Try to avoid touching default routes in dhclient-script which we
already partially do now. PPPoE linkdown certainly doesn't need
to handle the file as well to remove the default route then.
if bad input files are given, the root.key repair is triggered, which doesn't
make a lot of sense so just let unbound fail when this happens.
also remove the redirect to /dev/null to prevent possible file permission issues.
In situations where a cache does not exist (mainly boot), a start/stop/restart of unbound
should make the system aware of the current dnsbl configuration in order to properly diff
on it. This includes unbound starting on boot.
Small addition to https://github.com/opnsense/core/pull/6050:
- Move private/insecure domains to advanced as its intended use has a larger scope than DNSBLs only. Fixes https://github.com/opnsense/core/issues/5256
- Extends the migration to also include these domains.
- leftover cleanup of legacy settings in migration.
- Adds the `serve-expired-reply-ttl`, `serve-expired-ttl`, `serve-expired-ttl-reset`, `serve-expired-client-timeout` options. These options are hidden until the `serve-expired` checkbox is checked, and indented to signify a relationship.
- Removes all dropdowns and instead provides numeric fields to input raw values for more control and less "guessing" of what is acceptable.
- Removes default settings to prevent mismatches with upstream in the future. It's probably best to refer to the Unbound documentation in our own documentation.
- Previously, `rrset-cache-size` and `outgoing-range` were implicitly set. These are now input fields. The migration code will take care of legacy setting assumptions.
Fixes https://github.com/opnsense/core/issues/5978
Fixes https://github.com/opnsense/core/issues/5795
While here, simplify code as well, only store validation output (size, fingerprint) in model itself, although it would be cleaner to send this information via the controller (as overlay), it would mean duplicate work here.
Found while testing https://github.com/opnsense/core/issues/5636
In some cases early DNS works with direct upstream queries for
fixed DNS servers. For DHCP or other dynamic connectivity it
will likely never work as expected with interface-related host
lookup requests.
At least try to load /etc/resolv.conf along with /etc/hosts and
refresh when all interface configuration is active. This needs
to rely on running configuration to pick up DHCP and the like
as said before.
Adds a bit of code on the initialization but allows to trace the
information without magic globals.
Has been on the wishlist forever, but nowadays it's simple enough
to replace the few instances using it.
opnsense-update -K will handle subscription key return if found.
Fetch the license metadata if it exists, move it to core version
meta file and handle the contents dymanically if it exists.
The only issue for later is that changing the mirror away from
business we have a lingering license file until the next check
for updates is done.
Extends check.sh to fetch license json file when a uuid is found and flush this to /usr/local/opnsense/license.json.
The firmware page adds a license validity row, which is hidden by default and only shown when product.php returns 'product_license_valid_to'.
For the dashboard widget we'll add the "licensed until" string to the core product string when available.
