From 408ebbef482da0afc21500d5a0fc5b520d3d444b Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sun, 13 Nov 2016 17:01:54 +0100 Subject: [PATCH] dnsmasq: same as previous with bits for #1256 --- src/etc/inc/interfaces.inc | 8 +- src/etc/inc/services.inc | 207 +++++++++--------- src/etc/inc/xmlrpc/legacy.inc | 2 +- src/etc/rc.bootup | 2 +- src/www/services_dhcp.php | 2 +- src/www/services_dhcpv6.php | 2 +- src/www/services_dnsmasq.php | 2 + .../services_dnsmasq_domainoverride_edit.php | 1 + src/www/system_advanced_admin.php | 2 +- src/www/system_general.php | 2 +- 10 files changed, 114 insertions(+), 116 deletions(-) diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 997dcaf82..c22ad232f 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -1141,8 +1141,8 @@ function interfaces_configure() /* reload IPsec tunnels */ ipsec_configure(); - /* restart dns servers (defering dhcp restart) */ - services_dnsmasq_configure(false); + /* restart dns servers */ + services_dnsmasq_configure(); services_unbound_configure(); /* reload dhcpd (interface enabled/disabled status may have changed) */ @@ -2889,8 +2889,8 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven /* reload ipsec tunnels */ ipsec_configure(); - /* restart dns servers (defering dhcp restart) */ - services_dnsmasq_configure(false); + /* restart dns servers */ + services_dnsmasq_configure(); services_unbound_configure(); /* reload dhcpd (interface enabled/disabled status may have changed) */ diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index e3542e7f6..3fe890642 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -1783,7 +1783,7 @@ function dyndnsCheckIP($int) return $ip_address; } -function services_dnsmasq_configure($dhcp_reload = true) +function services_dnsmasq_configure($verbose = false) { global $config; @@ -1796,123 +1796,118 @@ function services_dnsmasq_configure($dhcp_reload = true) killbypid('/var/run/dnsmasq.pid', 'TERM', true); - if (isset($config['dnsmasq']['enable'])) { - if (file_exists("/var/run/booting")) { - echo gettext("Starting DNS forwarder..."); - } + if (!isset($config['dnsmasq']['enable'])) { + return; + } - $args = ""; + if ($verbose) { + echo 'Starting DNS forwarder...'; + flush(); + } - if (isset($config['dnsmasq']['regdhcp'])) { - $args .= " --dhcp-hostsfile=/etc/hosts "; - } + $args = ""; - /* Setup listen port, if non-default */ - if (isset($config['dnsmasq']['port']) && is_port($config['dnsmasq']['port'])) { - $args .= " --port={$config['dnsmasq']['port']} "; - } + if (isset($config['dnsmasq']['regdhcp'])) { + $args .= " --dhcp-hostsfile=/etc/hosts "; + } - if (isset($config['dnsmasq']['interface'])) { - $addresses = array(); - foreach (explode(",", $config['dnsmasq']['interface']) as $interface) { - if (is_ipaddrv4($interface)) { - $addresses[] = $interface; - } elseif (is_ipaddrv6($interface)) { - // Since dnsmasq does not support link-local address with scope specified. strip address. - $addresses[] = explode("%", $interface)[0]; - } else { - $intf_ipv4 = get_interface_ip($interface); - $intf_ipv6 = get_interface_ipv6($interface); - if (!empty($intf_ipv4)) { - $addresses[] = $intf_ipv4; - } - if (!empty($intf_ipv6)) { - $addresses[] = explode("%", $intf_ipv6)[0]; - } + /* Setup listen port, if non-default */ + if (isset($config['dnsmasq']['port']) && is_port($config['dnsmasq']['port'])) { + $args .= " --port={$config['dnsmasq']['port']} "; + } + + if (isset($config['dnsmasq']['interface'])) { + $addresses = array(); + foreach (explode(",", $config['dnsmasq']['interface']) as $interface) { + if (is_ipaddrv4($interface)) { + $addresses[] = $interface; + } elseif (is_ipaddrv6($interface)) { + // Since dnsmasq does not support link-local address with scope specified. strip address. + $addresses[] = explode("%", $interface)[0]; + } else { + $intf_ipv4 = get_interface_ip($interface); + $intf_ipv6 = get_interface_ipv6($interface); + if (!empty($intf_ipv4)) { + $addresses[] = $intf_ipv4; } - } - foreach ($addresses as $address) { - $args .= " --listen-address={$address} "; - } - if (!empty($addresses) && isset($config['dnsmasq']['strictbind'])) { - $args .