diff options
author | Warren Baker <warren@decoy.co.za> | 2015-01-14 13:34:58 +0200 |
---|---|---|
committer | Warren Baker <warren@decoy.co.za> | 2015-01-14 13:34:58 +0200 |
commit | a771a6aee364f60ab436f26d061b373118462c43 (patch) | |
tree | 8d183a643bfb8ae3dd8ddebb0370459b55eef361 /usr/local | |
parent | a6a42b6d064b084a7735fdf5d1c52aa876cb7934 (diff) | |
download | pfsense-a771a6aee364f60ab436f26d061b373118462c43.zip pfsense-a771a6aee364f60ab436f26d061b373118462c43.tar.gz |
Add support for 0x20 DNS random bit support. Fixes #4205
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/services_unbound_advanced.php | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/usr/local/www/services_unbound_advanced.php b/usr/local/www/services_unbound_advanced.php index 0efba70..e560d1e 100644 --- a/usr/local/www/services_unbound_advanced.php +++ b/usr/local/www/services_unbound_advanced.php @@ -3,7 +3,7 @@ /* services_unbound_advanced.php part of the pfSense project (https://www.pfsense.org) - Copyright (C) 2011 Warren Baker (warren@pfsense.org) + Copyright (C) 2015 Warren Baker (warren@percol8.co.za) Copyright (C) 2013-2015 Electric Sheep Fencing, LP All rights reserved. @@ -82,6 +82,10 @@ if (isset($config['unbound']['disable_auto_added_access_control'])) { $pconfig['disable_auto_added_access_control'] = true; } +if (isset($config['unbound']['use_caps'])) { + $pconfig['use_caps'] = true; +} + if ($_POST) { unset($input_errors); $pconfig = $_POST; @@ -176,6 +180,11 @@ if ($_POST) { } else { unset($config['unbound']['disable_auto_added_access_control']); } + if (isset($_POST['use_caps'])) { + $config['unbound']['use_caps'] = true; + } else { + unset($config['unbound']['use_caps']); + } write_config("DNS Resolver configured."); mark_subsystem_dirty('unbound'); @@ -443,6 +452,13 @@ include_once("head.inc"); </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Experimental Bit 0x20 Support");?></td> + <td width="78%" class="vtable"> + <input name="use_caps" type="checkbox" id="use_caps" value="yes" <?php if (isset($pconfig['use_caps'])) echo "checked=\"checked\"";?> /> <br /> + <?=sprintf(gettext("Use 0x-20 encoded random bits in the DNS query to foil spoofing attempts. See the implementation %sdraft dns-0x20%s for more information."), "<a href='https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00'>", "</a>");?> + </td> + </tr> + <tr> <td width="22%"></td> <td width="78%"> <input type="submit" name="Save" class="formbtn" id="save" value="Save" /> |