lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Unbound: migrate General page to MVC (#6418)

Browse Source
This commit is contained in:
Stephan de Wit 2023-03-15 13:00:22 +01:00 committed by GitHub
parent 03ac997fa4
commit 5492d4477c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 550 additions and 481 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plist
View File

@ -415,6 +415,7 @@
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/DnsblController.php
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/DotController.php
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/ForwardController.php
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/GeneralController.php
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/OverridesController.php
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/OverviewController.php
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/StatsController.php
@ -425,6 +426,7 @@
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dialogHostOverride.xml
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dnsbl.xml
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/forwarding.xml
/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/general.xml
/usr/local/opnsense/mvc/app/library/Google/API/Drive.php
/usr/local/opnsense/mvc/app/library/OPNsense/Auth/API.php
/usr/local/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php
@ -654,12 +656,14 @@
/usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/FieldTypes/UnboundDomainField.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/FieldTypes/UnboundInterfaceField.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/FieldTypes/UnboundServerField.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Migrations/M1_0_0.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Migrations/M1_0_1.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Migrations/M1_0_2.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Migrations/M1_0_3.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Migrations/M1_0_5.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.php
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
/usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/clients.volt
@ -718,6 +722,7 @@
/usr/local/opnsense/mvc/app/views/OPNsense/Unbound/advanced.volt
/usr/local/opnsense/mvc/app/views/OPNsense/Unbound/dnsbl.volt
/usr/local/opnsense/mvc/app/views/OPNsense/Unbound/dot.volt
/usr/local/opnsense/mvc/app/views/OPNsense/Unbound/general.volt
/usr/local/opnsense/mvc/app/views/OPNsense/Unbound/overrides.volt
/usr/local/opnsense/mvc/app/views/OPNsense/Unbound/overview.volt
/usr/local/opnsense/mvc/app/views/OPNsense/Unbound/stats.volt
@ -1952,7 +1957,6 @@
/usr/local/www/services_ntpd_pps.php
/usr/local/www/services_opendns.php
/usr/local/www/services_router_advertisements.php
/usr/local/www/services_unbound.php
/usr/local/www/services_unbound_acls.php
/usr/local/www/status_dhcp_leases.php
/usr/local/www/status_dhcpv6_leases.php

13
src/etc/inc/plugins.inc.d/dhcpd.inc
View File

@ -169,6 +169,8 @@ function dhcpd_radvd_configure($verbose = false, $blacklist = [])
/* Process all links which need the router advertise daemon */
$radvdifs = array();
$unbound_enabled = !empty((string)(new \OPNsense\Unbound\Unbound())->general->enabled);
/* handle manually configured DHCP6 server settings first */
foreach (config_read_array('dhcpdv6') as $dhcpv6if => $dhcpv6ifconf) {
if (isset($config['interfaces'][$dhcpv6if]['track6-interface']) && !isset($config['interfaces'][$dhcpv6if]['dhcpd6track6allowoverride'])) {
@ -353,7 +355,7 @@ function dhcpd_radvd_configure($verbose = false, $blacklist = [])
$dnslist_tmp = $dhcpv6ifconf['dnsserver'];
} elseif (!isset($dhcpv6ifconf['rasamednsasdhcp6']) && !empty($dhcpv6ifconf['radnsserver'][0])) {
$dnslist_tmp = $dhcpv6ifconf['radnsserver'];
} elseif (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
} elseif (isset($config['dnsmasq']['enable']) || $unbound_enabled) {
if (is_ipaddrv6($ifcfgipv6)) {
$dnslist_tmp[] = $ifcfgipv6;
} else {
@ -448,7 +450,7 @@ function dhcpd_radvd_configure($verbose = false, $blacklist = [])
$networkv6 = '::/64';
}
if (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
if (isset($config['dnsmasq']['enable']) || $unbound_enabled) {
if (is_ipaddrv6($ifcfgipv6)) {
$dnslist[] = $ifcfgipv6;
} else {
@ -686,6 +688,7 @@ EOPP;
$iflist = get_configured_interface_with_descr();
$gwObject = new \OPNsense\Routing\Gateways($ifconfig_details);
$unbound_enabled = !empty((string)(new \OPNsense\Unbound\Unbound())->general->enabled);
foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) {
if (!isset($dhcpifconf['enable']) || !isset($iflist[$dhcpif])) {
@ -743,7 +746,7 @@ EOPP;
if (!empty($newzone['domain-name'])) {
$newzone['dns-servers'] = $dhcpifconf['dnsserver'];
}
} elseif (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
} elseif (isset($config['dnsmasq']['enable']) || $unbound_enabled) {
$dnscfg .= " option domain-name-servers {$ifcfgip};";
if (!empty($newzone['domain-name'])) {
$newzone['dns-servers'] = [$ifcfgip];
@ -1409,6 +1412,8 @@ EOD;
$ddns_zones = [];
$need_ddns_updates = false;
$unbound_enabled = !empty((string)(new \OPNsense\Unbound\Unbound())->general->enabled);
foreach ($dhcpdv6cfg as $dhcpv6if => $dhcpv6ifconf) {
if (!isset($dhcpv6ifconf['enable']) || !isset($iflist[$dhcpv6if])) {
continue;
@ -1459,7 +1464,7 @@ EOD;
if (isset($dhcpv6ifconf['dnsserver'][0])) {
$dnscfgv6 .= " option dhcp6.name-servers " . join(",", $dhcpv6ifconf['dnsserver']) . ";";
} elseif (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
} elseif (isset($config['dnsmasq']['enable']) || $unbound_enabled) {
$dnscfgv6 .= " option dhcp6.name-servers {$ifcfgipv6};";
} elseif (!empty($dns_arrv6)) {
$dnscfgv6 .= " option dhcp6.name-servers " . join(",", $dns_arrv6) . ";";

