diff options
| -rw-r--r-- | config/bind/bind.inc | 24 | ||||
| -rw-r--r-- | config/bind/bind.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml | 4 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 4 |
4 files changed, 20 insertions, 14 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 3aec31ab..156e9eb8 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -43,7 +43,7 @@ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) define('BIND_LOCALBASE', '/usr/pbi/bind-' . php_uname("m")); else - define('BIND_LOCALBASE','/usr/local'); + define('BIND_LOCALBASE','/usr/local'); define('CHROOT_LOCALBASE','/cf/named'); @@ -95,8 +95,7 @@ function bind_zone_validate($post, $input_errors){ } } - function bind_sync(){ - +function bind_sync(){ global $config; conf_mount_rw(); //create rndc @@ -164,8 +163,8 @@ EOD; } //check ips to listen on if (preg_match("/All/",$bind['listenon'])){ - $bind_listenonv6="Any;"; - $bind_listenon="Any;"; + $bind_listenonv6="any;"; + $bind_listenon="any;"; } else{ $bind_listenonv6=""; @@ -198,7 +197,7 @@ EOD; if ($bind_notify == on) $bind_conf .="\t\tnotify yes;\n"; if ($hide_version == on) - $bind_conf .="\t\tversion \"N/A\";\n"; + $bind_conf .="\t\tversion none;\n"; $bind_conf .= preg_replace("/^/m","\t\t",$custom_options); $bind_conf .= "\n\t};\n\n"; @@ -245,15 +244,22 @@ EOD; #Config Zone domain if(!is_array($config["installedpackages"]["bindacls"]) || !is_array($config["installedpackages"]["bindacls"]["config"])){ - $config["installedpackages"]["bindacls"]["config"][] =array("name"=>"any","description"=>"Default Access list","row" => array("value"=> "","description"=>"")); - write_config("Create Default bind acl 'Any'"); + $config["installedpackages"]["bindacls"]["config"][] = + array("name"=>"none","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); + $config["installedpackages"]["bindacls"]["config"][] = + array("name"=>"any","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); + $config["installedpackages"]["bindacls"]["config"][] = + array("name"=>"localhost","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); + $config["installedpackages"]["bindacls"]["config"][] = + array("name"=>"localnets","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); + write_config("Create BIND Built-in ACLs"); } $bindacls = $config["installedpackages"]["bindacls"]["config"]; for ($i=0; $i<sizeof($bindacls); $i++) { $aclname = $bindacls[$i]['name']; $aclhost = $bindacls[$i]['row']; - if($aclname != "any"){ + if($aclname != "none" && $aclname != "any" && $aclname != "localhost" && $aclname != "localnets"){ $bind_conf .= "acl \"$aclname\" {\n"; for ($u=0; $u<sizeof($aclhost); $u++) { diff --git a/config/bind/bind.xml b/config/bind/bind.xml index 76fdf523..2f16b966 100644 --- a/config/bind/bind.xml +++ b/config/bind/bind.xml @@ -160,7 +160,7 @@ <field> <fielddescr>Hide Version</fielddescr> <fieldname>bind_hide_version</fieldname> - <description>Hide the version of BIND, this prevents discover the version of our servers, use any exploit that exploits a vulnerability in Bind.</description> + <description>Hide the version of BIND (do not process queries to version.bind at all). This makes it more difficult to exploit the server.</description> <type>checkbox</type> </field> <field> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index aca3f3b3..83cf50ca 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1591,7 +1591,7 @@ <config_file>http://www.pfsense.com/packages/config/unbound/unbound.xml</config_file> <configurationfile>unbound.xml</configurationfile> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package>unbound-1.4.21_1.tbz</depends_on_package> + <depends_on_package>unbound-1.4.21_3.tbz</depends_on_package> <depends_on_package>ldns-1.6.16.tbz</depends_on_package> <depends_on_package>expat-2.0.1_2.tbz</depends_on_package> <depends_on_package>libevent-1.4.14b_2.tbz</depends_on_package> @@ -1603,7 +1603,7 @@ <ports_before>dns/ldns textproc/expat2 devel/libevent2</ports_before> <port>dns/unbound</port> </build_pbi> - <depends_on_package_pbi>unbound-1.4.21_1-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>unbound-1.4.21_3-i386.pbi</depends_on_package_pbi> <build_options>unbound_UNSET_FORCE=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> <logging> <facilityname>unbound</facilityname> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 05ce8f0c..b3237430 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1578,7 +1578,7 @@ <config_file>http://www.pfsense.com/packages/config/unbound/unbound.xml</config_file> <configurationfile>unbound.xml</configurationfile> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package>unbound-1.4.21_1.tbz</depends_on_package> + <depends_on_package>unbound-1.4.21_3.tbz</depends_on_package> <depends_on_package>ldns-1.6.16.tbz</depends_on_package> <depends_on_package>expat-2.0.1_2.tbz</depends_on_package> <depends_on_package>libevent-1.4.14b_2.tbz</depends_on_package> @@ -1590,7 +1590,7 @@ <ports_before>dns/ldns textproc/expat2 devel/libevent2</ports_before> <port>dns/unbound</port> </build_pbi> - <depends_on_package_pbi>unbound-1.4.21_1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>unbound-1.4.21_3-amd64.pbi</depends_on_package_pbi> <build_options>unbound_UNSET_FORCE=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> <logging> <facilityname>unbound</facilityname> |