aboutsummaryrefslogtreecommitdiffstats
path: root/config/unbound/unbound.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/unbound/unbound.inc')
-rw-r--r--config/unbound/unbound.inc121
1 files changed, 114 insertions, 7 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index f622bd71..292a2ae6 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -72,7 +72,7 @@ function unbound_initial_setup() {
*
*/
if(!isset($unbound_config['active_interface'])) {
- if(count($config['interfaces']) > 1)
+ if (count($config['interfaces']) > 1)
$unbound_config['active_interface'] = "lan";
else
$unbound_config['active_interface'] = "wan";
@@ -198,6 +198,11 @@ function unbound_control($action) {
if($unbound_config['unbound_status'] == "on") {
if(!is_service_running("unbound"))
unbound_ctl_exec("start");
+ /* Link dnsmasq.pid to prevent dhcpleases logging error */
+ if (!is_link("/var/run/dnsmasq.pid")) {
+ @unlink("/var/run/dnsmasq.pid");
+ mwexec("/bin/ln -s /var/run/unbound.pid /var/run/dnsmasq.pid");
+ }
fetch_root_hints();
}
break;
@@ -298,6 +303,71 @@ function unbound_get_network_interface_addresses() {
return $unbound_interfaces;
}
+function unbound_get_query_interface_addresses() {
+ global $config;
+
+ $interfaces = $config['interfaces'];
+ $unbound_config = $config['installedpackages']['unbound']['config'][0];
+ /* If no query interface is configured then just return false */
+ if (empty($unbound_config['query_interface']))
+ return false;
+ else
+ $unboundint = explode(",", $unbound_config['query_interface']);
+ $unbound_interfaces = array();
+ $i = 0;
+
+ foreach ($unboundint as $unboundidx => $unboundif) {
+ /* Configure IPv4 addresses */
+ if (is_ipaddr($interfaces[$unboundif]['ipaddr'])) {
+ $unbound_interfaces[$i]['ipv4']['ipaddr'] = $interfaces[$unboundif]['ipaddr'];
+ $unbound_interfaces[$i]['ipv4']['subnet'] = $interfaces[$unboundif]['subnet'];
+ $unbound_interfaces[$i]['ipv4']['network'] = gen_subnet($unbound_interfaces[$i]['ipv4']['ipaddr'],$unbound_interfaces[$i]['ipv4']['subnet']);
+
+ // Check for CARP addresses and also return those - only IPv4 for now
+ if (isset($config['virtualip'])) {
+ if(is_array($config['virtualip']['vip'])) {
+ foreach($config['virtualip']['vip'] as $vip) {
+ if (($vip['interface'] == $unboundif) && ($vip['mode'] == "carp")) {
+ $virtual_ip = find_interface_ip(link_ip_to_carp_interface($vip['subnet']));
+ if ($virtual_ip == '') {
+ log_error("Unbound DNS: There was a problem setting up the Virtual IP for the interface ".link_ip_to_carp_interface($vip['subnet']));
+ } else {
+ $unbound_interfaces[$i]['virtual']['ipaddr'] = $virtual_ip;
+ }
+ }
+ }
+ }
+ }
+ } else if(isset($interfaces[$unboundif]['ipaddr'])) {
+ /* Find the interface IP address for
+ * XXX - this only works for IPv4 currently - the pfSense module needs IPv6 love
+ */
+ $unboundrealif = convert_friendly_interface_to_real_interface_name($unboundif);
+ $unbound_interfaces[$i]['ipv4']['ipaddr'] = find_interface_ip($unboundrealif);
+ $unbound_interfaces[$i]['ipv4']['subnet'] = find_interface_subnet($unboundrealif);
+ $unbound_interfaces[$i]['ipv4']['network'] = gen_subnet($unbound_interfaces[$i]['ipv4']['ipaddr'],$unbound_interfaces[$i]['ipv4']['subnet']);
+ }
+
+ /* Configure IPv6 addresses */
+ if(function_exists("is_ipaddrv6")) {
+ if(is_ipaddrv6($interfaces[$unboundif]['ipaddrv6'])) {
+ $unbound_interfaces[$i]['ipv6']['ipaddr'] = $interfaces[$unboundif]['ipaddrv6'];
+ $unbound_interfaces[$i]['ipv6']['subnet'] = $interfaces[$unboundif]['subnetv6'];
+ $unbound_interfaces[$i]['ipv6']['network'] = gen_subnetv6($unbound_interfaces[$i]['ipv6']['ipaddr'], $unbound_interfaces[$i]['ipv6']['subnet']);
+ }
+ }
+ /* Lastly check for loopback addresses*/
+ if($unboundif == "lo0") {
+ $unbound_interfaces[$i]['loopback']['ipaddr'] = "127.0.0.1";
+ if (function_exists("is_ipaddrv6"))
