diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-24 07:56:47 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-24 07:56:47 -0300 |
commit | d3954a387f8b542a388cb0985ab7d2b603fb0d72 (patch) | |
tree | 44b825ba5305b7e106b52da2d9c48c57573bfdf5 /config | |
parent | 6f7d6eea7efc011e41695fda34cd3beb35585b60 (diff) | |
parent | 2731b27d076d892984600531e67e72ad40f690d3 (diff) | |
download | pfsense-packages-d3954a387f8b542a388cb0985ab7d2b603fb0d72.tar.gz pfsense-packages-d3954a387f8b542a388cb0985ab7d2b603fb0d72.tar.bz2 pfsense-packages-d3954a387f8b542a388cb0985ab7d2b603fb0d72.zip |
Merge pull request #1020 from doktornotor/patch-13
Diffstat (limited to 'config')
-rw-r--r-- | config/bind/bind.inc | 222 | ||||
-rw-r--r-- | config/bind/bind.widget.php | 62 | ||||
-rw-r--r-- | config/bind/bind.xml | 262 | ||||
-rw-r--r-- | config/bind/bind_acls.xml | 91 | ||||
-rw-r--r-- | config/bind/bind_sync.xml | 100 | ||||
-rw-r--r-- | config/bind/bind_views.xml | 117 | ||||
-rw-r--r-- | config/bind/bind_zones.xml | 250 |
7 files changed, 581 insertions, 523 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 7b5b773e..39c12e13 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -1,10 +1,11 @@ -<?PHP -/* $Id$ */ +<?php /* bind.inc - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - Copyright (C) 2013 Marcello Coutinho + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,15 +28,14 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ $shortcut_section = "bind"; -require_once('globals.inc'); -require_once('config.inc'); -require_once('util.inc'); -require_once('pfsense-utils.inc'); -require_once('pkg-utils.inc'); -require_once('service-utils.inc'); +require_once("globals.inc"); +require_once("config.inc"); +require_once("util.inc"); +require_once("pfsense-utils.inc"); +require_once("pkg-utils.inc"); +require_once("service-utils.inc"); if (!function_exists("filter_configure")) { require_once("filter.inc"); } @@ -49,8 +49,8 @@ if ($pf_version == "2.1" || $pf_version == "2.2") { define('CHROOT_LOCALBASE', '/cf/named'); -function bind_zone_validate($post, &$input_errors) -{ +function bind_zone_validate($post, &$input_errors) { + if (array_key_exists("mail", $_POST)) { $_POST['mail'] = preg_replace("/@/", ".", $post['mail']); } @@ -112,11 +112,11 @@ function bind_zone_validate($post, &$input_errors) } } -function bind_sync() -{ +function bind_sync() { + global $config; conf_mount_rw(); - //create rndc + // Create rndc $rndc_confgen = "/usr/local/sbin/rndc-confgen"; if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)) { exec("$rndc_confgen ", $rndc_conf); @@ -128,8 +128,8 @@ function bind_sync() } $rndc_bindconf = ""; $rndc_file = ""; - if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense")) { - $rndc_conf = file(BIND_LOCALBASE."/etc/rndc-confgen.pfsense"); + if (file_exists(BIND_LOCALBASE . "/etc/rndc-confgen.pfsense")) { + $rndc_conf = file(BIND_LOCALBASE . "/etc/rndc-confgen.pfsense"); $confgen = "rndc.conf"; foreach ($rndc_conf as $line) { if ($confgen == "rndc.conf") { @@ -143,7 +143,7 @@ function bind_sync() } if (preg_match("/named.conf/", $line)) { $confgen = "named.conf"; - file_put_contents(BIND_LOCALBASE."/etc/rndc.conf", $rndc_file); + file_put_contents(BIND_LOCALBASE . "/etc/rndc.conf", $rndc_file); } } } @@ -152,7 +152,7 @@ function bind_sync() $bind_enable = $bind['enable_bind']; $bind_forwarder = $bind['bind_forwarder']; $forwarder_ips = $bind['bind_forwarder_ips']; - $ram_limit = ($bind['bind_ram_limit'] ? $bind['bind_ram_limit'] : "256M"); + $ram_limit = $bind['bind_ram_limit'] ? $bind['bind_ram_limit'] : "256M"; $hide_version = $bind['bind_hide_version']; $bind_notify = $bind['bind_notify']; $custom_options = base64_decode($bind['bind_custom_options']); @@ -162,7 +162,7 @@ function bind_sync() $bind_conf .= "#Do not edit this file!!!\n\n"; $bind_conf .= "$rndc_bindconf\n"; $bind_conf .= "$bind_global_settings\n"; - // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } + // Curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $bind_conf .= <<<EOD options { @@ -172,13 +172,13 @@ options { max-cache-size {$ram_limit}; EOD; - // check response rate limit option + // Check response rate limit option //https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html //http://ss.vix.su/~vjs/rl-arm.html if ($bind['rate_enabled'] == "on") { - $rate_limit = ($bind['rate_limit'] ? $bind['rate_limit'] : "15"); - $log_only = ($bind['log_only'] == "no" ? "no" : "yes"); - // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } + $rate_limit = $bind['rate_limit'] ? $bind['rate_limit'] : "15"; + $log_only = $bind['log_only'] == "no" ? "no" : "yes"; + // Curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $bind_conf .= <<<EOD rate-limit { responses-per-second {$rate_limit}; @@ -187,7 +187,7 @@ EOD; EOD; } - //check ips to listen on + // Check IPs to listen on if (preg_match("/All/", $bind['listenon'])) { $bind_listenonv6 = "any;"; $bind_listenon = "any;"; @@ -200,7 +200,7 @@ EOD; } elseif (is_ipaddr($listenon)) { $bind_listenon .= $listenon."; "; } else { - $listenon = (pfSense_get_interface_addresses(convert_friendly_interface_to_real_interface_name($listenon))); + $listenon = pfSense_get_interface_addresses(convert_friendly_interface_to_real_interface_name($listenon)); if (is_ipaddr($listenon['ipaddr'])) { $bind_listenon .= $listenon['ipaddr']."; "; } @@ -210,15 +210,15 @@ EOD; } } } - $bind_listenonv6 = ($bind_listenonv6 == "" ? "none;" : $bind_listenonv6); - $bind_listenon = ($bind_listenon == "" ? "none;" : $bind_listenon); - // print "<PRE>$bind_listenonv6 $bind_listenon"; + $bind_listenonv6 = $bind_listenonv6 == "" ? "none;" : $bind_listenonv6; + $bind_listenon = $bind_listenon == "" ? "none;" : $bind_listenon; + // Print "<pre>$bind_listenonv6 $bind_listenon"; if (array_key_exists("ipv6allow", $config['system'])) { $bind_conf .= "\tlisten-on-v6 { $bind_listenonv6 };\n"; } $bind_conf .= "\tlisten-on { $bind_listenon };\n"; - // forwarder config + // Forwarder config if ($bind_forwarder == 'on') { $bind_conf .= "\tforwarders { $forwarder_ips };\n"; } @@ -249,9 +249,9 @@ EOD; system("/usr/bin/killall -HUP syslogd"); } $log_categories = explode(",", $bind['log_options']); - $log_severity = ($bind['log_severity'] ? $bind['log_severity'] : 'default'); + $log_severity = $bind['log_severity'] ? $bind['log_severity'] : 'default'; if (sizeof($log_categories) > 0 && $log_categories[0] != "") { - // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } + // Curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $bind_conf .= <<<EOD logging { @@ -286,7 +286,7 @@ EOD; array("name" => "localhost", "description" => "BIND Built-in ACL", "row" => array("value" => "", "description" => "")); $config['installedpackages']['bindacls']['config'][] = array("name" => "localnets", "description" => "BIND Built-in ACL", "row" => array("value" => "", "description" => "")); - write_config("Create BIND Built-in ACLs"); + write_config("Created BIND Built-in ACLs"); } $bindacls = $config['installedpackages']['bindacls']['config']; for ($i = 0; $i < sizeof($bindacls); $i++) { @@ -366,9 +366,7 @@ EOD; // Ensure zone view folder exists if ($zonetype != "forward") { foreach ($zoneviewlist as $zoneview) { - if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) { - mkdir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", 0755, true); - } + safe_mkdir(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview", 0755); } } @@ -422,7 +420,7 @@ EOD; $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n"; } if ($zone['dnssec'] == "on") { - //https://kb.isc.org/article/AA-00626/ + // https://kb.isc.org/article/AA-00626/ $bind_conf .