');
305
306			$section->addInput(new Form_Checkbox(
307			'enable',
308			'Enable',
309			'Enable DNS resolver',
310			$pconfig['enable']
311			));
312
313			$section->addInput(new Form_Input(
314			'port',
315			'Listen Port',
316	d5a9e030	NOYB	'number',
317	3e568739	NOYB	$pconfig['port'],
318			['placeholder' => '53']
319	51c224bc	sbeaver	))->setHelp('The port used for responding to DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 53.');
320
321	1fa69c27	jim-p	$section->addInput(new Form_Checkbox(
322			'enablessl',
323			'Enable SSL/TLS Service',
324			'Respond to incoming SSL/TLS queries from local clients',
325			$pconfig['enablessl']
326			))->setHelp('Configures the DNS Resolver to act as a DNS over SSL/TLS server which can answer queries from clients which also support DNS over TLS. ' .
327			'Activating this option disables automatic interface response routing behavior, thus it works best with specific interface bindings.' );
328
329			if ($certs_available) {
330			$section->addInput($input = new Form_Select(
331			'sslcertref',
332			'SSL/TLS Certificate',
333			$pconfig['sslcertref'],
334	192d769c	Viktor G	cert_build_list('cert', 'IPsec')
335	1fa69c27	jim-p	))->setHelp('The server certificate to use for SSL/TLS service. The CA chain will be determined automatically.');
336			} else {
337			$section->addInput(new Form_StaticText(
338			'SSL/TLS Certificate',
339			sprintf('No Certificates have been defined. A certificate is required before SSL/TLS can be enabled. %1$s Create or Import %2$s a Certificate.',
340			'<a href="system_certmanager.php">', '</a>')
341			));
342			}
343
344			$section->addInput(new Form_Input(
345	298df54d	Viktor G	'tlsport',
346	1fa69c27	jim-p	'SSL/TLS Listen Port',
347			'number',
348	298df54d	Viktor G	$pconfig['tlsport'],
349	1fa69c27	jim-p	['placeholder' => '853']
350			))->setHelp('The port used for responding to SSL/TLS DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 853.');
351
352	7aeae838	Matt Smith	$activeiflist = build_if_list($pconfig['active_interface']);
353	51c224bc	sbeaver
354			$section->addInput(new Form_Select(
355			'active_interface',
356	24b82516	Phil Davis	'*Network Interfaces',
357	7aeae838	Matt Smith	$activeiflist['selected'],
358			$activeiflist['options'],
359	51c224bc	sbeaver	true
360	57625777	PiBa-NL	))->addClass('general', 'resizable')->setHelp('Interface IPs used by the DNS Resolver for responding to queries from clients. If an interface has both IPv4 and IPv6 IPs, both are used. Queries to other interface IPs not selected below are discarded. ' .
361	51c224bc	sbeaver	'The default behavior is to respond to queries on every available IPv4 and IPv6 address.');
362
363	7aeae838	Matt Smith	$outiflist = build_if_list($pconfig['outgoing_interface']);
364
365	51c224bc	sbeaver	$section->addInput(new Form_Select(
366			'outgoing_interface',
367	24b82516	Phil Davis	'*Outgoing Network Interfaces',
368	7aeae838	Matt Smith	$outiflist['selected'],
369			$outiflist['options'],
370	51c224bc	sbeaver	true
371	57625777	PiBa-NL	))->addClass('general', 'resizable')->setHelp('Utilize different network interface(s) that the DNS Resolver will use to send queries to authoritative servers and receive their replies. By default all interfaces are used.');
372	51c224bc	sbeaver
373	ca47c065	NOYB	$section->addInput(new Form_Select(
374			'system_domain_local_zone_type',
375	24b82516	Phil Davis	'*System Domain Local Zone Type',
376	ca47c065	NOYB	$pconfig['system_domain_local_zone_type'],
377	9a83872f	NOYB	unbound_local_zone_types()
378	c67c74dd	Steve Beaver	))->setHelp('The local-zone type used for the %1$s system domain (System \| General Setup \| Domain). Transparent is the default. Local-Zone type descriptions are available in the unbound.conf(5) manual pages.', $g['product_label']);
379	ca47c065	NOYB
380	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
381			'dnssec',
382			'DNSSEC',