+ $unbound_interfaces[$i]['loopback6']['ipaddr'] = "::1";
+ }
+ $i++;
+ }
+ return $unbound_interfaces;
+}
+
+
function unbound_acls_config() {
global $config;
@@ -308,6 +378,8 @@ function unbound_acls_config() {
foreach($unbound_acls as $unbound_acl){
$unboundcfg .= "#{$unbound_acl['aclname']}\n";
foreach($unbound_acl['row'] as $network) {
+ if ($unbound_acl['aclaction'] == "allow snoop")
+ $unbound_acl['aclaction'] = "allow_snoop";
$unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n";
}
}
@@ -331,11 +403,22 @@ function unbound_resync_config() {
$unboundnetcfg = unbound_get_network_interface_addresses();
foreach($unboundnetcfg as $netent) {
foreach($netent as $entry) {
+ # If virtual interface then skip
+ if (!$entry['network'] && $entry['subnet'])
+ continue;
$unbound_bind_interfaces .="interface: {$entry['ipaddr']}\n";
if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1" )
$unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n";
}
}
+ if($unboundquerycfg = unbound_get_query_interface_addresses()) {
+ foreach($unboundquerycfg as $qent) {
+ $unbound_query_interfaces = "# Interfaces to query from\n";
+ foreach($qent as $entry)
+ $unbound_query_interfaces .= "outgoing-interface: {$entry['ipaddr']}\n";
+ }
+ }
+
/* Configure user configured ACLs */
$unbound_allowed_networks .= unbound_acls_config();
@@ -463,6 +546,8 @@ harden-dnssec-stripped: {$harden_dnssec_stripped}
# Interface IP(s) to bind to
{$unbound_bind_interfaces}
+{$unbound_query_interfaces}
+
{$anchor_file}
#### Access Control ####
@@ -523,7 +608,7 @@ function unbound_ctl_exec($cmd) {
function unbound_optimization() {
global $config;
- $unbound_config = $config['installedpackages']['unbound']['config'][0];
+ $unbound_config = $config['installedpackages']['unboundadvanced']['config'][0];
$optimization_settings = array();
// Set the number of threads equal to number of CPUs.
@@ -769,17 +854,19 @@ function unbound_add_host_entries() {
$added_item = array();
foreach ($hosts as $host) {
$current_host = $host['host'];
+ if ($host['host'] != "")
+ $host['host'] = $host['host'].".";
if(!$added_item[$current_host]) {
- $host_entries .= "local-data-ptr: \"{$host['ip']} {$host['host']}.{$host['domain']}\"\n";
+ $host_entries .= "local-data-ptr: \"{$host['ip']} {$host['host']}{$host['domain']}\"\n";
if(function_exists("is_ipaddrv6")) {
if (is_ipaddrv6($host['ip']))
- $host_entries .= "local-data: \"{$host['host']}.{$host['domain']} IN AAAA {$host['ip']}\"\n";
+ $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN AAAA {$host['ip']}\"\n";
else
- $host_entries .= "local-data: \"{$host['host']}.{$host['domain']} IN A {$host['ip']}\"\n";
+ $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN A {$host['ip']}\"\n";
} else
- $host_entries .= "local-data: \"{$host['host']}.{$host['domain']} IN A {$host['ip']}\"\n";
+ $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN A {$host['ip']}\"\n";
if (!empty($host['descr']) && $unboundcfg['txtsupport'] == 'on')
- $host_entries .= "local-data: '{$host['host']}.{$host['domain']} TXT \"".addslashes($host['descr'])."\"'\n";
+ $host_entries .= "local-data: '{$host['host']}{$host['domain']} TXT \"".addslashes($host['descr'])."\"'\n";
// Do not add duplicate entries
$added_item[$current_host] = true;
@@ -856,4 +943,24 @@ function unbound_add_domain_overrides($pvt=false) {
}
}
+function unbound_acl_id_used($id) {
+ global $config;
+
+ if (is_array($config['installedpackages']['unboundacls']['config']))
+ foreach ($config['installedpackages']['unboundacls']['config'] as & $acls)
+ if ($id == $acls['aclid'])
+ return true;
+
+ return false;
+}
+
+function unbound_get_next_id() {
+
+ $aclid = 0;
+ while(unbound_acl_id_used($aclid))
+ $aclid++;
+
+ return $aclid;
+}
+
?> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-17 17:36:01 +0000