diff options
author | Robbert Rijkse <robbert@rijkse.me> | 2017-05-06 15:23:34 -0400 |
---|---|---|
committer | Robbert Rijkse <robbert@rijkse.me> | 2017-05-06 15:23:34 -0400 |
commit | 409165fde88e11eb057173c5d223eedc79d8d13c (patch) | |
tree | b7d324c9f2f6618fc77f8be5d069f624974aee53 /src | |
parent | 1ba646755d1d62ad7ca1aa75b9c7e5adee7d1260 (diff) | |
download | pfsense-409165fde88e11eb057173c5d223eedc79d8d13c.zip pfsense-409165fde88e11eb057173c5d223eedc79d8d13c.tar.gz |
Unbound: Added ability to disable automatically added host entries
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/unbound.inc | 50 | ||||
-rw-r--r-- | src/usr/local/www/services_unbound_advanced.php | 18 |
2 files changed, 47 insertions, 21 deletions
diff --git a/src/etc/inc/unbound.inc b/src/etc/inc/unbound.inc index 6b998df..6185f63 100644 --- a/src/etc/inc/unbound.inc +++ b/src/etc/inc/unbound.inc @@ -539,31 +539,39 @@ function unbound_add_domain_overrides($pvt_rev="", $cfgsubdir = "") { function unbound_add_host_entries($cfgsubdir = "") { global $config, $g; - // Make sure the config setting is a valid unbound local zone type. If not use "transparent". - if (array_key_exists($config['unbound']['system_domain_local_zone_type'], unbound_local_zone_types())) { - $system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type']; - } else { - $system_domain_local_zone_type = "transparent"; - } - - $unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$system_domain_local_zone_type}\n"; - - $hosts = system_hosts_entries($config['unbound']); - $added_ptr = array(); - foreach ($hosts as $host) { - if (is_ipaddrv4($host['ipaddr'])) { - $type = 'A'; - } else if (is_ipaddrv6($host['ipaddr'])) { - $type = 'AAAA'; + // Check if auto add host entries is not set + if (!isset($config['unbound']['disable_auto_added_host_entries'])) { + // Make sure the config setting is a valid unbound local zone type. If not use "transparent". + if (array_key_exists($config['unbound']['system_domain_local_zone_type'], unbound_local_zone_types())) { + $system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type']; } else { - continue; + $system_domain_local_zone_type = "transparent"; } - if (!$added_ptr[$host['ipaddr']]) { - $unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n"; - $added_ptr[$host['ipaddr']] = true; + $unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$system_domain_local_zone_type}\n"; + + $hosts = system_hosts_entries($config['unbound']); + $added_ptr = array(); + foreach ($hosts as $host) { + if (is_ipaddrv4($host['ipaddr'])) { + $type = 'A'; + } else if (is_ipaddrv6($host['ipaddr'])) { + $type = 'AAAA'; + } else { + continue; + } + + if (!$added_ptr[$host['ipaddr']]) { + $unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n"; + $added_ptr[$host['ipaddr']] = true; + } + $unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n"; } - $unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n"; + } + else { + // Adds a comment to the file to make it clear it's there for a reason and to clear the file + // when the user enables this option. + $unbound_entries = "# Empty since file generation has been disabled in the options."; } // Write out entries diff --git a/src/usr/local/www/services_unbound_advanced.php b/src/usr/local/www/services_unbound_advanced.php index c50d043..efe7269 100644 --- a/src/usr/local/www/services_unbound_advanced.php +++ b/src/usr/local/www/services_unbound_advanced.php @@ -71,6 +71,10 @@ if (isset($config['unbound']['disable_auto_added_access_control'])) { $pconfig['disable_auto_added_access_control'] = true; } +if (isset($config['unbound']['disable_auto_host_entries'])) { + $pconfig['disable_auto_added_host_entries'] = true; +} + if (isset($config['unbound']['use_caps'])) { $pconfig['use_caps'] = true; } @@ -171,6 +175,12 @@ if ($_POST) { unset($config['unbound']['disable_auto_added_access_control']); } + if (isset($_POST['disable_auto_added_host_entries'])) { + $config['unbound']['disable_auto_added_host_entries'] = true; + } else { + unset($config['unbound']['disable_auto_added_host_entries']); + } + if (isset($_POST['use_caps'])) { $config['unbound']['use_caps'] = true; } else { @@ -350,6 +360,14 @@ $section->addInput(new Form_Checkbox( 'Allowed networks must be manually configured on the Access Lists tab if the auto-added entries are disabled.'); $section->addInput(new Form_Checkbox( + 'disable_auto_added_host_entries', + 'Disable Auto-added Host Entries', + 'Disable the automatically-added host entries', + $pconfig['disable_auto_added_host_entries'] +))->setHelp('By default, the primary IPv4 and IPv6 addresses of the pfsense machine are added as records for the pfSense system domain (System | General Setup | Domain). ' . + 'This disables the auto generation of these entries.'); + +$section->addInput(new Form_Checkbox( 'use_caps', 'Experimental Bit 0x20 Support', 'Use 0x-20 encoded random bits in the DNS query to foil spoofing attempts.', |