= "\n\t\t# look for dnssec keys here:\n"; $bind_conf .= "\t\tkey-directory \"/etc/namedb/keys\";\n\n"; $bind_conf .= "\t\t# publish and activate dnssec keys:\n"; @@ -442,7 +440,7 @@ EOD; $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n"; break; case 'redirect': - $bind_conf .= "\t\t# While using redirect zones,NXDOMAIN Redirection will not override DNSSEC\n"; + $bind_conf .= "\t\t# While using redirect zones, NXDOMAIN Redirection will not override DNSSEC\n"; $bind_conf .= "\t\t# If the client has requested DNSSEC records (DO=1) and the NXDOMAIN response is signed then no substitution will occur\n"; $bind_conf .= "\t\t# https://kb.isc.org/article/AA-00376/192/BIND-9.9-redirect-zones-for-NXDOMAIN-redirection.html\n"; $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n"; @@ -462,17 +460,17 @@ EOD; switch ($zonetype) { case 'master': case 'redirect': - // check/update slave dir permission - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype", "bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", "bind"); - $zonetll = ($zone['tll'] ? $zone['tll'] : "43200"); - $zonemail = ($zone['mail'] ? $zone['mail'] : "zonemaster.{$zonename}"); + // Check/update slave dir permission + chown(CHROOT_LOCALBASE . "/etc/namedb/$zonetype", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview", "bind"); + $zonetll = $zone['tll'] ? $zone['tll'] : "43200"; + $zonemail = $zone['mail'] ? $zone['mail'] : "zonemaster.{$zonename}"; $zonemail = preg_replace("/@/", ".", $zonemail); $zoneserial = $zone['serial']; - $zonerefresh = ($zone['refresh'] ? $zone['refresh'] : "3600"); - $zoneretry = ($zone['retry'] ? $zone['retry'] : "600"); - $zoneexpire = ($zone['expire'] ? $zone['expire'] : "86400"); - $zoneminimum = ($zone['minimum'] ? $zone['minimum'] : "3600"); + $zonerefresh = $zone['refresh'] ? $zone['refresh'] : "3600"; + $zoneretry = $zone['retry'] ? $zone['retry'] : "600"; + $zoneexpire = $zone['expire'] ? $zone['expire'] : "86400"; + $zoneminimum = $zone['minimum'] ? $zone['minimum'] : "3600"; $zonenameserver = $zone['nameserver']; $zoneipns = $zone['ipns']; $zonereverso = $zone['reverso']; @@ -573,10 +571,10 @@ EOD; $config['installedpackages']['bindzone']['config'][$x]['resultconfig'] = base64_encode($zone_conf); $write_config++; - //check dnssec keys creation for master zones + // Check DNSSEC keys creation for master zones if ($zone['dnssec'] == "on") { $zone_found = 0; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key", GLOB_NOSORT) as $filename) { + foreach (glob(CHROOT_LOCALBASE . "/etc/namedb/keys/*{$zonename}*key", GLOB_NOSORT) as $filename) { $zone_found++; } if ($zone_found == 0) { @@ -596,16 +594,16 @@ EOD; } $dnssec_bin = "/usr/local/sbin/dnssec-keygen"; if (file_exists($dnssec_bin) && $key_restored == 0) { - exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys {$zonename}", $kout); - exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys -fk {$zonename}", $kout); + exec("{$dnssec_bin} -K " . CHROOT_LOCALBASE . "/etc/namedb/keys {$zonename}", $kout); + exec("{$dnssec_bin} -K " . CHROOT_LOCALBASE . "/etc/namedb/keys -fk {$zonename}", $kout); foreach ($kout as $filename) { - chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.key", "bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.private", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/keys/{$filename}.key", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/keys/{$filename}.private", "bind"); } log_error("[bind] DNSSEC keys for {$zonename} created."); } } - // get ds keys + // Get DS keys $dsfromkey = "/usr/local/sbin/dnssec-dsfromkey"; foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key", GLOB_NOSORT) as $filename) { $zone_key = file_get_contents($filename); @@ -616,10 +614,10 @@ EOD; } } - // save dnssec keys to xml + // Save DNSSEC keys to xml if ($zone['backupkeys'] == "on") { $dnssec_keys = 0; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*", GLOB_NOSORT) as $filename) { + foreach (glob(CHROOT_LOCALBASE . "/etc/namedb/keys/*{$zonename}*", GLOB_NOSORT) as $filename) { $file_found = 0; if (is_array($config['installedpackages']['dnsseckeys']) && is_array($config['installedpackages']['dnsseckeys']['config'])) { foreach ($config['installedpackages']['dnsseckeys']['config'] as $filer) { @@ -643,21 +641,21 @@ EOD; } break; case 'slave': - // check/update slave dir permission - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype", "bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", "bind"); + // Check/update slave dir permission + chown(CHROOT_LOCALBASE . "/etc/namedb/$zonetype", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview", "bind"); // check if exists slave zone file $rsconfig = ""; if ($zone['dnssec'] == "on") { - if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed")) { - exec("/usr/local/sbin/named-checkzone -D -f raw -o - {$zonename} ".CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed", $slave_file); + if (file_exists(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed")) { + exec("/usr/local/sbin/named-checkzone -D -f raw -o - {$zonename} " . CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed", $slave_file); } } else { - if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")) { - $slave_file = file(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB"); + if (file_exists(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview/$zonename.DB")) { + $slave_file = file(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview/$zonename.DB"); } } - // TODO is is_array() the best test to use? is it only checking for existence? + // TODO: is is_array() the best test to use? Is it only checking for existence? if (is_array($slave_file)) { foreach ($slave_file as $zfile) { $rsconfig .= $zfile; @@ -667,7 +665,7 @@ EOD; $write_config++; break; case 'forward': - // forwarder zone does not have a DB file + // Forwarder zone does not have a DB file $config['installedpackages']['bindzone']['config'][$x]['resultconfig'] = ''; $write_config++; break; @@ -683,18 +681,16 @@ EOD; $bind_conf .= "\t};\n\n"; } if ($write_config > 0) { - write_config("save result config file for zone on xml"); + write_config("BIND: Saved resulting config file for zone in xml"); } $bind_conf .= "};\n"; } $dirs = array("/etc/namedb/keys", "/var/run/named", "/var/dump", "/var/log", "/var/stats", "/dev"); foreach ($dirs as $dir) { - if (!is_dir(CHROOT_LOCALBASE.$dir)) { - mkdir(CHROOT_LOCALBASE.$dir, 0755, true); - } + safe_mkdir(CHROOT_LOCALBASE . $dir, 0755); } - // dev dirs for chroot - $bind_dev_dir = CHROOT_LOCALBASE."/dev"; + // Handle /dev dirs for chroot + $bind_dev_dir = CHROOT_LOCALBASE . "/dev"; if (!file_exists("$bind_dev_dir/random")) { $dev_dirs = array("null", "zero", "random", "urandom"); exec("/sbin/mount -t devfs devfs {$bind_dev_dir}", $dout); @@ -706,41 +702,40 @@ EOD; exec("/sbin/devfs -m {$bind_dev_dir} rule applyset", $dout); } // http://www.unixwiz.net/techtips/bind9-chroot.html - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file); + file_put_contents(CHROOT_LOCALBASE . '/etc/namedb/named.conf', $bind_conf); + file_put_contents(CHROOT_LOCALBASE . '/etc/namedb/rndc.conf', $rndc_file); - if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")) { + if (!file_exists(CHROOT_LOCALBASE . "/etc/namedb/named.root")) { // dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root" $named_root = file_get_contents("http://www.internic.net/domain/named.root"); - file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root", $named_root, LOCK_EX); + file_put_contents(CHROOT_LOCALBASE . "/etc/namedb/named.root", $named_root, LOCK_EX); } if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")) { - copy("/etc/localtime", CHROOT_LOCALBASE."