|
1
|
<?php
|
|
2
|
/*
|
|
3
|
* services_unbound.php
|
|
4
|
*
|
|
5
|
* part of pfSense (https://www.pfsense.org)
|
|
6
|
* Copyright (c) 2004-2013 BSD Perimeter
|
|
7
|
* Copyright (c) 2013-2016 Electric Sheep Fencing
|
|
8
|
* Copyright (c) 2014-2022 Rubicon Communications, LLC (Netgate)
|
|
9
|
* Copyright (c) 2014 Warren Baker (warren@pfsense.org)
|
|
10
|
* All rights reserved.
|
|
11
|
*
|
|
12
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
13
|
* you may not use this file except in compliance with the License.
|
|
14
|
* You may obtain a copy of the License at
|
|
15
|
*
|
|
16
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
17
|
*
|
|
18
|
* Unless required by applicable law or agreed to in writing, software
|
|
19
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
20
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
21
|
* See the License for the specific language governing permissions and
|
|
22
|
* limitations under the License.
|
|
23
|
*/
|
|
24
|
|
|
25
|
##|+PRIV
|
|
26
|
##|*IDENT=page-services-dnsresolver
|
|
27
|
##|*NAME=Services: DNS Resolver
|
|
28
|
##|*DESCR=Allow access to the 'Services: DNS Resolver' page.
|
|
29
|
##|*MATCH=services_unbound.php*
|
|
30
|
##|-PRIV
|
|
31
|
|
|
32
|
require_once("guiconfig.inc");
|
|
33
|
require_once("unbound.inc");
|
|
34
|
require_once("pfsense-utils.inc");
|
|
35
|
require_once("system.inc");
|
|
36
|
|
|
37
|
init_config_arr(array('unbound', 'hosts'));
|
|
38
|
init_config_arr(array('unbound', 'domainoverrides'));
|
|
39
|
$a_unboundcfg = &$config['unbound'];
|
|
40
|
$a_hosts = &$a_unboundcfg['hosts'];
|
|
41
|
$a_domainOverrides = &$a_unboundcfg['domainoverrides'];
|
|
42
|
|
|
43
|
if (isset($a_unboundcfg['enable'])) {
|
|
44
|
$pconfig['enable'] = true;
|
|
45
|
}
|
|
46
|
if (isset($a_unboundcfg['enablessl'])) {
|
|
47
|
$pconfig['enablessl'] = true;
|
|
48
|
}
|
|
49
|
if (isset($a_unboundcfg['strictout'])) {
|
|
50
|
$pconfig['strictout'] = true;
|
|
51
|
}
|
|
52
|
if (isset($a_unboundcfg['dnssec'])) {
|
|
53
|
$pconfig['dnssec'] = true;
|
|
54
|
}
|
|
55
|
if (isset($a_unboundcfg['python'])) {
|
|
56
|
$pconfig['python'] = true;
|
|
57
|
}
|
|
58
|
if (isset($a_unboundcfg['forwarding'])) {
|
|
59
|
$pconfig['forwarding'] = true;
|
|
60
|
}
|
|
61
|
if (isset($a_unboundcfg['forward_tls_upstream'])) {
|
|
62
|
$pconfig['forward_tls_upstream'] = true;
|
|
63
|
}
|
|
64
|
if (isset($a_unboundcfg['regdhcp'])) {
|
|
65
|
$pconfig['regdhcp'] = true;
|
|
66
|
}
|
|
67
|
if (isset($a_unboundcfg['regdhcpstatic'])) {
|
|
68
|
$pconfig['regdhcpstatic'] = true;
|
|
69
|
}
|
|
70
|
if (isset($a_unboundcfg['regovpnclients'])) {
|
|
71
|
$pconfig['regovpnclients'] = true;
|
|
72
|
}
|
|
73
|
|
|
74
|
$pconfig['python_order'] = $a_unboundcfg['python_order'];
|
|
75
|
$pconfig['python_script'] = $a_unboundcfg['python_script'];
|
|
76
|
$pconfig['port'] = $a_unboundcfg['port'];
|
|
77
|
$pconfig['tlsport'] = $a_unboundcfg['tlsport'];
|
|
78
|
$pconfig['sslcertref'] = $a_unboundcfg['sslcertref'];
|
|
79
|
$pconfig['custom_options'] = base64_decode($a_unboundcfg['custom_options']);
|
|
80
|
|
|
81
|
if (empty($a_unboundcfg['active_interface'])) {
|
|
82
|
$pconfig['active_interface'] = array();
|
|
83
|
} else {
|
|
84
|
$pconfig['active_interface'] = explode(",", $a_unboundcfg['active_interface']);
|
|
85
|
}
|
|
86
|
|
|
87
|
if (empty($a_unboundcfg['outgoing_interface'])) {
|
|
88
|
$pconfig['outgoing_interface'] = array();
|
|
89
|
} else {
|
|
90
|
$pconfig['outgoing_interface'] = explode(",", $a_unboundcfg['outgoing_interface']);
|
|
91
|
}
|
|
92
|
|
|
93
|
if (empty($a_unboundcfg['system_domain_local_zone_type'])) {
|
|
94
|
$pconfig['system_domain_local_zone_type'] = "transparent";
|
|
95
|
} else {
|
|
96
|
$pconfig['system_domain_local_zone_type'] = $a_unboundcfg['system_domain_local_zone_type'];
|
|
97
|
}
|
|
98
|
|
|
99
|
init_config_arr(array('cert'));
|
|
100
|
$a_cert = &$config['cert'];
