diff options
author | Stuart Wyatt <stuart@gogglespisano.com> | 2015-04-09 10:31:00 -0700 |
---|---|---|
committer | Stuart Wyatt <stuart@gogglespisano.com> | 2015-04-09 10:31:00 -0700 |
commit | 029a810a52873332daa6f6fbb3a96310978e849d (patch) | |
tree | cdfb95e321b54ef299da8cf7c0daefc86f91719e | |
parent | d9e1f0cfc47ec7c204f82896ae723ff557b6c02c (diff) | |
download | pfsense-packages-029a810a52873332daa6f6fbb3a96310978e849d.tar.gz pfsense-packages-029a810a52873332daa6f6fbb3a96310978e849d.tar.bz2 pfsense-packages-029a810a52873332daa6f6fbb3a96310978e849d.zip |
BIND - add support for zone update-policy statement on master zones
The update-policy statement allows the zone to specify, among other things, a key to be used for authorization of master zone updates
Add a checkbox and text field to add an update-policy statement to the zone configuration. When the update-policy statement is used, it replaces the allow-update statement.
-rw-r--r-- | config/bind/bind.inc | 18 | ||||
-rw-r--r-- | config/bind/bind_zones.xml | 16 |
2 files changed, 33 insertions, 1 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 743e02d6..4d579689 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -368,6 +368,10 @@ EOD; } else { $zoneallowupdate = str_replace(',', '; ', $zone['allowupdate']); } + $zoneupdatepolicy = $zone['updatepolicy']; + if (!empty($zoneupdatepolicy)) { + $zoneupdatepolicy = rtrim($zoneupdatepolicy, ';'); + } if (empty($zone['allowquery'])) { $zoneallowquery = "none"; } else { @@ -416,9 +420,13 @@ EOD; $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n"; break; default: - $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n"; $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n"; $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer; };\n"; + if ($zone['enable_updatepolicy'] == "on") { + $bind_conf .= "\t\tupdate-policy { $zoneupdatepolicy; };\n"; + } else { + $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n"; + } if ($zone['dnssec'] == "on") { //https://kb.isc.org/article/AA-00626/ $bind_conf .= "\n\t\t# look for dnssec keys here:\n"; @@ -739,6 +747,8 @@ function bind_print_javascript_type_zone() document.iform.minimum.disabled = 0; document.iform.allowquery.disabled = 0; document.iform.allowupdate.disabled = 0; + document.iform.enable_updatepolicy.disabled = 0; + document.iform.updatepolicy.disabled = 1; break; case 'slave': document.iform.slaveip.disabled = 0; @@ -759,6 +769,8 @@ function bind_print_javascript_type_zone() document.iform.minimum.disabled = 1; document.iform.allowquery.disabled = 0; document.iform.allowupdate.disabled = 1; + document.iform.enable_updatepolicy.disabled = 1; + document.iform.updatepolicy.disabled = 1; break; case 'forward': document.iform.slaveip.disabled = 1; @@ -779,6 +791,8 @@ function bind_print_javascript_type_zone() document.iform.minimum.disabled = 1; document.iform.allowquery.disabled = 1; document.iform.allowupdate.disabled = 1; + document.iform.enable_updatepolicy.disabled = 1; + document.iform.updatepolicy.disabled = 1; break; case 'redirect': document.iform.slaveip.disabled = 1; @@ -799,6 +813,8 @@ function bind_print_javascript_type_zone() document.iform.minimum.disabled = 0; document.iform.allowquery.disabled = 0; document.iform.allowupdate.disabled = 1; + document.iform.enable_updatepolicy.disabled = 1; + document.iform.updatepolicy.disabled = 1; break; default: break; diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index a227aabd..667fd608 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -312,6 +312,22 @@ <size>03</size> </field> <field> + <fielddescr>Enable Update-policy</fielddescr> + <fieldname>enable_updatepolicy</fieldname> + <description><![CDATA[Enable Update-policy which overrides Allow-update.<br> + The update-policy statment replaces the allow-update statement.]]></description> + <type>checkbox</type> + <enablefields>updatepolicy</enablefields> + </field> + <field> + <fielddescr>Update-policy</fielddescr> + <fieldname>updatepolicy</fieldname> + <description><![CDATA[Update-policy defines the policy for submitting dynamic updates to 'master' zones.<br> + Do not include the surrounding { } when using multiple statements]]></description> + <type>input</type> + <size>75</size> + </field> + <field> <fielddescr>Allow-query</fielddescr> <fieldname>allowquery</fieldname> <description><![CDATA[Select(CTRL+click) who are allowed to query this zone.<br> |