From a556df4a85df41db80b4b4ec22e9f9bfc79f2925 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Sun, 2 Apr 2023 14:17:06 +0200 Subject: [PATCH] Services: Unbound DNS: Overrides / Domain - add forward-tcp-upstream in advanced. closes https://github.com/opnsense/core/issues/6465 --- .../Unbound/forms/dialogDomainOverride.xml | 11 +++++++++++ .../mvc/app/models/OPNsense/Unbound/Unbound.xml | 6 +++++- .../OPNsense/Unbound/core/domainoverrides.conf | 16 +++++++++++----- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dialogDomainOverride.xml b/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dialogDomainOverride.xml index b86ff52d3..3bf3198ed 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dialogDomainOverride.xml +++ b/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dialogDomainOverride.xml @@ -24,6 +24,17 @@ append an '@' with the port number. + + domain.forward_tcp_upstream + + checkbox + true + + Upstream queries use TCP only for transport regardless of global flag tcp-upstream. + Please note this setting applies to the domain, so when multiple forwarders are defined for the same domaine, + all are assumed to use tcp only. + + domain.description diff --git a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml index 33e867232..0103f34da 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml +++ b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml @@ -1,7 +1,7 @@ //OPNsense/unboundplus Unbound configuration - 1.0.5 + 1.0.6 @@ -445,6 +445,10 @@ Y A valid IP must be specified. + + 0 + Y + N /^(.){1,255}$/u diff --git a/src/opnsense/service/templates/OPNsense/Unbound/core/domainoverrides.conf b/src/opnsense/service/templates/OPNsense/Unbound/core/domainoverrides.conf index 088b231be..9c6e904d1 100644 --- a/src/opnsense/service/templates/OPNsense/Unbound/core/domainoverrides.conf +++ b/src/opnsense/service/templates/OPNsense/Unbound/core/domainoverrides.conf @@ -1,17 +1,23 @@ {% if not helpers.empty('OPNsense.unboundplus.domains.domain') %} -{% set forwardlocal = namespace(found=false) %} -{% set prev_domain = namespace(name='') %} +{% set forwardlocal = namespace(found=False) %} +{% set domain_opts = namespace(forward_tcp_upstream=False) %} {% for domain in helpers.toList('OPNsense.unboundplus.domains.domain', 'domain') %} {% if domain.enabled == '1' %} -{% if prev_domain.name != domain.domain %} +{% if not loop.previtem or loop.previtem.domain != domain.domain %} +{% set domain_opts.forward_tcp_upstream = False %} forward-zone: name: "{{ domain.domain }}" -{% set prev_domain.name = domain.domain %} {% if domain.server.startswith('127.') or domain.server == '::1' %} -{% set forwardlocal.found = true %} +{% set forwardlocal.found = True %} {% endif %} +{% set domain_opts.forward_tcp_upstream = domain_opts.forward_tcp_upstream or domain.forward_tcp_upstream == '1' %} {% endif %} forward-addr: {{ domain.server }} +{% if not loop.nextitem or loop.nextitem.domain != domain.domain %} +{% if domain_opts.forward_tcp_upstream %} + forward-tcp-upstream: yes +{% endif %} +{% endif %} {% endif %} {% endfor %} {% if forwardlocal.found %}