diff options
| author | Phil Davis <phil.davis@world.inf.org> | 2013-07-31 03:19:13 -0700 |
|---|---|---|
| committer | Phil Davis <phil.davis@world.inf.org> | 2013-07-31 03:19:13 -0700 |
| commit | 721ea6f4f0502276be7304444f481e702c0041dd (patch) | |
| tree | 4dae32b0e60778ba8c52920054ecd978ba3bdac5 /etc/inc/services.inc | |
| parent | 463cef18157cde3dfd9eb517f224dcccb76780ff (diff) | |
| download | pfsense-721ea6f4f0502276be7304444f481e702c0041dd.zip pfsense-721ea6f4f0502276be7304444f481e702c0041dd.tar.gz | |
Reorder reverse lookup overrides so user-specified ones are effective 2.1
If the user specifies a domain override for 10.in-addr.arpa and also specifies "Do not forward private reverse lookups" then the user-specified entry is not effective. But the code was supposed to allow users to specify individual reverse lookup domain overrides that took precedence.
Re-ordering the placement of the --server entries on the dnsmasq command line fixes this.
Forum: http://forum.pfsense.org/index.php/topic,64986.0.html
Version for 2.1 branch
Diffstat (limited to 'etc/inc/services.inc')
| -rw-r--r-- | etc/inc/services.inc | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 13e41d2..bf1be36 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -1660,16 +1660,9 @@ function services_dnsmasq_configure() { } } - /* Setup forwarded domains */ - if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { - foreach($config['dnsmasq']['domainoverrides'] as $override) { - if ($override['ip'] == "!") - $override[ip] = ""; - $args .= ' --server=/' . $override['domain'] . '/' . $override['ip']; - } - } - - /* If selected, then forward reverse lookups for private IPv4 addresses to nowhere. */ + /* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */ + /* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */ + /* the user-specified entry made later on the command line below will be the one that is effective. */ if (isset($config['dnsmasq']['no_private_reverse'])) { /* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */ /* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */ @@ -1682,6 +1675,15 @@ function services_dnsmasq_configure() { } } + /* Setup forwarded domains */ + if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { + foreach($config['dnsmasq']['domainoverrides'] as $override) { + if ($override['ip'] == "!") + $override[ip] = ""; + $args .= ' --server=/' . $override['domain'] . '/' . $override['ip']; + } + } + /* Allow DNS Rebind for forwarded domains */ if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { if(!isset($config['system']['webgui']['nodnsrebindcheck'])) { |
