]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
index.cgi: Do not longer display the DNS servers.
[ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
24d7c5ef 5# Copyright (C) 2020 IPFire Development Team #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
e0639d80
JPT		 24
25# enable only the following on debugging purpose
26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29require '/var/ipfire/general-functions.pl';
24d7c5ef 30require "${General::swroot}/geoip-functions.pl";
e0639d80
JPT		 31require "${General::swroot}/lang.pl";
32require "${General::swroot}/header.pl";
33
24d7c5ef
SS		 34#workaround to suppress a warning when a variable is used only once
35my @dummy = ( ${Header::colouryellow} );
36undef (@dummy);
37
38my %cgiparams=();
39my %checked=();
40my %selected=();
e0639d80
JPT		 41my $errormessage = '';
42
24d7c5ef
SS		 43# Config file which stores the DNS settings.
44my $settings_file = "${General::swroot}/dns/settings";
45
46# File which stores the configured DNS-Servers.
47my $servers_file = "${General::swroot}/dns/servers";
48
49# Create files if the does not exist.
50unless (-f $settings_file) { system("touch $settings_file") };
51unless (-f $servers_file) { system("touch $servers_file") };
52
53# File which stores the ISP assigned DNS servers.
1434fa0d 54my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 55
56# File which contains the ca-certificates.
57my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
58
770ea81e
SS		 59# Server which is used, to determine if the whole DNS system works properly.
60my $dns_test_server = "ping.ipfire.org";
61
43140993
SS		 62my $check_servers;
63
24d7c5ef
SS		 64my %color = ();
65my %mainsettings = ();
66&General::readhash("${General::swroot}/main/settings", \%mainsettings);
67&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
68
e0639d80 69&Header::showhttpheaders();
24d7c5ef 70&Header::getcgihash(\%cgiparams);
e0639d80 71
24d7c5ef
SS		 72##
73# Save general settings.
74#
75if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
76 # Prevent form name from been stored in conf file.
77 delete $cgiparams{'GENERAL'};
e0639d80 78
24d7c5ef
SS		 79 # Add value for non-checked checkbox.
80 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
81 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
82 }
e0639d80 83
24d7c5ef
SS		 84 # Add value for non-checked checkbox.
85 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
86 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
87 }
e0639d80 88
24d7c5ef
SS		 89 # Store settings into settings file.
90 &General::writehash("$settings_file", \%cgiparams);
719db1cd
SS		 91
92 # Call function to handle unbound restart, etc.
93 &_handle_unbound_and_more()
24d7c5ef
SS		 94}
95
96###
97# Add / Edit entries.
98#
99if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
100 # Hash to store the generic DNS settings.
101 my %settings = ();
102
103 # Read-in generic settings.
104 &General::readhash("$settings_file", \%settings);
e0639d80 105
038f962e
SS		 106 # Check if an IP-address has been given.
107 if ($cgiparams{"NAMESERVER"} eq "") {
108 $errormessage = "$Lang::tr{'dns no address given'}";
109 }
110
24d7c5ef 111 # Check if the given DNS server is valid.
038f962e 112 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
24d7c5ef
SS		 113 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
114 }
115
116 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
117 elsif($settings{'PROTO'} eq "TLS") {
118 unless($cgiparams{"TLS_HOSTNAME"}) {
119 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
120 } else {
121 # Check if the provided domain is valid.
122 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
123 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
124 }
e0639d80 125 }
24d7c5ef
SS		 126 }
127
24d7c5ef
SS		 128 # Go further if there was no error.
129 if ( ! $errormessage) {
130 # Check if a remark has been entered.
131 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
132
133 my %dns_servers = ();
134 my $id;
135 my $status;
136
137 # Read-in configfile.
138 &General::readhasharray($servers_file, \%dns_servers);
139
140 # Check if we should edit an existing entry and got an ID.
141 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
142 # Assin the provided id.
143 $id = $cgiparams{'ID'};
144
145 # Undef the given ID.
146 undef($cgiparams{'ID'});
147
148 # Grab the configured status of the corresponding entry.
