From a4b4db95b36c85fb3637f089f64a25db8019b75a Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sat, 24 Nov 2018 15:13:57 +0100 Subject: [PATCH] dnsmasq: add DNSSEC option, several cleanups; closes #2275 * As discussed a long time ago stop mentioning "DNS Forwarder" * Remove strong tags from Dnsmasq form * DNSSEC option, off by default * Some GUI elements flattened * Advanced button tweaks Tested using: http://en.conn.internet.nl/connection/ --- src/etc/inc/plugins.inc.d/dnsmasq.inc | 6 + src/www/services_dhcp.php | 11 +- src/www/services_dhcp_edit.php | 2 +- src/www/services_dhcpv6.php | 2 +- src/www/services_dnsmasq.php | 196 +++++++++++---------- src/www/services_dnsmasq_edit.php | 54 +++--- src/www/services_router_advertisements.php | 2 +- src/www/services_unbound.php | 2 +- src/www/system_general.php | 54 +++--- 9 files changed, 167 insertions(+), 162 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/dnsmasq.inc b/src/etc/inc/plugins.inc.d/dnsmasq.inc index a20b78edd..7d43ad1c8 100644 --- a/src/etc/inc/plugins.inc.d/dnsmasq.inc +++ b/src/etc/inc/plugins.inc.d/dnsmasq.inc @@ -182,6 +182,12 @@ function dnsmasq_configure_do($verbose = false) $args .= " --domain-needed "; } + if (!empty($config['dnsmasq']['dnssec'])) { + $args .= ' --dnssec '; + $args .= ' --trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 '; + $args .= ' --trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D '; + } + if (!empty($config['dnsmasq']['custom_options'])) { foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) { $args .= " " . escapeshellarg("--{$c}"); diff --git a/src/www/services_dhcp.php b/src/www/services_dhcp.php index c5a599c15..db81a4ec5 100644 --- a/src/www/services_dhcp.php +++ b/src/www/services_dhcp.php @@ -775,7 +775,7 @@ include("head.inc");
@@ -1101,15 +1101,6 @@ include("head.inc"); " /> - - - ', '', - '',''); ?> - - diff --git a/src/www/services_dhcp_edit.php b/src/www/services_dhcp_edit.php index be0ce05ce..ef5580de5 100644 --- a/src/www/services_dhcp_edit.php +++ b/src/www/services_dhcp_edit.php @@ -411,7 +411,7 @@ include("head.inc");
diff --git a/src/www/services_dhcpv6.php b/src/www/services_dhcpv6.php index 036f4d1fa..19ed0c2ca 100644 --- a/src/www/services_dhcpv6.php +++ b/src/www/services_dhcpv6.php @@ -555,7 +555,7 @@ if (isset($config['interfaces'][$if]['dhcpd6track6allowoverride'])) {
diff --git a/src/www/services_dnsmasq.php b/src/www/services_dnsmasq.php index da71a1e7e..6b9699384 100644 --- a/src/www/services_dnsmasq.php +++ b/src/www/services_dnsmasq.php @@ -1,32 +1,31 @@ - Copyright (C) 2003-2004 Manuel Kasper - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + * Copyright (C) 2014-2016 Deciso B.V. + * Copyright (C) 2003-2004 Bob Zoller + * Copyright (C) 2003-2004 Manuel Kasper + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("interfaces.inc"); @@ -49,6 +48,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $pconfig['domain_needed'] = isset($config['dnsmasq']['domain_needed']); $pconfig['no_private_reverse'] = isset($config['dnsmasq']['no_private_reverse']); $pconfig['strictbind'] = isset($config['dnsmasq']['strictbind']); + $pconfig['dnssec'] = isset($config['dnsmasq']['dnssec']); // simple text types $pconfig['port'] = !empty($config['dnsmasq']['port']) ? $config['dnsmasq']['port'] : ""; $pconfig['custom_options'] = !empty($config['dnsmasq']['custom_options']) ? $config['dnsmasq']['custom_options'] : ""; @@ -69,7 +69,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $unbound_port = empty($config['unbound']['port']) ? "53" : $config['unbound']['port']; $dnsmasq_port = empty($pconfig['port']) ? "53" : $pconfig['port']; if (!empty($pconfig['enable']) && isset($config['unbound']['enable']) && $dnsmasq_port == $unbound_port) { - $input_errors[] = gettext("The