From 4b5b8ab4d3748ac235c0399376a3d0e522f53504 Mon Sep 17 00:00:00 2001 From: Warren Baker Date: Sun, 12 Jun 2011 16:06:54 +0200 Subject: Config file updated to cater for Advanced settings and support added for IPv6. Also added some validation checks. --- config/unbound/unbound.inc | 129 ++++++++++++++++++++++++++++++++------------- 1 file changed, 92 insertions(+), 37 deletions(-) (limited to 'config/unbound') diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index d95961f5..595bde52 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -258,7 +258,11 @@ function unbound_get_network_interface_addresses($subnet=false, $mask=false) { foreach($config['virtualip']['vip'] as $vip) { if (($vip['interface'] == $unboundif) && ($vip['mode'] == "carp")) { $virtual_ip = find_interface_ip(link_ip_to_carp_interface($vip['subnet'])); - $unbound_interfaces[] = $virtual_ip; + if ($virtual_ip == '') { + log_error("Unbound DNS: There was a problem setting up the Virtual IP for the interface ".link_ip_to_carp_interface($vip['subnet'])); + } else { + $unbound_interfaces[] = $virtual_ip; + } } } } @@ -266,8 +270,7 @@ function unbound_get_network_interface_addresses($subnet=false, $mask=false) { } } - return $unbound_interfaces; - + return $unbound_interfaces; } function unbound_acls_config() { @@ -289,12 +292,13 @@ function unbound_acls_config() { } function unbound_resync_config() { - global $config, $g; + global $config, $g, $input_errors; if (!is_array($config['installedpackages']['unbound']['config'])) $config['installedpackages']['unbound']['config'] = array(); $unbound_config = &$config['installedpackages']['unbound']['config'][0]; + $unbound_stats = &$config['installedpackages']['unbound_statistics']['config'][0]; // Add networks physically attached to allowed networks and then call the acls $interfaces = unbound_get_network_interface_addresses(true, true); @@ -316,11 +320,6 @@ function unbound_resync_config() { $unbound_bind_interfaces .="interface: $ifip\n"; } - /* Harden DNSSec responses - if DNSSec is absent, zone is marked as bogus - * XXX: for now we always have this set to yes - */ - $unbound_config['harden-dnssec-stripped'] = "yes"; - // Host entries $host_entries = unbound_add_host_entries(); @@ -361,6 +360,30 @@ EOF; //Setup optimization $optimization = unbound_optimization(); + + $unbound_config = &$config['installedpackages']['unboundadvanced']['config'][0]; + // Setup Advanced options + $log_verbosity = (isset($unbound_config['unbound_verbosity'])) ? $unbound_config['unbound_verbosity'] : "1"; + $hide_id = ($unbound_config['hide_id'] == "on") ? "yes" : "no"; + $hide_version = ($unbound_config['hide_version'] == "on") ? "yes" : "no"; + $harden_glue = ($unbound_config['harden_glue'] == "on") ? "yes" : "no"; + $harden_dnssec_stripped = ($unbound_config['harden_dnssec_stripped'] == "on") ? "yes" : "no"; + $prefetch = ($unbound_config['prefetch'] == "on") ? "yes" : "no"; + $prefetch_key = ($unbound_config['prefetch_key'] == "on") ? "yes" : "no"; + $ipv6 = ($unbound_config['unbound_ipv6'] == "on") ? "yes" : "no"; + $outgoing_num_tcp = (!empty($unbound_config['outgoing_num_tcp'])) ? $unbound_config['outgoing_num_tcp'] : "10"; + $incoming_num_tcp = (!empty($unbound_config['incoming_num_tcp'])) ? $unbound_config['incoming_num_tcp'] : "10"; + $edns_buffer_size = (!empty($unbound_config['edns_buffer_size'])) ? $unbound_config['edns_buffer_size'] : "4096"; + $num_queries_per_thread = (!empty($unbound_config['num_queries_per_thread'])) ? $unbound_config['num_queries_per_thread'] : "1024"; + $jostle_timeout = (!empty($unbound_config['jostle_timeout'])) ? $unbound_config['jostle_timeout'] : "200"; + $cache_max_ttl = (!empty($unbound_config['cache_max_ttl'])) ? $unbound_config['cache_max_ttl'] : "86400"; + $cache_min_ttl = (!empty($unbound_config['cache_min_ttl'])) ? $unbound_config['cache_min_ttl'] : "0"; + $infra_host_ttl = (!empty($unbound_config['infra_host_ttl'])) ? $unbound_config['infra_host_ttl'] : "900"; + $infra_lame_ttl = (!empty($unbound_config['infra_lame_ttl'])) ? $unbound_config['infra_lame_ttl'] : "900"; + $infra_cache_numhosts = (!empty($unbound_config['infra_cache_numhosts'])) ? $unbound_config['infra_cache_numhosts'] : "10000"; + $unwanted_reply_threshold = (!empty($unbound_config['unwanted_reply_threshold'])) ? $unbound_config['unwanted_reply_threshold'] : "0"; + + $unbound_conf = <<