|
|
101
|
$certs_available = false;
|
|
102
|
|
|
103
|
if (is_array($a_cert) && count($a_cert)) {
|
|
104
|
$certs_available = true;
|
|
105
|
} else {
|
|
106
|
$a_cert = array();
|
|
107
|
}
|
|
108
|
|
|
109
|
if ($_POST['apply']) {
|
|
110
|
$retval = 0;
|
|
111
|
$retval |= services_unbound_configure();
|
|
112
|
if ($retval == 0) {
|
|
113
|
clear_subsystem_dirty('unbound');
|
|
114
|
}
|
|
115
|
/* Update resolv.conf in case the interface bindings exclude localhost. */
|
|
116
|
system_resolvconf_generate();
|
|
117
|
/* Start or restart dhcpleases when it's necessary */
|
|
118
|
system_dhcpleases_configure();
|
|
119
|
}
|
|
120
|
|
|
121
|
if ($_POST['save']) {
|
|
122
|
$pconfig = $_POST;
|
|
123
|
unset($input_errors);
|
|
124
|
|
|
125
|
if (isset($pconfig['enable']) && isset($config['dnsmasq']['enable'])) {
|
|
126
|
if ($pconfig['port'] == $config['dnsmasq']['port']) {
|
|
127
|
$input_errors[] = gettext("The DNS Forwarder is enabled using this port. Choose a non-conflicting port, or disable the DNS Forwarder.");
|
|
128
|
}
|
|
129
|
}
|
|
130
|
|
|
131
|
if (isset($pconfig['enablessl']) && (!$certs_available || empty($pconfig['sslcertref']))) {
|
|
132
|
$input_errors[] = gettext("Acting as an SSL/TLS server requires a valid server certificate");
|
|
133
|
}
|
|
134
|
|
|
135
|
// forwarding mode requires having valid DNS servers
|
|
136
|
if (isset($pconfig['forwarding'])) {
|
|
137
|
$founddns = false;
|
|
138
|
foreach (get_dns_nameservers(false, true) as $dns_server) {
|
|
139
|
if (!ip_in_subnet($dns_server, "127.0.0.0/8")) {
|
|
140
|
$founddns = true;
|
|
141
|
}
|
|
142
|
}
|
|
143
|
if ($founddns == false) {
|
|
144
|
$input_errors[] = gettext("At least one DNS server must be specified under System > General Setup to enable Forwarding mode.");
|
|
145
|
}
|
|
146
|
}
|
|
147
|
|
|
148
|
if (empty($pconfig['active_interface'])) {
|
|
149
|
$input_errors[] = gettext("One or more Network Interfaces must be selected for binding.");
|
|
150
|
} elseif (($config['system']['dnslocalhost'] != 'remote') && (!in_array("lo0", $pconfig['active_interface']) && !in_array("all", $pconfig['active_interface']))) {
|
|
151
|
$input_errors[] = gettext("This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces.");
|
|
152
|
}
|
|
153
|
|
|
154
|
if (empty($pconfig['outgoing_interface'])) {
|
|
155
|
$input_errors[] = gettext("One or more Outgoing Network Interfaces must be selected.");
|
|
156
|
}
|
|
157
|
|
|
158
|
if ($pconfig['port'] && !is_port($pconfig['port'])) {
|
|
159
|
$input_errors[] = gettext("A valid port number must be specified.");
|
|
160
|
}
|
|
161
|
if ($pconfig['tlsport'] && !is_port($pconfig['tlsport'])) {
|
|
162
|
$input_errors[] = gettext("A valid SSL/TLS port number must be specified.");
|
|
163
|
}
|
|
164
|
|
|
165
|
if (is_array($pconfig['active_interface']) && !empty($pconfig['active_interface'])) {
|
|
166
|
$display_active_interface = $pconfig['active_interface'];
|
|
167
|
$pconfig['active_interface'] = implode(",", $pconfig['active_interface']);
|
|
168
|
}
|
|
169
|
|
|
170
|
if ((isset($pconfig['regdhcp']) || isset($pconfig['regdhcpstatic'])) && !is_dhcp_server_enabled()) {
|
|
171
|
$input_errors[] = gettext("DHCP Server must be enabled for DHCP Registration to work in DNS Resolver.");
|
|
172
|
}
|
|
173
|
|
|
174
|
if (($pconfig['system_domain_local_zone_type'] == "redirect") && isset($pconfig['regdhcp'])) {
|
|
175
|
$input_errors[] = gettext('A System Domain Local Zone Type of "redirect" is not compatible with dynamic DHCP Registration.');
|
|
176
|
}
|
|
177
|
|
|
178
|
$display_custom_options = $pconfig['custom_options'];
|
|
179
|
$pconfig['custom_options'] = base64_encode(str_replace("\r\n", "\n", $pconfig['custom_options']));
|
|
180
|
|
|
181
|
if (is_array($pconfig['outgoing_interface']) && !empty($pconfig['outgoing_interface'])) {
|
|
182
|
$display_outgoing_interface = $pconfig['outgoing_interface'];
|
|
183
|
