From 409165fde88e11eb057173c5d223eedc79d8d13c Mon Sep 17 00:00:00 2001
From: Robbert Rijkse <robbert@rijkse.me>
Date: Sat, 6 May 2017 15:23:34 -0400
Subject: Unbound: Added ability to disable automatically added host entries

---
 src/etc/inc/unbound.inc                         | 50 ++++++++++++++-----------
 src/usr/local/www/services_unbound_advanced.php | 18 +++++++++
 2 files changed, 47 insertions(+), 21 deletions(-)

(limited to 'src')

diff --git a/src/etc/inc/unbound.inc b/src/etc/inc/unbound.inc
index 6b998df..6185f63 100644
--- a/src/etc/inc/unbound.inc
+++ b/src/etc/inc/unbound.inc
@@ -539,31 +539,39 @@ function unbound_add_domain_overrides($pvt_rev="", $cfgsubdir = "") {
 function unbound_add_host_entries($cfgsubdir = "") {
 	global $config, $g;
 
-	// Make sure the config setting is a valid unbound local zone type.  If not use "transparent".
-	if (array_key_exists($config['unbound']['system_domain_local_zone_type'], unbound_local_zone_types())) {
-		$system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type'];
-	} else {
-		$system_domain_local_zone_type = "transparent";
-	}
-
-	$unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$system_domain_local_zone_type}\n";
-
-	$hosts = system_hosts_entries($config['unbound']);
-	$added_ptr = array();
-	foreach ($hosts as $host) {
-		if (is_ipaddrv4($host['ipaddr'])) {
-			$type = 'A';
-		} else if (is_ipaddrv6($host['ipaddr'])) {
-			$type = 'AAAA';
+	// Check if auto add host entries is not set
+	if (!isset($config['unbound']['disable_auto_added_host_entries'])) {
+		// Make sure the config setting is a valid unbound local zone type.  If not use "transparent".
+		if (array_key_exists($config['unbound']['system_domain_local_zone_type'], unbound_local_zone_types())) {
+			$system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type'];
 		} else {
-			continue;
+			$system_domain_local_zone_type = "transparent";
 		}
 
-		if (!$added_ptr[$host['ipaddr']]) {
-			$unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n";
-			$added_ptr[$host['ipaddr']] = true;
+		$unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$system_domain_local_zone_type}\n";
+
+		$hosts = system_hosts_entries($config['unbound']);
+		$added_ptr = array();
+		foreach ($hosts as $host) {
+			if (is_ipaddrv4($host['ipaddr'])) {
+				$type = 'A';
+			} else if (is_ipaddrv6($host['ipaddr'])) {
+				$type = 'AAAA';
+			} else {
+				continue;
+			}
+
+			if (!$added_ptr[$host['ipaddr']]) {
+				$unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n";
+				$added_ptr[$host['ipaddr']] = true;
+			}
+			$unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n";
 		}
-		$unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n";
+	}
+	else {
+		// Adds a comment to the file to make it clear it's there for a reason and to clear the file
+		// when the user enables this option.
+		$unbound_entries = "# Empty since file generation has been disabled in the options.";
 	}
 
 	// Write out entries
diff --git a/src/usr/local/www/services_unbound_advanced.php b/src/usr/local/www/services_unbound_advanced.php
index c50d043..efe7269 100644
--- a/src/usr/local/www/services_unbound_advanced.php
+++ b/src/usr/local/www/services_unbound_advanced.php
@@ -71,6 +71,10 @@ if (isset($config['unbound']['disable_auto_added_access_control'])) {
 	$pconfig['disable_auto_added_access_control'] = true;
 }
 
+if (isset($config['unbound']['disable_auto_host_entries'])) {
+	$pconfig['disable_auto_added_host_entries'] = true;
+}
+
 if (isset($config['unbound']['use_caps'])) {
 	$pconfig['use_caps'] = true;
 }
@@ -171,6 +175,12 @@ if ($_POST) {
 				unset($config['unbound']['disable_auto_added_access_control']);
 			}
 