/etc/localtime"); + copy("/etc/localtime", CHROOT_LOCALBASE . "/etc/localtime"); } bind_write_rcfile(); - chown(CHROOT_LOCALBASE."/etc/namedb/keys", "bind"); - chown(CHROOT_LOCALBASE."/etc/namedb", "bind"); - chown(CHROOT_LOCALBASE."/var/log", "bind"); - chown(CHROOT_LOCALBASE."/var/run/named", "bind"); - chgrp(CHROOT_LOCALBASE."/var/log", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/keys", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb", "bind"); + chown(CHROOT_LOCALBASE . "/var/log", "bind"); + chown(CHROOT_LOCALBASE . "/var/run/named", "bind"); + chgrp(CHROOT_LOCALBASE . "/var/log", "bind"); $bind_sh = "/usr/local/etc/rc.d/named.sh"; if ($bind_enable == "on") { chmod($bind_sh, 0755); - mwexec("{$bind_sh} restart"); + restart_service("named"); } elseif (is_service_running('named')) { - mwexec("{$bind_sh} stop"); + stop_service("named"); chmod($bind_sh, 0644); } - // sync to backup servers + // Sync to backup servers bind_sync_on_changes(); conf_mount_ro(); } -function bind_print_javascript_type_zone() -{ +function bind_print_javascript_type_zone() { ?> - <script language="JavaScript"> + <script type="text/javascript"> <!-- function on_type_zone_changed() { @@ -844,35 +839,33 @@ function bind_print_javascript_type_zone() <?php } -function bind_print_javascript_type_zone2() -{ - print("<script language=\"JavaScript\">on_type_zone_changed();document.iform.resultconfig.disabled = 1;document.iform.dsset.disabled = 1;</script>\n"); +function bind_print_javascript_type_zone2() { + print("<script language=\"text/javascript\">on_type_zone_changed(); document.iform.resultconfig.disabled = 1; document.iform.dsset.disabled = 1;</script>\n"); } -function bind_write_rcfile() -{ +function bind_write_rcfile() { global $config; $bind = $config['installedpackages']['bind']['config'][0]; $ip_version = ($bind['bind_ip_version'] ? $bind['bind_ip_version'] : ""); $rc = array(); $BIND_LOCALBASE = "/usr/local"; $rc['file'] = 'named.sh'; - // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } + // Curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $rc['start'] = <<<EOD - if [ -z "`ps auxw | grep "[n]amed {$ip_version} -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then + if [ -z "`/bin/ps auxw | /usr/bin/grep "[n]amed {$ip_version} -c /etc/namedb/named.conf" | /usr/bin/awk '{print $2}'`" ]; then {$BIND_LOCALBASE}/sbin/named {$ip_version} -c /etc/namedb/named.conf -u bind -t /cf/named/ fi EOD; $rc['stop'] = <<<EOD - killall -9 named 2>/dev/null + /usr/bin/killall -9 named 2>/dev/null sleep 2 EOD; // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $rc['restart'] = <<<EOD - if [ -z "`ps auxw | grep "[n]amed {$ip_version} -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then + if [ -z "`/bin/ps auxw | /usr/bin/grep "[n]amed {$ip_version} -c /etc/namedb/named.conf" | /usr/bin/awk '{print $2}'`" ]; then {$BIND_LOCALBASE}/sbin/named {$ip_version} -c /etc/namedb/named.conf -u bind -t /cf/named/ else - killall -9 named 2>/dev/null + /usr/bin/killall -9 named 2>/dev/null sleep 3 {$BIND_LOCALBASE}/sbin/named {$ip_version} -c /etc/namedb/named.conf -u bind -t /cf/named/ fi @@ -896,7 +889,7 @@ function bind_sync_on_changes() if (is_array($bind_sync['row'])) { $rs = $bind_sync['row']; } else { - log_error("[bind] xmlrpc sync is enabled but there is no hosts to push on bind config."); + log_error("[bind] XMLRPC sync is enabled but there are no hosts to push on BIND config."); return; } break; @@ -907,7 +900,7 @@ function bind_sync_on_changes() $rs[0]['username'] = $hasync['username']; $rs[0]['password'] = $hasync['password']; } else { - log_error("[bind] xmlrpc sync is enabled but there is no system backup hosts to push bind config."); + log_error("[bind] XMLRPC sync is enabled but there are no system backup hosts to push BIND config."); return; } break; @@ -916,7 +909,7 @@ function bind_sync_on_changes() break; } if (is_array($rs)) { - log_error("[bind] xmlrpc sync is starting."); + log_error("[bind] XMLRPC sync is starting."); foreach ($rs as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; @@ -929,7 +922,7 @@ function bind_sync_on_changes() bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $master_zone_ip); } } - log_error("[bind] xmlrpc sync is ending."); + log_error("[bind] XMLRPC sync is ending."); } } } @@ -955,14 +948,13 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m $synctimeout = 25; } - $xmlrpc_sync_neighbor = $sync_to_ip; if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ + /* If port is empty let's rely on the protocol selection */ if ($port == "") { if ($config['system']['webgui']['protocol'] == "http") { $port = "80"; @@ -972,7 +964,7 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m } $synchronizetoip .= $sync_to_ip; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync */ $xml = array(); $xml['bind'] = $config['installedpackages']['bind']; $xml['bindacls'] = $config['installedpackages']['bindacls']; @@ -981,7 +973,7 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m if (is_array($config['installedpackages']['dnsseckeys'])) { $xml['dnsseckeys'] = $config['installedpackages']['dnsseckeys']; } - //change master zone to slave on backup servers + // Change master zone to slave on backup servers if (is_array($xml['bindzone']["config"])) { for ($x = 0; $x < sizeof($xml['bindzone']["config"]); $x++) { if ($xml['bindzone']["config"][$x]['type'] == "master") { @@ -991,13 +983,13 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m } } - /* assemble xmlrpc payload */ + /* Assemble XMLRPC payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($xml) ); - /* set a few variables needed for sync code borrowed from filter.inc */ + /* Set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; log_error("[bind] Beginning bind XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; @@ -1007,10 +999,10 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m if ($g['debug']) { $cli->setDebug(1); } - /* send our XMLRPC message and timeout after defined sync timeout value*/ + /* Send our XMLRPC message and timeout after defined sync timeout value */ $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting BIND XMLRPC sync with {$url}:{$port}."; + $error = "A communication error occurred while attempting BIND XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } elseif ($resp->faultCode()) { @@ -1023,11 +1015,11 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m log_error("[bind] XMLRPC sync successfully completed with {$url}:{$port}."); } - /* tell bind to reload our settings on the destination sync host. */ + /* Tell bind to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/bind.inc');\n"; $execcmd .= "bind_sync('yes');"; - /* assemble xmlrpc payload */ + /* Assemble XMLRPC payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) @@ -1039,13 +1031,13 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting BIND XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + $error = "A communication error occurred while attempting BIND XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "Bind Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[Bind] An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code ".$resp->faultCode().": ".$resp->faultString(); + $error = "[bind] An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code ".$resp->faultCode().": ".