$cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
}
- # Store settings into settings file.
- &General::writehash("$settings_file", \%cgiparams);
+ # Check if using ISP nameservers and TLS is enabled at the same time.
+ if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
+ $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
+ }
- # Call function to handle unbound restart, etc.
- &_handle_unbound_and_more()
+ # Check if there was an error.
+ if ( ! $errormessage) {
+
+ # Store settings into settings file.
+ &General::writehash("$settings_file", \%cgiparams);
+
+ # Call function to handle unbound restart, etc.
+ &_handle_unbound_and_more()
+ }
}
###
sub show_nameservers () {
&Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
+ # Determine if we are running in recursor mode
+ my $recursor = 0;
+ my $unbound_forward = qx(unbound-control forward);
+ if ($unbound_forward =~ m/^off/) {
+ $recursor = 1;
+ }
+
my $dns_status_string;
my $dns_status_col;
my $dns_working;
+
# Test if the DNS system is working.
#
# Simple send a request to unbound and check if it can resolve the
# DNS test server.
- my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP");
+ my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
if ($dns_status_ret eq "2") {
$dns_status_string = "$Lang::tr{'working'}";
$dns_status_col = "${Header::colourred}";
}
-print <<END;
+ if ($recursor) {
+ $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
+ }
+
+ print <<END;
<table width='100%'>
<tr>
<td>
</td>
</tr>
</table>
+END
+
+ # Check the usage of ISP assigned nameservers is enabled.
+ my $id = 1;
+
+ # Loop through the array which stores the files.
+ foreach my $file (@ISP_nameserver_files) {
+ # Grab the address of the nameserver.
+ my $address = &General::grab_address_from_file($file);
+ # Check if we got an address.
+ if ($address) {
+ # Add the address to the hash of nameservers.
+ $dns_servers{$id} = [ "$address", "none",
+ ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
+ "$Lang::tr{'dns isp assigned nameserver'}" ];
+
+ # Increase id by one.
+ $id++;
+ }
+ }
+
+ # Check some DNS servers have been configured. In this case
+ # the hash contains at least one key.
+ my $server_amount;
+ if (keys %dns_servers) {
+ # Sort the keys by their ID and store them in an array.
+ my @keys = sort { $a <=> $b } keys %dns_servers;
+
+ print <<END;
<br>
<table class="tbl" width='100%'>
<strong>$Lang::tr{'remark'}</strong>
</td>
END
- # Check if the status should be displayed.
- if ($check_servers) {
-print <<END
+
+ # Check if the status should be displayed.
+ if ($check_servers) {
+ print <<END;
<td align="center">
<strong>$Lang::tr{'status'}</strong>
</td>
END
-;
- }
+ }
-print <<END
+ print <<END;
<td align="center" colspan="3">
<strong>$Lang::tr{'action'}</strong>
</td>
</tr>
END
-;
-
- # Check the usage of ISP assigned nameservers is enabled.
- my $id = 1;
-
- # Loop through the array which stores the files.
- foreach my $file (@ISP_nameserver_files) {
- # Grab the address of the nameserver.
- my $address = &General::grab_address_from_file($file);
-
- # Check if we got an address.
- if ($address) {
- # Add the address to the hash of nameservers.
- $dns_servers{$id} = [ "$address", "none",
- ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
- "$Lang::tr{'dns isp assigned nameserver'}" ];
-
- # Increase id by one.
- $id++;
- }
- }
-
- # Check some DNS servers have been configured. In this case
- # the hash contains at least one key.
- my $server_amount;
- if (keys %dns_servers) {
- # Sort the keys by their ID and store them in an array.
- my @keys = sort { $a <=> $b } keys %dns_servers;
# Loop through all entries of the array/hash.
foreach my $id (@keys) {
$status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
}
- if (!$status) {
+ if (!defined $status) {
$status_short = "$Lang::tr{'disabled'}";
# DNSSEC Not supported
# Nameservers with an ID's of one or two are ISP assigned,
# and we cannot perform any actions on them, so hide the tools for
# them.
- if ($id gt "2") {
+ if ($id > 2) {
print <<END;
<td align='center' width='5%' $col>
print"<table width='100%'>\n";
# Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
- if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
+ if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) {
print <<END;
<tr>
<td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
</table>
END
;
-
} else {
-print <<END;
+ print <<END;
<table width="100%">
- <tr>
- <td colspan="6" align="center">
- <br>$Lang::tr{'guardian no entries'}<br>
- </td>
- </tr>
-
<tr>
<form method="post" action="$ENV{'SCRIPT_NAME'}">
<td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
</form>
</tr>
</table>
-
END
-;
}
&Header::closebox();
# Private function to handle the restart of unbound and more.
sub _handle_unbound_and_more () {
- # Restart unbound
- system('/usr/local/bin/unboundctrl reload >/dev/null');
-
# Check if the IDS is running.
if(&IDS::ids_is_running()) {
# Re-generate the file which contains the DNS Server
# Call suricatactrl to perform a reload.
&IDS::call_suricatactrl("restart");
}
+ # Restart unbound
+ system('/usr/local/bin/unboundctrl reload >/dev/null');
}
# Check if the system is online (RED is connected).
}
# Function to check a given nameserver against propper work.
-sub check_nameserver($$$$) {
- my ($nameserver, $record, $proto, $tls_hostname) = @_;
+sub check_nameserver($$$$$) {
+ my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
# Check if the system is online.
unless (&red_is_active()) {
}
# Default values.
- my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
- "+bufsize=1232");
+ my @command = ("kdig", "+dnssec",
+ "+bufsize=1232", @args);
# Handle different protols.
if ($proto eq "TCP") {
projects / ipfire-2.x.git / blobdiff