aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStuart Wyatt <stuart@gogglespisano.com>2015-04-09 10:15:29 -0700
committerStuart Wyatt <stuart@gogglespisano.com>2015-04-09 10:15:29 -0700
commitd9e1f0cfc47ec7c204f82896ae723ff557b6c02c (patch)
treed4b455067222e03a49fb52de60b89b2f9a6778f9
parentfe0163a939023f87b259f3475a89ee632824a973 (diff)
downloadpfsense-packages-d9e1f0cfc47ec7c204f82896ae723ff557b6c02c.tar.gz
pfsense-packages-d9e1f0cfc47ec7c204f82896ae723ff557b6c02c.tar.bz2
pfsense-packages-d9e1f0cfc47ec7c204f82896ae723ff557b6c02c.zip
BIND - clean up zone code
Trim trailing ; from forwarders since ; is added when it is written to the config. Since it's a list of semi-colon separated values, users can accidently add a trailing ; Only ensure the view folder exists if the zone is not a 'forward' zone since forward zones are only in named.conf and don't have a .DB file Add allow-query statements to slave and redirect zones Add allowquery and allowupdate fields to on_type_zone_changed() Use isempty() on customoptions and forwarders to skip adding empty statements Use isempty() instead of == '' on some statements
-rw-r--r--config/bind/bind.inc29
1 files changed, 23 insertions, 6 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc
index ba8c5dfe..743e02d6 100644
--- a/config/bind/bind.inc
+++ b/config/bind/bind.inc
@@ -323,7 +323,9 @@ EOD;
$bind_conf .= "\trecursion $viewrecursion;\n";
$bind_conf .= "\tmatch-clients { $viewmatchclients; };\n";
$bind_conf .= "\tallow-recursion { $viewallowrecursion; };\n";
- $bind_conf .= "\t$viewcustomoptions\n\n";
+ if (!empty($viewcustomoptions)) {
+ $bind_conf .= "\t$viewcustomoptions\n\n";
+ }
if (is_array($config['installedpackages']['bindzone'])) {
$bindzone = $config['installedpackages']['bindzone']['config'];
@@ -348,25 +350,30 @@ EOD;
$zonecustom = base64_decode($zone['custom']);
$zoneipslave = $zone['slaveip'];
$zoneforwarders = $zone['forwarders'];
+ if (!empty($zoneforwarders)) {
+ $zoneforwarders = rtrim($zoneforwarders, ';');
+ }
$zonereverso = $zone['reverso'];
$zonereversv6o = $zone['reversv6o'];
// Ensure zone view folder exists
- if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) {
- mkdir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", 0755, true);
+ if ($zonetype != "forward") {
+ if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) {
+ mkdir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", 0755, true);
+ }
}
- if ($zone['allowupdate'] == '') {
+ if (empty($zone['allowupdate'])) {
$zoneallowupdate = "none";
} else {
$zoneallowupdate = str_replace(',', '; ', $zone['allowupdate']);
}
- if ($zone['allowquery'] == '') {
+ if (empty($zone['allowquery'])) {
$zoneallowquery = "none";
} else {
$zoneallowquery = str_replace(',', '; ', $zone['allowquery']);
}
- if ($zone['allowtransfer'] == '') {
+ if (empty($zone['allowtransfer'])) {
$zoneallowtransfer = "none";
} else {
$zoneallowtransfer = str_replace(',', '; ', $zone['allowtransfer']);
@@ -394,6 +401,7 @@ EOD;
switch ($zonetype) {
case 'slave':
$bind_conf .= "\t\tmasters { $zoneipslave; };\n";
+ $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n";
$bind_conf .= "\t\tallow-transfer { $zoneallowtransfer; };\n";
$bind_conf .= "\t\tnotify no;\n";
break;
@@ -405,6 +413,7 @@ EOD;
$bind_conf .= "\t\t# While using redirect zones,NXDOMAIN Redirection will not override DNSSEC\n";
$bind_conf .= "\t\t# If the client has requested DNSSEC records (DO=1) and the NXDOMAIN response is signed then no substitution will occur\n";
$bind_conf .= "\t\t# https://kb.isc.org/article/AA-00376/192/BIND-9.9-redirect-zones-for-NXDOMAIN-redirection.html\n";
+ $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n";
break;
default:
$bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n";
@@ -728,6 +737,8 @@ function bind_print_javascript_type_zone()
document.iform.retry.disabled = 0;
document.iform.expire.disabled = 0;
document.iform.minimum.disabled = 0;
+ document.iform.allowquery.disabled = 0;
+ document.iform.allowupdate.disabled = 0;
break;
case 'slave':
document.iform.slaveip.disabled = 0;
@@ -746,6 +757,8 @@ function bind_print_javascript_type_zone()
document.iform.retry.disabled = 1;
document.iform.expire.disabled = 1;
document.iform.minimum.disabled = 1;
+ document.iform.allowquery.disabled = 0;
+ document.iform.allowupdate.disabled = 1;
break;
case 'forward':
document.iform.slaveip.disabled = 1;
@@ -764,6 +777,8 @@ function bind_print_javascript_type_zone()
document.iform.retry.disabled = 1;
document.iform.expire.disabled = 1;
document.iform.minimum.disabled = 1;
+ document.iform.allowquery.disabled = 1;
+ document.iform.allowupdate.disabled = 1;
break;
case 'redirect':
document.iform.slaveip.disabled = 1;
@@ -782,6 +797,8 @@ function bind_print_javascript_type_zone()
document.iform.retry.disabled = 0;
document.iform.expire.disabled = 0;
document.iform.minimum.disabled = 0;
+ document.iform.allowquery.disabled = 0;
+ document.iform.allowupdate.disabled = 1;
break;
default:
break;