From 02dc1ebd932b1200c8f94ae56cb377f70fff4bb7 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sat, 5 Feb 2022 08:16:43 +0100 Subject: [PATCH] interfaces: prevent DHCP from installing nameservers when not allowed This was refactored previously and all the logic should live outside dhclient-script but it seems it's only loosely handled over there. For now put a check back in the old way and rework this later correctly from the system.inc point of view: we do want to register nameserver and searchdomain in the cache files, but should not add a route if those are not required. It would be helpful to show them in the overview regardless (as for DNS servers) but with a hint that they are not being used. PR: https://forum.opnsense.org/index.php?topic=26765.0 --- src/opnsense/scripts/interfaces/dhclient-script | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/opnsense/scripts/interfaces/dhclient-script b/src/opnsense/scripts/interfaces/dhclient-script index fab608055..b44ba87b0 100755 --- a/src/opnsense/scripts/interfaces/dhclient-script +++ b/src/opnsense/scripts/interfaces/dhclient-script @@ -223,6 +223,12 @@ add_new_resolv_conf() { fi rm -f /tmp/${interface}_nameserver + rm -f /tmp/${interface}_searchdomain + + if [ "$(pluginctl -g system.dnsallowoverride)" != "1" ]; then + # prevent installing DNS information when not allowed + return 0 + fi if [ -n "$new_domain_name_servers" ]; then for nameserver in $new_domain_name_servers; do @@ -234,8 +240,6 @@ add_new_resolv_conf() { done fi - rm -f /tmp/${interface}_searchdomain - if [ -n "$new_domain_name" ]; then echo $new_domain_name > /tmp/${interface}_searchdomain fi