+			if (isset($_POST['disable_auto_added_host_entries'])) {
+				$config['unbound']['disable_auto_added_host_entries'] = true;
+			} else {
+				unset($config['unbound']['disable_auto_added_host_entries']);
+			}
+
 			if (isset($_POST['use_caps'])) {
 				$config['unbound']['use_caps'] = true;
 			} else {
@@ -350,6 +360,14 @@ $section->addInput(new Form_Checkbox(
 			'Allowed networks must be manually configured on the Access Lists tab if the auto-added entries are disabled.');
 
 $section->addInput(new Form_Checkbox(
+	'disable_auto_added_host_entries',
+	'Disable Auto-added Host Entries',
+	'Disable the automatically-added host entries',
+	$pconfig['disable_auto_added_host_entries']
+))->setHelp('By default, the primary IPv4 and IPv6 addresses of the pfsense machine are added as records for the pfSense system domain (System | General Setup | Domain). ' .
+			'This disables the auto generation of these entries.');
+
+$section->addInput(new Form_Checkbox(
 	'use_caps',
 	'Experimental Bit 0x20 Support',
 	'Use 0x-20 encoded random bits in the DNS query to foil spoofing attempts.',
-- 
cgit v1.1


From 49d9b45f92b67757555e84fa199f623f4165b962 Mon Sep 17 00:00:00 2001
From: Robbert Rijkse <robbert@rijkse.me>
Date: Tue, 9 May 2017 19:52:13 -0400
Subject: Make the changes suggested by jim-p and changed the way the disable
 function work to ensure the manually added host entries or DHCP reservations
 still work.

---
 src/etc/inc/system.inc                          |  9 ++++---
 src/etc/inc/unbound.inc                         | 35 +++++++++++--------------
 src/usr/local/www/services_unbound_advanced.php |  5 ++--
 3 files changed, 23 insertions(+), 26 deletions(-)

(limited to 'src')

diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 7d1618f..6081a55 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -489,7 +489,10 @@ function system_hosts_dhcpd_entries() {
 
 /* Concatenate local, dnsmasq/unbound and dhcpd/dhcpdv6 hosts entries */
 function system_hosts_entries($dnscfg) {
-	$local = system_hosts_local_entries();
+	$local = array();
+	if (!isset($dnscfg['disable_auto_added_host_entries'])) {
+		$local = system_hosts_local_entries();
+	}
 
 	$dns = array();
 	$dhcpd = array();
@@ -1192,7 +1195,7 @@ EOD;
 			}
 		}
 	}
-	
+
 	$syslogd_sockets = "";
 	foreach ($log_sockets as $log_socket) {
 		// Ensure that the log directory exists
@@ -2155,7 +2158,7 @@ function system_dmesg_save() {
 
 	fclose($fd);
 	unset($dmesg);
-	
+
 	// vm-bhyve expects dmesg.boot at the standard location
 	@symlink("{$g['varlog_path']}/dmesg.boot", "{$g['varrun_path']}/dmesg.boot");
 
diff --git a/src/etc/inc/unbound.inc b/src/etc/inc/unbound.inc
index 6185f63..428a523 100644
--- a/src/etc/inc/unbound.inc
+++ b/src/etc/inc/unbound.inc
@@ -549,29 +549,24 @@ function unbound_add_host_entries($cfgsubdir = "") {
 		}
 
 		$unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$system_domain_local_zone_type}\n";
+	}
 
-		$hosts = system_hosts_entries($config['unbound']);
-		$added_ptr = array();
-		foreach ($hosts as $host) {
-			if (is_ipaddrv4($host['ipaddr'])) {
-				$type = 'A';
-			} else if (is_ipaddrv6($host['ipaddr'])) {
-				$type = 'AAAA';
-			} else {
-				continue;
-			}
+	$hosts = system_hosts_entries($config['unbound']);
+	$added_ptr = array();
+	foreach ($hosts as $host) {
+		if (is_ipaddrv4($host['ipaddr'])) {
+			$type = 'A';
+		} else if (is_ipaddrv6($host['ipaddr'])) {
+			$type = 'AAAA';
+		} else {
+			continue;
+		}
 