149 $status = $dns_servers{$id}[2];
150 } else {
151 # Each newly added entry automatically should be enabled.
152 $status = "enabled";
153
154 # Generate the ID for the new entry.
155 #
156 # Sort the keys by their ID and store them in an array.
157 my @keys = sort { $a <=> $b } keys %dns_servers;
158
159 # Reverse the key array.
160 my @reversed = reverse(@keys);
161
162 # Obtain the last used id.
163 my $last_id = @reversed[0];
164
165 # Increase the last id by one and use it as id for the new entry.
166 $id = ++$last_id;
167
168 # The first allowed id is 3 to keep space for
169 # possible ISP assigned DNS servers.
170 if ($id le "2") {
171 $id = "3";
172 }
e0639d80 173 }
24d7c5ef
SS		 174
175 # Add/Modify the entry to/in the dns_servers hash.
176 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
177
178 # Write the changed hash to the config file.
179 &General::writehasharray($servers_file, \%dns_servers);
719db1cd
SS		 180
181 # Call function to handle unbound restart, etc.
182 &_handle_unbound_and_more();
24d7c5ef
SS		 183 } else {
184 # Switch back to previous mode.
185 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
186 }
187###
188# Toggle enable / disable.
189#
190} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
191 my %dns_servers = ();
192
193 # Only go further, if an ID has been passed.
194 if ($cgiparams{'ID'}) {
195 # Assign the given ID.
196 my $id = $cgiparams{'ID'};
197
198 # Undef the given ID.
199 undef($cgiparams{'ID'});
200
201 # Read-in configfile.
202 &General::readhasharray($servers_file, \%dns_servers);
203
204 # Grab the configured status of the corresponding entry.
205 my $status = $dns_servers{$id}[2];
206
207 # Switch the status.
208 if ($status eq "disabled") {
209 $status = "enabled";
210 } else {
211 $status = "disabled";
e0639d80 212 }
24d7c5ef
SS		 213
214 # Modify the status of the existing entry.
215 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
216
217 # Write the changed hash back to the config file.
218 &General::writehasharray($servers_file, \%dns_servers);
8f4bde65
SS		 219
220 # Call function to handle unbound restart, etc.
221 &_handle_unbound_and_more();
e0639d80 222 }
24d7c5ef
SS		 223
224## Remove entry from DNS servers list.
225#
226} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
227 my %dns_servers = ();
228
229 # Read-in configfile.
230 &General::readhasharray($servers_file, \%dns_servers);
231
232 # Drop entry from the hash.
233 delete($dns_servers{$cgiparams{'ID'}});
234
235 # Undef the given ID.
236 undef($cgiparams{'ID'});
237
238 # Write the changed hash to the config file.
239 &General::writehasharray($servers_file, \%dns_servers);
43140993 240
8f4bde65
SS		 241 # Call function to handle unbound restart, etc.
242 &_handle_unbound_and_more();
243
43140993
SS		 244## Handle request to check the servers.
245#
246} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
247 $check_servers = 1;
e0639d80
JPT		 248}
249
24d7c5ef
SS		 250# Hash to store the generic DNS settings.
251my %settings = ();
252
253# Read-in general DNS settings.
254&General::readhash("$settings_file", \%settings);
255
256# Hash which contains the configured DNS servers.
257my %dns_servers = ();
258
259# Read-in config file.
260&General::readhasharray("$servers_file", \%dns_servers);
261
262&Header::openpage($Lang::tr{'dns'}, 1, '');
263
264&Header::openbigbox('100%', 'left', '', $errormessage);
265
266###
267# Error messages layout.
268#
269if ($errormessage) {
270 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
271 print "<class name='base'>$errormessage\n";
272 print "&nbsp;</class>\n";
273 &Header::closebox();
e0639d80
JPT		 274}
275
24d7c5ef
SS		 276# Handle if a nameserver should be added or edited.
277if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
278 # Display the sub page.
279 &show_add_edit_nameserver();
280
281 # Close webpage.
282 &Header::closebigbox();
283 &Header::closepage();
284
285 # Finished here for the moment.