$pconfig['outgoing_interface'] = implode(",", $pconfig['outgoing_interface']);
|
|
184
|
}
|
|
185
|
|
|
186
|
$test_output = array();
|
|
187
|
if (test_unbound_config($pconfig, $test_output)) {
|
|
188
|
$input_errors[] = gettext("The generated config file cannot be parsed by unbound. Please correct the following errors:");
|
|
189
|
$input_errors = array_merge($input_errors, $test_output);
|
|
190
|
}
|
|
191
|
|
|
192
|
if (!$input_errors) {
|
|
193
|
$a_unboundcfg['enable'] = isset($pconfig['enable']);
|
|
194
|
$a_unboundcfg['enablessl'] = isset($pconfig['enablessl']);
|
|
195
|
$a_unboundcfg['port'] = $pconfig['port'];
|
|
196
|
$a_unboundcfg['tlsport'] = $pconfig['tlsport'];
|
|
197
|
$a_unboundcfg['sslcertref'] = $pconfig['sslcertref'];
|
|
198
|
$a_unboundcfg['strictout'] = isset($pconfig['strictout']);
|
|
199
|
$a_unboundcfg['dnssec'] = isset($pconfig['dnssec']);
|
|
200
|
|
|
201
|
$a_unboundcfg['python'] = isset($pconfig['python']);
|
|
202
|
if (isset($pconfig['python'])) {
|
|
203
|
$a_unboundcfg['python_order'] = $pconfig['python_order'];
|
|
204
|
$a_unboundcfg['python_script'] = $pconfig['python_script'];
|
|
205
|
} else {
|
|
206
|
if (isset($a_unboundcfg['python_order'])) {
|
|
207
|
unset($a_unboundcfg['python_order']);
|
|
208
|
}
|
|
209
|
if (isset($a_unboundcfg['python_script'])) {
|
|
210
|
unset($a_unboundcfg['python_script']);
|
|
211
|
}
|
|
212
|
}
|
|
213
|
|
|
214
|
$a_unboundcfg['forwarding'] = isset($pconfig['forwarding']);
|
|
215
|
$a_unboundcfg['forward_tls_upstream'] = isset($pconfig['forward_tls_upstream']);
|
|
216
|
$a_unboundcfg['regdhcp'] = isset($pconfig['regdhcp']);
|
|
217
|
$a_unboundcfg['regdhcpstatic'] = isset($pconfig['regdhcpstatic']);
|
|
218
|
$a_unboundcfg['regovpnclients'] = isset($pconfig['regovpnclients']);
|
|
219
|
$a_unboundcfg['active_interface'] = $pconfig['active_interface'];
|
|
220
|
$a_unboundcfg['outgoing_interface'] = $pconfig['outgoing_interface'];
|
|
221
|
$a_unboundcfg['system_domain_local_zone_type'] = $pconfig['system_domain_local_zone_type'];
|
|
222
|
$a_unboundcfg['custom_options'] = $pconfig['custom_options'];
|
|
223
|
|
|
224
|
write_config(gettext("DNS Resolver configured."));
|
|
225
|
mark_subsystem_dirty('unbound');
|
|
226
|
}
|
|
227
|
|
|
228
|
$pconfig['active_interface'] = $display_active_interface;
|
|
229
|
$pconfig['outgoing_interface'] = $display_outgoing_interface;
|
|
230
|
$pconfig['custom_options'] = $display_custom_options;
|
|
231
|
}
|
|
232
|
|
|
233
|
|
|
234
|
if ($pconfig['custom_options']) {
|
|
235
|
$customoptions = true;
|
|
236
|
} else {
|
|
237
|
$customoptions = false;
|
|
238
|
}
|
|
239
|
|
|
240
|
if ($_POST['act'] == "del") {
|
|
241
|
if ($_POST['type'] == 'host') {
|
|
242
|
if ($a_hosts[$_POST['id']]) {
|
|
243
|
unset($a_hosts[$_POST['id']]);
|
|
244
|
write_config(gettext("Host override deleted from DNS Resolver."));
|
|
245
|
mark_subsystem_dirty('unbound');
|
|
246
|
header("Location: services_unbound.php");
|
|
247
|
exit;
|
|
248
|
}
|
|
249
|
} elseif ($_POST['type'] == 'doverride') {
|
|
250
|
if ($a_domainOverrides[$_POST['id']]) {
|
|
251
|
unset($a_domainOverrides[$_POST['id']]);
|
|
252
|
write_config(gettext("Domain override deleted from DNS Resolver."));
|
|
253
|
mark_subsystem_dirty('unbound');
|
|
254
|
header("Location: services_unbound.php");
|
|
255
|
exit;
|
|
256
|
}
|
|
257
|
}
|
|
258
|
}
|
|
259
|
|
|
260
|
function build_if_list($selectedifs) {
|
|
261
|
$interface_addresses = get_possible_listen_ips(true);
|
|
262
|
$iflist = array('options' => array(), 'selected' => array());
|
|
263
|
|
|
264
|
$iflist['options']['all'] = gettext("All");
|
|
265
|
if (empty($selectedifs) || empty($selectedifs[0]) || in_array("all", $selectedifs)) {
|
|
266
|
array_push($iflist['selected'], "all");
|
|
267
|
}
|
|
268
|
|
|
269
|
foreach ($interface_addresses as $laddr => $ldescr) {
|
|
270
|
$iflist['options'][$laddr] = htmlspecialchars($ldescr);
