]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
unbound: Update to 1.19.2
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
24d7c5ef 5# Copyright (C) 2020 IPFire Development Team #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
e0639d80
JPT		 24
25# enable only the following on debugging purpose
26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29require '/var/ipfire/general-functions.pl';
4346cb66 30require "${General::swroot}/location-functions.pl";
8fbb12f1 31require "${General::swroot}/ids-functions.pl";
e0639d80
JPT		 32require "${General::swroot}/lang.pl";
33require "${General::swroot}/header.pl";
34
24d7c5ef
SS		 35#workaround to suppress a warning when a variable is used only once
36my @dummy = ( ${Header::colouryellow} );
37undef (@dummy);
38
39my %cgiparams=();
40my %checked=();
41my %selected=();
e0639d80
JPT		 42my $errormessage = '';
43
24d7c5ef
SS		 44# Config file which stores the DNS settings.
45my $settings_file = "${General::swroot}/dns/settings";
46
47# File which stores the configured DNS-Servers.
48my $servers_file = "${General::swroot}/dns/servers";
49
50# Create files if the does not exist.
8a1e6afe
MT		 51unless (-f $settings_file) { &General::system("touch", "$settings_file") };
52unless (-f $servers_file) { &General::system("touch", "$servers_file") };
24d7c5ef
SS		 53
54# File which stores the ISP assigned DNS servers.
1434fa0d 55my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 56
57# File which contains the ca-certificates.
58my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
59
770ea81e
SS		 60# Server which is used, to determine if the whole DNS system works properly.
61my $dns_test_server = "ping.ipfire.org";
62
43140993
SS		 63my $check_servers;
64
24d7c5ef
SS		 65my %color = ();
66my %mainsettings = ();
67&General::readhash("${General::swroot}/main/settings", \%mainsettings);
8186b372 68&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
24d7c5ef 69
e0639d80 70&Header::showhttpheaders();
24d7c5ef 71&Header::getcgihash(\%cgiparams);
e0639d80 72
24d7c5ef
SS		 73##
74# Save general settings.
75#
76if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
77 # Prevent form name from been stored in conf file.
78 delete $cgiparams{'GENERAL'};
e0639d80 79
24d7c5ef
SS		 80 # Add value for non-checked checkbox.
81 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
82 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
83 }
e0639d80 84
24d7c5ef
SS		 85 # Add value for non-checked checkbox.
86 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
87 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
88 }
e0639d80 89
65ef52a3
MT		 90 if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") {
91 $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off";
92 }
93
39a6219f
SS		 94 # Check if using ISP nameservers and TLS is enabled at the same time.
95 if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
96 $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
97 }
98
99 # Check if there was an error.
100 if ( ! $errormessage) {
719db1cd 101
39a6219f
SS		 102 # Store settings into settings file.
103 &General::writehash("$settings_file", \%cgiparams);
104
105 # Call function to handle unbound restart, etc.
106 &_handle_unbound_and_more()
107 }
24d7c5ef
SS		 108}
109
110###
111# Add / Edit entries.
112#
113if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
114 # Hash to store the generic DNS settings.
115 my %settings = ();
116
117 # Read-in generic settings.
118 &General::readhash("$settings_file", \%settings);
e0639d80 119
038f962e
SS		 120 # Check if an IP-address has been given.
121 if ($cgiparams{"NAMESERVER"} eq "") {
122 $errormessage = "$Lang::tr{'dns no address given'}";
123 }
124
24d7c5ef 125 # Check if the given DNS server is valid.
038f962e 126 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
24d7c5ef
SS		 127 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
128 }
129
130 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
131 elsif($settings{'PROTO'} eq "TLS") {
132 unless($cgiparams{"TLS_HOSTNAME"}) {
133 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
134 } else {
135 # Check if the provided domain is valid.
136 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
137 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
138 }
e0639d80 139 }
24d7c5ef
SS		 140 }
141
24d7c5ef
SS		 142 # Go further if there was no error.
143 if ( ! $errormessage) {
24d7c5ef
SS		 144
145 my %dns_servers = ();
146 my $id;
147 my $status;
148
149 # Read-in configfile.
150 &General::readhasharray($servers_file, \%dns_servers);
151
152 # Check if we should edit an existing entry and got an ID.
153 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
154 # Assin the provided id.
155 $id = $cgiparams{'ID'};
156
157 # Undef the given ID.
158 undef($cgiparams{'ID'});
159
160 # Grab the configured status of the corresponding entry.