94
src/etc/inc/plugins.inc.d/unbound.inc
View File

@ -32,9 +32,8 @@
function unbound_enabled()
{
global $config;
return isset($config['unbound']['enable']);
$mdl = new \OPNsense\Unbound\Unbound();
return !empty((string)$mdl->general->enabled);
}
function unbound_configure()
@ -103,11 +102,11 @@ function unbound_optimization()
function unbound_service_stop()
{
global $config;
$mdl = new \OPNsense\Unbound\Unbound();
mwexec('/usr/local/bin/flock -E 0 -o /tmp/unbound_start.lock true');
if (empty($config['unbound']['cacheflush'])) {
if (empty((string)$mdl->general->cacheflush)) {
if (isvalidpid('/var/run/unbound.pid')) {
configd_run('unbound cache dump');
}
@ -115,9 +114,9 @@ function unbound_service_stop()
unbound_cache_flush();
}
killbypid('/var/run/unbound_logger.pid', 'TERM', true);
killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true);
killbypid('/var/run/unbound.pid', 'TERM', true);
killbypid('/var/run/unbound_logger.pid');
killbypid('/var/run/unbound_dhcpd.pid');
killbypid('/var/run/unbound.pid');
mwexecf('/sbin/umount %s', '/var/unbound/dev', true);
mwexecf('/sbin/umount %s', '/var/unbound/usr/local/lib/' . readlink('/usr/local/bin/python3'), true);
@ -126,6 +125,7 @@ function unbound_service_stop()
function unbound_generate_config()
{
global $config;
$general = config_read_array('OPNsense', 'unboundplus', 'general');
$pythonv = readlink('/usr/local/bin/python3');
$python_dir = "/usr/local/lib/{$pythonv}";
@ -146,17 +146,17 @@ function unbound_generate_config()
$anchor_file = '';
$dns64_config = '';
if (isset($config['unbound']['dns64'])) {
if (!empty($config['unbound']['dns64prefix'])) {
$dns64_config .= "\ndns64-prefix: {$config['unbound']['dns64prefix']}";
if (!empty($general['dns64'])) {
if (!empty($general['dns64prefix'])) {
$dns64_config .= "\ndns64-prefix: {$general['dns64prefix']}";
}
if (isset($config['unbound']['noarecords'])) {
if (!empty($general['noarecords'])) {
$module_config .= 'respip ';
$dns64_config .= "\nresponse-ip: 0.0.0.0/0 redirect";
}
$module_config .= 'dns64 ';
}
if (isset($config['unbound']['dnssec'])) {
if (!empty($general['dnssec'])) {
$module_config .= 'validator iterator';
$anchor_file = 'auto-trust-anchor-file: /var/unbound/root.key';
} else {
@ -174,8 +174,8 @@ function unbound_generate_config()
}
$bindints = '';
if (!empty($config['unbound']['active_interface'])) {
$active_interfaces = explode(',', $config['unbound']['active_interface']);
if (!empty($general['active_interface'])) {
$active_interfaces = explode(',', $general['active_interface']);
$active_interfaces[] = 'lo0';
$addresses = array();
@ -203,9 +203,9 @@ function unbound_generate_config()
$outgoingints = '';
$ifconfig_details = legacy_interfaces_details();
if (!empty($config['unbound']['outgoing_interface'])) {
if (!empty($general['outgoing_interface'])) {
$outgoingints = "# Outgoing interfaces to be used\n";
$outgoing_interfaces = explode(",", $config['unbound']['outgoing_interface']);
$outgoing_interfaces = explode(",", $general['outgoing_interface']);
foreach ($outgoing_interfaces as $outif) {
$outip = get_interface_ip($outif, $ifconfig_details);
if (!empty($outip)) {
@ -221,12 +221,12 @@ function unbound_generate_config()
unbound_add_host_entries($ifconfig_details);
unbound_acls_config();
$port = is_port($config['unbound']['port'] ?? null) ? $config['unbound']['port'] : '53';
$port = $general['port'] ?? '53';
/* do not touch prefer-ip6 as it is defaulting to 'no' anyway */
$do_ip6 = isset($config['system']['ipv6allow']) ? 'yes' : 'no';
if (isset($config['unbound']['regdhcp'])) {
if (!empty($general['regdhcp'])) {
$include_dhcpleases = 'include: /var/unbound/dhcpleases.conf';
@touch('/var/unbound/dhcpleases.conf');
} else {
@ -352,6 +352,7 @@ function unbound_cache_flush()
function unbound_configure_do($verbose = false, $unused = '')
{
global $config;
$mdl = new \OPNsense\Unbound\Unbound();
unbound_service_stop();
@ -364,15 +365,14 @@ function unbound_configure_do($verbose = false, $unused = '')
unbound_generate_config();
$domain = '';
if (isset($config['unbound']['regdhcp'])) {
if (!empty((string)$mdl->general->regdhcp)) {
$domain = $config['system']['domain'];
if (isset($config['unbound']['regdhcpdomain'])) {
$domain = $config['unbound']['regdhcpdomain'];
if (!empty((string)$mdl->general->regdhcpdomain)) {
$domain = (string)$mdl->general->regdhcpdomain;
}
}
if (isset($config['unbound']['stats'])) {
if (isset($config['unbound']['stats'])) { /* XXX */
@touch('/var/unbound/data/stats');
} else {
@unlink('/var/unbound/data/stats');
@ -388,15 +388,13 @@ function unbound_configure_do($verbose = false, $unused = '')
function unbound_add_host_entries($ifconfig_details = null)
{
global $config;
$general = config_read_array('OPNsense', 'unboundplus', 'general');
$local_zone_type = 'transparent';
$ptr_records = ['127.0.0.1', '::1'];
openlog("unbound", LOG_DAEMON, LOG_LOCAL4);
if (!empty($config['unbound']['local_zone_type'])) {
$local_zone_type = $config['unbound']['local_zone_type'];
}
$local_zone_type = $general['local_zone_type'] ?? 'transparent';
$unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$local_zone_type}\n";
@ -408,13 +406,13 @@ function unbound_add_host_entries($ifconfig_details = null)
$unbound_entries .= "local-data: \"localhost AAAA ::1\"\n";
$unbound_entries .= "local-data: \"localhost.{$config['system']['domain']} AAAA ::1\"\n";
if (!empty($config['unbound']['active_interface'])) {
$interfaces = explode(",", $config['unbound']['active_interface']);
if (!empty($general['active_interface'])) {
$interfaces = explode(",", $general['active_interface']);
} else {
$interfaces = array_keys(get_configured_interface_with_descr());
}
if (empty($config['unbound']['noregrecords'])) {
if (empty($general['noregrecords'])) {
foreach ($interfaces as $interface) {
if ($interface == 'lo0' || substr($interface, 0, 4) == 'ovpn') {
continue;
@ -442,7 +440,7 @@ function unbound_add_host_entries($ifconfig_details = null)
$unbound_entries .= "local-data: \"{$config['system']['hostname']} {$record} {$addr}\"\n";
}
if (empty($config['unbound']['noreglladdr6'])) {
if (empty($general['noreglladdr6'])) {
if (!empty($lladdr6)) {
/* cannot embed scope */
$lladdr6 = explode('%', $lladdr6)[0];
@ -457,7 +455,7 @@ function unbound_add_host_entries($ifconfig_details = null)
}
}
if (isset($config['unbound']['enable_wpad'])) {
if (!empty($general['enable_wpad'])) {
$webui_protocol = !empty($config['system']['webgui']['protocol']) ? $config['system']['webgui']['protocol'] : 'https';
$webui_port = !empty($config['system']['webgui']['port']) ? $config['system']['webgui']['port'] : 443;
// default domain
@ -537,7 +535,7 @@ function unbound_add_host_entries($ifconfig_details = null)
break;
}
if (!empty($alias['description']) && isset($config['unbound']['txtsupport'])) {
if (!empty($alias['description']) && !empty($general['txtsupport'])) {
$unbound_entries .= "local-data: '{$alias['hostname']}{$alias['domain']} TXT \"" . addslashes($alias['description']) . "\"'\n";
}
}
@ -545,7 +543,7 @@ function unbound_add_host_entries($ifconfig_details = null)
}
}
if (isset($config['unbound']['regdhcpstatic'])) {
if (!empty($general['regdhcpstatic'])) {
require_once 'plugins.inc.d/dhcpd.inc'; /* XXX */
foreach (dhcpd_staticmap($config['system']['domain'], $ifconfig_details) as $host) {
@ -560,7 +558,7 @@ function unbound_add_host_entries($ifconfig_details = null)
$unbound_entries .= "local-data-ptr: \"{$host['ipaddrv6']} {$host['hostname']}.{$host['domain']}\"\n";
$unbound_entries .= "local-data: \"{$host['hostname']}.{$host['domain']} IN AAAA {$host['ipaddrv6']}\"\n";
}
if (!empty($host['descr']) && isset($config['unbound']['txtsupport'])) {
if (!empty($host['descr']) && !empty($general['txtsupport'])) {
$unbound_entries .= "local-data: '{$host['hostname']}.{$host['domain']} TXT \"" . addslashes($host['descr']) . "\"'\n";
}
}
@ -575,11 +573,12 @@ function unbound_add_host_entries($ifconfig_details = null)
function unbound_acls_subnets()
{
global $config;
$general = config_read_array('OPNsense', 'unboundplus', 'general');
$any = true;
if (!empty($config['unbound']['active_interface'])) {
$active_interfaces = array_flip(explode(',', $config['unbound']['active_interface']));
if (!empty($general['active_interface'])) {
$active_interfaces = array_flip(explode(',', $general['active_interface']));
$any = false;
} else {
$active_interfaces = get_configured_interface_with_descr();
@ -651,22 +650,3 @@ function unbound_acls_config()
file_put_contents('/var/unbound/access_lists.conf', $aclcfg);
}
function unbound_local_zone_types()
{
return array(
'' => 'transparent',
'always_nxdomain' => 'always_nxdomain',
'always_refuse' => 'always_refuse',
'always_transparent' => 'always_transparent',
'deny' => 'deny',
'inform' => 'inform',
'inform_deny' => 'inform_deny',
'nodefault' => 'nodefault',
# requires more plumbing:
#'redirect' => 'redirect',
'refuse' => 'refuse',
'static' => 'static',
'typetransparent' => 'typetransparent',
);
}