|
|
271
|
|
|
272
|
if ($selectedifs && in_array($laddr, $selectedifs)) {
|
|
273
|
array_push($iflist['selected'], $laddr);
|
|
274
|
}
|
|
275
|
}
|
|
276
|
|
|
277
|
unset($interface_addresses);
|
|
278
|
|
|
279
|
return($iflist);
|
|
280
|
}
|
|
281
|
|
|
282
|
$pgtitle = array(gettext("Services"), gettext("DNS Resolver"), gettext("General Settings"));
|
|
283
|
$pglinks = array("", "@self", "@self");
|
|
284
|
$shortcut_section = "resolver";
|
|
285
|
|
|
286
|
include_once("head.inc");
|
|
287
|
|
|
288
|
if ($input_errors) {
|
|
289
|
print_input_errors($input_errors);
|
|
290
|
}
|
|
291
|
|
|
292
|
if ($_POST['apply']) {
|
|
293
|
print_apply_result_box($retval);
|
|
294
|
}
|
|
295
|
|
|
296
|
if (is_subsystem_dirty('unbound')) {
|
|
297
|
print_apply_box(gettext("The DNS resolver configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect."));
|
|
298
|
}
|
|
299
|
|
|
300
|
$tab_array = array();
|
|
301
|
$tab_array[] = array(gettext("General Settings"), true, "services_unbound.php");
|
|
302
|
$tab_array[] = array(gettext("Advanced Settings"), false, "services_unbound_advanced.php");
|
|
303
|
$tab_array[] = array(gettext("Access Lists"), false, "/services_unbound_acls.php");
|
|
304
|
display_top_tabs($tab_array, true);
|
|
305
|
|
|
306
|
$form = new Form();
|
|
307
|
|
|
308
|
$section = new Form_Section('General DNS Resolver Options');
|
|
309
|
|
|
310
|
$section->addInput(new Form_Checkbox(
|
|
311
|
'enable',
|
|
312
|
'Enable',
|
|
313
|
'Enable DNS resolver',
|
|
314
|
$pconfig['enable']
|
|
315
|
));
|
|
316
|
|
|
317
|
$section->addInput(new Form_Input(
|
|
318
|
'port',
|
|
319
|
'Listen Port',
|
|
320
|
'number',
|
|
321
|
$pconfig['port'],
|
|
322
|
['placeholder' => '53']
|
|
323
|
))->setHelp('The port used for responding to DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 53.');
|
|
324
|
|
|
325
|
$section->addInput(new Form_Checkbox(
|
|
326
|
'enablessl',
|
|
327
|
'Enable SSL/TLS Service',
|
|
328
|
'Respond to incoming SSL/TLS queries from local clients',
|
|
329
|
$pconfig['enablessl']
|
|
330
|
))->setHelp('Configures the DNS Resolver to act as a DNS over SSL/TLS server which can answer queries from clients which also support DNS over TLS. ' .
|
|
331
|
'Activating this option disables automatic interface response routing behavior, thus it works best with specific interface bindings.' );
|
|
332
|
|
|
333
|
if ($certs_available) {
|
|
334
|
$section->addInput($input = new Form_Select(
|
|
335
|
'sslcertref',
|
|
336
|
'SSL/TLS Certificate',
|
|
337
|
$pconfig['sslcertref'],
|
|
338
|
cert_build_list('cert', 'IPsec')
|
|
339
|
))->setHelp('The server certificate to use for SSL/TLS service. The CA chain will be determined automatically.');
|
|
340
|
} else {
|
|
341
|
$section->addInput(new Form_StaticText(
|
|
342
|
'SSL/TLS Certificate',
|
|
343
|
sprintf('No Certificates have been defined. A certificate is required before SSL/TLS can be enabled. %1$s Create or Import %2$s a Certificate.',
|
|
344
|
'<a href="system_certmanager.php">', '</a>')
|
|
345
|
));
|
|
346
|
}
|
|
347
|
|
|
348
|
$section->addInput(new Form_Input(
|
|
349
|
'tlsport',
|
|
350
|
'SSL/TLS Listen Port',
|
|
351
|
'number',
|
|
352
|
$pconfig['tlsport'],
|
|
353
|
['placeholder' => '853']
|
|
354
|
))->setHelp('The port used for responding to SSL/TLS DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 853.');
|
|
355
|
|
|
356
|
$activeiflist = build_if_list($pconfig['active_interface']);
|
|
357
|
|
|
358
|
$section->addInput(new Form_Select(
|
|
359
|
'active_interface',
|
|
360
|
'*Network Interfaces',
|
|
361
|
$activeiflist['selected'],
|
|
362
|
$activeiflist['options'],
|
|
363
|
true
|
|
364
|
))->addClass('general', 'resizable')->setHelp('Interface IPs used by the DNS Resolver for responding to queries from clients. If an interface has both IPv4 and IPv6 IPs, both are used. Queries to other interface IPs not selected below are discarded. ' .
