X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fdns.cgi;h=676d95f8a6daa199008df6040b3390fe7eb9ffd3;hp=d35bc4eabba600cccc1938ae2fd697a69b566d39;hb=80bed5817d176e728cca6077dcefa7821f5c16ef;hpb=611587cf29033a8cdcd86b02a5ec40bd8a9b2a08 diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index d35bc4eabb..676d95f8a6 100755 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -87,11 +87,20 @@ if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) { $cgiparams{'ENABLE_SAFE_SEARCH'} = "off"; } - # Store settings into settings file. - &General::writehash("$settings_file", \%cgiparams); + # Check if using ISP nameservers and TLS is enabled at the same time. + if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) { + $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'} + } - # Call function to handle unbound restart, etc. - &_handle_unbound_and_more() + # Check if there was an error. + if ( ! $errormessage) { + + # Store settings into settings file. + &General::writehash("$settings_file", \%cgiparams); + + # Call function to handle unbound restart, etc. + &_handle_unbound_and_more() + } } ### @@ -409,15 +418,23 @@ END sub show_nameservers () { &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}"); + # Determine if we are running in recursor mode + my $recursor = 0; + my $unbound_forward = qx(unbound-control forward); + if ($unbound_forward =~ m/^off/) { + $recursor = 1; + } + my $dns_status_string; my $dns_status_col; my $dns_working; + # Test if the DNS system is working. # # Simple send a request to unbound and check if it can resolve the # DNS test server. - my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP"); + my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0"); if ($dns_status_ret eq "2") { $dns_status_string = "$Lang::tr{'working'}"; @@ -428,7 +445,11 @@ sub show_nameservers () { $dns_status_col = "${Header::colourred}"; } -print < @@ -437,7 +458,36 @@ print < +END + + # Check the usage of ISP assigned nameservers is enabled. + my $id = 1; + + # Loop through the array which stores the files. + foreach my $file (@ISP_nameserver_files) { + # Grab the address of the nameserver. + my $address = &General::grab_address_from_file($file); + # Check if we got an address. + if ($address) { + # Add the address to the hash of nameservers. + $dns_servers{$id} = [ "$address", "none", + ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled", + "$Lang::tr{'dns isp assigned nameserver'}" ]; + + # Increase id by one. + $id++; + } + } + + # Check some DNS servers have been configured. In this case + # the hash contains at least one key. + my $server_amount; + if (keys %dns_servers) { + # Sort the keys by their ID and store them in an array. + my @keys = sort { $a <=> $b } keys %dns_servers; + + print < @@ -458,51 +508,23 @@ print <$Lang::tr{'remark'} END - # Check if the status should be displayed. - if ($check_servers) { -print < $Lang::tr{'status'} END -; - } + } -print < $Lang::tr{'action'} END -; - - # Check the usage of ISP assigned nameservers is enabled. - my $id = 1; - - # Loop through the array which stores the files. - foreach my $file (@ISP_nameserver_files) { - # Grab the address of the nameserver. - my $address = &General::grab_address_from_file($file); - - # Check if we got an address. - if ($address) { - # Add the address to the hash of nameservers. - $dns_servers{$id} = [ "$address", "none", - ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled", - "$Lang::tr{'dns isp assigned nameserver'}" ]; - - # Increase id by one. - $id++; - } - } - - # Check some DNS servers have been configured. In this case - # the hash contains at least one key. - my $server_amount; - if (keys %dns_servers) { - # Sort the keys by their ID and store them in an array. - my @keys = sort { $a <=> $b } keys %dns_servers; # Loop through all entries of the array/hash. foreach my $id (@keys) { @@ -544,7 +566,7 @@ END $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname"); } - if (!$status) { + if (!defined $status) { $status_short = "$Lang::tr{'disabled'}"; # DNSSEC Not supported @@ -625,7 +647,7 @@ END # Nameservers with an ID's of one or two are ISP assigned, # and we cannot perform any actions on them, so hide the tools for # them. - if ($id gt "2") { + if ($id > 2) { print < @@ -668,7 +690,7 @@ END print"
\n"; # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers. - if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) { + if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) { print < @@ -696,25 +718,16 @@ print < END ; - } else { -print < - - - -
  $Lang::tr{'legend'}:
-
$Lang::tr{'guardian no entries'}
-
- END -; } &Header::closebox(); @@ -802,9 +815,6 @@ END # Private function to handle the restart of unbound and more. sub _handle_unbound_and_more () { - # Restart unbound - system('/usr/local/bin/unboundctrl reload >/dev/null'); - # Check if the IDS is running. if(&IDS::ids_is_running()) { # Re-generate the file which contains the DNS Server @@ -814,6 +824,8 @@ sub _handle_unbound_and_more () { # Call suricatactrl to perform a reload. &IDS::call_suricatactrl("restart"); } + # Restart unbound + system('/usr/local/bin/unboundctrl reload >/dev/null'); } # Check if the system is online (RED is connected). @@ -829,8 +841,8 @@ sub red_is_active () { } # Function to check a given nameserver against propper work. -sub check_nameserver($$$$) { - my ($nameserver, $record, $proto, $tls_hostname) = @_; +sub check_nameserver($$$$$) { + my ($nameserver, $record, $proto, $tls_hostname, @args) = @_; # Check if the system is online. unless (&red_is_active()) { @@ -838,8 +850,8 @@ sub check_nameserver($$$$) { } # Default values. - my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec", - "+bufsize=1232"); + my @command = ("kdig", "+dnssec", + "+bufsize=1232", @args); # Handle different protols. if ($proto eq "TCP") {