286 exit(0);
2e1432c4
JPT		 287}
288
24d7c5ef
SS		 289$cgiparams{'GENERAL'} = '';
290$cgiparams{'SERVERS'} = '';
291$cgiparams{'NAMESERVER'} = '';
292$cgiparams{'TLS_HOSTNAME'} = '';
293$cgiparams{'REMARK'} ='';
294
295$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
296$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
297$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
298
299$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
300$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
301$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
302
303$selected{'PROTO'}{'UDP'} = '';
304$selected{'PROTO'}{'TLS'} = '';
305$selected{'PROTO'}{'TCP'} = '';
306$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
307
308$selected{'QNAME_MIN'}{'standard'} = '';
309$selected{'QNAME_MIN'}{'strict'} = '';
310$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
311
312# Display nameserver and configuration sections.
313&show_nameservers();
314&show_general_dns_configuration();
315
316&Header::closebigbox();
317&Header::closepage();
318
319###
320# General DNS-Servers sektion.
321#
322sub show_general_dns_configuration () {
323 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
324
325 print <<END;
326 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
327 <table width="100%">
328 <tr>
329 <td width="33%">
330 $Lang::tr{'dns use isp assigned nameservers'}
331 </td>
332
333 <td>
334 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
335 </td>
336 </tr>
337
338 <tr>
339 <td colspan="2">
340 <br>
341 </td>
342 </tr>
343
344 <tr>
345 <td width="33%">
346 $Lang::tr{'dns use protocol for dns queries'}
347 </td>
348
349 <td>
350 <select name="PROTO">
351 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
352 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
353 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
354 </select>
355 </td>
356 </tr>
357
358 <tr>
359 <td colspan="2">
360 <br>
361 </td>
362 </tr>
363
364 <tr>
365 <td width="33%">
366 $Lang::tr{'dns enable safe-search'}
367 </td>
368
369 <td>
370 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
371 </td>
372 </tr>
373
374 <tr>
375 <td colspan="2">
376 <br>
377 </td>
378 </tr>
379
380 <tr>
381 <td width="33%">
382 $Lang::tr{'dns mode for qname minimisation'}
383 </td>
384
385 <td>
386 <select name="QNAME_MIN">
387 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
388 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
389 </select>
390 </td>
391 </tr>
392
393 <tr>
394 <td colspan="2" align="right">
395 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
396 </td>
397 </tr>
398 </table>
399 </form>
400END
401
e0639d80
JPT		 402 &Header::closebox();
403}
404
24d7c5ef
SS		 405###
406# Section to display the configured and used DNS servers.
407#
408sub show_nameservers () {
a969acc7 409 &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
e0639d80 410
770ea81e
SS		 411 my $dns_status_string;
412 my $dns_status_col;
413
414 # Test if the DNS system is working.
415 #
416 # Simple send a request to unbound and check if it can resolve the
417 # DNS test server.
418 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP");
419
420 if ($dns_status_ret eq "2") {
421 $dns_status_string = "$Lang::tr{'working'}";
422 $dns_status_col = "${Header::colourgreen}";
423 } else {
46cc88ed 424 $dns_status_string = "$Lang::tr{'broken'}";
770ea81e
SS		 425 $dns_status_col = "${Header::colourred}";
426 }
427
24d7c5ef 428print <<END;
770ea81e
SS		 429 <table width='100%'>
430 <tr>
431 <td>
432 <strong>$Lang::tr{'status'}:&nbsp;</strong>
433 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
434 </td>
435 </tr>
436 </table>
437
438 <br>
439
24d7c5ef
SS		 440 <table class="tbl" width='100%'>
441 <tr>
442 <td align="center">
443 <strong>$Lang::tr{'nameserver'}</strong>
444 </td>
445
446 <td align="center">
447 <strong>$Lang::tr{'country'}</strong>
448 </td>
449
450 <td align="center">
451 <strong>$Lang::tr{'rdns'}</strong>
452 </td>
453
454 <td align="center">
455 <strong>$Lang::tr{'remark'}</strong>
456 </td>
43140993
SS		 457END
458 # Check if the status should be displayed.