|
|
365
|
'The default behavior is to respond to queries on every available IPv4 and IPv6 address.');
|
|
366
|
|
|
367
|
$outiflist = build_if_list($pconfig['outgoing_interface']);
|
|
368
|
|
|
369
|
$section->addInput(new Form_Select(
|
|
370
|
'outgoing_interface',
|
|
371
|
'*Outgoing Network Interfaces',
|
|
372
|
$outiflist['selected'],
|
|
373
|
$outiflist['options'],
|
|
374
|
true
|
|
375
|
))->addClass('general', 'resizable')->setHelp('Utilize different network interface(s) that the DNS Resolver will use to send queries to authoritative servers and receive their replies. By default all interfaces are used.');
|
|
376
|
|
|
377
|
$section->addInput(new Form_Checkbox(
|
|
378
|
'strictout',
|
|
379
|
'Strict Outgoing Network Interface Binding',
|
|
380
|
'Do not send recursive queries if none of the selected Outgoing Network Interfaces are available.',
|
|
381
|
$pconfig['strictout']
|
|
382
|
))->setHelp('By default the DNS Resolver sends recursive DNS requests over any available interfaces if none of the selected Outgoing Network Interfaces are available. This option makes the DNS Resolver refuse recursive queries.');
|
|
383
|
|
|
384
|
$section->addInput(new Form_Select(
|
|
385
|
'system_domain_local_zone_type',
|
|
386
|
'*System Domain Local Zone Type',
|
|
387
|
$pconfig['system_domain_local_zone_type'],
|
|
388
|
unbound_local_zone_types()
|
|
389
|
))->setHelp('The local-zone type used for the %1$s system domain (System | General Setup | Domain). Transparent is the default.', $g['product_label']);
|
|
390
|
|
|
391
|
$section->addInput(new Form_Checkbox(
|
|
392
|
'dnssec',
|
|
393
|
'DNSSEC',
|
|
394
|
'Enable DNSSEC Support',
|
|
395
|
$pconfig['dnssec']
|
|
396
|
));
|
|
397
|
|
|
398
|
$section->addInput(new Form_Checkbox(
|
|
399
|
'python',
|
|
400
|
'Python Module',
|
|
401
|
'Enable Python Module',
|
|
402
|
$pconfig['python']
|
|
403
|
))->setHelp('Enable the Python Module.');
|
|
404
|
|
|
405
|
$python_files = glob("{$g['unbound_chroot_path']}/*.py");
|
|
406
|
$python_scripts = array();
|
|
407
|
if (!empty($python_files)) {
|
|
408
|
foreach ($python_files as $file) {
|
|
409
|
$file = pathinfo($file, PATHINFO_FILENAME);
|
|
410
|
$python_scripts[$file] = $file;
|
|
411
|
}
|
|
412
|
}
|
|
413
|
else {
|
|
414
|
$python_scripts = array('' => 'No Python Module scripts found');
|
|
415
|
}
|
|
416
|
|
|
417
|
$section->addInput(new Form_Select(
|
|
418
|
'python_order',
|
|
419
|
'Python Module Order',
|
|
420
|
$pconfig['python_order'],
|
|
421
|
[ 'pre_validator' => 'Pre Validator', 'post_validator' => 'Post Validator' ]
|
|
422
|
))->setHelp('Select the Python Module ordering.');
|
|
423
|
|
|
424
|
$section->addInput(new Form_Select(
|
|
425
|
'python_script',
|
|
426
|
'Python Module Script',
|
|
427
|
$pconfig['python_script'],
|
|
428
|
$python_scripts
|
|
429
|
))->setHelp('Select the Python module script to utilize.');
|
|
430
|
|
|
431
|
$section->addInput(new Form_Checkbox(
|
|
432
|
'forwarding',
|
|
433
|
'DNS Query Forwarding',
|
|
434
|
'Enable Forwarding Mode',
|
|
435
|
$pconfig['forwarding']
|
|
436
|
))->setHelp('If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under'.
|
|
437
|
' %1$sSystem > General Setup%2$s or those obtained via dynamic ' .
|
|
438
|
'interfaces such as DHCP, PPP, or OpenVPN (if DNS Server Override ' .