$resp->faultString(); log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } else { diff --git a/config/bind/bind.widget.php b/config/bind/bind.widget.php index 1e8c0cc8..deae7ba6 100644 --- a/config/bind/bind.widget.php +++ b/config/bind/bind.widget.php @@ -1,28 +1,31 @@ <?php /* - Copyright 2013 Marcello Coutinho - Part of bind package for pfSense(www.pfsense.org) + bind.widget.php + part of pfSense (https://www.pfSense.org/) + Copyright 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ @require_once("guiconfig.inc"); @require_once("pfsense-utils.inc"); @@ -33,27 +36,22 @@ if ($uname['machine'] == 'amd64') { ini_set('memory_limit', '250M'); } -function open_table() -{ +function open_table() { echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"; - echo " <tr>"; + echo "<tr>"; } -function close_table() -{ - echo " </tr>"; +function close_table() { + echo "</tr>"; echo "</table>"; - } $pfb_table = array(); -$img['Sick'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>"; -$img['Healthy'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>"; - +$img['Sick'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif' alt='sick'>"; +$img['Healthy'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif' alt='healthy'>"; -#var_dump($pfb_table); -#exit; ?> + <div id='bind'><?php global $config; $rndc_bin = "/usr/local/sbin/rndc"; @@ -73,6 +71,7 @@ $img['Healthy'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_ ?> <script type="text/javascript"> + //<![CDATA[ function getstatus_bind() { var url = "/widgets/widgets/bind.widget.php"; var pars = 'getupdatestatus=yes'; @@ -89,4 +88,5 @@ $img['Healthy'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_ setTimeout('getstatus_postfix()', 5000); } getstatus_bind(); + //]]> </script> diff --git a/config/bind/bind.xml b/config/bind/bind.xml index c24bf351..0f6861fc 100644 --- a/config/bind/bind.xml +++ b/config/bind/bind.xml @@ -3,56 +3,50 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind.xml - part of pfSense (http://www.pfSense.com) - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + bind.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bind</name> - <version>1.0</version> - <title>Bind: Domain Named Settings</title> + <version>0.4.0</version> + <title>BIND: DNS Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> <menu> - <name>BIND Server</name> + <name>BIND DNS Server</name> <tooltiptext>Modify BIND settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=bind.xml</url> @@ -87,45 +81,36 @@ </tab> </tabs> - <!-- Installation --> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind_views.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind_zones.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind_acls.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/pkg_bind.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind.widget.php</item> </additional_files_needed> <fields> @@ -137,16 +122,24 @@ <field> <fielddescr>Enable BIND</fielddescr> <fieldname>enable_bind</fieldname> - <description><![CDATA[Enable BIND DNS server<br> - Disable DNS Forwarder and Resolver services on selected interfaces before enabling BIND.]]></description> + <description> + <![CDATA[ + Enable BIND DNS server<br /> + Disable DNS Forwarder and Resolver services on selected interfaces before enabling BIND. + ]]> + </description> <type>checkbox</type> <required/> </field> <field> <fielddescr>IP Version</fielddescr> <fieldname>bind_ip_version</fieldname> - <description><![CDATA[Select IP transport version.<br> - This controls which transports are used when resolving queries.]]></description> + <description> + <![CDATA[ + Select IP transport version.<br /> + This controls which transports are used when resolving queries. + ]]> + </description> <type>select</type> <options> <option><name>IPv4+IPv6</name><value></value></option> @@ -157,7 +150,7 @@ <field> <fielddescr>Listen on</fielddescr> <fieldname>listenon</fieldname> - <description><![CDATA[Choose the interfaces on which to enable BIND.]]></description> + <description>Choose the interfaces on which to enable BIND.</description> <type>interfaces_selection</type> <showlistenall/> <showvirtualips/> @@ -178,34 +171,42 @@ <field> <fielddescr>Limit Memory Use</fielddescr> <fieldname>bind_ram_limit</fieldname> - <description>Limits RAM use for DNS server, recommend 256M</description> + <description>Limits RAM use for DNS server (Recommended: 256M)</description> <type>input</type> <size>10</size> <default_value>256M</default_value> </field> <field> <type>listtopic</type> - <name>Logging options</name> + <name>Logging Options</name> <fieldname>temp01</fieldname> </field> <field> <fielddescr>Enable Logging</fielddescr> <fieldname>bind_logging</fieldname> - <description><![CDATA[Enable BIND logs under Status > System logs, Resolver tab.]]></description> + <description> + <![CDATA[ + Enable BIND logs under Status > System logs, Resolver tab. + ]]> + </description> <type>checkbox</type> </field> <field> - <fielddescr>Logging Serverity</fielddescr> + <fielddescr>Logging Severity</fielddescr> <fieldname>log_severity</fieldname> - <description><![CDATA[Choose logging level for selected categories.<BR> - The value 'dynamic' means assume the global level defined by either the command line parameter -d or by running rndc trace.]]></description> + <description> + <![CDATA[ + Choose logging level for selected categories.<br /> + The value 'dynamic' means assume the global level defined by either the command line parameter -d or by running rndc trace. + ]]> + </description> <type>select</type> <options> - <option><name>Critital</name><value>critical</value></option> + <option><name>Critical</name><value>critical</value></option> <option><name>Error</name><value>error</value></option> <option><name>Warning</name><value>warning</value></option> <option><name>Notice</name><value>Notice</value></option> - <option><name>info</name><value>info</value></option> + <option><name>Info</name><value>info</value></option> <option><name>Debug level 1</name><value>debug 1</value></option> <option><name>Debug level 3</name><value>debug 3</value></option> <option><name>Debug level 5</name><value>debug 5</value></option> @@ -215,27 +216,82 @@ <field> <fielddescr>Logging Options</fielddescr> <fieldname>log_options</fieldname> - <description><![CDATA[Select categories to log.<BR> - use CTRL+click to select/unselect.]]></description> + <description> + <![CDATA[ + Select categories to log.<br /> + (Use CTRL + click to select/unselect. + ]]> + </description> <type>select</type> <options> - <option><name>Default-if this is the only category selected, it will log all categories except queries</name><value>default</value></option> - <option><name>General-Anything that is not classified as any other item in this list defaults to this category</name><value>general</value></option> - <option><name>Database-The value 'dynamic' means assume the global level defined by either the command line parameter -d or by running rndc trace</name><value>database</value></option> - <option><name>Security-Approval and denial of requests</name><value>security</value></option> - <option><name>Config-Configuration file parsing and processing</name><value>config</value></option> - <option><name>Resolver-Name resolution including recursive lookups</name><value>resolver</value></option> - <option><name>Xfer-in-Details of zone transfers the server is receiving.</name><value>xfer-in</value></option> - <option><name>Xfer-out-Details of zone transfers the server is sending.</name><value>xfer-out</value></option> - <option><name>Notify-Logs all NOTIFY operations.