383			'Enable DNSSEC Support',
384			$pconfig['dnssec']
385			));
386
387	4b1fb10d	BBcan177	$section->addInput(new Form_Checkbox(
388			'python',
389			'Python Module',
390			'Enable Python Module',
391			$pconfig['python']
392			))->setHelp('Enable the Python Module.');
393
394			$python_files = glob("{$g['unbound_chroot_path']}/*.py");
395			$python_scripts = array();
396			if (!empty($python_files)) {
397			foreach ($python_files as $file) {
398			$file = pathinfo($file, PATHINFO_FILENAME);
399			$python_scripts[$file] = $file;
400			}
401			}
402			else {
403			$python_scripts = array('' => 'No Python Module scripts found');
404			}
405
406			$section->addInput(new Form_Select(
407			'python_order',
408			'Python Module Order',
409			$pconfig['python_order'],
410			[ 'pre_validator' => 'Pre Validator', 'post_validator' => 'Post Validator' ]
411			))->setHelp('Select the Python Module ordering.');
412
413			$section->addInput(new Form_Select(
414			'python_script',
415			'Python Module Script',
416			$pconfig['python_script'],
417			$python_scripts
418			))->setHelp('Select the Python module script to utilize.');
419
420	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
421			'forwarding',
422			'DNS Query Forwarding',
423			'Enable Forwarding Mode',
424			$pconfig['forwarding']
425	d2a2f018	Steve Beaver	))->setHelp('If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under'.
426	702fa4d0	Phil Davis	' %1$sSystem > General Setup%2$s or those obtained via DHCP/PPP on WAN'.
427	d2a2f018	Steve Beaver	' (if DNS Server Override is enabled there).','<a href="system.php">','</a>');
428	51c224bc	sbeaver
429	cd738219	jim-p	$section->addInput(new Form_Checkbox(
430			'forward_tls_upstream',
431			null,
432	1fa69c27	jim-p	'Use SSL/TLS for outgoing DNS Queries to Forwarding Servers',
433	cd738219	jim-p	$pconfig['forward_tls_upstream']
434			))->setHelp('When set in conjunction with DNS Query Forwarding, queries to all upstream forwarding DNS servers will be sent using SSL/TLS on the default port of 853. Note that ALL configured forwarding servers MUST support SSL/TLS queries on port 853.');
435
436	51c224bc	sbeaver	$section->addInput(new Form_Checkbox(
437			'regdhcp',
438			'DHCP Registration',
439			'Register DHCP leases in the DNS Resolver',
440			$pconfig['regdhcp']
441	ecf4b407	Isaac McDonald	))->setHelp('If this option is set, then machines that specify their hostname when requesting an IPv4 DHCP lease will be registered'.
442	e7d76457	Isaac McDonald	' in the DNS Resolver so that their name can be resolved.'.
443	77cbaeae	Ryan Dlugosz	' Note that this will cause the Resolver to reload and flush its resolution cache whenever a DHCP lease is issued.'.
444	d2a2f018	Steve Beaver	' The domain in %1$sSystem > General Setup%2$s should also be set to the proper value.','<a href="system.php">','</a>');
445	51c224bc	sbeaver
446			$section->addInput(new Form_Checkbox(
447			'regdhcpstatic',
448			'Static DHCP',
449			'Register DHCP static mappings in the DNS Resolver',
450			$pconfig['regdhcpstatic']
451	d2a2f018	Steve Beaver	))->setHelp('If this option is set, then DHCP static mappings will be registered in the DNS Resolver, so that their name can be resolved. '.
452			'The domain in %1$sSystem > General Setup%2$s should also be set to the proper value.','<a href="system.php">','</a>');
453	51c224bc	sbeaver
454	0cc17a06	Lorenz Schori	$section->addInput(new Form_Checkbox(
455			'regovpnclients',
456			'OpenVPN Clients',
457			'Register connected OpenVPN clients in the DNS Resolver',
458			$pconfig['regovpnclients']
459	3b88d971	Viktor G	))->setHelp(sprintf('If this option is set, then the common name (CN) of connected OpenVPN clients will be ' .
460			'registered in the DNS Resolver, so that their name can be resolved. This only works for OpenVPN ' .
461			'servers (Remote Access SSL/TLS or User Auth with Username as Common Name option) operating ' .