-			if (!$added_ptr[$host['ipaddr']]) {
-				$unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n";
-				$added_ptr[$host['ipaddr']] = true;
-			}
-			$unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n";
+		if (!$added_ptr[$host['ipaddr']]) {
+			$unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n";
+			$added_ptr[$host['ipaddr']] = true;
 		}
-	}
-	else {
-		// Adds a comment to the file to make it clear it's there for a reason and to clear the file
-		// when the user enables this option.
-		$unbound_entries = "# Empty since file generation has been disabled in the options.";
+		$unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n";
 	}
 
 	// Write out entries
diff --git a/src/usr/local/www/services_unbound_advanced.php b/src/usr/local/www/services_unbound_advanced.php
index efe7269..2620d3e 100644
--- a/src/usr/local/www/services_unbound_advanced.php
+++ b/src/usr/local/www/services_unbound_advanced.php
@@ -71,7 +71,7 @@ if (isset($config['unbound']['disable_auto_added_access_control'])) {
 	$pconfig['disable_auto_added_access_control'] = true;
 }
 
-if (isset($config['unbound']['disable_auto_host_entries'])) {
+if (isset($config['unbound']['disable_auto_added_host_entries'])) {
 	$pconfig['disable_auto_added_host_entries'] = true;
 }
 
@@ -364,8 +364,7 @@ $section->addInput(new Form_Checkbox(
 	'Disable Auto-added Host Entries',
 	'Disable the automatically-added host entries',
 	$pconfig['disable_auto_added_host_entries']
-))->setHelp('By default, the primary IPv4 and IPv6 addresses of the pfsense machine are added as records for the pfSense system domain (System | General Setup | Domain). ' .
-			'This disables the auto generation of these entries.');
+))->setHelp('By default, the primary IPv4 and IPv6 addresses of of this firewall are added as records for the system domain of this firewall as configured in %1$sSystem: General Setup%2$s. This disables the auto generation of these entries.', '<a href="system.php">', '</a>');
 
 $section->addInput(new Form_Checkbox(
 	'use_caps',
-- 
cgit v1.1


From ed8dbc04c1636c64ed4de1754c841e21e2a617d8 Mon Sep 17 00:00:00 2001
From: Robbert Rijkse <robbert@rijkse.me>
Date: Wed, 10 May 2017 17:05:37 -0400
Subject: Fix the extra "of" in the help text.

---
 src/usr/local/www/services_unbound_advanced.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/usr/local/www/services_unbound_advanced.php b/src/usr/local/www/services_unbound_advanced.php
index 2620d3e..2d1a0dc 100644
--- a/src/usr/local/www/services_unbound_advanced.php
+++ b/src/usr/local/www/services_unbound_advanced.php
@@ -364,7 +364,7 @@ $section->addInput(new Form_Checkbox(
 	'Disable Auto-added Host Entries',
 	'Disable the automatically-added host entries',
 	$pconfig['disable_auto_added_host_entries']
-))->setHelp('By default, the primary IPv4 and IPv6 addresses of of this firewall are added as records for the system domain of this firewall as configured in %1$sSystem: General Setup%2$s. This disables the auto generation of these entries.', '<a href="system.php">', '</a>');
+))->setHelp('By default, the primary IPv4 and IPv6 addresses of this firewall are added as records for the system domain of this firewall as configured in %1$sSystem: General Setup%2$s. This disables the auto generation of these entries.', '<a href="system.php">', '</a>');
 
 $section->addInput(new Form_Checkbox(
 	'use_caps',
-- 
cgit v1.1