3
src/etc/inc/system.inc
View File

@ -202,7 +202,8 @@ function system_resolvconf_generate($verbose = false)
$search[] = $syscfg['dnssearchdomain'];
}
if (!isset($syscfg['dnslocalhost']) && (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable']))) {
$unbound = new \OPNsense\Unbound\Unbound();
if (!isset($syscfg['dnslocalhost']) && (isset($config['dnsmasq']['enable']) || !empty((string)$unbound->general->enabled))) {
$resolvconf .= "nameserver 127.0.0.1\n";
}

16
src/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/ServiceController.php
View File

@ -36,7 +36,7 @@ class ServiceController extends ApiMutableServiceControllerBase
{
protected static $internalServiceClass = '\OPNsense\Unbound\Unbound';
protected static $internalServiceTemplate = 'OPNsense/Unbound/*';
protected static $internalServiceEnabled = 'service_enabled';
protected static $internalServiceEnabled = 'general.enabled';
protected static $internalServiceName = 'unbound';
public function dnsblAction()
@ -47,4 +47,18 @@ class ServiceController extends ApiMutableServiceControllerBase
$response = $backend->configdRun(static::$internalServiceName . ' dnsbl');
return array('status' => $response);
}
/**
* Only used on the general page to account for resolver_configure and dhcp hooks
* since these check if unbound is enabled.
*/
public function reconfigureGeneralAction()
{
$this->sessionClose();
$backend = new Backend();
$backend->configdRun('dns reload');
$result = $this->reconfigureAction();
$backend->configdRun('dhcpd restart');
return $result;
}
}

40
src/opnsense/mvc/app/controllers/OPNsense/Unbound/GeneralController.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/*
* Copyright (C) 2023 Deciso B.V.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Unbound;
use OPNsense\Base\IndexController;
class GeneralController extends IndexController
{
public function indexAction()
{
$this->view->generalForm = $this->getForm('general');
$this->view->pick('OPNsense/Unbound/general');
}
}

139
src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/general.xml Normal file
View File