161 $status = $dns_servers{$id}[2];
162 } else {
163 # Each newly added entry automatically should be enabled.
164 $status = "enabled";
165
166 # Generate the ID for the new entry.
167 #
168 # Sort the keys by their ID and store them in an array.
169 my @keys = sort { $a <=> $b } keys %dns_servers;
170
171 # Reverse the key array.
172 my @reversed = reverse(@keys);
173
174 # Obtain the last used id.
175 my $last_id = @reversed[0];
176
177 # Increase the last id by one and use it as id for the new entry.
178 $id = ++$last_id;
179
180 # The first allowed id is 3 to keep space for
181 # possible ISP assigned DNS servers.
611587cf 182 if ($id <= "2") {
24d7c5ef
SS		 183 $id = "3";
184 }
e0639d80 185 }
24d7c5ef
SS		 186
187 # Add/Modify the entry to/in the dns_servers hash.
188 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
189
190 # Write the changed hash to the config file.
191 &General::writehasharray($servers_file, \%dns_servers);
719db1cd
SS		 192
193 # Call function to handle unbound restart, etc.
194 &_handle_unbound_and_more();
24d7c5ef
SS		 195 } else {
196 # Switch back to previous mode.
197 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
198 }
199###
200# Toggle enable / disable.
201#
202} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
203 my %dns_servers = ();
204
205 # Only go further, if an ID has been passed.
206 if ($cgiparams{'ID'}) {
207 # Assign the given ID.
208 my $id = $cgiparams{'ID'};
209
210 # Undef the given ID.
211 undef($cgiparams{'ID'});
212
213 # Read-in configfile.
214 &General::readhasharray($servers_file, \%dns_servers);
215
216 # Grab the configured status of the corresponding entry.
217 my $status = $dns_servers{$id}[2];
218
219 # Switch the status.
220 if ($status eq "disabled") {
221 $status = "enabled";
222 } else {
223 $status = "disabled";
e0639d80 224 }
24d7c5ef
SS		 225
226 # Modify the status of the existing entry.
227 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
228
229 # Write the changed hash back to the config file.
230 &General::writehasharray($servers_file, \%dns_servers);
8f4bde65
SS		 231
232 # Call function to handle unbound restart, etc.
233 &_handle_unbound_and_more();
e0639d80 234 }
24d7c5ef
SS		 235
236## Remove entry from DNS servers list.
237#
238} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
239 my %dns_servers = ();
240
241 # Read-in configfile.
242 &General::readhasharray($servers_file, \%dns_servers);
243
244 # Drop entry from the hash.
245 delete($dns_servers{$cgiparams{'ID'}});
246
247 # Undef the given ID.
248 undef($cgiparams{'ID'});
249
250 # Write the changed hash to the config file.
251 &General::writehasharray($servers_file, \%dns_servers);
43140993 252
8f4bde65
SS		 253 # Call function to handle unbound restart, etc.
254 &_handle_unbound_and_more();
255
43140993
SS		 256## Handle request to check the servers.
257#
258} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
259 $check_servers = 1;
e0639d80
JPT		 260}
261
24d7c5ef
SS		 262# Hash to store the generic DNS settings.
263my %settings = ();
65ef52a3 264$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on";
24d7c5ef
SS		 265
266# Read-in general DNS settings.
267&General::readhash("$settings_file", \%settings);
268
269# Hash which contains the configured DNS servers.
270my %dns_servers = ();
271
272# Read-in config file.
273&General::readhasharray("$servers_file", \%dns_servers);
274
743808bb 275&Header::openpage($Lang::tr{'dns title'}, 1, '');
24d7c5ef
SS		 276
277&Header::openbigbox('100%', 'left', '', $errormessage);
278
279###
280# Error messages layout.
281#
282if ($errormessage) {
283 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
284 print "<class name='base'>$errormessage\n";
285 print "&nbsp;</class>\n";
286 &Header::closebox();
e0639d80
JPT		 287}
288
24d7c5ef
SS		 289# Handle if a nameserver should be added or edited.
290if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
291 # Display the sub page.
292 &show_add_edit_nameserver();
293
294 # Close webpage.
295 &Header::closebigbox();
296 &Header::closepage();
297
298 # Finished here for the moment.