= " --bind-interfaces "; - } - } - - /* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */ - /* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */ - /* the user-specified entry made later on the command line below will be the one that is effective. */ - if (isset($config['dnsmasq']['no_private_reverse'])) { - /* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */ - /* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */ - /* Just the OPNsense WAN might get a CGN address from an ISP. */ - $args .= " --server=/10.in-addr.arpa/ "; - $args .= " --server=/168.192.in-addr.arpa/ "; - /* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */ - for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) { - $args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ "; - } - } - - /* Setup forwarded domains */ - if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { - foreach($config['dnsmasq']['domainoverrides'] as $override) { - if ($override['ip'] == "!") { - $override['ip'] = ""; - } - $args .= ' --server='. escapeshellarg('/' . $override['domain'] . '/' . $override['ip']); - } - } - - /* Allow DNS Rebind for forwarded domains */ - if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { - if (!isset($config['system']['webgui']['nodnsrebindcheck'])) { - foreach($config['dnsmasq']['domainoverrides'] as $override) { - $args .= ' --rebind-domain-ok=' . escapeshellarg('/'.$override['domain'].'/') . ' ' ; + if (!empty($intf_ipv6)) { + $addresses[] = explode("%", $intf_ipv6)[0]; } } } - - if (!isset($config['system']['webgui']['nodnsrebindcheck'])) { - $dns_rebind = "--rebind-localhost-ok --stop-dns-rebind"; + foreach ($addresses as $address) { + $args .= " --listen-address={$address} "; } - - if (isset($config['dnsmasq']['strict_order'])) { - $args .= " --strict-order "; - } - - if (isset($config['dnsmasq']['domain_needed'])) { - $args .= " --domain-needed "; - } - - if (isset($config['dnsmasq']['custom_options']) && !empty($config['dnsmasq']['custom_options'])) { - foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) { - $args .= " " . escapeshellarg("--{$c}"); - $p = explode('=', $c); - if (array_key_exists($p[0], $standard_args)) { - unset($standard_args[$p[0]]); - } - } - } - $args .= ' ' . implode(' ', array_values($standard_args)); - - /* run dnsmasq */ - $cmd = "/usr/local/sbin/dnsmasq --all-servers {$dns_rebind} {$args}"; - mwexec_bg($cmd); - services_dhcpleases_configure(); - unset($args); - - if (file_exists("/var/run/booting")) { - echo gettext("done.") . "\n"; + if (!empty($addresses) && isset($config['dnsmasq']['strictbind'])) { + $args .= " --bind-interfaces "; } } - /* - * XXX this is overly convoluted, potentiall - * restarting all of dhcp up to three times ;) - */ - if ($dhcp_reload) { - services_dhcpd_configure(); + /* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */ + /* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */ + /* the user-specified entry made later on the command line below will be the one that is effective. */ + if (isset($config['dnsmasq']['no_private_reverse'])) { + /* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */ + /* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */ + /* Just the OPNsense WAN might get a CGN address from an ISP. */ + $args .= " --server=/10.in-addr.arpa/ "; + $args .= " --server=/168.192.in-addr.arpa/ "; + /* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */ + for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) { + $args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ "; + } + } + + /* Setup forwarded domains */ + if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { + foreach($config['dnsmasq']['domainoverrides'] as $override) { + if ($override['ip'] == "!") { + $override['ip'] = ""; + } + $args .= ' --server='. escapeshellarg('/' . $override['domain'] . '/' . $override['ip']); + } + } + + /* Allow DNS Rebind for forwarded domains */ + if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { + if (!isset($config['system']['webgui']['nodnsrebindcheck'])) { + foreach($config['dnsmasq']['domainoverrides'] as $override) { + $args .= ' --rebind-domain-ok=' . escapeshellarg('/'.$override['domain'].'/') . ' ' ; + } + } + } + + if (!isset($config['system']['webgui']['nodnsrebindcheck'])) { + $dns_rebind = "--rebind-localhost-ok --stop-dns-rebind"; + } + + if (isset($config['dnsmasq']['strict_order'])) { + $args .= " --strict-order "; + } + + if (isset($config['dnsmasq']['domain_needed'])) { + $args .= " --domain-needed "; + } + + if (isset($config['dnsmasq']['custom_options']) && !empty($config['dnsmasq']['custom_options'])) { + foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) { + $args .