@ -0,0 +1,139 @@
<form>
<field>
<id>unbound.general.enabled</id>
<label>Enable Unbound</label>
<type>checkbox</type>
</field>
<field>
<id>unbound.general.port</id>
<label>Listen Port</label>
<type>text</type>
<help>
The port used for responding to DNS queries. It should normally be left blank unless
another service needs to bind to TCP/UDP port 53.
</help>
</field>
<field>
<id>unbound.general.active_interface</id>
<label>Network Interfaces</label>
<type>select_multiple</type>
<help>
Interface IP addresses used for responding to queries from clients.
If an interface has both IPv4 and IPv6 IPs, both are used.
Queries to other interface IPs not selected below are discarded.
The default behavior is to respond to queries on every available IPv4 and IPv6 address.
</help>
</field>
<field>
<id>unbound.general.dnssec</id>
<label>Enable DNSSEC Support</label>
<type>checkbox</type>
</field>
<field>
<id>unbound.general.dns64</id>
<label>Enable DNS64 Support</label>
<type>checkbox</type>
<help>If this option is set, Unbound will synthesize AAAA records from A records if no actual AAAA records are present.</help>
</field>
<field>
<id>unbound.general.dns64prefix</id>
<label>DNS64 Prefix</label>
<type>text</type>
<hint>64:ff9b::/96</hint>
<help>If no DNS64 prefix is specified, the default prefix 64:ff9b::/96 (RFC 6052) will be used.</help>
</field>
<field>
<id>unbound.general.noarecords</id>
<label>Enable AAAA-only mode</label>
<type>checkbox</type>
<help>If this option is set, Unbound will remove all A records from the answer section of all responses.</help>
</field>
<field>
<id>unbound.general.regdhcp</id>
<label>Register DHCP Leases</label>
<type>checkbox</type>
<help>If this option is set, then machines that specify their hostname when requesting a DHCP lease will be registered in Unbound, so that their name can be resolved.</help>
</field>
<field>
<id>unbound.general.regdhcpdomain</id>
<label>DHCP Domain Override</label>
<type>text</type>
<help>The default domain name to use for DHCP lease registration. If empty, the system domain is used.</help>
</field>
<field>
<id>unbound.general.regdhcpstatic</id>
<label>Register DHCP Static Mappings</label>
<type>checkbox</type>
<help>
<![CDATA[If this option is set, then DHCP static mappings will be registered in Unbound, so that their name can be resolved.
You should also set the domain in <a href="/system_general.php">System: General setup</a> to the proper value.]]>
</help>
</field>
<field>
<id>unbound.general.noreglladdr6</id>
<label>Do not register IPv6 Link-Local addresses</label>
<type>checkbox</type>
<help>
If this option is set, then IPv6 link-local addresses will not be registered in Unbound,
preventing return of unreachable address when more than one listen interface is configured.
</help>
</field>
<field>
<id>unbound.general.noregrecords</id>
<label>Do not register system A/AAAA records</label>
<type>checkbox</type>
<help>
<![CDATA[If this option is set, then no A/AAAA records for the configured listen interfaces will be generated.
If desired, you can manually add them in
<a href="/ui/unbound/overrides/">Unbound DNS: Overrides</a>.
Use this to control which interface IP addresses are mapped to the system host/domain name
as well as to restrict the amount of information exposed in replies to queries for the system host/domain name.]]>
</help>
</field>
<field>
<id>unbound.general.txtsupport</id>
<label>TXT Comment Support</label>
<type>checkbox</type>
<help>If this option is set, then any descriptions associated with Host entries and DHCP Static mappings will create a corresponding TXT record.</help>
</field>
<field>
<id>unbound.general.cacheflush</id>
<label>Flush DNS Cache during reload</label>
<type>checkbox</type>
<help>
If this option is set, the DNS cache will be flushed during each daemon reload.
This is the default behavior for Unbound, but may be undesired when multiple dynamic interfaces require frequent reloading.
</help>
</field>
<field>
<id>unbound.general.local_zone_type</id>
<label>Local Zone Type</label>
<type>dropdown</type>
<help>
<![CDATA[The local zone type used for the system domain.
Type descriptions are available under "local-zone:" in the
<a href="https://nlnetlabs.nl/documentation/unbound/unbound.conf/#local-zone">unbound.conf(5)</a> manual page. The default is 'transparent'.]]>
</help>
</field>
<field>
<id>unbound.general.outgoing_interface</id>
<label>Outgoing Network Interfaces</label>
<type>select_multiple</type>
<advanced>true</advanced>
<help>
Utilize different network interfaces that Unbound will use to send queries to authoritative servers and receive their replies.
By default all interfaces are used. Note that setting explicit outgoing interfaces only works when they are statically configured.
</help>
</field>
<field>
<id>unbound.general.enable_wpad</id>
<label>WPAD Records</label>
<type>checkbox</type>
<advanced>true</advanced>
<help>
If this option is set, CNAME records for the WPAD host of all configured domains will be automatically added
as well as overrides for TXT records for domains. This allows automatic proxy configuration in your network
but you should not enable it if you are not using WPAD or if you want to configure it by yourself.
</help>
</field>
</form>

3
src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
View File

@ -2,7 +2,8 @@
<page-services-dnsresolver>
<name>Services: Unbound DNS: General</name>
<patterns>
<pattern>services_unbound.php*</pattern>
<pattern>ui/unbound/general/*</pattern>
<pattern>api/unbound/general/*</pattern>
</patterns>
</page-services-dnsresolver>
<page-services-dnsresolver-acls>

67
src/opnsense/mvc/app/models/OPNsense/Unbound/FieldTypes/UnboundInterfaceField.php Normal file
View File

@ -0,0 +1,67 @@
<?php
/**
* Copyright (C) 2023 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Unbound\FieldTypes;
use OPNsense\Base\FieldTypes\BaseListField;
use OPNsense\Core\Config;
/**
* Class UnboundDomainField
* @package OPNsense\Unbound\FieldTypes
*/
class UnboundInterfaceField extends BaseListField
{
/**
* Iterate over all interfaces in the configuration and only exclude
* virtual interfaces, except for lo0 (separate assigned loopbacks are not virtual).
*/
public function actionPostLoadingEvent()
{
$config = Config::getInstance()->object();
foreach ($config->interfaces->children() as $key => $node) {
if ((empty($node->virtual) || $key == 'lo0') && !empty($node->enable)) {
$this->internalOptionList[$key] = !empty($node->descr) ? (string)$node->descr : strtoupper($key);
}
}
foreach ($config->openvpn->children() as $mode => $setting) {
if (!empty($setting) && empty((string)$setting->disable)) {
$key = 'ovpn' . substr($mode, 8, 1) . (string)$setting->vpnid;
$type = substr($mode, 8, 6);
$this->internalOptionList[$key] = "OpenVPN {$type} (" . (!empty($setting->description) ?
(string)$setting->description : (string)$setting->vpnid) . ")";
}
}
natcasesort($this->internalOptionList);
}
}

2
src/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml
View File

@ -1,7 +1,7 @@
<menu>
<Services>
<Unbound VisibleName="Unbound DNS" cssClass="fa fa-tags fa-fw">
<General order="10" url="/services_unbound.php"/>
<General order="10" url="/ui/unbound/general/"/>
<Overrides order="20" url="/ui/unbound/overrides/"/>
<Advanced order="30" url="/ui/unbound/advanced/"/>
<ACL VisibleName="Access Lists" order="40" url="/services_unbound_acls.php">