459 if ($check_servers) {
460print <<END
24d7c5ef
SS		 461 <td align="center">
462 <strong>$Lang::tr{'status'}</strong>
463 </td>
43140993
SS		 464END
465;
466 }
467
468print <<END
e0639d80 469
24d7c5ef
SS		 470 <td align="center" colspan="3">
471 <strong>$Lang::tr{'action'}</strong>
472 </td>
473 </tr>
830f6177 474END
43140993 475;
24d7c5ef
SS		 476
477 # Check the usage of ISP assigned nameservers is enabled.
77c7a94c
MT		 478 my $id = 1;
479
480 # Loop through the array which stores the files.
481 foreach my $file (@ISP_nameserver_files) {
482 # Grab the address of the nameserver.
97022524 483 my $address = &General::grab_address_from_file($file);
77c7a94c
MT		 484
485 # Check if we got an address.
486 if ($address) {
487 # Add the address to the hash of nameservers.
488 $dns_servers{$id} = [ "$address", "none",
489 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
490 "$Lang::tr{'dns isp assigned nameserver'}" ];
491
492 # Increase id by one.
493 $id++;
24d7c5ef
SS		 494 }
495 }
496
497 # Check some DNS servers have been configured. In this case
498 # the hash contains at least one key.
499 my $server_amount;
500 if (keys %dns_servers) {
501 # Sort the keys by their ID and store them in an array.
502 my @keys = sort { $a <=> $b } keys %dns_servers;
503
504 # Loop through all entries of the array/hash.
505 foreach my $id (@keys) {
506 # Inrease server_amount.
507 $server_amount++;
508
509 # Assign data array positions to some nice variable names.
510 my $nameserver = $dns_servers{$id}[0];
511 my $tls_hostname = $dns_servers{$id}[1];
512 my $enabled = $dns_servers{$id}[2];
513 my $remark = $dns_servers{$id}[3];
514
515 my $col = '';
516 my $toggle = '';
517 my $gif = '';
518 my $gdesc = '';
519 my $notice = "";
520
521 # Colorize columns.
522 if ($server_amount % 2) {
523 $col="bgcolor='$color{'color22'}'"; }
524 else {
525 $col="bgcolor='$color{'color20'}'";
526 }
527
528 if ($enabled eq 'enabled') {
529 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
530 } else {
531 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
532 }
533
534 my $status;
535 my $status_short;
536 my $status_message;
537 my $status_colour;
538
539 # Only grab the status if the nameserver is enabled.
43140993 540 if (($check_servers) && ($enabled eq "enabled")) {
24d7c5ef
SS		 541 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
542 }
543
544 if (!$status) {
545 $status_short = "$Lang::tr{'disabled'}";
546
547 # DNSSEC Not supported
548 } elsif ($status eq 0) {
549 $status_short = "$Lang::tr{'broken'}";
550 $status_message = $Lang::tr{'dnssec not supported'};
551 $status_colour = ${Header::colourred};
552
553 # DNSSEC Aware
554 } elsif ($status eq 1) {
555 $status_short = "$Lang::tr{'not validating'}";
556 $status_message = $Lang::tr{'dnssec aware'};
557 $status_colour = ${Header::colourblack};
558
559 # DNSSEC Validating
560 } elsif ($status eq 2) {
561 $status_short = "$Lang::tr{'ok'}";
562 $status_message = $Lang::tr{'dnssec validating'};
563 $status_colour = ${Header::colourgreen};
564
565 # Error
566 } else {
567 $status_short = "$Lang::tr{'error'}";
568 $status_message = $status;
569 $status_colour = ${Header::colourred};
570 }
571
572 # collect more information about name server (rDNS, GeoIP country code)
573 my $ccode = &GeoIP::lookup($nameserver);
574 my $flag_icon = &GeoIP::get_flag_icon($ccode);
575
25dda4a0
SS		 576 my $rdns;
577
578 # Only do the reverse lookup if the system is online.