|
|
439
|
'is enabled there).','<a href="system.php">','</a>');
|
|
440
|
|
|
441
|
$section->addInput(new Form_Checkbox(
|
|
442
|
'forward_tls_upstream',
|
|
443
|
null,
|
|
444
|
'Use SSL/TLS for outgoing DNS Queries to Forwarding Servers',
|
|
445
|
$pconfig['forward_tls_upstream']
|
|
446
|
))->setHelp('When set in conjunction with DNS Query Forwarding, queries to all upstream forwarding DNS servers will be sent using SSL/TLS on the default port of 853. Note that ALL configured forwarding servers MUST support SSL/TLS queries on port 853.');
|
|
447
|
|
|
448
|
$section->addInput(new Form_Checkbox(
|
|
449
|
'regdhcp',
|
|
450
|
'DHCP Registration',
|
|
451
|
'Register DHCP leases in the DNS Resolver',
|
|
452
|
$pconfig['regdhcp']
|
|
453
|
))->setHelp('If this option is set, then machines that specify their hostname when requesting an IPv4 DHCP lease will be registered'.
|
|
454
|
' in the DNS Resolver so that their name can be resolved.'.
|
|
455
|
' Note that this will cause the Resolver to reload and flush its resolution cache whenever a DHCP lease is issued.'.
|
|
456
|
' The domain in %1$sSystem > General Setup%2$s should also be set to the proper value.','<a href="system.php">','</a>');
|
|
457
|
|
|
458
|
$section->addInput(new Form_Checkbox(
|
|
459
|
'regdhcpstatic',
|
|
460
|
'Static DHCP',
|
|
461
|
'Register DHCP static mappings in the DNS Resolver',
|
|
462
|
$pconfig['regdhcpstatic']
|
|
463
|
))->setHelp('If this option is set, then DHCP static mappings will be registered in the DNS Resolver, so that their name can be resolved. '.
|
|
464
|
'The domain in %1$sSystem > General Setup%2$s should also be set to the proper value.','<a href="system.php">','</a>');
|
|
465
|
|
|
466
|
$section->addInput(new Form_Checkbox(
|
|
467
|
'regovpnclients',
|
|
468
|
'OpenVPN Clients',
|
|
469
|
'Register connected OpenVPN clients in the DNS Resolver',
|
|
470
|
$pconfig['regovpnclients']
|
|
471
|
))->setHelp(sprintf('If this option is set, then the common name (CN) of connected OpenVPN clients will be ' .
|
|
472
|
'registered in the DNS Resolver, so that their name can be resolved. This only works for OpenVPN ' .
|
|
473
|
'servers (Remote Access SSL/TLS or User Auth with Username as Common Name option) operating ' .
|
|
474
|
'in "tun" mode. The domain in %sSystem: General Setup%s should also be set to the proper value.',
|
|
475
|
'<a href="system.php">','</a>'));
|
|
476
|
|
|
477
|
$btnadv = new Form_Button(
|
|
478
|
'btnadvcustom',
|
|
479
|
'Custom options',
|
|
480
|
null,
|
|
481
|
'fa-cog'
|
|
482
|
);
|
|
483
|
|
|
484
|
$btnadv->setAttribute('type','button')->addClass('btn-info btn-sm');
|
|
485
|
|
|
486
|
$section->addInput(new Form_StaticText(
|
|
487
|
'Display Custom Options',
|
|
488
|
$btnadv
|
|
489
|
));
|
|
490
|
|
|
491
|
$section->addInput(new Form_Textarea (
|
|
492
|
'custom_options',
|
|
493
|
'Custom options',
|
|
494
|
$pconfig['custom_options']
|
|
495
|
))->setHelp('Enter any additional configuration parameters to add to the DNS Resolver configuration here, separated by a newline.');
|
|
496
|
|
|
497
|
$form->add($section);
|
|
498
|
print($form);
|
|
499
|
?>
|
|
500
|
|
|
501
|
<script type="text/javascript">
|
|
502
|
//<![CDATA[
|
|
503
|
events.push(function() {
|
|
504
|
|
|
505
|
// Show advanced custom options ==============================================
|
|
506
|
var showadvcustom = false;
|
|
507
|
|
|
508
|
function show_advcustom(ispageload) {
|
|
509
|
var text;
|
|
510
|
// On page load decide the initial state based on the data.
|
|
511
|
if (ispageload) {
|
|
512
|
showadvcustom = <?=($customoptions ? 'true' : 'false');?>;
|
|
513
|
} else {
|
|
514
|
// It was a click, swap the state.