299 exit(0);
2e1432c4
JPT		 300}
301
24d7c5ef
SS		 302$cgiparams{'GENERAL'} = '';
303$cgiparams{'SERVERS'} = '';
304$cgiparams{'NAMESERVER'} = '';
305$cgiparams{'TLS_HOSTNAME'} = '';
306$cgiparams{'REMARK'} ='';
307
308$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
309$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
310$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
311
312$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
313$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
314$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
315
65ef52a3
MT		 316$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = '';
317$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = '';
318$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'";
319
24d7c5ef
SS		 320$selected{'PROTO'}{'UDP'} = '';
321$selected{'PROTO'}{'TLS'} = '';
322$selected{'PROTO'}{'TCP'} = '';
323$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
324
325$selected{'QNAME_MIN'}{'standard'} = '';
326$selected{'QNAME_MIN'}{'strict'} = '';
327$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
328
329# Display nameserver and configuration sections.
330&show_nameservers();
331&show_general_dns_configuration();
332
333&Header::closebigbox();
334&Header::closepage();
335
336###
337# General DNS-Servers sektion.
338#
339sub show_general_dns_configuration () {
340 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
341
342 print <<END;
343 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
344 <table width="100%">
345 <tr>
346 <td width="33%">
347 $Lang::tr{'dns use isp assigned nameservers'}
348 </td>
349
350 <td>
351 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
352 </td>
353 </tr>
354
355 <tr>
356 <td colspan="2">
357 <br>
358 </td>
359 </tr>
360
361 <tr>
362 <td width="33%">
363 $Lang::tr{'dns use protocol for dns queries'}
364 </td>
365
366 <td>
367 <select name="PROTO">
368 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
369 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
370 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
371 </select>
372 </td>
373 </tr>
374
375 <tr>
376 <td colspan="2">
377 <br>
378 </td>
379 </tr>
380
381 <tr>
382 <td width="33%">
383 $Lang::tr{'dns enable safe-search'}
384 </td>
385
386 <td>
387 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
388 </td>
389 </tr>
390
65ef52a3
MT		 391 <tr>
392 <td width="33%">
393 &raquo; $Lang::tr{'dns enable safe-search youtube'}
394 </td>
395
396 <td>
397 <input type="checkbox" name="ENABLE_SAFE_SEARCH_YOUTUBE" $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'}>
398 </td>
399 </tr>
400
24d7c5ef
SS		 401 <tr>
402 <td colspan="2">
403 <br>
404 </td>
405 </tr>
406
407 <tr>
408 <td width="33%">
409 $Lang::tr{'dns mode for qname minimisation'}
410 </td>
411
412 <td>
413 <select name="QNAME_MIN">
414 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
415 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
416 </select>
417 </td>
418 </tr>
419
420 <tr>
421 <td colspan="2" align="right">
422 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
423 </td>
424 </tr>
425 </table>
426 </form>
427END
428
e0639d80
JPT		 429 &Header::closebox();
430}
431
24d7c5ef
SS		 432###
433# Section to display the configured and used DNS servers.
434#
435sub show_nameservers () {
743808bb 436 &Header::openbox('100%', 'center', "$Lang::tr{'dns servers'}");
e0639d80 437
351ad526
MT		 438 # Determine if we are running in recursor mode
439 my $recursor = 0;
440 my $unbound_forward = qx(unbound-control forward);
441 if ($unbound_forward =~ m/^off/) {
442 $recursor = 1;
443 }
444
770ea81e
SS		 445 my $dns_status_string;
446 my $dns_status_col;
f03f3429 447 my $dns_working;
770ea81e 448
351ad526 449
770ea81e
SS		 450 # Test if the DNS system is working.
451 #
452 # Simple send a request to unbound and check if it can resolve the
453 # DNS test server.
f2d2c697 454 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
770ea81e
SS		 455
456 if ($dns_status_ret eq "2") {
457 $dns_status_string = "$Lang::tr{'working'}";
458 $dns_status_col = "${Header::colourgreen}";
f03f3429 459 $dns_working = 1;
770ea81e 460 } else {
46cc88ed 461 $dns_status_string = "$Lang::tr{'broken'}";
770ea81e
SS		 462 $dns_status_col = "${Header::colourred}";
463 }
464
351ad526
MT		 465 if ($recursor) {
466 $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
467 }
468
18e97c76 469 print <<END;
770ea81e
SS		 470 <table width='100%'>
471 <tr>
472 <td>
473 <strong>$Lang::tr{'status'}:&nbsp;</strong>
474 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
475 </td>
476 </tr>
477 </table>
18e97c76
MT		 478END
479
480 # Check the usage of ISP assigned nameservers is enabled.