</name><value>notify</value></option> - <option><name>Client-Processing of client requests</name><value>client</value></option> - <option><name>Unmatched-No matching view clause or unrecognized class value.</name><value>unmatched</value></option> - <option><name>Queries-Logs all query transactions</name><value>queries</value></option> - <option><name>Network-Logs all network operations</name><value>network</value></option> - <option><name>Update-Logging of all dynamic update (DDNS) transactions</name><value>update</value></option> - <option><name>Dispatch-Dispatching of incoming packets to the server modules</name><value>dispatch</value></option> - <option><name>DNSSEC-DNSSEC and TSIG protocol processing</name><value>dnssec</value></option> - <option><name>lame-servers-Mis-configuration in the delegation of domains discovered by BIND</name><value>lame-servers</value></option> + <option> + <name>Default - If this is the only category selected, it will log all categories except queries.</name> + <value>default</value> + </option> + <option> + <name>General - Anything that is not classified as any other item in this list defaults to this category.</name> + <value>general</value> + </option> + <option> + <name>Database - Messages relating to the databases used internally by the name server to store zone and cache data.</name> + <value>database</value> + </option> + <option> + <name>Security - Approval and denial of requests.</name> + <value>security</value> + </option> + <option> + <name>Config - Configuration file parsing and processing.</name> + <value>config</value> + </option> + <option> + <name>Resolver - Name resolution including recursive lookups.</name> + <value>resolver</value> + </option> + <option> + <name>Xfer-in - Details of zone transfers the server is receiving.</name> + <value>xfer-in</value> + </option> + <option> + <name>Xfer-out - Details of zone transfers the server is sending.</name> + <value>xfer-out</value> + </option> + <option> + <name>Notify - Logs all NOTIFY operations.</name> + <value>notify</value> + </option> + <option> + <name>Client - Processing of client requests.</name> + <value>client</value> + </option> + <option> + <name>Unmatched - No matching view clause or unrecognized class value.</name> + <value>unmatched</value> + </option> + <option> + <name>Queries - Logs all query transactions.</name> + <value>queries</value> + </option> + <option> + <name>Network - Logs all network operations.</name> + <value>network</value> + </option> + <option> + <name>Update - Logging of all dynamic update (DDNS) transactions.</name> + <value>update</value> + </option> + <option> + <name>Dispatch - Dispatching of incoming packets to the server modules.</name> + <value>dispatch</value> + </option> + <option> + <name>DNSSEC - DNSSEC and TSIG protocol processing.</name> + <value>dnssec</value> + </option> + <option> + <name>lame-servers - Misconfiguration in the delegation of domains discovered by BIND.</name> + <value>lame-servers</value> + </option> </options> <multiple/> <size>18</size> @@ -248,8 +304,12 @@ <field> <fielddescr>Rate Limit</fielddescr> <fieldname>rate_enabled</fieldname> - <description><![CDATA[<a target=_new href='https://kb.isc.org/article/AA-01000/189/A-Quick-Introduction-to-Response-Rate-Limiting.html?utm_source=isc&utm_medium=website&utm_term=rrl-kb&utm_content=kbarticle&utm_campaign=bind994_release_091913'> - Limit/rate response queries</a> to prevent DOS attack.]]></description> + <description> + <![CDATA[ + See <a href='https://kb.isc.org/article/AA-01000/189/A-Quick-Introduction-to-Response-Rate-Limiting.html'>A Quick Introduction to Response Rate Limiting</a> + to prevent DOS attack. + ]]> + </description> <type>checkbox</type> <enablefields>rate_limit,log_only</enablefields> </field> @@ -266,29 +326,30 @@ <field> <fielddescr>Limit</fielddescr> <fieldname>rate_limit</fieldname> - <description>Set rate limit. Default to 15.</description> + <description>Set rate limit. (Default: 15)</description> <type>input</type> <size>10</size> </field> <field> <type>listtopic</type> - <name>Forwarder Config</name> + <name>Forwarder Configuration</name> <fieldname>temp01</fieldname> </field> <field> <fielddescr>Enable Forwarding</fielddescr> <fieldname>bind_forwarder</fieldname> - <description>Enable forwarding queries to other DNS servers listed below rather than this server - performing its own recursion. - </description> + <description>Enable forwarding queries to other DNS servers listed below rather than this server performing its own recursion.</description> <type>checkbox</type> <enablefields>bind_forwarder_ips</enablefields> </field> <field> <fielddescr>Forwarder IPs</fielddescr> <fieldname>bind_forwarder_ips</fieldname> - <description>Enter IPs of DNS servers to use for recursion. Separate by semi-colons (;). Applies - only if Enable Forwarding is chosen. + <description> + <![CDATA[ + Enter IPs of DNS servers to use for recursion. Separate by semi-colons (;).<br /> + Applies only if Enable Forwarding is chosen. + ]]> </description> <type>input</type> <size>80</size> @@ -302,8 +363,10 @@ <fielddescr>Custom Options</fielddescr> <fieldname>bind_custom_options</fieldname> <description> - <![CDATA[You can put your own custom options here, one per line.<br> - They'll be added to the configuration. They need to be named.conf native options.]]> + <![CDATA[ + You can put your own custom options here, one per line. They'll be added to the configuration.<br /> + They need to be <a href="http://www.freebsd.org/cgi/man.cgi?query=named.conf&apropos=0&sektion=0&manpath=FreeBSD+10.1-RELEASE+and+Ports&arch=default&format=html"named.conf</a> native settings. + ]]> </description> <type>textarea</type> <cols>65</cols> @@ -319,8 +382,10 @@ <fielddescr>Global Settings</fielddescr> <fieldname>bind_global_settings</fieldname> <description> - <![CDATA[You can put your own global settings here.<br> - They'll be added to the configuration. They need to be named.conf native settings.]]> + <![CDATA[ + You can put your own global settings here. They'll be added to the configuration.<br /> + They need to be <a href="http://www.freebsd.org/cgi/man.cgi?query=named.conf&apropos=0&sektion=0&manpath=FreeBSD+10.1-RELEASE+and+Ports&arch=default&format=html"named.conf</a> native settings. + ]]> </description> <type>textarea</type> <cols>65</cols> @@ -328,21 +393,10 @@ <encoding>base64</encoding> </field> </fields> - <custom_php_after_head_command> - </custom_php_after_head_command> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_validation_command> - </custom_php_validation_command> <custom_php_resync_config_command> bind_sync(); </custom_php_resync_config_command> <custom_php_install_command> bind_write_rcfile(); </custom_php_install_command> - <custom_php_deinstall_command> - </custom_php_deinstall_command> - <filter_rules_needed></filter_rules_needed> </packagegui> diff --git a/config/bind/bind_acls.xml b/config/bind/bind_acls.xml index 49794a69..49ca1631 100644 --- a/config/bind/bind_acls.xml +++ b/config/bind/bind_acls.xml @@ -1,61 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind_acls.xml - part of pfSense (http://www.pfSense.com) - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + bind_acls.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bindacls</name> - <version>0.1.0</version> + <version>0.4.0</version> <title>BIND: ACLs Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> - <menu> - <name>BIND Server</name> - <tooltiptext></tooltiptext> - <section>Services</section> - <configfile>bind.xml</configfile> - </menu> <tabs> <tab> <text>Settings</text> @@ -91,13 +80,11 @@ </columnitem> <movable>on</movable> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>ACL Name</fielddescr> <fieldname>name</fieldname> - <description>Enter name ACL.