65
src/opnsense/mvc/app/models/OPNsense/Unbound/Migrations/M1_0_5.php Normal file
View File

@ -0,0 +1,65 @@
<?php
/*
* Copyright (C) 2023 Deciso B.V.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Unbound\Migrations;
use OPNsense\Base\BaseModelMigration;
use OPNsense\Core\Config;
class M1_0_5 extends BaseModelMigration
{
public function run($model)
{
$config = Config::getInstance()->object();
$new = [];
foreach ($model->general->iterateItems() as $key => $node) {
if (isset($config->unbound->$key)) {
$new[$key] = $config->unbound->$key;
}
}
if (isset($config->unbound->enable)) {
$new['enabled'] = $config->unbound->enable;
}
$model->general->setNodes($new);
}
public function post($model)
{
$config = Config::getInstance()->object();
foreach ($model->general->iterateItems() as $key => $node) {
if (isset($config->unbound->$key)) {
unset($config->unbound->$key);
}
}
if (isset($config->unbound->enable)) {
unset($config->unbound->enable);
}
}
}

24
src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.php
View File

@ -28,8 +28,32 @@
namespace OPNsense\Unbound;
use Phalcon\Messages\Message;
use OPNsense\Base\BaseModel;
use OPNsense\Core\Config;
class Unbound extends BaseModel
{
public function performValidation($validateFullModel = false)
{
$messages = parent::performValidation($validateFullModel);
$config = Config::getInstance()->object();
// Check if both Unbound is enabled and the assigned port does not clash with the dnsmasq configuration
$enabled = $this->general->enabled;
$port = $this->general->port;
foreach ([$enabled, $port] as $node) {
if ($validateFullModel || $node->isFieldChanged()) {
$dnsmasq_port = !empty((string)$config->dnsmasq->port) ? (string)$config->dnsmasq->port : '53';
if (!empty((string)$enabled) && !empty((string)$config->dnsmasq->enable) && (string)$port == $dnsmasq_port) {
$messages->appendMessage(
new Message(gettext('Dnsmasq is still active on the same port. Disable it before enabling Unbound.'),
'general.'.$node->getInternalXMLTagName())
);
}
}
}
return $messages;
}
}

82
src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
View File

@ -1,11 +1,85 @@
<model>
<mount>//OPNsense/unboundplus</mount>
<description>Unbound configuration</description>
<version>1.0.4</version>
<version>1.0.5</version>
<items>
<service_enabled type="LegacyLinkField">
<Source>unbound.enable</Source>
</service_enabled>
<general>
<enabled type="BooleanField">
<default>1</default>
<Required>Y</Required>
</enabled>
<port type="PortField">
<default>53</default>
<Required>Y</Required>
<BlankDesc>53</BlankDesc>
</port>
<active_interface type=".\UnboundInterfaceField">
<Required>N</Required>
<Multiple>Y</Multiple>
</active_interface>
<dnssec type="BooleanField">
<default>0</default>
</dnssec>
<dns64 type="BooleanField">
<default>0</default>
</dns64>
<dns64prefix type="NetworkField">
<default>64:ff9b::/96</default>
<Required>N</Required>
<NetMaskRequired>Y</NetMaskRequired>
<AddressFamily>ipv6</AddressFamily>
</dns64prefix>
<noarecords type="BooleanField">
<default>0</default>
</noarecords>
<regdhcp type="BooleanField">
<default>0</default>
</regdhcp>
<regdhcpdomain type="TextField">
<Required>N</Required>
<mask>/^(?:(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$/i</mask>
<ValidationMessage>A valid domain must be specified.</ValidationMessage>
</regdhcpdomain>
<regdhcpstatic type="BooleanField">
<default>0</default>
</regdhcpstatic>
<noreglladdr6 type="BooleanField">
<default>0</default>
</noreglladdr6>
<noregrecords type="BooleanField">
<default>0</default>
</noregrecords>
<txtsupport type="BooleanField">
<default>0</default>
</txtsupport>
<cacheflush type="BooleanField">
<default>0</default>
</cacheflush>
<local_zone_type type="OptionField">
<default>transparent</default>
<Required>Y</Required>
<OptionValues>
<opt1 value="transparent">transparent</opt1>
<opt2 value="always_nxdomain">always_nxdomain</opt2>
<opt3 value="always_refuse">always_refuse</opt3>
<opt4 value="always_transparent">always_transparent</opt4>
<opt5 value="deny">deny</opt5>
<opt6 value="inform">inform</opt6>
<opt7 value="inform_deny">inform_deny</opt7>
<opt8 value="nodefault">nodefault</opt8>
<opt9 value="refuse">refuse</opt9>
<opt10 value="static">static</opt10>
<opt11 value="typetransparent">typetransparent</opt11>
</OptionValues>
</local_zone_type>
<outgoing_interface type=".\UnboundInterfaceField">
<Required>N</Required>
<Multiple>Y</Multiple>
</outgoing_interface>
<enable_wpad type="BooleanField">
<default>0</default>
</enable_wpad>
</general>
<advanced>
<hideidentity type="BooleanField">
<default>0</default>

62
src/opnsense/mvc/app/views/OPNsense/Unbound/general.volt Normal file
View File

@ -0,0 +1,62 @@
{#
# Copyright (c) 2023 Deciso B.V.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#}
<script>
$( document ).ready(function() {
var data_get_map = {'frm_GeneralSettings':"/api/unbound/settings/get"};
mapDataToFormUI(data_get_map).done(function(data) {
console.log(data);
formatTokenizersUI();
$('.selectpicker').selectpicker({title: 'All (recommended)'}).selectpicker('render');
$('.selectpicker').selectpicker('refresh');
});
$("#reconfigureAct").SimpleActionButton({
onPreAction: function() {
const dfObj = new $.Deferred();
saveFormToEndpoint("/api/unbound/settings/set", 'frm_GeneralSettings', function(){
dfObj.resolve();
});
return dfObj;
}
});
updateServiceControlUI('unbound');
});
</script>
<div class="content-box" style="padding-bottom: 1.5em;">
{{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_GeneralSettings'])}}
<div class="col-md-12">
<hr/>
<button class="btn btn-primary" id="reconfigureAct"
data-endpoint='/api/unbound/service/reconfigureGeneral'
data-label="{{ lang._('Apply') }}"
data-error-title="{{ lang._('Error reconfiguring unbound') }}"
type="button">
</button>
</div>
</div>