481 my $id = 1;
770ea81e 482
18e97c76
MT		 483 # Loop through the array which stores the files.
484 foreach my $file (@ISP_nameserver_files) {
485 # Grab the address of the nameserver.
486 my $address = &General::grab_address_from_file($file);
487
488 # Check if we got an address.
489 if ($address) {
490 # Add the address to the hash of nameservers.
491 $dns_servers{$id} = [ "$address", "none",
492 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
493 "$Lang::tr{'dns isp assigned nameserver'}" ];
494
495 # Increase id by one.
496 $id++;
497 }
498 }
499
500 # Check some DNS servers have been configured. In this case
501 # the hash contains at least one key.
502 my $server_amount;
503 if (keys %dns_servers) {
504 # Sort the keys by their ID and store them in an array.
505 my @keys = sort { $a <=> $b } keys %dns_servers;
506
507 print <<END;
770ea81e
SS		 508 <br>
509
24d7c5ef
SS		 510 <table class="tbl" width='100%'>
511 <tr>
512 <td align="center">
513 <strong>$Lang::tr{'nameserver'}</strong>
514 </td>
515
516 <td align="center">
517 <strong>$Lang::tr{'country'}</strong>
518 </td>
519
520 <td align="center">
521 <strong>$Lang::tr{'rdns'}</strong>
522 </td>
523
524 <td align="center">
525 <strong>$Lang::tr{'remark'}</strong>
526 </td>
43140993 527END
18e97c76
MT		 528
529 # Check if the status should be displayed.
530 if ($check_servers) {
531 print <<END;
24d7c5ef
SS		 532 <td align="center">
533 <strong>$Lang::tr{'status'}</strong>
534 </td>
43140993 535END
18e97c76 536 }
43140993 537
18e97c76 538 print <<END;
e0639d80 539
24d7c5ef
SS		 540 <td align="center" colspan="3">
541 <strong>$Lang::tr{'action'}</strong>
542 </td>
543 </tr>
830f6177 544END
24d7c5ef
SS		 545
546 # Loop through all entries of the array/hash.
547 foreach my $id (@keys) {
548 # Inrease server_amount.
549 $server_amount++;
550
551 # Assign data array positions to some nice variable names.
552 my $nameserver = $dns_servers{$id}[0];
553 my $tls_hostname = $dns_servers{$id}[1];
554 my $enabled = $dns_servers{$id}[2];
555 my $remark = $dns_servers{$id}[3];
556
557 my $col = '';
558 my $toggle = '';
559 my $gif = '';
560 my $gdesc = '';
561 my $notice = "";
562
563 # Colorize columns.
564 if ($server_amount % 2) {
565 $col="bgcolor='$color{'color22'}'"; }
566 else {
567 $col="bgcolor='$color{'color20'}'";
568 }
569
570 if ($enabled eq 'enabled') {
571 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
572 } else {
573 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
574 }
575
576 my $status;
577 my $status_short;
578 my $status_message;
579 my $status_colour;
580
581 # Only grab the status if the nameserver is enabled.
43140993 582 if (($check_servers) && ($enabled eq "enabled")) {
24d7c5ef
SS		 583 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
584 }
585
a25dcda2 586 if (!defined $status) {
24d7c5ef
SS		 587 $status_short = "$Lang::tr{'disabled'}";
588
589 # DNSSEC Not supported
590 } elsif ($status eq 0) {
591 $status_short = "$Lang::tr{'broken'}";
592 $status_message = $Lang::tr{'dnssec not supported'};
593 $status_colour = ${Header::colourred};
594
595 # DNSSEC Aware
596 } elsif ($status eq 1) {
597 $status_short = "$Lang::tr{'not validating'}";
598 $status_message = $Lang::tr{'dnssec aware'};
599 $status_colour = ${Header::colourblack};
600
601 # DNSSEC Validating
602 } elsif ($status eq 2) {
603 $status_short = "$Lang::tr{'ok'}";
604 $status_message = $Lang::tr{'dnssec validating'};
605 $status_colour = ${Header::colourgreen};
606
607 # Error
608 } else {
609 $status_short = "$Lang::tr{'error'}";
610 $status_message = $status;
611 $status_colour = ${Header::colourred};
612 }
613
4346cb66 614 # collect more information about name server (rDNS, country code)
07e42be9 615 my $ccode = &Location::Functions::lookup_country_code($nameserver);
4346cb66 616 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
24d7c5ef 617
25dda4a0
SS		 618 my $rdns;
619
620 # Only do the reverse lookup if the system is online.