= " " . escapeshellarg("--{$c}"); + $p = explode('=', $c); + if (array_key_exists($p[0], $standard_args)) { + unset($standard_args[$p[0]]); + } + } + } + $args .= ' ' . implode(' ', array_values($standard_args)); + + /* run dnsmasq */ + $cmd = "/usr/local/sbin/dnsmasq --all-servers {$dns_rebind} {$args}"; + mwexec_bg($cmd); + services_dhcpleases_configure(); + unset($args); + + if ($verbose) { + echo "done.\n"; } } diff --git a/src/etc/inc/xmlrpc/legacy.inc b/src/etc/inc/xmlrpc/legacy.inc index b951cece2..12e662277 100644 --- a/src/etc/inc/xmlrpc/legacy.inc +++ b/src/etc/inc/xmlrpc/legacy.inc @@ -137,7 +137,7 @@ function filter_configure_xmlrpc() system_hosts_generate(); services_dhcpleases_configure(); local_sync_accounts(); - services_dnsmasq_configure(false); + services_dnsmasq_configure(); services_unbound_configure(); services_dhcpd_configure(); relayd_configure_do(); diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index 0cf4a0a56..7810d19d7 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -188,7 +188,7 @@ system_routing_configure(); system_routing_enable(); /* start dnsmasq service */ -services_dnsmasq_configure(false); +services_dnsmasq_configure(true); /* start unbound service */ services_unbound_configure(true); diff --git a/src/www/services_dhcp.php b/src/www/services_dhcp.php index bb40b0218..bb3dd6945 100644 --- a/src/www/services_dhcp.php +++ b/src/www/services_dhcp.php @@ -112,7 +112,7 @@ function reconfigure_dhcpd() system_hosts_generate(); services_dhcpleases_configure(); if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { - services_dnsmasq_configure(false); + services_dnsmasq_configure(); clear_subsystem_dirty('hosts'); } if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { diff --git a/src/www/services_dhcpv6.php b/src/www/services_dhcpv6.php index 4974f7610..ffcef511c 100644 --- a/src/www/services_dhcpv6.php +++ b/src/www/services_dhcpv6.php @@ -42,7 +42,7 @@ require_once("services.inc"); function reconfigure_dhcpd() { if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { - services_dnsmasq_configure(false); + services_dnsmasq_configure(); clear_subsystem_dirty('hosts'); } diff --git a/src/www/services_dnsmasq.php b/src/www/services_dnsmasq.php index 8c9b3f36e..de52e6360 100644 --- a/src/www/services_dnsmasq.php +++ b/src/www/services_dnsmasq.php @@ -109,6 +109,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } write_config(); services_dnsmasq_configure(); + services_dhcpd_configure(); header(url_safe('Location: /services_dnsmasq.php')); exit; } @@ -120,6 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { system_hosts_generate(); services_dhcpleases_configure(); services_dnsmasq_configure(); + services_dhcpd_configure(); clear_subsystem_dirty('hosts'); header(url_safe('Location: /services_dnsmasq.php')); exit; diff --git a/src/www/services_dnsmasq_domainoverride_edit.php b/src/www/services_dnsmasq_domainoverride_edit.php index 3f9095b93..29ac23273 100644 --- a/src/www/services_dnsmasq_domainoverride_edit.php +++ b/src/www/services_dnsmasq_domainoverride_edit.php @@ -116,6 +116,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $a_domainOverrides[] = $doment; } services_dnsmasq_configure(); + services_dhcpd_configure(); write_config(); header(url_safe('Location: /services_dnsmasq.php')); exit; diff --git a/src/www/system_advanced_admin.php b/src/www/system_advanced_admin.php index b2d64a6a6..4cbb46c5b 100644 --- a/src/www/system_advanced_admin.php +++ b/src/www/system_advanced_admin.php @@ -253,7 +253,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { system_login_configure(); system_hosts_generate(); services_dhcpleases_configure(); - services_dnsmasq_configure(false); + services_dnsmasq_configure(); services_unbound_configure(); services_dhcpd_configure(); diff --git a/src/www/system_general.php b/src/www/system_general.php index 75824508c..16db4941d 100644 --- a/src/www/system_general.php +++ b/src/www/system_general.php @@ -227,7 +227,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { system_hosts_generate(); services_dhcpleases_configure(); system_resolvconf_generate(); - services_dnsmasq_configure(false); + services_dnsmasq_configure(); services_unbound_configure(); services_dhcpd_configure(); system_timezone_configure();