From a0fca2cc2ffe97d3b354eaff1cd794beb702e9e5 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 4 Mar 2025 11:31:38 +0100 Subject: [PATCH] Services: Dnsmasq DNS & DHCP - reorganize general dhcp settings, add nosync to it and ranges so we can test the new nosync approach. for https://github.com/opnsense/core/issues/8329 --- src/etc/inc/plugins.inc.d/dnsmasq.inc | 2 +- .../Dnsmasq/forms/dialogDHCPrange.xml | 6 +++ .../OPNsense/Dnsmasq/forms/general.xml | 18 ++++++--- .../app/models/OPNsense/Dnsmasq/Dnsmasq.xml | 38 ++++++++++--------- .../templates/OPNsense/Dnsmasq/dnsmasq.conf | 18 +++++---- 5 files changed, 51 insertions(+), 31 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/dnsmasq.inc b/src/etc/inc/plugins.inc.d/dnsmasq.inc index 7625d1dde..63fe8600f 100644 --- a/src/etc/inc/plugins.inc.d/dnsmasq.inc +++ b/src/etc/inc/plugins.inc.d/dnsmasq.inc @@ -101,7 +101,7 @@ function dnsmasq_firewall(\OPNsense\Firewall\Plugin $fw) global $config; $mdl = new \OPNsense\Dnsmasq\Dnsmasq(); - if (!$mdl->enable->isEmpty() && !$mdl->dhcp_default_fw_rules->isEmpty()) { + if (!$mdl->enable->isEmpty() && !$mdl->dhcp->default_fw_rules->isEmpty()) { $dhcp_ifs = $mdl->getDhcpInterfaces(); if (empty($dhcp_ifs)) { return; diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/dialogDHCPrange.xml b/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/dialogDHCPrange.xml index 958275730..bb9535afd 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/dialogDHCPrange.xml +++ b/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/dialogDHCPrange.xml @@ -44,6 +44,12 @@ text Offer the specified domain to machines in this range. + + range.nosync + + checkbox + Ignore this range from being transfered or updated by ha sync. + range.description diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/general.xml b/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/general.xml index 42b63d73e..cb699d15f 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/general.xml +++ b/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/general.xml @@ -111,7 +111,7 @@ - dnsmasq.no_dhcp_interface + dnsmasq.dhcp.no_interface select_multiple true @@ -120,13 +120,13 @@ - dnsmasq.dhcp_fqdn + dnsmasq.dhcp.fqdn checkbox In the default mode, we insert the unqualified names of DHCP clients into the DNS, in which case they have to be unique. Using this option the unqualified name is no longer put in the DNS, only the qualified name. - dnsmasq.dhcp_lease_max + dnsmasq.dhcp.lease_max text 1000 @@ -134,23 +134,29 @@ Limits dnsmasq to the specified maximum number of DHCP leases. This limit is to prevent DoS attacks from hosts which create thousands of leases and use lots of memory in the dnsmasq process. - dnsmasq.dhcp_authoritative + dnsmasq.dhcp.authoritative checkbox Should be set when dnsmasq is definitely the only DHCP server on a network. For DHCPv4, it changes the behaviour from strict RFC compliance so that DHCP requests on unknown leases from unknown hosts are not ignored. - dnsmasq.dhcp_reply_delay + dnsmasq.dhcp.reply_delay text Delays sending DHCPOFFER and PROXYDHCP replies for at least the specified number of seconds. This can be practical for split dhcp solutions, to make sure the secondary server answers slower than the primary. - dnsmasq.dhcp_default_fw_rules + dnsmasq.dhcp.default_fw_rules checkbox Automatically register firewall rules to allow dhcp traffic for all explicitly selected interfaces, can be disabled for more fine grained control if needed. Changes are only effective after a firewall service restart (see system diagnostics). + + dnsmasq.dhcp.nosync + + checkbox + Ignore the dhcp general settings from being updated using ha sync. + header diff --git a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml index e72ec3efe..6973113b9 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml +++ b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml @@ -1,6 +1,6 @@ /dnsmasq - 1.0.1 + 1.0.2 @@ -33,22 +33,25 @@ 0 - - Y - - - - 0 - - - - Y - 1 - - - 0 - 60 - + + + Y + + + + 0 + + + + Y + 1 + + + 0 + 60 + + + Y 1 @@ -153,6 +156,7 @@ Y N + diff --git a/src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf b/src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf index 7b22edf24..5add98df4 100644 --- a/src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf +++ b/src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf @@ -18,23 +18,27 @@ port={{ dnsmasq.port }} interface={{helpers.physical_interfaces(dnsmasq.interface.split(','))|join(',')}} {% endif %} -{% if dnsmasq.no_dhcp_interface %} +{% if dnsmasq.dhcp.no_interface %} # If you want dnsmasq to provide only DNS service on an interface, # configure it as shown above, and then use the following line to # disable DHCP and TFTP on it. -no-dhcp-interface={{helpers.physical_interfaces(dnsmasq.no_dhcp_interface.split(','))|join(',')}} +no-dhcp-interface={{helpers.physical_interfaces(dnsmasq.dhcp.no_interface.split(','))|join(',')}} {% endif %} -{% if dnsmasq.dhcp_lease_max %} -dhcp-lease-max={{dnsmasq.dhcp_lease_max}} +{% if dnsmasq.dhcp.lease_max %} +dhcp-lease-max={{dnsmasq.dhcp.lease_max}} {% endif %} -{% if dnsmasq.dhcp_fqdn == '1' %} +{% if dnsmasq.dhcp.fqdn == '1' %} dhcp-fqdn {% endif %} -{% if dnsmasq.dhcp_reply_delay %} -dhcp-reply-delay={{dnsmasq.dhcp_reply_delay}} +{% if dnsmasq.dhcp.authoritative == '1' %} +dhcp-authoritative +{% endif %} + +{% if dnsmasq.dhcp.reply_delay %} +dhcp-reply-delay={{dnsmasq.dhcp.reply_delay}} {% endif %}