f03f3429 621 if ($dns_working) {
25dda4a0
SS		 622 my $iaddr = inet_aton($nameserver);
623 $rdns = gethostbyaddr($iaddr, AF_INET);
624 }
24d7c5ef 625
358e42ff 626 if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; }
24d7c5ef 627
77c7a94c
MT		 628 # Mark ISP name servers as disabled
629 if ($id <= 2 && $enabled eq "disabled") {
630 $nameserver = "<del>$nameserver</del>";
631 }
632
24d7c5ef
SS		 633print <<END;
634 <tr>
635 <td align="center" $col>
636 $nameserver
637 </td>
638
639 <td align="center" $col>
640 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
641 </td>
642
643 <td align="center" $col>
644 $rdns
645 </td>
646
647 <td align="center" $col>
648 $remark
649 </td>
830f6177 650END
24d7c5ef 651;
43140993
SS		 652 # Display server status if requested.
653 if ($check_servers) {
654print <<END
655 <td align="center" $col>
656 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
657 </td>
658END
659;
660 }
661
24d7c5ef
SS		 662 # Check if the id is greater than "2".
663 #
664 # Nameservers with an ID's of one or two are ISP assigned,
665 # and we cannot perform any actions on them, so hide the tools for
666 # them.
19602b68 667 if ($id > 2) {
24d7c5ef
SS		 668
669print <<END;
670 <td align='center' width='5%' $col>
671 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
672 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
673 <input type='hidden' name='ID' value='$id' />
674 <input type='hidden' name='ENABLE' value='$toggle' />
675 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
676 </form>
677 </td>
678
679 <td align='center' width='5%' $col>
680 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
681 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
682 <input type='hidden' name='ID' value='$id' />
683 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
684 </form>
685 </td>
686
687 <td align='center' width='5%' $col>
688 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
689 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
690 <input type='hidden' name='ID' value='$id' />
691 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
692 </form>
693 </td>
830f6177 694END
24d7c5ef
SS		 695;
696 } else {
697 print "<td colspan='3' $col>&nbsp;</td>\n";
698 }
699
700
701 print"</tr>\n";
702
703 }
704
705 print"</table>\n";
706
707 print"<table width='100%'>\n";
708
709 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
19602b68 710 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) {
24d7c5ef
SS		 711print <<END;
712 <tr>
713 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
714 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
715 <td class='base'>$Lang::tr{'click to disable'}</td>
716 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
717 <td class='base'>$Lang::tr{'click to enable'}</td>
718 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
719 <td class='base'>$Lang::tr{'edit'}</td>
720 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
721 <td class='base'>$Lang::tr{'remove'}</td>
722 </tr>
830f6177 723END
24d7c5ef
SS		 724;
725 }
726print <<END;
727 <tr>
728 <form method="post" action="$ENV{'SCRIPT_NAME'}">
43140993
SS		 729 <td colspan="9" align="right">
730 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
731 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
732 </td>
24d7c5ef
SS		 733 </form>
734 </tr>
735 </table>
830f6177 736END
24d7c5ef 737;
24d7c5ef 738 } else {
351ad526 739 print <<END;
24d7c5ef 740 <table width="100%">
24d7c5ef
SS		 741 <tr>
742 <form method="post" action="$ENV{'SCRIPT_NAME'}">
743 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
744 </form>
745 </tr>
746 </table>
830f6177 747END
24d7c5ef
SS		 748 }
749
750 &Header::closebox();
830f6177 751}
24d7c5ef
SS		 752
753###
754# Section to display the add or edit subpage.
755#
756sub show_add_edit_nameserver() {
757 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
758
759 my $buttontext = $Lang::tr{'save'};
760 my $dnssec_checked;
761 my $dot_checked;
762 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
763 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
764
765 # Update button text for upate the existing entry.
766 $buttontext = $Lang::tr{'update'};
767
768 # Add hidden input for sending ID.
769 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
770
771 # Check if an ID has been given.
772 if ($cgiparams{'ID'}) {
773 # Assign cgiparams values.
774 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
775 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
776 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
777 }
778 } else {
779 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
780 }
781
f10fb4bf
SS		 782 my $tls_required_image;
783
784 # If the protocol is TLS, dispaly the required image.
