#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/location-functions.pl";
require "${General::swroot}/ids-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
$cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
}
+ if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") {
+ $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off";
+ }
+
# Check if using ISP nameservers and TLS is enabled at the same time.
if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
$errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
# Hash to store the generic DNS settings.
my %settings = ();
+$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on";
# Read-in general DNS settings.
&General::readhash("$settings_file", \%settings);
# Read-in config file.
&General::readhasharray("$servers_file", \%dns_servers);
-&Header::openpage($Lang::tr{'dns'}, 1, '');
+&Header::openpage($Lang::tr{'dns title'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = '';
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = '';
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'";
+
$selected{'PROTO'}{'UDP'} = '';
$selected{'PROTO'}{'TLS'} = '';
$selected{'PROTO'}{'TCP'} = '';
</td>
</tr>
+ <tr>
+ <td width="33%">
+ » $Lang::tr{'dns enable safe-search youtube'}
+ </td>
+
+ <td>
+ <input type="checkbox" name="ENABLE_SAFE_SEARCH_YOUTUBE" $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'}>
+ </td>
+ </tr>
+
<tr>
<td colspan="2">
<br>
# Section to display the configured and used DNS servers.
#
sub show_nameservers () {
- &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
+ &Header::openbox('100%', 'center', "$Lang::tr{'dns servers'}");
+
+ # Determine if we are running in recursor mode
+ my $recursor = 0;
+ my $unbound_forward = qx(unbound-control forward);
+ if ($unbound_forward =~ m/^off/) {
+ $recursor = 1;
+ }
my $dns_status_string;
my $dns_status_col;
my $dns_working;
+
# Test if the DNS system is working.
#
# Simple send a request to unbound and check if it can resolve the
# DNS test server.
- my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP");
+ my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
if ($dns_status_ret eq "2") {
$dns_status_string = "$Lang::tr{'working'}";
$dns_status_col = "${Header::colourred}";
}
-print <<END;
+ if ($recursor) {
+ $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
+ }
+
+ print <<END;
<table width='100%'>
<tr>
<td>
</td>
</tr>
</table>
+END
+
+ # Check the usage of ISP assigned nameservers is enabled.
+ my $id = 1;
+
+ # Loop through the array which stores the files.
+ foreach my $file (@ISP_nameserver_files) {
+ # Grab the address of the nameserver.
+ my $address = &General::grab_address_from_file($file);
+ # Check if we got an address.
+ if ($address) {
+ # Add the address to the hash of nameservers.
+ $dns_servers{$id} = [ "$address", "none",
+ ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
+ "$Lang::tr{'dns isp assigned nameserver'}" ];
+
+ # Increase id by one.
+ $id++;
+ }
+ }
+
+ # Check some DNS servers have been configured. In this case
+ # the hash contains at least one key.
+ my $server_amount;
+ if (keys %dns_servers) {
+ # Sort the keys by their ID and store them in an array.
+ my @keys = sort { $a <=> $b } keys %dns_servers;
+
+ print <<END;
<br>
<table class="tbl" width='100%'>
<strong>$Lang::tr{'remark'}</strong>
</td>
END
- # Check if the status should be displayed.
- if ($check_servers) {
-print <<END
+
+ # Check if the status should be displayed.
+ if ($check_servers) {
+ print <<END;
<td align="center">
<strong>$Lang::tr{'status'}</strong>
</td>
END
-;
- }
+ }
-print <<END
+ print <<END;
<td align="center" colspan="3">
<strong>$Lang::tr{'action'}</strong>
</td>
</tr>
END
-;
-
- # Check the usage of ISP assigned nameservers is enabled.
- my $id = 1;
-
- # Loop through the array which stores the files.
- foreach my $file (@ISP_nameserver_files) {
- # Grab the address of the nameserver.
- my $address = &General::grab_address_from_file($file);
-
- # Check if we got an address.
- if ($address) {
- # Add the address to the hash of nameservers.
- $dns_servers{$id} = [ "$address", "none",
- ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
- "$Lang::tr{'dns isp assigned nameserver'}" ];
-
- # Increase id by one.
- $id++;
- }
- }
-
- # Check some DNS servers have been configured. In this case
- # the hash contains at least one key.
- my $server_amount;
- if (keys %dns_servers) {
- # Sort the keys by their ID and store them in an array.
- my @keys = sort { $a <=> $b } keys %dns_servers;
# Loop through all entries of the array/hash.
foreach my $id (@keys) {
$status_colour = ${Header::colourred};
}
- # collect more information about name server (rDNS, GeoIP country code)
- my $ccode = &GeoIP::lookup($nameserver);
- my $flag_icon = &GeoIP::get_flag_icon($ccode);
+ # collect more information about name server (rDNS, country code)
+ my $ccode = &Location::Functions::lookup_country_code($nameserver);
+ my $flag_icon = &Location::Functions::get_flag_icon($ccode);
my $rdns;
$rdns = gethostbyaddr($iaddr, AF_INET);
}
- if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
+ if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; }
# Mark ISP name servers as disabled
if ($id <= 2 && $enabled eq "disabled") {
</table>
END
;
-
} else {
-print <<END;
+ print <<END;
<table width="100%">
- <tr>
- <td colspan="6" align="center">
- <br>$Lang::tr{'guardian no entries'}<br>
- </td>
- </tr>
-
<tr>
<form method="post" action="$ENV{'SCRIPT_NAME'}">
<td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
</form>
</tr>
</table>
-
END
-;
}
&Header::closebox();
# Private function to handle the restart of unbound and more.
sub _handle_unbound_and_more () {
- # Restart unbound
- system('/usr/local/bin/unboundctrl reload >/dev/null');
-
# Check if the IDS is running.
if(&IDS::ids_is_running()) {
# Re-generate the file which contains the DNS Server
# Call suricatactrl to perform a reload.
&IDS::call_suricatactrl("restart");
}
+ # Restart unbound
+ system('/usr/local/bin/unboundctrl reload >/dev/null');
}
# Check if the system is online (RED is connected).
}
# Function to check a given nameserver against propper work.
-sub check_nameserver($$$$) {
- my ($nameserver, $record, $proto, $tls_hostname) = @_;
+sub check_nameserver($$$$$) {
+ my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
# Check if the system is online.
unless (&red_is_active()) {
# Default values.
my @command = ("kdig", "+dnssec",
- "+bufsize=1232");
+ "+bufsize=1232", @args);
# Handle different protols.
if ($proto eq "TCP") {