462			'in "tun" mode. The domain in %sSystem: General Setup%s should also be set to the proper value.',
463			'<a href="system.php">','</a>'));
464	0cc17a06	Lorenz Schori
465	2c95f1cd	Phil Davis	$btnadv = new Form_Button(
466			'btnadvcustom',
467	faab522f	Renato Botelho	'Custom options',
468	3314e626	jim-p	null,
469			'fa-cog'
470	51c224bc	sbeaver	);
471
472	49d3b157	NOYB	$btnadv->setAttribute('type','button')->addClass('btn-info btn-sm');
473	51c224bc	sbeaver
474			$section->addInput(new Form_StaticText(
475	2c95f1cd	Phil Davis	'Display Custom Options',
476			$btnadv
477	51c224bc	sbeaver	));
478
479	1fcfea39	Stephen Beaver	$section->addInput(new Form_Textarea (
480	51c224bc	sbeaver	'custom_options',
481			'Custom options',
482			$pconfig['custom_options']
483	e78ecb96	NOYB	))->setHelp('Enter any additional configuration parameters to add to the DNS Resolver configuration here, separated by a newline.');
484	51c224bc	sbeaver
485			$form->add($section);
486			print($form);
487			?>
488	932711c7	Matt Smith
489	8fd9052f	Colin Fleming	<script type="text/javascript">
490	51c224bc	sbeaver	//<![CDATA[
491	20db3e1a	Phil Davis	events.push(function() {
492	51c224bc	sbeaver
493	2c95f1cd	Phil Davis	// Show advanced custom options ==============================================
494			var showadvcustom = false;
495
496			function show_advcustom(ispageload) {
497			var text;
498			// On page load decide the initial state based on the data.
499			if (ispageload) {
500	28e3d579	NewEraCracker	showadvcustom = <?=($customoptions ? 'true' : 'false');?>;
501	2c95f1cd	Phil Davis	} else {
502			// It was a click, swap the state.
503			showadvcustom = !showadvcustom;
504			}
505
506			hideInput('custom_options', !showadvcustom);
507
508			if (showadvcustom) {
509			text = "<?=gettext('Hide Custom Options');?>";
510			} else {
511			text = "<?=gettext('Display Custom Options');?>";
512			}
513			$('#btnadvcustom').html('<i class="fa fa-cog"></i> ' + text);
514			}
515
516	d3a3eef0	Francisco Cavalcante	// If the enable checkbox is not checked, hide all inputs
517			function hideGeneral() {
518	51c224bc	sbeaver	var hide = ! $('#enable').prop('checked');
519
520	d3a3eef0	Francisco Cavalcante	hideMultiClass('general', hide);
521			hideInput('port', hide);
522			hideSelect('system_domain_local_zone_type', hide);
523			hideCheckbox('dnssec', hide);
524			hideCheckbox('forwarding', hide);
525			hideCheckbox('regdhcp', hide);
526			hideCheckbox('regdhcpstatic', hide);
527	0cc17a06	Lorenz Schori	hideCheckbox('regovpnclients', hide);
528	2c95f1cd	Phil Davis	hideInput('btnadvcustom', hide);
529			hideInput('custom_options', hide \|\| !showadvcustom);
530	51c224bc	sbeaver	}
531
532	2c95f1cd	Phil Davis	// Un-hide additional controls
533			$('#btnadvcustom').click(function(event) {
534			show_advcustom();
535	51c224bc	sbeaver	});
536
537	d3a3eef0	Francisco Cavalcante	// When 'enable' is clicked, disable/enable the following hide inputs
538	51c224bc	sbeaver	$('#enable').click(function() {
539	d3a3eef0	Francisco Cavalcante	hideGeneral();
540	51c224bc	sbeaver	});
541
542			// On initial load
543	20db3e1a	Phil Davis	if ($('#custom_options').val().length == 0) {
544	df6cb8fe	Stephen Beaver	hideInput('custom_options', true);
545			}
546
547	d3a3eef0	Francisco Cavalcante	hideGeneral();
548	2c95f1cd	Phil Davis	show_advcustom(true);
549	51c224bc	sbeaver
550	4b1fb10d	BBcan177	// When the Python Module 'enable' is clicked, disable/enable the Python Module options
551			function show_python_script() {
552			var python = $('#python').prop('checked');