6
src/www/services_dnsmasq.php
View File

@ -82,9 +82,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (isset($pconfig['local_ttl']) && $pconfig['local_ttl'] !== '' && !is_numericint($pconfig['local_ttl'])) {
$input_errors[] = gettext("You must specify a valid TTL for local DNS");
}
$unbound_port = empty($config['unbound']['port']) ? "53" : $config['unbound']['port'];
$unbound_mdl = new \OPNsense\Unbound\Unbound();
$unbound_enabled = (string)$unbound_mdl->general->enabled;
$unbound_port = (string)$unbound_mdl->general->port;
$dnsmasq_port = empty($pconfig['port']) ? "53" : $pconfig['port'];
if (!empty($pconfig['enable']) && isset($config['unbound']['enable']) && $dnsmasq_port == $unbound_port) {
if (!empty($pconfig['enable']) && !empty($unbound_enabled) && $dnsmasq_port == $unbound_port) {
$input_errors[] = gettext('Unbound is still active on the same port. Disable it before enabling Dnsmasq.');
}

409
src/www/services_unbound.php
View File

@ -1,409 +0,0 @@
<?php
/*
* Copyright (C) 2018-2021 Franco Fichtner <franco@opnsense.org>
* Copyright (C) 2018 Fabian Franz
* Copyright (C) 2014-2016 Deciso B.V.
* Copyright (C) 2014 Warren Baker <warren@decoy.co.za>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
require_once("system.inc");
require_once("interfaces.inc");
require_once("plugins.inc.d/unbound.inc");
$a_unboundcfg = &config_read_array('unbound');
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
// boolean values
$pconfig['enable'] = isset($a_unboundcfg['enable']);
$pconfig['enable_wpad'] = isset($a_unboundcfg['enable_wpad']);
$pconfig['dnssec'] = isset($a_unboundcfg['dnssec']);
$pconfig['dns64'] = isset($a_unboundcfg['dns64']);
$pconfig['noarecords'] = isset($a_unboundcfg['noarecords']);
$pconfig['reglladdr6'] = empty($a_unboundcfg['noreglladdr6']);
$pconfig['regdhcp'] = isset($a_unboundcfg['regdhcp']);
$pconfig['regdhcpstatic'] = isset($a_unboundcfg['regdhcpstatic']);
$pconfig['txtsupport'] = isset($a_unboundcfg['txtsupport']);
$pconfig['cacheflush'] = isset($a_unboundcfg['cacheflush']);
$pconfig['noregrecords'] = isset($a_unboundcfg['noregrecords']);
// text values
$pconfig['port'] = !empty($a_unboundcfg['port']) ? $a_unboundcfg['port'] : null;
$pconfig['regdhcpdomain'] = !empty($a_unboundcfg['regdhcpdomain']) ? $a_unboundcfg['regdhcpdomain'] : null;
$pconfig['dns64prefix'] = !empty($a_unboundcfg['dns64prefix']) ? $a_unboundcfg['dns64prefix'] : null;
// array types
$pconfig['active_interface'] = !empty($a_unboundcfg['active_interface']) ? explode(",", $a_unboundcfg['active_interface']) : array();
$pconfig['outgoing_interface'] = !empty($a_unboundcfg['outgoing_interface']) ? explode(",", $a_unboundcfg['outgoing_interface']) : array();
$pconfig['local_zone_type'] = !empty($a_unboundcfg['local_zone_type']) ? $a_unboundcfg['local_zone_type'] : null;
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input_errors = array();
$pconfig = $_POST;
if (!empty($pconfig['apply'])) {
system_resolver_configure();
unbound_configure_do();
plugins_configure('dhcp');
clear_subsystem_dirty('unbound');
header(url_safe('Location: /services_unbound.php'));
exit;
} else {
// perform validations
$unbound_port = empty($pconfig['port']) ? "53" : $pconfig['port'];
$dnsmasq_port = empty($config['dnsmasq']['port']) ? "53" : $config['dnsmasq']['port'];
if (isset($pconfig['enable']) && isset($config['dnsmasq']['enable']) && $unbound_port == $dnsmasq_port) {
$input_errors[] = gettext('Dnsmasq is still active on the same port. Disable it before enabling Unbound.');
}
if (!empty($pconfig['regdhcpdomain']) && !is_domain($pconfig['regdhcpdomain'])) {
$input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'.");
}
if (!empty($pconfig['dns64prefix']) && !is_subnetv6($pconfig['dns64prefix'])) {
$input_errors[] = gettext("You must specify a valid DNS64 prefix.");
}
if (!empty($pconfig['port']) && !is_port($pconfig['port'])) {
$input_errors[] = gettext("You must specify a valid port number.");
}
if (!empty($pconfig['local_zone_type']) && !array_key_exists($pconfig['local_zone_type'], unbound_local_zone_types())) {
$input_errors[] = sprintf(gettext('Local zone type "%s" is not known.'), $pconfig['local_zone_type']);
}
if (count($input_errors) == 0) {
// text types
if (!empty($pconfig['port'])) {
$a_unboundcfg['port'] = $pconfig['port'];
} elseif (isset($a_unboundcfg['port'])) {
unset($a_unboundcfg['port']);
}
if (!empty($pconfig['regdhcpdomain'])) {
$a_unboundcfg['regdhcpdomain'] = $pconfig['regdhcpdomain'];
} elseif (isset($a_unboundcfg['regdhcpdomain'])) {
unset($a_unboundcfg['regdhcpdomain']);
}
if (!empty($pconfig['dns64prefix'])) {
$a_unboundcfg['dns64prefix'] = $pconfig['dns64prefix'];
} elseif (isset($a_unboundcfg['dns64prefix'])) {
unset($a_unboundcfg['dns64prefix']);
}
if (!empty($pconfig['local_zone_type'])) {
$a_unboundcfg['local_zone_type'] = $pconfig['local_zone_type'];
} elseif (isset($a_unboundcfg['local_zone_type'])) {
unset($a_unboundcfg['local_zone_type']);
}
// boolean values
$a_unboundcfg['noregrecords'] = !empty($pconfig['noregrecords']);
$a_unboundcfg['cacheflush'] = !empty($pconfig['cacheflush']);
$a_unboundcfg['dns64'] = !empty($pconfig['dns64']);
$a_unboundcfg['noarecords'] = !empty($pconfig['noarecords']);
$a_unboundcfg['dnssec'] = !empty($pconfig['dnssec']);
$a_unboundcfg['enable'] = !empty($pconfig['enable']);
$a_unboundcfg['enable_wpad'] = !empty($pconfig['enable_wpad']);
$a_unboundcfg['noreglladdr6'] = empty($pconfig['reglladdr6']);
$a_unboundcfg['regdhcp'] = !empty($pconfig['regdhcp']);
$a_unboundcfg['regdhcpstatic'] = !empty($pconfig['regdhcpstatic']);
$a_unboundcfg['txtsupport'] = !empty($pconfig['txtsupport']);
// array types
if (!empty($pconfig['active_interface'])) {
$a_unboundcfg['active_interface'] = implode(',', $pconfig['active_interface']);
} elseif (isset($a_unboundcfg['active_interface'])) {
unset($a_unboundcfg['active_interface']);
}
if (!empty($pconfig['outgoing_interface'])) {
$a_unboundcfg['outgoing_interface'] = implode(',', $pconfig['outgoing_interface']);
} elseif (isset($a_unboundcfg['outgoing_interface'])) {
unset($a_unboundcfg['outgoing_interface']);
}
