aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorStuart Wyatt <stuart@gogglespisano.com>2015-04-09 10:31:00 -0700
committerStuart Wyatt <stuart@gogglespisano.com>2015-04-09 10:31:00 -0700
commit029a810a52873332daa6f6fbb3a96310978e849d (patch)
treecdfb95e321b54ef299da8cf7c0daefc86f91719e /config
parentd9e1f0cfc47ec7c204f82896ae723ff557b6c02c (diff)
downloadpfsense-packages-029a810a52873332daa6f6fbb3a96310978e849d.tar.gz
pfsense-packages-029a810a52873332daa6f6fbb3a96310978e849d.tar.bz2
pfsense-packages-029a810a52873332daa6f6fbb3a96310978e849d.zip
BIND - add support for zone update-policy statement on master zones
The update-policy statement allows the zone to specify, among other things, a key to be used for authorization of master zone updates Add a checkbox and text field to add an update-policy statement to the zone configuration. When the update-policy statement is used, it replaces the allow-update statement.
Diffstat (limited to 'config')
-rw-r--r--config/bind/bind.inc18
-rw-r--r--config/bind/bind_zones.xml16
2 files changed, 33 insertions, 1 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc
index 743e02d6..4d579689 100644
--- a/config/bind/bind.inc
+++ b/config/bind/bind.inc
@@ -368,6 +368,10 @@ EOD;
} else {
$zoneallowupdate = str_replace(',', '; ', $zone['allowupdate']);
}
+ $zoneupdatepolicy = $zone['updatepolicy'];
+ if (!empty($zoneupdatepolicy)) {
+ $zoneupdatepolicy = rtrim($zoneupdatepolicy, ';');
+ }
if (empty($zone['allowquery'])) {
$zoneallowquery = "none";
} else {
@@ -416,9 +420,13 @@ EOD;
$bind_conf .= "\t\tallow-query { $zoneallowquery; };\n";
break;
default:
- $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n";
$bind_conf .= "\t\tallow-query { $zoneallowquery; };\n";
$bind_conf .= "\t\tallow-transfer { $zoneallowtransfer; };\n";
+ if ($zone['enable_updatepolicy'] == "on") {
+ $bind_conf .= "\t\tupdate-policy { $zoneupdatepolicy; };\n";
+ } else {
+ $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n";
+ }
if ($zone['dnssec'] == "on") {
//https://kb.isc.org/article/AA-00626/
$bind_conf .= "\n\t\t# look for dnssec keys here:\n";
@@ -739,6 +747,8 @@ function bind_print_javascript_type_zone()
document.iform.minimum.disabled = 0;
document.iform.allowquery.disabled = 0;
document.iform.allowupdate.disabled = 0;
+ document.iform.enable_updatepolicy.disabled = 0;
+ document.iform.updatepolicy.disabled = 1;
break;
case 'slave':
document.iform.slaveip.disabled = 0;
@@ -759,6 +769,8 @@ function bind_print_javascript_type_zone()
document.iform.minimum.disabled = 1;
document.iform.allowquery.disabled = 0;
document.iform.allowupdate.disabled = 1;
+ document.iform.enable_updatepolicy.disabled = 1;
+ document.iform.updatepolicy.disabled = 1;
break;
case 'forward':
document.iform.slaveip.disabled = 1;
@@ -779,6 +791,8 @@ function bind_print_javascript_type_zone()
document.iform.minimum.disabled = 1;
document.iform.allowquery.disabled = 1;
document.iform.allowupdate.disabled = 1;
+ document.iform.enable_updatepolicy.disabled = 1;
+ document.iform.updatepolicy.disabled = 1;
break;
case 'redirect':
document.iform.slaveip.disabled = 1;
@@ -799,6 +813,8 @@ function bind_print_javascript_type_zone()
document.iform.minimum.disabled = 0;
document.iform.allowquery.disabled = 0;
document.iform.allowupdate.disabled = 1;
+ document.iform.enable_updatepolicy.disabled = 1;
+ document.iform.updatepolicy.disabled = 1;
break;
default:
break;
diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml
index a227aabd..667fd608 100644
--- a/config/bind/bind_zones.xml
+++ b/config/bind/bind_zones.xml
@@ -312,6 +312,22 @@
<size>03</size>
</field>
<field>
+ <fielddescr>Enable Update-policy</fielddescr>
+ <fieldname>enable_updatepolicy</fieldname>
+ <description><![CDATA[Enable Update-policy which overrides Allow-update.<br>
+ The update-policy statment replaces the allow-update statement.]]></description>
+ <type>checkbox</type>
+ <enablefields>updatepolicy</enablefields>
+ </field>
+ <field>
+ <fielddescr>Update-policy</fielddescr>
+ <fieldname>updatepolicy</fieldname>
+ <description><![CDATA[Update-policy defines the policy for submitting dynamic updates to 'master' zones.<br>
+ Do not include the surrounding { } when using multiple statements]]></description>
+ <type>input</type>
+ <size>75</size>
+ </field>
+ <field>
<fielddescr>Allow-query</fielddescr>
<fieldname>allowquery</fieldname>
<description><![CDATA[Select(CTRL+click) who are allowed to query this zone.<br>