553			hideInput('python_order', !python);
554			hideInput('python_script', !python);
555			}
556			show_python_script();
557			$('#python').click(function () {
558			show_python_script();
559			});
560
561	51c224bc	sbeaver	});
562			//]]>
563			</script>
564
565			<div class="panel panel-default">
566	f17594c7	Sjon Hortensius	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Host Overrides")?></h2></div>
567	51c224bc	sbeaver	<div class="panel-body table-responsive">
568	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
569	51c224bc	sbeaver	<thead>
570	2783e408	Renato Botelho	<tr>
571	51c224bc	sbeaver	<th><?=gettext("Host")?></th>
572	eb267378	stilez	<th><?=gettext("Parent domain of host")?></th>
573	40e21a7f	stilez	<th><?=gettext("IP to return for host")?></th>
574	51c224bc	sbeaver	<th><?=gettext("Description")?></th>
575	21d973b2	Phil Davis	<th><?=gettext("Actions")?></th>
576	2783e408	Renato Botelho	</tr>
577	51c224bc	sbeaver	</thead>
578			<tbody>
579			<?php
580			$i = 0;
581			foreach ($a_hosts as $hostent):
582			?>
583	2783e408	Renato Botelho	<tr>
584	51c224bc	sbeaver	<td>
585	c8a7d17c	NOYB	<?=$hostent['host']?>
586	51c224bc	sbeaver	</td>
587			<td>
588	c8a7d17c	NOYB	<?=$hostent['domain']?>
589	51c224bc	sbeaver	</td>
590			<td>
591	de038a27	Stephen Beaver	<?=$hostent['ip']?>
592	51c224bc	sbeaver	</td>
593			<td>
594			<?=htmlspecialchars($hostent['descr'])?>
595			</td>
596			<td>
597	33f0b0d5	Stephen Beaver	<a class="fa fa-pencil" title="<?=gettext('Edit host override')?>" href="services_unbound_host_edit.php?id=<?=$i?>"></a>
598	13541a81	Steve Beaver	<a class="fa fa-trash" title="<?=gettext('Delete host override')?>" href="services_unbound.php?type=host&act=del&id=<?=$i?>" usepost></a>
599	51c224bc	sbeaver	</td>
600	2783e408	Renato Botelho	</tr>
601	51c224bc	sbeaver
602			<?php
603			if ($hostent['aliases']['item'] && is_array($hostent['aliases']['item'])):
604			foreach ($hostent['aliases']['item'] as $alias):
605			?>
606	2783e408	Renato Botelho	<tr>
607	51c224bc	sbeaver	<td>
608	c8a7d17c	NOYB	<?=$alias['host']?>
609	51c224bc	sbeaver	</td>
610			<td>
611	c8a7d17c	NOYB	<?=$alias['domain']?>
612	51c224bc	sbeaver	</td>
613			<td>
614	4bb7c0d1	bruno	<?=gettext("Alias for ");?><?=$hostent['host'] ? $hostent['host'] . '.' . $hostent['domain'] : $hostent['domain']?>
615	51c224bc	sbeaver	</td>
616			<td>
617	39bd0b51	Stephen Beaver	<i class="fa fa-angle-double-right text-info"></i>
618	51c224bc	sbeaver	<?=htmlspecialchars($alias['description'])?>
619			</td>
620			<td>
621	1c10ce97	PiBa-NL	<a class="fa fa-pencil" title="<?=gettext('Edit host override')?>" href="services_unbound_host_edit.php?id=<?=$i?>"></a>
622	51c224bc	sbeaver	</td>
623	2783e408	Renato Botelho	</tr>
624	51c224bc	sbeaver	<?php
625			endforeach;
626			endif;
627			$i++;
628			endforeach;
629			?>
630			</tbody>
631			</table>
632			</div>
633			</div>
634
635	de55303c	stilez	<span class="help-block">
636			Enter any individual hosts for which the resolver's standard DNS lookup process should be overridden and a specific
637	179377b0	robjarsen	IPv4 or IPv6 address should automatically be returned by the resolver. Standard and also non-standard names and parent domains
638	c948bc45	jim-p	can be entered, such as 'test', 'nas.home.arpa', 'mycompany.localdomain', '1.168.192.in-addr.arpa', or 'somesite.com'. Any lookup attempt for
639	179377b0	robjarsen	the host will automatically return the given IP address, and the usual lookup server for the domain will not be queried for
640	b9304b9a	stilez	the host's records.
