diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-11-17 14:47:29 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-11-17 14:47:29 -0200 |
commit | a5a0f61503735d930cda5d2e01f41f7c1ed55c0c (patch) | |
tree | 477edb59f2e3f2473082b741b324051af04ba50f /etc/inc/unbound.inc | |
parent | b39774932aad89c7e1ab1b89f909dee3591294c1 (diff) | |
parent | a0e387a50a313d7402185a978d8df88f11bf23e6 (diff) | |
download | pfsense-a5a0f61503735d930cda5d2e01f41f7c1ed55c0c.zip pfsense-a5a0f61503735d930cda5d2e01f41f7c1ed55c0c.tar.gz |
Merge pull request #1340 from phil-davis/patch-5
Diffstat (limited to 'etc/inc/unbound.inc')
-rw-r--r-- | etc/inc/unbound.inc | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index f6808a0..96c01ca 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -158,9 +158,12 @@ EOF; } // Allow DNS Rebind for forwarded domains - if ((isset($config['unbound']['domainoverrides']) && is_array($config['unbound']['domainoverrides'])) && !isset($config['system']['webgui']['nodnsrebindcheck'])) { - $private_domains = "# Set private domains in case authoritative name server returns a Private IP address\n"; - $private_domains .= unbound_add_domain_overrides(true); + if (isset($config['unbound']['domainoverrides']) && is_array($config['unbound']['domainoverrides'])) { + if (!isset($config['system']['webgui']['nodnsrebindcheck'])) { + $private_domains = "# Set private domains in case authoritative name server returns a Private IP address\n"; + $private_domains .= unbound_add_domain_overrides("private"); + } + $reverse_zones .= unbound_add_domain_overrides("reverse"); } // Configure static Host entries @@ -246,6 +249,7 @@ EOD; # Server configuration ## server: +{$reverse_zones} chroot: {$g['unbound_chroot_path']} username: "unbound" directory: "{$g['unbound_chroot_path']}" @@ -435,7 +439,7 @@ function do_as_unbound_user($cmd) { } } -function unbound_add_domain_overrides($pvt=false) { +function unbound_add_domain_overrides($pvt_rev="") { global $config, $g; $domains = $config['unbound']['domainoverrides']; @@ -452,9 +456,13 @@ function unbound_add_domain_overrides($pvt=false) { // Domain overrides that have multiple entries need multiple stub-addr: added $domain_entries = ""; foreach($result as $domain=>$ips) { - if ($pvt == true) { + if ($pvt_rev == "private") { $domain_entries .= "private-domain: \"$domain\"\n"; $domain_entries .= "domain-insecure: \"$domain\"\n"; + } else if ($pvt_rev == "reverse") { + if ((substr($domain,-14) == ".in-addr.arpa.") || (substr($domain,-13) == ".in-addr.arpa")) { + $domain_entries .= "local-zone: \"$domain\" typetransparent\n"; + } } else { $domain_entries .= "stub-zone:\n"; $domain_entries .= "\tname: \"$domain\"\n"; @@ -464,7 +472,7 @@ function unbound_add_domain_overrides($pvt=false) { } } - if ($pvt == true) + if ($pvt_rev != "") return $domain_entries; else file_put_contents("{$g['unbound_chroot_path']}/domainoverrides.conf", $domain_entries); |