</description> + <description>Enter name of the ACL.</description> <type>input</type> <required/> </field> @@ -108,8 +95,8 @@ <type>input</type> </field> <field> - <fielddescr>Enter IP or range block network.</fielddescr> - <description>Leave blank to allow All</description> + <fielddescr>Enter IP or network range block.</fielddescr> + <description>Leave blank to allow All.</description> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> @@ -128,10 +115,6 @@ </rowhelper> </field> </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> <custom_php_resync_config_command> bind_sync(); </custom_php_resync_config_command> diff --git a/config/bind/bind_sync.xml b/config/bind/bind_sync.xml index 97fdad81..91d713e3 100644 --- a/config/bind/bind_sync.xml +++ b/config/bind/bind_sync.xml @@ -1,49 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind_sync.xml - part of the Bind package for pfSense - Copyright (C) 2013 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + bind_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bindsync</name> - <version>1.0</version> - <title>Bind: XMLRPC Sync</title> + <version>0.4.0</version> + <title>BIND: XMLRPC Sync</title> <include_file>/usr/local/pkg/bind.inc</include_file> <tabs> <tab> @@ -74,9 +75,9 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync bind configuration changes</fielddescr> + <fielddescr>Automatically Sync BIND Configuration Changes</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for bind.</description> + <description>Select a sync method for BIND.</description> <type>select</type> <required/> <default_value>auto</default_value> @@ -87,7 +88,7 @@ </options> </field> <field> - <fielddescr>Sync timeout</fielddescr> + <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> <description>Select sync max wait time</description> <type>select</type> @@ -104,8 +105,12 @@ <field> <fielddescr>Zone Master IP</fielddescr> <fieldname>masterip</fieldname> - <description><![CDATA[Set master zone ip you want to use to sync backup server zones with master.<br> - <b>All master zones will be configured as backup on slave servers.<b>]]></description> + <description> + <![CDATA[ + Set master zone ip you want to use to sync backup server zones with master.<br /> + <strong>Note: All master zones will be configured as backup on slave servers.</strong> + ]]> + </description> <type>input</type> <size>20</size> <required/> @@ -114,15 +119,18 @@ <fielddescr>Remote Server</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> - <description><![CDATA[<b>Do not forget to:</b><br> - Create firewall rules to allow zone transfer between master and slave servers.<br> - Create a acls with these slave servers.<br> - Include created acl on allow-transfer option on zone config.]]></description> + <description><![CDATA[ + <strong>Do not forget to:</strong><br /> + Create firewall rules to allow zone transfer between master and slave servers.<br /> + Create ACLs with these slave servers.<br /> + Include created ACLs on allow-transfer option on zone config. + ]]> + </description> <rowhelper> <rowhelperfield> <fielddescr>IP Address</fielddescr> <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> + <description>IP Address of remote server.</description> <type>input</type> <size>20</size> </rowhelperfield> @@ -136,8 +144,4 @@ </rowhelper> </field> </fields> - <custom_php_validation_command> - </custom_php_validation_command> - <custom_php_resync_config_command> - </custom_php_resync_config_command> </packagegui> diff --git a/config/bind/bind_views.xml b/config/bind/bind_views.xml index 7d38f481..29bf9bb3 100644 --- a/config/bind/bind_views.xml +++ b/config/bind/bind_views.xml @@ -1,61 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind_zone.xml - part of pfSense (http://www.pfSense.com) - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + bind_views.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bindviews</name> - <version>0.1.0</version> - <title>Bind: Views Settings</title> + <version>0.4.0</version> + <title>BIND: Views Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> - <menu> - <name>BIND Server</name> - <tooltiptext></tooltiptext> - <section>Services</section> - <configfile>bind.xml</configfile> - </menu> <tabs> <tab> <text>Settings</text> @@ -108,10 +97,12 @@ <field> <fielddescr>Recursion</fielddescr> <fieldname>recursion</fieldname> - <description>A recursive query occurs when your DNS server is queried for a domain that it - currently knows nothing about, in which case it will try to resolve the given host by - performing further queries (eg by starting at the root servers and working out, or by - simply passing the request to yet another DNS server). + <description> + <![CDATA[ + A recursive query occurs when your DNS server is queried for a domain that it currently knows nothing about, + in which case it will try to resolve the given host by performing further queries + (e.g. by starting at the root servers and working out, or by simply passing the request to yet another DNS server). + ]]> </description> <type>select</type> <options> @@ -120,11 +111,13 @@ </options> </field> <field> - <fielddescr>Match-clients</fielddescr> + <fielddescr>match-clients</fielddescr> <fieldname>match-clients</fieldname> - <description>If either or both of match-clients are missing they default to any (all hosts - match). The match-clients statement defines the address_match_list for the source IP - address of the incoming messages. + <description> + <![CDATA[ + If either or both of match-clients are missing they default to any (all hosts match).<br /> + The match-clients statement defines the address_match_list for the source IP address of the incoming messages. + ]]> </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> @@ -134,10 +127,13 @@ <size>03</size> </field> <field> - <fielddescr>Allow-recursion</fielddescr> + <fielddescr>allow-recursion</fielddescr> <fieldname>allow-recursion</fieldname> - <description>For example, if you have one DNS server serving your local network, you may want - all of your local computers to use your DNS server. + <description> + <![CDATA[ + For example, if you have one DNS server serving your local network, you may want + all of your local computers to use your DNS server. + ]]> </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> @@ -154,18 +150,13 @@ <field> <fielddescr>Custom Options</fielddescr> <fieldname>bind_custom_options</fieldname> - <description>You can put your own custom options here, separated by semi-colons (;). - </description> + <description>You can put your own custom options here, separated by semi-colons (;).</description> <type>textarea</type> <cols>65</cols> <rows>8</rows> <encoding>base64</encoding> </field> </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> <custom_php_resync_config_command> bind_sync(); </custom_php_resync_config_command> diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index c289ddd3..50f852c3 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -1,61 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind_zone.xml - part of pfSense (http://www.pfSense.com) - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + bind_zones.