641	de55303c	stilez	</span>
642
643	c10cb196	Stephen Beaver	<nav class="action-buttons">
644	782922c2	Stephen Beaver	<a href="services_unbound_host_edit.php" class="btn btn-sm btn-success">
645	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
646	782922c2	Stephen Beaver	<?=gettext('Add')?>
647			</a>
648	51c224bc	sbeaver	</nav>
649
650			<div class="panel panel-default">
651	f17594c7	Sjon Hortensius	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Domain Overrides")?></h2></div>
652	51c224bc	sbeaver	<div class="panel-body table-responsive">
653	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
654	51c224bc	sbeaver	<thead>
655	2783e408	Renato Botelho	<tr>
656	51c224bc	sbeaver	<th><?=gettext("Domain")?></th>
657	b9304b9a	stilez	<th><?=gettext("Lookup Server IP Address")?></th>
658	51c224bc	sbeaver	<th><?=gettext("Description")?></th>
659	21d973b2	Phil Davis	<th><?=gettext("Actions")?></th>
660	2783e408	Renato Botelho	</tr>
661	51c224bc	sbeaver	</thead>
662
663			<tbody>
664			<?php
665			$i = 0;
666			foreach ($a_domainOverrides as $doment):
667			?>
668	2783e408	Renato Botelho	<tr>
669	51c224bc	sbeaver	<td>
670	c8a7d17c	NOYB	<?=$doment['domain']?>
671	51c224bc	sbeaver	</td>
672			<td>
673			<?=$doment['ip']?>
674			</td>
675			<td>
676			<?=htmlspecialchars($doment['descr'])?>
677			</td>
678			<td>
679	33f0b0d5	Stephen Beaver	<a class="fa fa-pencil" title="<?=gettext('Edit domain override')?>" href="services_unbound_domainoverride_edit.php?id=<?=$i?>"></a>
680	13541a81	Steve Beaver	<a class="fa fa-trash" title="<?=gettext('Delete domain override')?>" href="services_unbound.php?act=del&type=doverride&id=<?=$i?>" usepost></a>
681	51c224bc	sbeaver	</td>
682	2783e408	Renato Botelho	</tr>
683	51c224bc	sbeaver	<?php
684			$i++;
685			endforeach;
686			?>
687			</tbody>
688			</table>
689			</div>
690			</div>
691
692	1eb759ab	stilez	<span class="help-block">
693	179377b0	robjarsen	Enter any domains for which the resolver's standard DNS lookup process should be overridden and a different (non-standard)
694			lookup server should be queried instead. Non-standard, 'invalid' and local domains, and subdomains, can also be entered,
695	c948bc45	jim-p	such as 'test', 'nas.home.arpa', 'mycompany.localdomain', '1.168.192.in-addr.arpa', or 'somesite.com'. The IP address is treated as the
696	1eb759ab	stilez	authoritative lookup server for the domain (including all of its subdomains), and other lookup servers will not be queried.
697	5fc9aa09	Viktor G	If there are multiple authoritative DNS servers available for a domain then make a separate entry for each,
698			using the same domain name.
699	1eb759ab	stilez	</span>
700
701	c10cb196	Stephen Beaver	<nav class="action-buttons">
702	782922c2	Stephen Beaver	<a href="services_unbound_domainoverride_edit.php" class="btn btn-sm btn-success">
703	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
704	782922c2	Stephen Beaver	<?=gettext('Add')?>
705			</a>
706	51c224bc	sbeaver	</nav>
707	782922c2	Stephen Beaver
708	35681930	Stephen Beaver	<div class="infoblock">
709	702fa4d0	Phil Davis	<?php print_info_box(sprintf(gettext('If the DNS Resolver is enabled, the DHCP'.
710			' service (if enabled) will automatically serve the LAN IP'.
711			' address as a DNS server to DHCP clients so they will use'.
712			' the DNS Resolver. If Forwarding is enabled, the DNS Resolver will use the DNS servers'.
713			' entered in %1$sSystem > General Setup%2$s'.
714			' or those obtained via DHCP or PPP on WAN if "Allow'.
715			' DNS server list to be overridden by DHCP/PPP on WAN"'.
716			' is checked.'), '<a href="system.php">', '</a>'), 'info', false); ?>
717	782922c2	Stephen Beaver	</div>
718	82afb104	Stephen Beaver
719	6f65dc19	Chris Buechler	<?php include("foot.inc");

Project

General

Profile

pfSense