diff options
-rw-r--r-- | etc/inc/unbound.inc | 4 | ||||
-rw-r--r-- | usr/local/www/services_unbound_advanced.php | 18 |
2 files changed, 20 insertions, 2 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 20ed19b..cd02c94 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -2,7 +2,7 @@ /* unbound.inc part of the pfSense project (https://www.pfsense.org) - Copyright (C) 2014 Warren Baker <warren@decoy.co.za> + Copyright (C) 2015 Warren Baker <warren@percol8.co.za> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -230,6 +230,7 @@ EOF; $unwanted_reply_threshold = "0"; $msg_cache_size = (!empty($config['unbound']['msgcachesize'])) ? $config['unbound']['msgcachesize'] : "4"; $verbosity = isset($config['unbound']['log_verbosity']) ? $config['unbound']['log_verbosity'] : 1; + $use_caps = isset($config['unbound']['use_caps']) ? "yes" : "no"; // Set up forwarding if it configured if (isset($config['unbound']['forwarding'])) { @@ -311,6 +312,7 @@ outgoing-range: 4096 {$anchor_file} prefetch: {$prefetch} prefetch-key: {$prefetch_key} +use-caps-for-id: {$use_caps} # Statistics {$statistics} # Interface IP(s) to bind to diff --git a/usr/local/www/services_unbound_advanced.php b/usr/local/www/services_unbound_advanced.php index 0efba70..e560d1e 100644 --- a/usr/local/www/services_unbound_advanced.php +++ b/usr/local/www/services_unbound_advanced.php @@ -3,7 +3,7 @@ /* services_unbound_advanced.php part of the pfSense project (https://www.pfsense.org) - Copyright (C) 2011 Warren Baker (warren@pfsense.org) + Copyright (C) 2015 Warren Baker (warren@percol8.co.za) Copyright (C) 2013-2015 Electric Sheep Fencing, LP All rights reserved. @@ -82,6 +82,10 @@ if (isset($config['unbound']['disable_auto_added_access_control'])) { $pconfig['disable_auto_added_access_control'] = true; } +if (isset($config['unbound']['use_caps'])) { + $pconfig['use_caps'] = true; +} + if ($_POST) { unset($input_errors); $pconfig = $_POST; @@ -176,6 +180,11 @@ if ($_POST) { } else { unset($config['unbound']['disable_auto_added_access_control']); } + if (isset($_POST['use_caps'])) { + $config['unbound']['use_caps'] = true; + } else { + unset($config['unbound']['use_caps']); + } write_config("DNS Resolver configured."); mark_subsystem_dirty('unbound'); @@ -443,6 +452,13 @@ include_once("head.inc"); </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Experimental Bit 0x20 Support");?></td> + <td width="78%" class="vtable"> + <input name="use_caps" type="checkbox" id="use_caps" value="yes" <?php if (isset($pconfig['use_caps'])) echo "checked=\"checked\"";?> /> <br /> + <?=sprintf(gettext("Use 0x-20 encoded random bits in the DNS query to foil spoofing attempts. See the implementation %sdraft dns-0x20%s for more information."), "<a href='https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00'>", "</a>");?> + </td> + </tr> + <tr> <td width="22%"></td> <td width="78%"> <input type="submit" name="Save" class="formbtn" id="save" value="Save" /> |