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bindzone</name> <version>none</version> <title>BIND: Zones Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> - <menu> - <name>BIND Server</name> - <tooltiptext></tooltiptext> - <section>Services</section> - <configfile>bind.xml</configfile> - </menu> <tabs> <tab> <text>Settings</text> @@ -116,17 +105,21 @@ <fieldname>temp01</fieldname> </field> <field> - <fielddescr>Disable this zone</fielddescr> + <fielddescr>Disable This Zone</fielddescr> <fieldname>disabled</fieldname> - <description><![CDATA[Do not include this zone in BIND config files.]]></description> + <description>Do not include this zone in BIND config files.</description> <type>checkbox</type> </field> <field> <fielddescr>Zone Name</fielddescr> <fieldname>name</fieldname> - <description><![CDATA[Enter the name for zone (e.g. example.com)<br> - For reverse zones, include zone IP in reverse order. (e.g. 1.168.192)<br> - IN-ADDR.ARPA will be automaticaly included in config files when reverse zone option is checked.]]></description> + <description> + <![CDATA[ + Enter the name for this zone (e.g. example.com)<br /> + For reverse zones, include zone IP in reverse order. (e.g. 1.168.192)<br /> + <strong>Note: IN-ADDR.ARPA will be automaticaly included in config files when reverse zone option is checked.</strong> + ]]> + </description> <type>input</type> <required/> </field> @@ -140,7 +133,7 @@ <field> <fielddescr>Zone Type</fielddescr> <fieldname>type</fieldname> - <description><![CDATA[Select zone type.]]></description> + <description>Select zone type.</description> <type>select</type> <options> <option><name>Master</name><value>master</value><enablefields>description</enablefields></option> @@ -154,7 +147,7 @@ <field> <fielddescr>View</fielddescr> <fieldname>view</fieldname> - <description><![CDATA[Select(CTRL+click) views that this zone will belong.]]></description> + <description>Select (CTRL+click) the views that this zone will belong to.</description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindviews']['config']]]></source> <source_name>name</source_name> @@ -165,14 +158,14 @@ <field> <fielddescr>Reverse Zone</fielddescr> <fieldname>reverso</fieldname> - <description>Enable if this is a reverse zone.</description> + <description>Check if this is a reverse zone.</description> <type>checkbox</type> <enablefields>reversv6o</enablefields> </field> <field> <fielddescr>IPv6 Reverse Zone</fielddescr> <fieldname>reversv6o</fieldname> - <description>Enable if this is a IPv6 reverse zone. Reverse Zone must also be enabled.</description> + <description>Check if this is an IPv6 reverse zone. Reverse Zone must also be enabled.</description> <type>checkbox</type> </field> <field> @@ -193,20 +186,28 @@ <fielddescr>Inline Signing</fielddescr> <fieldname>dnssec</fieldname> <enablefields>backupkeys</enablefields> - <description><![CDATA[<a target=_new href='https://kb.isc.org/article/AA-00626/109/Inline-Signing-in-ISC-BIND-9.9.0-Examples.html'>Enable inline DNSSEC signing</a> for this zone.]]></description> + <description> + <![CDATA[ + <a href="https://kb.isc.org/article/AA-00626/109/Inline-Signing-in-ISC-BIND-9.9.0-Examples.html">Enable inline DNSSEC signing</a> for this zone. + ]]> + </description> <type>checkbox</type> </field> <field> - <fielddescr>backup keys</fielddescr> + <fielddescr>Backup Keys</fielddescr> <fieldname>backupkeys</fieldname> - <description><![CDATA[Enable this option to include all DNSSEC key files on XML.]]></description> + <description>Enable this option to include all DNSSEC key files in XML.</description> <type>checkbox</type> </field> <field> <fielddescr>DSSET</fielddescr> <fieldname>dsset</fieldname> - <description><![CDATA[Digest fingerprint of the Key Signing Key for this zone.<br> - Upload this DSSET to your domain root server.]]></description> + <description> + <![CDATA[ + Digest fingerprint of the Key Signing Key for this zone.<br /> + Upload this DSSET to your domain root server. + ]]> + </description> <type>textarea</type> <cols>75</cols> <rows>3</rows> @@ -220,8 +221,7 @@ <field> <fielddescr>Master Zone IP</fielddescr> <fieldname>slaveip</fieldname> - <description>If this is a slave zone, enter the IP address of the master DNS server. - </description> + <description>If this is a slave zone, enter the IP address of the master DNS server.</description> <type>input</type> </field> <field> @@ -236,7 +236,6 @@ <type>input</type> <size>70</size> </field> - <field> <type>listtopic</type> <name>Master Zone Configuration</name> @@ -245,20 +244,23 @@ <field> <fielddescr>TLL</fielddescr> <fieldname>tll</fieldname> - <description>Default expiration time of all resource records without their own TTL value - </description> + <description>Default expiration time of all resource records without their own TTL value.</description> <type>input</type> </field> <field> <fielddescr>Name Server</fielddescr> <fieldname>nameserver</fieldname> - <description>Enter nameserver for this zone</description> + <description>Enter nameserver for this zone.</description> <type>input</type> </field> <field> <fielddescr>Base Domain IP</fielddescr> <fieldname>ipns</fieldname> - <description>Enter IP address for base domain lookup. Ex: nslookup mydomain.com</description> + <description> + <![CDATA[ + Enter IP address for base domain lookup. (Meaning, what IP should <em>nslookup mydomain.com</em> return.) + ]]> + </description> <type>input</type> </field> <field> @@ -270,42 +272,47 @@ <field> <fielddescr>Serial</fielddescr> <fieldname>serial</fieldname> - <description>Parsed value for the slave to update the DNS zone</description> + <description>Parsed value for the slave to update the DNS zone.</description> <type>input</type> </field> <field> <fielddescr>Refresh</fielddescr> <fieldname>refresh</fieldname> - <description>Slave refresh (1 day)</description> + <description>Slave refresh (Default: 1 day)</description> <type>input</type> <default_value>1d</default_value> </field> <field> <fielddescr>Retry</fielddescr> <fieldname>retry</fieldname> - <description>Slave retry time in case of a problem (2 hours)</description> + <description>Slave retry time in case of a problem (Default: 2 hours)</description> <type>input</type> <default_value>2h</default_value> </field> <field> <fielddescr>Expire</fielddescr> <fieldname>expire</fieldname> - <description>Slave expiration time (4 weeks)</description> + <description>Slave expiration time (Default: 4 weeks)</description> <type>input</type> <default_value>4w</default_value> </field> <field> <fielddescr>Minimum</fielddescr> <fieldname>minimum</fieldname> - <description>Maximum caching time in case of failed lookups (1 hour)</description> + <description>Maximum caching time in case of failed lookups (Default: 1 hour)</description> <type>input</type> <default_value>1h</default_value> </field> <field> - <fielddescr>Allow-update</fielddescr> + <fielddescr>allow-update</fielddescr> <fieldname>allowupdate</fieldname> - <description><![CDATA[Select(CTRL+click) who are allowed to send updates to this zone.<br> - Allow-update defines a match list eg IP address(es) that are allowed to submit dynamic updates for 'master' zones, ie it enables Dynamic DNS (DDNS).]]></description> + <description> + <![CDATA[ + Select(CTRL+click) who is allowed to send updates to this zone.<br /> + The allow-update statement defines a match list of IP address(es) that are allowed + to submit dynamic updates for 'master' zones - i.e., it enables Dynamic DNS (DDNS). + ]]> + </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> <source_name>name</source_name> @@ -314,26 +321,38 @@ <size>03</size> </field> <field> - <fielddescr>Enable Update-policy</fielddescr> + <fielddescr>Enable update-policy</fielddescr> <fieldname>enable_updatepolicy</fieldname> - <description><![CDATA[Enable Update-policy which overrides Allow-update.