write_config('Unbound general configuration changed.');
mark_subsystem_dirty('unbound');
header(url_safe('Location: /services_unbound.php'));
exit;
}
}
}
$interfaces = get_configured_interface_with_descr();
foreach (array('server', 'client') as $mode) {
foreach (config_read_array('openvpn', "openvpn-{$mode}") as $id => $setting) {
if (!isset($setting['disable'])) {
$interfaces['ovpn' . substr($mode, 0, 1) . $setting['vpnid']] =
"OpenVPN {$mode} (" . (!empty($setting['description']) ?
$setting['description'] : $setting['vpnid']) . ")";
}
}
}
legacy_html_escape_form_data($pconfig);
$service_hook = 'unbound';
include_once("head.inc");
?>
<body>
<script>
$( document ).ready(function() {
$("#show_advanced_dns").click(function (event) {
event.preventDefault();
$(this).parent().parent().hide();
$(".showadv").show();
$(window).trigger('resize');
});
// show advanced when option set
if ($("#outgoing_interface").val() != '' || $("#enable_wpad").prop('checked')) {
$("#show_advanced_dns").click();
}
});
</script>
<?php include("fbegin.inc"); ?>
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php if (isset($input_errors) && count($input_errors) > 0) print_input_errors($input_errors); ?>
<?php if (is_subsystem_dirty('unbound')): ?><br/>
<?php print_info_box_apply(gettext('The Unbound configuration has been changed.') . ' ' . gettext('You must apply the changes in order for them to take effect.')) ?>
<?php endif; ?>
<form method="post" name="iform" id="iform">
<section class="col-xs-12">
<div class="tab-content content-box col-xs-12">
<div class="table-responsive">
<table class="table table-striped opnsense_standard_table_form">
<tbody>
<tr>
<td style="width:22%"><strong><?= gettext('General options') ?></strong></td>
<td style="width:78%; text-align:right">
<small><?=gettext("full help"); ?> </small>
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page"></i>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Enable");?></td>
<td>
<input name="enable" type="checkbox" value="yes" <?=!empty($pconfig['enable']) ? 'checked="checked"' : '';?> />
<?= gettext('Enable Unbound') ?>
</td>
</tr>
<tr>
<td><a id="help_for_port" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Listen Port");?></td>
<td>
<input name="port" type="text" id="port" placeholder="53" size="6" value="<?=$pconfig['port'];?>" />
<div class="hidden" data-for="help_for_port">
<?=gettext("The port used for responding to DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 53.");?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_active_interface" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Network Interfaces"); ?></td>
<td>
<select name="active_interface[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All (recommended)')) ?>">
<?php foreach ($interfaces as $ifname => $ifdescr): ?>
<option value="<?= html_safe($ifname) ?>" <?=!empty($pconfig['active_interface'][0]) && in_array($ifname, $pconfig['active_interface']) ? 'selected="selected"' : '' ?>><?= html_safe($ifdescr) ?></option>
<?php endforeach ?>
</select>
<div class="hidden" data-for="help_for_active_interface">
<?=gettext("Interface IP addresses used for responding to queries from clients. If an interface has both IPv4 and IPv6 IPs, both are used. Queries to other interface IPs not selected below are discarded. The default behavior is to respond to queries on every available IPv4 and IPv6 address.");?>
</div>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("DNSSEC");?></td>
<td>
<input name="dnssec" type="checkbox" value="yes" <?=!empty($pconfig['dnssec']) ? 'checked="checked"' : '';?> />
<?= gettext('Enable DNSSEC Support') ?>
</td>
</tr>
<tr>
<td><a id="help_for_dns64" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DNS64");?></td>
<td>
<input name="dns64" type="checkbox" id="dns64" value="yes" <?=!empty($pconfig['dns64']) ? 'checked="checked"' : '';?> />
<?= gettext('Enable DNS64 Support') ?>
<div class="hidden" data-for="help_for_dns64">
<?= gettext("If this option is set, Unbound will synthesize AAAA " .
"records from A records if no actual AAAA records are present."); ?>
</div>
<input placeholder="<?=gettext("DNS64 prefix");?>" title="<?=gettext("DNS64 prefix");?>" name="dns64prefix" type="text" id="dns64prefix" value="<?= $pconfig['dns64prefix'] ?>" />
<div class="hidden" data-for="help_for_dns64">
<?= gettext("If no DNS64 prefix is specified, the default prefix " .
"64:ff9b::/96 (RFC 6052) will be used."); ?>
</div>
<input name="noarecords" type="checkbox" id="noarecords" value="yes" <?=!empty($pconfig['noarecords']) ? 'checked="checked"' : '';?> />
<?= gettext('Enable AAAA-only mode') ?>
<div class="hidden" data-for="help_for_dns64">
<?= gettext("If this option is set, Unbound will remove all A " .
"records from the answer section of all responses."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_regdhcp" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DHCP Registration");?></td>
<td>
<input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?=!empty($pconfig['regdhcp']) ? 'checked="checked"' : '';?> />
<?= gettext('Register DHCP leases') ?>
<div class="hidden" data-for="help_for_regdhcp">
<?= gettext("If this option is set, then machines that specify " .
"their hostname when requesting a DHCP lease will be registered " .
"in Unbound, so that their name can be resolved."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_regdhcpdomain" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DHCP Domain Override");?></td>
<td>
<input name="regdhcpdomain" type="text" id="regdhcpdomain" value="<?= $pconfig['regdhcpdomain'] ?>"/>
<div class="hidden" data-for="help_for_regdhcpdomain">
<?= gettext("The default domain name to use for DHCP lease registration. If empty, the system domain is used.") ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_regdhcpstatic" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('DHCP Static Mappings');?></td>
<td>
<input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?=!empty($pconfig['regdhcpstatic']) ? 'checked="checked"' : '';?> />
<?= gettext('Register DHCP static mappings') ?>