f36855fe 579 if (&red_is_active()) {
25dda4a0
SS		 580 my $iaddr = inet_aton($nameserver);
581 $rdns = gethostbyaddr($iaddr, AF_INET);
582 }
24d7c5ef
SS		 583
584 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
585
77c7a94c
MT		 586 # Mark ISP name servers as disabled
587 if ($id <= 2 && $enabled eq "disabled") {
588 $nameserver = "<del>$nameserver</del>";
589 }
590
24d7c5ef
SS		 591print <<END;
592 <tr>
593 <td align="center" $col>
594 $nameserver
595 </td>
596
597 <td align="center" $col>
598 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
599 </td>
600
601 <td align="center" $col>
602 $rdns
603 </td>
604
605 <td align="center" $col>
606 $remark
607 </td>
830f6177 608END
24d7c5ef 609;
43140993
SS		 610 # Display server status if requested.
611 if ($check_servers) {
612print <<END
613 <td align="center" $col>
614 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
615 </td>
616END
617;
618 }
619
24d7c5ef
SS		 620 # Check if the id is greater than "2".
621 #
622 # Nameservers with an ID's of one or two are ISP assigned,
623 # and we cannot perform any actions on them, so hide the tools for
624 # them.
625 if ($id gt "2") {
626
627print <<END;
628 <td align='center' width='5%' $col>
629 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
630 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
631 <input type='hidden' name='ID' value='$id' />
632 <input type='hidden' name='ENABLE' value='$toggle' />
633 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
634 </form>
635 </td>
636
637 <td align='center' width='5%' $col>
638 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
639 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
640 <input type='hidden' name='ID' value='$id' />
641 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
642 </form>
643 </td>
644
645 <td align='center' width='5%' $col>
646 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
647 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
648 <input type='hidden' name='ID' value='$id' />
649 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
650 </form>
651 </td>
830f6177 652END
24d7c5ef
SS		 653;
654 } else {
655 print "<td colspan='3' $col>&nbsp;</td>\n";
656 }
657
658
659 print"</tr>\n";
660
661 }
662
663 print"</table>\n";
664
665 print"<table width='100%'>\n";
666
667 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
668 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
669print <<END;
670 <tr>
671 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
672 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
673 <td class='base'>$Lang::tr{'click to disable'}</td>
674 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
675 <td class='base'>$Lang::tr{'click to enable'}</td>
676 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
677 <td class='base'>$Lang::tr{'edit'}</td>
678 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
679 <td class='base'>$Lang::tr{'remove'}</td>
680 </tr>
830f6177 681END
24d7c5ef
SS		 682;
683 }
684print <<END;
685 <tr>
686 <form method="post" action="$ENV{'SCRIPT_NAME'}">
43140993
SS		 687 <td colspan="9" align="right">
688 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
689 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
690 </td>
24d7c5ef
SS		 691 </form>
692 </tr>
693 </table>
830f6177 694END
24d7c5ef
SS		 695;
696
697 } else {
698print <<END;
699 <table width="100%">
700 <tr>
701 <td colspan="6" align="center">
702 <br>$Lang::tr{'guardian no entries'}<br>
703 </td>
704 </tr>
705
706 <tr>
707 <form method="post" action="$ENV{'SCRIPT_NAME'}">
708 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
709 </form>
710 </tr>
711 </table>
712
830f6177 713END
24d7c5ef
SS		 714;
715 }
716
717 &Header::closebox();
830f6177 718}
24d7c5ef
SS		 719
720###
721# Section to display the add or edit subpage.
722#
723sub show_add_edit_nameserver() {
724 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
725
726 my $buttontext = $Lang::tr{'save'};
727 my $dnssec_checked;
728 my $dot_checked;
729 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
730 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
731
732 # Update button text for upate the existing entry.
733 $buttontext = $Lang::tr{'update'};
734
735 # Add hidden input for sending ID.
736 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
737
738 # Check if an ID has been given.
739 if ($cgiparams{'ID'}) {
740 # Assign cgiparams values.
741 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
742 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
743 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
744 }
745 } else {
746 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
747 }
748
f10fb4bf
SS		 749 my $tls_required_image;
750
751 # If the protocol is TLS, dispaly the required image.