785 if ($settings{'PROTO'} eq "TLS") {
786 $tls_required_image = "<img src='/blob.gif' alt='*'>";
787 }
788
24d7c5ef
SS		 789 # Add hidden input to store the mode.
790 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
791
792print <<END
793 <table width='100%'>
794 <tr>
795 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
796 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
797 </tr>
f10fb4bf
SS		 798
799
24d7c5ef 800 <tr>
f10fb4bf 801 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
24d7c5ef
SS		 802 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
803 </tr>
24d7c5ef 804
e0639d80 805
24d7c5ef
SS		 806 <tr>
807 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
808 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
809 </tr>
810 </table>
811
812 <br>
813 <hr>
814
815 <table width='100%'>
816 <tr>
817 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
818 <td width='40%' align='right'>
819 <input type="submit" name="SERVERS" value="$buttontext">
820 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
821 </td>
822 </tr>
823 </table>
e0639d80
JPT		 824END
825;
826
24d7c5ef
SS		 827 &Header::closebox();
828 print "</form>\n";
e0639d80 829
24d7c5ef
SS		 830 &Header::closebox();
831}
e0639d80 832
719db1cd
SS		 833# Private function to handle the restart of unbound and more.
834sub _handle_unbound_and_more () {
8fbb12f1
SS		 835 # Check if the IDS is running.
836 if(&IDS::ids_is_running()) {
837 # Re-generate the file which contains the DNS Server
838 # details.
839 &IDS::generate_dns_servers_file();
840
841 # Call suricatactrl to perform a reload.
842 &IDS::call_suricatactrl("restart");
843 }
80bed581 844 # Restart unbound
8a1e6afe 845 &General::system('/usr/local/bin/unboundctrl', 'reload');
719db1cd
SS		 846}
847
f36855fe
SS		 848# Check if the system is online (RED is connected).
849sub red_is_active () {
850 # Check if the "active" file is present.
851 if ( -f "${General::swroot}/red/active") {
852 # Return "1" - True.
853 return 1;
854 } else {
855 # Return nothing - False.
856 return;
857 }
858}
859
24d7c5ef 860# Function to check a given nameserver against propper work.
38f51465
MT		 861sub check_nameserver($$$$$) {
862 my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
24d7c5ef 863
70187da6
SS		 864 # Check if the system is online.
865 unless (&red_is_active()) {
866 return "$Lang::tr{'system is offline'}";
867 }
868
24d7c5ef 869 # Default values.
3a5866ac 870 my @command = ("kdig", "+dnssec",
38f51465 871 "+bufsize=1232", @args);
24d7c5ef
SS		 872
873 # Handle different protols.
874 if ($proto eq "TCP") {
875 # Add TCP switch to the command.
876 push(@command, "+tcp");
877
878 } elsif($proto eq "TLS") {
879 # Add TLS switch to the command and provide the
880 # path to our file which contains the ca certs.
881 push(@command, "+tls-ca=$ca_certs_file");
882
883 # Check if a TLS hostname has been provided.
884 if ($tls_hostname) {
885 # Add TLS hostname to the command.
886 push(@command, "+tls-hostname=$tls_hostname");
887 } else {
888 return "$Lang::tr{'dns no tls hostname given'}";
889 }
890 }
891
892 # Add record to the command array.
893 push(@command, "$record");
894
895 # Add nameserver to the command array.
896 push(@command, "\@$nameserver");
897
898 # Connect to STDOUT and STDERR.
899 push(@command, "2>&1");
900
901 my @output = qx(@command);
902 my $output = join("", @output);
903
904 my $status = 0;
24d7c5ef
SS		 905
906 if ($output =~ m/status: (\w+)/) {
907 $status = ($1 eq "NOERROR");
908
909 if (!$status) {
910 return -1;
911 }
984f14bd
MT		 912 } else {
913 my $warning;
914
915 while ($output =~ m/WARNING: (.*)/g) {
916 # Add the current grabbed warning to the warning string.
917 $warning .= "$1\; ";
918 }
919
920 # Return the warning string, if we grabbed at least one.
921 if ($warning) {
922 return $warning;
923 }
24d7c5ef
SS		 924 }
925
926 my @flags = ();
927 if ($output =~ m/Flags: (.*);/) {
928 @flags = split(/ /, $1);
929 }
930
931 my $aware = ($output =~ m/RRSIG/);
71471d9b 932 my $validating = (grep(/ad;/, @flags));
24d7c5ef
SS		 933
934 return $aware + $validating;
935}
Peter's tree of IPFire 2.x