Revision f39ba24b
Added by Jim Pingle over 7 years ago
| src/etc/inc/unbound.inc | ||
|---|---|---|
| 531 | 531 |
|
| 532 | 532 |
$sorted_domains = msort($domains, "domain"); |
| 533 | 533 |
$result = array(); |
| 534 |
$tls_domains = array(); |
|
| 534 | 535 |
foreach ($sorted_domains as $domain) {
|
| 535 | 536 |
$domain_key = current($domain); |
| 536 | 537 |
if (!isset($result[$domain_key])) {
|
| 537 | 538 |
$result[$domain_key] = array(); |
| 538 | 539 |
} |
| 539 | 540 |
$result[$domain_key][] = $domain['ip']; |
| 541 |
/* If any entry for a domain has TLS set, it will be active for all entries. */ |
|
| 542 |
if (isset($domain['forward_tls_upstream'])) {
|
|
| 543 |
$tls_domains[] = $domain_key; |
|
| 544 |
} |
|
| 540 | 545 |
} |
| 541 | 546 |
|
| 542 | 547 |
// Domain overrides that have multiple entries need multiple stub-addr: added |
| ... | ... | |
| 552 | 557 |
} else {
|
| 553 | 558 |
$domain_entries .= "forward-zone:\n"; |
| 554 | 559 |
$domain_entries .= "\tname: \"$domain\"\n"; |
| 560 |
$fwdport = ""; |
|
| 561 |
/* Enable TLS forwarding for this domain if needed. */ |
|
| 562 |
if (in_array($domain, $tls_domains)) {
|
|
| 563 |
$domain_entries .= "\tforward-tls-upstream: yes\n"; |
|
| 564 |
$fwdport = "@853"; |
|
| 565 |
} |
|
| 555 | 566 |
foreach ($ips as $ip) {
|
| 556 |
$domain_entries .= "\tforward-addr: $ip\n"; |
|
| 567 |
/* If an IP address already contains a port specification, do not add another. */ |
|
| 568 |
if (strstr($ip, '@') !== false) {
|
|
| 569 |
$fwdport = ""; |
|
| 570 |
} |
|
| 571 |
$domain_entries .= "\tforward-addr: {$ip}{$fwdport}\n";
|
|
| 557 | 572 |
} |
| 558 | 573 |
} |
| 559 | 574 |
} |
| src/usr/local/www/services_unbound_domainoverride_edit.php | ||
|---|---|---|
| 45 | 45 |
$pconfig['domain'] = $a_domainOverrides[$id]['domain']; |
| 46 | 46 |
$pconfig['ip'] = $a_domainOverrides[$id]['ip']; |
| 47 | 47 |
$pconfig['descr'] = $a_domainOverrides[$id]['descr']; |
| 48 |
$pconfig['forward_tls_upstream'] = isset($a_domainOverrides[$id]['forward_tls_upstream']); |
|
| 48 | 49 |
} |
| 49 | 50 |
|
| 50 | 51 |
if ($_POST['save']) {
|
| ... | ... | |
| 87 | 88 |
$doment['domain'] = $_POST['domain']; |
| 88 | 89 |
$doment['ip'] = $_POST['ip']; |
| 89 | 90 |
$doment['descr'] = $_POST['descr']; |
| 91 |
$doment['forward_tls_upstream'] = isset($_POST['forward_tls_upstream']); |
|
| 90 | 92 |
|
| 91 | 93 |
if (isset($id) && $a_domainOverrides[$id]) {
|
| 92 | 94 |
$a_domainOverrides[$id] = $doment; |
| ... | ... | |
| 130 | 132 |
))->setHelp('IPv4 or IPv6 address of the authoritative DNS server for this domain. e.g.: 192.168.100.100%1$s' .
|
| 131 | 133 |
'To use a non-default port for communication, append an \'@\' with the port number.', '<br />')->setPattern('[a-zA-Z0-9@.:]+');
|
| 132 | 134 |
|
| 135 |
$section->addInput(new Form_Checkbox( |
|
| 136 |
'forward_tls_upstream', |
|
| 137 |
'TLS Queries', |
|
| 138 |
'Use SSL/TLS for DNS Queries forwarded to this server', |
|
| 139 |
$pconfig['forward_tls_upstream'] |
|
| 140 |
))->setHelp('When set, queries to %1$sall DNS servers for this domain%2$s will be sent using SSL/TLS on the default port of 853.', '<b>', '</b>');
|
|
| 141 |
|
|
| 133 | 142 |
$section->addInput(new Form_Input( |
| 134 | 143 |
'descr', |
| 135 | 144 |
'Description', |
Also available in: Unified diff
Add a TLS option for DNS Resolver Domain Overrides. Implements #8431