752 if ($settings{'PROTO'} eq "TLS") {
753 $tls_required_image = "<img src='/blob.gif' alt='*'>";
754 }
755
24d7c5ef
SS		 756 # Add hidden input to store the mode.
757 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
758
759print <<END
760 <table width='100%'>
761 <tr>
762 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
763 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
764 </tr>
f10fb4bf
SS		 765
766
24d7c5ef 767 <tr>
f10fb4bf 768 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
24d7c5ef
SS		 769 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
770 </tr>
24d7c5ef 771
e0639d80 772
24d7c5ef
SS		 773 <tr>
774 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
775 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
776 </tr>
777 </table>
778
779 <br>
780 <hr>
781
782 <table width='100%'>
783 <tr>
784 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
785 <td width='40%' align='right'>
786 <input type="submit" name="SERVERS" value="$buttontext">
787 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
788 </td>
789 </tr>
790 </table>
e0639d80
JPT		 791END
792;
793
24d7c5ef
SS		 794 &Header::closebox();
795 print "</form>\n";
e0639d80 796
24d7c5ef
SS		 797 &Header::closebox();
798}
e0639d80 799
719db1cd
SS		 800# Private function to handle the restart of unbound and more.
801sub _handle_unbound_and_more () {
802 # Restart unbound
803 system('/usr/local/bin/unboundctrl restart >/dev/null');
804}
805
f36855fe
SS		 806# Check if the system is online (RED is connected).
807sub red_is_active () {
808 # Check if the "active" file is present.
809 if ( -f "${General::swroot}/red/active") {
810 # Return "1" - True.
811 return 1;
812 } else {
813 # Return nothing - False.
814 return;
815 }
816}
817
24d7c5ef
SS		 818# Function to check a given nameserver against propper work.
819sub check_nameserver($$$$) {
820 my ($nameserver, $record, $proto, $tls_hostname) = @_;
821
70187da6
SS		 822 # Check if the system is online.
823 unless (&red_is_active()) {
824 return "$Lang::tr{'system is offline'}";
825 }
826
24d7c5ef 827 # Default values.
dab1258a 828 my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
3bf804e8 829 "+bufsize=1232");
24d7c5ef
SS		 830
831 # Handle different protols.
832 if ($proto eq "TCP") {
833 # Add TCP switch to the command.
834 push(@command, "+tcp");
835
836 } elsif($proto eq "TLS") {
837 # Add TLS switch to the command and provide the
838 # path to our file which contains the ca certs.
839 push(@command, "+tls-ca=$ca_certs_file");
840
841 # Check if a TLS hostname has been provided.
842 if ($tls_hostname) {
843 # Add TLS hostname to the command.
844 push(@command, "+tls-hostname=$tls_hostname");
845 } else {
846 return "$Lang::tr{'dns no tls hostname given'}";
847 }
848 }
849
850 # Add record to the command array.
851 push(@command, "$record");
852
853 # Add nameserver to the command array.
854 push(@command, "\@$nameserver");
855
856 # Connect to STDOUT and STDERR.
857 push(@command, "2>&1");
858
859 my @output = qx(@command);
860 my $output = join("", @output);
861
862 my $status = 0;
24d7c5ef
SS		 863
864 if ($output =~ m/status: (\w+)/) {
865 $status = ($1 eq "NOERROR");
866
867 if (!$status) {
868 return -1;
869 }
984f14bd
MT		 870 } else {
871 my $warning;
872
873 while ($output =~ m/WARNING: (.*)/g) {
874 # Add the current grabbed warning to the warning string.
875 $warning .= "$1\; ";
876 }
877
878 # Return the warning string, if we grabbed at least one.
879 if ($warning) {
880 return $warning;
881 }
24d7c5ef
SS		 882 }
883
884 my @flags = ();
885 if ($output =~ m/Flags: (.*);/) {
886 @flags = split(/ /, $1);
887 }
888
889 my $aware = ($output =~ m/RRSIG/);
71471d9b 890 my $validating = (grep(/ad;/, @flags));
24d7c5ef
SS		 891
892 return $aware + $validating;
893}
IPFire 2.x development tree