|
|
515
|
showadvcustom = !showadvcustom;
|
|
516
|
}
|
|
517
|
|
|
518
|
hideInput('custom_options', !showadvcustom);
|
|
519
|
|
|
520
|
if (showadvcustom) {
|
|
521
|
text = "<?=gettext('Hide Custom Options');?>";
|
|
522
|
} else {
|
|
523
|
text = "<?=gettext('Display Custom Options');?>";
|
|
524
|
}
|
|
525
|
$('#btnadvcustom').html('<i class="fa fa-cog"></i> ' + text);
|
|
526
|
}
|
|
527
|
|
|
528
|
// If the enable checkbox is not checked, hide all inputs
|
|
529
|
function hideGeneral() {
|
|
530
|
var hide = ! $('#enable').prop('checked');
|
|
531
|
|
|
532
|
hideMultiClass('general', hide);
|
|
533
|
hideInput('port', hide);
|
|
534
|
hideSelect('system_domain_local_zone_type', hide);
|
|
535
|
hideCheckbox('strictout', hide);
|
|
536
|
hideCheckbox('dnssec', hide);
|
|
537
|
hideCheckbox('forwarding', hide);
|
|
538
|
hideCheckbox('regdhcp', hide);
|
|
539
|
hideCheckbox('regdhcpstatic', hide);
|
|
540
|
hideCheckbox('regovpnclients', hide);
|
|
541
|
hideInput('btnadvcustom', hide);
|
|
542
|
hideInput('custom_options', hide || !showadvcustom);
|
|
543
|
}
|
|
544
|
|
|
545
|
// Un-hide additional controls
|
|
546
|
$('#btnadvcustom').click(function(event) {
|
|
547
|
show_advcustom();
|
|
548
|
});
|
|
549
|
|
|
550
|
// When 'enable' is clicked, disable/enable the following hide inputs
|
|
551
|
$('#enable').click(function() {
|
|
552
|
hideGeneral();
|
|
553
|
});
|
|
554
|
|
|
555
|
// On initial load
|
|
556
|
if ($('#custom_options').val().length == 0) {
|
|
557
|
hideInput('custom_options', true);
|
|
558
|
}
|
|
559
|
|
|
560
|
hideGeneral();
|
|
561
|
show_advcustom(true);
|
|
562
|
|
|
563
|
// When the Python Module 'enable' is clicked, disable/enable the Python Module options
|
|
564
|
function show_python_script() {
|
|
565
|
var python = $('#python').prop('checked');
|
|
566
|
hideInput('python_order', !python);
|
|
567
|
hideInput('python_script', !python);
|
|
568
|
}
|
|
569
|
show_python_script();
|
|
570
|
$('#python').click(function () {
|
|
571
|
show_python_script();
|
|
572
|
});
|
|
573
|
|
|
574
|
});
|
|
575
|
//]]>
|
|
576
|
</script>
|
|
577
|
|
|
578
|
<div class="panel panel-default">
|
|
579
|
<div class="panel-heading"><h2 class="panel-title"><?=gettext("Host Overrides")?></h2></div>
|
|
580
|
<div class="panel-body table-responsive">
|
|
581
|
<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
|
|
582
|
<thead>
|
|
583
|
<tr>
|
|
584
|
<th><?=gettext("Host")?></th>
|
|
585
|
<th><?=gettext("Parent domain of host")?></th>
|
|
586
|
<th><?=gettext("IP to return for host")?></th>
|
|
587
|
<th><?=gettext("Description")?></th>
|
|
588
|
<th><?=gettext("Actions")?></th>
|
|
589
|
</tr>
|
|
590
|
</thead>
|
|
591
|
<tbody>
|
|
592
|
<?php
|
|
593
|
$i = 0;
|
|
594
|
foreach ($a_hosts as $hostent):
|
|
595
|
?>
|
|
596
|
<tr>
|
|
597
|
<td>
|
|
598
|
<?=$hostent['host']?>
|
|
599
|
</td>
|
|
600
|
<td>
|
|
601
|
<?=$hostent['domain']?>
|
|
602
|
</td>
|
|
603
|
<td>
|
|
604
|
<?=$hostent['ip']?>
|
|
605
|
</td>
|
|
606
|
<td>
|
|
607
|
<?=htmlspecialchars($hostent['descr'])?>
|
|
608
|
</td>
|
|
609
|
<td>
|
|
610
|
<a class="fa fa-pencil" title="<?=gettext('Edit host override')?>" href="services_unbound_host_edit.php?id=<?=$i?>"></a>
|
|
611
|
<a class="fa fa-trash" title="<?=gettext('Delete host override')?>" href="services_unbound.php?type=host&act=del&id=<?=$i?>" usepost></a>
|
|
612
|
</td>
|
|
613
|
</tr>
|
|
614
|
|
|
615
|
<?php
|
|
616
|
if ($hostent['aliases']['item'] && is_array($hostent['aliases']['item'])):
|
|
617
|
foreach ($hostent['aliases']['item'] as $alias):
|
|
618
|
?>
|
|
619
|
<tr>
|
|
620
|
<td>
|
|
621
|
<?=$alias['host']?>
|
|
622
|
</td>
|
|
623
|
<td>
|
|
624
|
<?=$alias['domain']?>
|
|
625
|
</td>
|
|
626
|
<td>
|
|
627
|
<?=gettext("Alias for ");?><?=$hostent['host'] ? $hostent['host'] . '.' . $hostent['domain'] : $hostent['domain']?>
|
|
628
|
</td>
|
|
629
|
<td>
|
|
630
|
<i class="fa fa-angle-double-right text-info"></i>
|
|
631
|
<?=htmlspecialchars($alias['description'])?>
|
|
632
|
</td>
|
|
633
|
<td>
|
|
634
|
<a class="fa fa-pencil" title="<?=gettext('Edit host override')?>" href="services_unbound_host_edit.php?id=<?=$i?>"></a>
|
|
635
|
</td>
|
|
636
|
</tr>
|
|
637
|
<?php
|
|
638
|
endforeach;
|
|
639
|
endif;
|
|
640
|
$i++;
|
|
641
|
endforeach;
|
|
642
|
?>
|
|
643
|
</tbody>
|
|
644
|
</table>
|
|
645
|
</div>
|
|
646
|
</div>
|
|
647
|
|
|
648
|
<span class="help-block">
|
|
649
|
Enter any individual hosts for which the resolver's standard DNS lookup process should be overridden and a specific
|
|
650
|
IPv4 or IPv6 address should automatically be returned by the resolver. Standard and also non-standard names and parent domains
|
|
651
|
can be entered, such as 'test', 'nas.home.arpa', 'mycompany.localdomain', '1.168.192.in-addr.arpa', or 'somesite.com'. Any lookup attempt for
|
|
652
|
the host will automatically return the given IP address, and the usual lookup server for the domain will not be queried for
|
|
653
|
the host's records.