<div class="hidden" data-for="help_for_regdhcpstatic">
<?= sprintf(gettext("If this option is set, then DHCP static mappings will ".
"be registered in Unbound, so that their name can be ".
"resolved. You should also set the domain in %s".
"System: General setup%s to the proper value."),'<a href="system_general.php">','</a>');?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_reglladdr6" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('IPv6 Link-local') ?></td>
<td>
<input name="reglladdr6" type="checkbox" id="reglladdr6" value="yes" <?= !empty($pconfig['reglladdr6']) ? 'checked="checked"' : '' ?>/>
<?= gettext('Register IPv6 link-local addresses') ?>
<div class="hidden" data-for="help_for_reglladdr6">
<?= gettext("If this option is unset, then IPv6 link-local " .
"addresses will not be registered in Unbound, preventing " .
"return of unreachable address when more " .
"than one listen interface is configured."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_noregrecords" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('System A/AAAA records') ?></td>
<td>
<input name="noregrecords" type="checkbox" id="noregrecords" value="yes" <?= !empty($pconfig['noregrecords']) ? 'checked="checked"' : '' ?>/>
<?= gettext('Do not register system A/AAAA records') ?>
<div class="hidden" data-for="help_for_noregrecords">
<?= sprintf(gettext("If this option is set, then no A/AAAA records for " .
"the configured listen interfaces will be generated. " .
"If desired, you can manually add them in %sUnbound DNS: Overrides%s. " .
"Use this to control which interface IP addresses are mapped to the system host/domain name " .
"as well as to restrict the amount of information exposed in replies to queries for the system host/domain name ."), '<a href="ui/unbound/overrides/">', '</a>'); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_txtsupport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("TXT Comment Support");?></td>
<td>
<input name="txtsupport" type="checkbox" value="yes" <?=!empty($pconfig['txtsupport']) ? 'checked="checked"' : '';?> />
<?= gettext('Create corresponding TXT records') ?>
<div class="hidden" data-for="help_for_txtsupport">
<?=gettext("If this option is set, then any descriptions associated with Host entries and DHCP Static mappings will create a corresponding TXT record.");?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_cacheflush" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('DNS Cache');?></td>
<td>
<input name="cacheflush" type="checkbox" value="yes" <?=!empty($pconfig['cacheflush']) ? 'checked="checked"' : '';?> />
<?= gettext('Flush DNS cache during reload') ?>
<div class="hidden" data-for="help_for_cacheflush">
<?= gettext('If this option is set, the DNS cache will be flushed during each daemon reload. This is the default behavior for Unbound, but may be undesired when multiple dynamic interfaces require frequent reloading.') ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_local_zone_type" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Local Zone Type"); ?></td>
<td>
<select name="local_zone_type" size="3" class="selectpicker" >
<?php foreach (unbound_local_zone_types() as $value => $name): ?>
<option value="<?= html_safe($value) ?>" <?= $value == $pconfig['local_zone_type'] ? 'selected="selected"' : '' ?>><?= html_safe($name) ?></option>
<?php endforeach ?>
</select>
<div class="hidden" data-for="help_for_local_zone_type">
<?=sprintf(gettext('The local zone type used for the system domain. Type descriptions are available under "local-zone:" in the %sunbound.conf(5)%s manual page. The default is \'transparent\'.'), '<a target="_blank" href="https://nlnetlabs.nl/documentation/unbound/unbound.conf/#local-zone">', '</a>');?>
</div>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Advanced");?></td>
<td>
<button id="show_advanced_dns" class="btn btn-xs btn-default" value="yes"><?= gettext('Show advanced option') ?></button>
</td>
</tr>
<tr class="showadv" style="display:none">
<td><a id="help_for_outgoing_interface" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Outgoing Network Interfaces"); ?></td>
<td>
<select id="outgoing_interface" name="outgoing_interface[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All (recommended)')) ?>">
<?php foreach ($interfaces as $ifname => $ifdescr): ?>
<option value="<?= html_safe($ifname) ?>" <?=!empty($pconfig['outgoing_interface'][0]) && in_array($ifname, $pconfig['outgoing_interface']) ? 'selected="selected"' : '' ?>>
<?= html_safe($ifdescr) ?>
</option>
<?php endforeach ?>
</select>
<div class="hidden" data-for="help_for_outgoing_interface">
<?=gettext("Utilize different network interfaces that Unbound will use to send queries to authoritative servers and receive their replies. By default all interfaces are used. Note that setting explicit outgoing interfaces only works when they are statically configured.");?>
</div>
</td>
</tr>
<tr class="showadv" style="display:none">
<td><a id="help_for_enable_wpad" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("WPAD Records");?></td>
<td>
<input id="enable_wpad" name="enable_wpad" type="checkbox" value="yes" <?=!empty($pconfig['enable_wpad']) ? 'checked="checked"' : '';?> />
<div class="hidden" data-for="help_for_enable_wpad">
<?=gettext("If this option is set, CNAME records for the WPAD host of all configured domains will be automatically added as well as overrides for TXT records for domains. " .
"This allows automatic proxy configuration in your network but you should not enable it if you are not using WPAD or if you want to configure it by yourself.");?><br />
</div>
</td>
</tr>
<tr>
<td></td>
<td>
<input name="submit" type="submit" class="btn btn-primary" value="<?=html_safe(gettext('Save')); ?>" />
</td>
</tr>
<tr>
<td colspan="2">
<?= gettext('If Unbound is enabled, the DHCP'.
' service (if enabled) will automatically serve the LAN IP'.
' address as a DNS server to DHCP clients so they will use'.
' Unbound resolver.');?>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</section>
</form>
</div>
</div>
</section>
<?php include("foot.inc"); ?>