<br> - The update-policy statement replaces the allow-update statement.]]></description> + <description> + <![CDATA[ + Enable update-policy which overrides allow-update.<br /> + The update-policy statement replaces the allow-update statement. + ]]> + </description> <type>checkbox</type> <enablefields>updatepolicy</enablefields> </field> <field> - <fielddescr>Update-policy</fielddescr> + <fielddescr>update-policy</fielddescr> <fieldname>updatepolicy</fieldname> - <description><![CDATA[Update-policy defines the policy for submitting dynamic updates to 'master' zones.<br> - Do not include the surrounding { } when using multiple statements]]></description> + <description> + <![CDATA[ + The update-policy statement defines the policy for submitting dynamic updates to 'master' zones.<br /> + <strong>Note: Do NOT include the surrounding { } when using multiple statements!</strong> + ]]> + </description> <type>input</type> <size>75</size> </field> <field> - <fielddescr>Allow-query</fielddescr> + <fielddescr>allow-query</fielddescr> <fieldname>allowquery</fieldname> - <description><![CDATA[Select(CTRL+click) who are allowed to query this zone.<br> - Allow-query defines an match list of IP address(es) which are allowed to issue queries to the server.]]></description> + <description> + <![CDATA[ + Select (CTRL+click) who is allowed to query this zone.<br /> + The allow-query statement defines a match list of IP address(es) which are allowed to issue queries to the server. + ]]> + </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> <source_name>name</source_name> @@ -342,10 +361,20 @@ <size>03</size> </field> <field> - <fielddescr>Allow-transfer</fielddescr> + <fielddescr>allow-transfer</fielddescr> <fieldname>allowtransfer</fieldname> - <description><![CDATA[Select(CTRL+click) who are allowed to copy this zone.<br> - Allow-transfer defines a match list eg IP address(es) that are allowed to transfer (copy) the zone information from the server (master or slave for the zone). While on its face this may seem an excessively friendly default, DNS data is essentially public (that's why its there) and the bad guys can get all of it anyway. However if the thought of anyone being able to transfer your precious zone file is repugnant, or (and this is far more significant) you are concerned about possible DoS attack initiated by XFER requests, then use the following policy.]]></description> + <description> + <![CDATA[ + Select (CTRL+click) who is allowed to copy this zone.<br /> + The allow-transfer statement defines a match list of IP address(es) that are allowed to transfer + (copy) the zone information from the server (master or slave for the zone). While on its face this may + seem an excessively friendly default, DNS data is essentially public (that's why its there) and the bad guys + can get all of it anyway.<br /><br /> + However, if the thought of anyone being able to transfer your precious zone file is repugnant, or + (and this is far more significant) you are concerned about possible DoS attack initiated by XFER requests, + then you should use the following policy. + ]]> + </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> <source_name>name</source_name> @@ -359,26 +388,30 @@ <fieldname>temp02</fieldname> </field> <field> - <fielddescr>Enter Domain records.</fielddescr> - <description><![CDATA[<b>"Record"</b> is the name or last octet of IP. Example: www or pop<br> - <b>"Type"</b> is the type of the record Sample: A CNAME MX NS<br> - <b>"Priority"</b> in used only in mx records to define its priority<br> - <b>"Alias or IP address"</b> is the destination host or ip address.<br><br> - You can order elements on this list with drag and drop between columns.]]></description> + <fielddescr>Enter Domain Records</fielddescr> + <description> + <![CDATA[ + <strong>"Record"</strong> is the name or last octet of an IP. (Example: www, pop, smtp)<br /> + <strong>"Type"</strong> is the type of the record. (Example: A, CNAME, MX, NS)<br /> + <strong>"Priority"</strong> is used only in MX records to define their priority.<br /> + <strong>"Alias or IP address"</strong> is the destination host or IP address.<br /><br /> + Note: You can order the elements on this list with drag and drop. + ]]> + </description> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> <rowhelperfield> <fielddescr>Record</fielddescr> <fieldname>hostname</fieldname> - <description>Enter the Host Name (ex: www)</description> + <description>Enter the Host Name (Example: www)</description> <type>input</type> <size>10</size> </rowhelperfield> <rowhelperfield> <fielddescr>Type</fielddescr> <fieldname>hosttype</fieldname> - <description>Select Type Host</description> + <description>Select record type for this host.</description> <type>select</type> <options> <option><name>A</name><value>A</value></option> @@ -397,15 +430,14 @@ <rowhelperfield> <fielddescr>Priority</fielddescr> <fieldname>hostvalue</fieldname> - <description>MX 10 or 20</description> + <description>Priority for MX record. (Example: 10 or 20)</description> <type>input</type> <size>3</size> </rowhelperfield> <rowhelperfield> <fielddescr>Alias or IP address</fielddescr> <fieldname>hostdst</fieldname> - <description>Enter the IP address or FQDN destination for domain MX (ex: 10.31.11.1 or mail.example.com) - </description> + <description>Enter the IP address or FQDN destination for domain's MX (Example: 10.31.11.1 or mail.example.com)</description> <type>input</type> <size>35</size> </rowhelperfield> @@ -414,22 +446,24 @@ </field> <field> <fieldname>regdhcpstatic</fieldname> - <fielddescr>Register DHCP static mappings</fielddescr> - <description>If this option is set, then DHCP static mappings will be registered in DNS, so that - their name can be resolved. - </description> + <fielddescr>Register DHCP Static Mappings</fielddescr> + <description>If this option is set, then DHCP static mappings will be registered in DNS, so that their name can be resolved.</description> <type>checkbox</type> </field> <field> <type>listtopic</type> - <name>Custom Zone Domain records</name> + <name>Custom Zone Domain Records</name> <fieldname>temp02</fieldname> </field> <field> <fielddescr></fielddescr> <fieldname>customzonerecords</fieldname> - <description><![CDATA[Paste any custom zone records to include in this zone.<br> - This can be used for a fast migration setup.]]></description> + <description> + <![CDATA[ + Paste any custom zone records to include in this zone.<br /> + This can be used for a fast migration setup. + ]]> + </description> <type>textarea</type> <cols>84</cols> <rows>10</rows> @@ -439,7 +473,7 @@ </field> <field> <type>listtopic</type> - <name>Resulting zone config file</name> + <name>Resulting Zone Config File</name> </field> <field> <fielddescr></fielddescr> @@ -459,13 +493,13 @@ <custom_php_after_head_command> bind_print_javascript_type_zone(); </custom_php_after_head_command> - <custom_php_command_before_form> - </custom_php_command_before_form> <custom_php_validation_command> - if ($_POST['type']=="master" and $_POST['serial']=="") { - $_POST['serial']=(date("U")+ 1000000000); + <![CDATA[ + if ($_POST['type'] == "master" and $_POST['serial'] == "") { + $_POST['serial'] = date("U") + 1000000000); } bind_zone_validate($_POST, $input_errors); + ]]> </custom_php_validation_command> <custom_delete_php_command> bind_sync(); |