|
|
654
|
</span>
|
|
655
|
|
|
656
|
<nav class="action-buttons">
|
|
657
|
<a href="services_unbound_host_edit.php" class="btn btn-sm btn-success">
|
|
658
|
<i class="fa fa-plus icon-embed-btn"></i>
|
|
659
|
<?=gettext('Add')?>
|
|
660
|
</a>
|
|
661
|
</nav>
|
|
662
|
|
|
663
|
<div class="panel panel-default">
|
|
664
|
<div class="panel-heading"><h2 class="panel-title"><?=gettext("Domain Overrides")?></h2></div>
|
|
665
|
<div class="panel-body table-responsive">
|
|
666
|
<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
|
|
667
|
<thead>
|
|
668
|
<tr>
|
|
669
|
<th><?=gettext("Domain")?></th>
|
|
670
|
<th><?=gettext("Lookup Server IP Address")?></th>
|
|
671
|
<th><?=gettext("Description")?></th>
|
|
672
|
<th><?=gettext("Actions")?></th>
|
|
673
|
</tr>
|
|
674
|
</thead>
|
|
675
|
|
|
676
|
<tbody>
|
|
677
|
<?php
|
|
678
|
$i = 0;
|
|
679
|
foreach ($a_domainOverrides as $doment):
|
|
680
|
?>
|
|
681
|
<tr>
|
|
682
|
<td>
|
|
683
|
<?=$doment['domain']?>
|
|
684
|
</td>
|
|
685
|
<td>
|
|
686
|
<?=$doment['ip']?>
|
|
687
|
</td>
|
|
688
|
<td>
|
|
689
|
<?=htmlspecialchars($doment['descr'])?>
|
|
690
|
</td>
|
|
691
|
<td>
|
|
692
|
<a class="fa fa-pencil" title="<?=gettext('Edit domain override')?>" href="services_unbound_domainoverride_edit.php?id=<?=$i?>"></a>
|
|
693
|
<a class="fa fa-trash" title="<?=gettext('Delete domain override')?>" href="services_unbound.php?act=del&type=doverride&id=<?=$i?>" usepost></a>
|
|
694
|
</td>
|
|
695
|
</tr>
|
|
696
|
<?php
|
|
697
|
$i++;
|
|
698
|
endforeach;
|
|
699
|
?>
|
|
700
|
</tbody>
|
|
701
|
</table>
|
|
702
|
</div>
|
|
703
|
</div>
|
|
704
|
|
|
705
|
<span class="help-block">
|
|
706
|
Enter any domains for which the resolver's standard DNS lookup process should be overridden and a different (non-standard)
|
|
707
|
lookup server should be queried instead. Non-standard, 'invalid' and local domains, and subdomains, can also be entered,
|
|
708
|
such as 'test', 'nas.home.arpa', 'mycompany.localdomain', '1.168.192.in-addr.arpa', or 'somesite.com'. The IP address is treated as the
|
|
709
|
authoritative lookup server for the domain (including all of its subdomains), and other lookup servers will not be queried.
|
|
710
|
If there are multiple authoritative DNS servers available for a domain then make a separate entry for each,
|
|
711
|
using the same domain name.
|
|
712
|
</span>
|
|
713
|
|
|
714
|
<nav class="action-buttons">
|
|
715
|
<a href="services_unbound_domainoverride_edit.php" class="btn btn-sm btn-success">
|
|
716
|
<i class="fa fa-plus icon-embed-btn"></i>
|
|
717
|
<?=gettext('Add')?>
|
|
718
|
</a>
|
|
719
|
</nav>
|
|
720
|
|
|
721
|
<div class="infoblock">
|
|
722
|
<?php print_info_box(sprintf(gettext('If the DNS Resolver is enabled, the DHCP'.
|
|
723
|
' service (if enabled) will automatically serve the LAN IP'.
|
|
724
|
' address as a DNS server to DHCP clients so they will use'.
|
|
725
|
' the DNS Resolver. If Forwarding is enabled, the DNS Resolver will use the DNS servers'.
|
|
726
|
' entered in %1$sSystem > General Setup%2$s'.
|
|
727
|
' or those obtained via DHCP or PPP on WAN if "Allow'.
|
|
728
|
' DNS server list to be overridden by DHCP/PPP on WAN"'.
|
|
729
|
' is checked.'), '<a href="system.php">', '</a>'), 'info', false); ?>
|
|
730
|
</div>
|
|
731
|
|
|
732
|
<?php include("foot.inc");
|