DNS Resolver is still active. Disable it before enabling the DNS Forwarder."); + $input_errors[] = gettext('Unbound is still active on the same port. Disable it before enabling Dnsmasq.'); } if (!empty($pconfig['custom_options'])) { @@ -93,6 +93,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $config['dnsmasq']['domain_needed'] = !empty($pconfig['domain_needed']); $config['dnsmasq']['no_private_reverse'] = !empty($pconfig['no_private_reverse']); $config['dnsmasq']['strictbind'] = !empty($pconfig['strictbind']); + $config['dnsmasq']['dnssec'] = !empty($pconfig['dnssec']); if (!empty($pconfig['regdhcpdomain'])) { $config['dnsmasq']['regdhcpdomain'] = $pconfig['regdhcpdomain']; } elseif (isset($config['dnsmasq']['regdhcpdomain'])) { @@ -158,6 +159,7 @@ include("head.inc"); //", + title: "", message: "", buttons: [{ label: "", @@ -194,7 +196,7 @@ $( document ).ready(function() { // delete single BootstrapDialog.show({ type:BootstrapDialog.TYPE_DANGER, - title: "", + title: "", message: "", buttons: [{ label: "", @@ -222,7 +224,7 @@ $( document ).ready(function() { 0) print_input_errors($input_errors); ?>
- " . gettext("You must apply the changes in order for them to take effect."));?>
+ " . gettext("You must apply the changes in order for them to take effect."));?>
@@ -230,7 +232,7 @@ $( document ).ready(function() {
- + + + + + @@ -271,10 +280,10 @@ $( document ).ready(function() { + + + + + + + + + + + - + @@ -390,10 +398,10 @@ $( document ).ready(function() {
@@ -240,18 +242,25 @@ $( document ).ready(function() { /> - + +
+ /> +
/> - +
/> - + @@ -284,7 +293,7 @@ $( document ).ready(function() { /> - + - - - - - - - - - - -
- /> - - -
- /> - - -
- /> - - -
+ /> + + +
+ /> + + +
+ /> + +
- /> + /> @@ -357,28 +362,31 @@ $( document ).ready(function() { -
+
/> - -
-
> - " /> - +
> +
-
> -
-
- +
> + +
+
- - Copyright (C) 2003-2004 Manuel Kasper - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + * Copyright (C) 2014-2016 Deciso B.V. + * Copyright (C) 2003-2004 Bob Zoller + * Copyright (C) 2003-2004 Manuel Kasper + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("services.inc"); @@ -180,7 +180,7 @@ include("head.inc");
- +
diff --git a/src/www/services_router_advertisements.php b/src/www/services_router_advertisements.php index 0b13310d6..3217598f5 100644 --- a/src/www/services_router_advertisements.php +++ b/src/www/services_router_advertisements.php @@ -361,7 +361,7 @@ include("head.inc");

/> diff --git a/src/www/services_unbound.php b/src/www/services_unbound.php index adf1f5a3d..d862a1b57 100644 --- a/src/www/services_unbound.php +++ b/src/www/services_unbound.php @@ -70,7 +70,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $unbound_port = empty($pconfig['port']) ? "53" : $pconfig['port']; $dnsmasq_port = empty($config['dnsmasq']['port']) ? "53" : $config['dnsmasq']['port']; if (isset($pconfig['enable']) && isset($config['dnsmasq']['enable']) && $unbound_port == $dnsmasq_port) { - $input_errors[] = gettext("The DNS Forwarder is still active. Disable it before enabling the DNS Resolver."); + $input_errors[] = gettext('Dnsmasq is still active on the same port. Disable it before enabling Unbound.'); } if (!empty($pconfig['regdhcpdomain']) && !is_domain($pconfig['regdhcpdomain'])) { $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'."); diff --git a/src/www/system_general.php b/src/www/system_general.php index 0ab5e0505..e812d7cf4 100644 --- a/src/www/system_general.php +++ b/src/www/system_general.php @@ -1,31 +1,31 @@ - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + * Copyright (C) 2014-2015 Deciso B.V. + * Copyright (C) 2003-2004 Manuel Kasper + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("filter.inc"); @@ -395,7 +395,7 @@ include("head.inc");