$cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
}
- # Store settings into settings file.
- &General::writehash("$settings_file", \%cgiparams);
+ # Check if using ISP nameservers and TLS is enabled at the same time.
+ if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
+ $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
+ }
- # Call function to handle unbound restart, etc.
- &_handle_unbound_and_more()
+ # Check if there was an error.
+ if ( ! $errormessage) {
+
+ # Store settings into settings file.
+ &General::writehash("$settings_file", \%cgiparams);
+
+ # Call function to handle unbound restart, etc.
+ &_handle_unbound_and_more()
+ }
}
###
# The first allowed id is 3 to keep space for
# possible ISP assigned DNS servers.
- if ($id le "2") {
+ if ($id <= "2") {
$id = "3";
}
}
sub show_nameservers () {
&Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
+ # Determine if we are running in recursor mode
+ my $recursor = 0;
+ my $unbound_forward = qx(unbound-control forward);
+ if ($unbound_forward =~ m/^off/) {
+ $recursor = 1;
+ }
+
my $dns_status_string;
my $dns_status_col;
+ my $dns_working;
+
# Test if the DNS system is working.
#
# Simple send a request to unbound and check if it can resolve the
# DNS test server.
- my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP");
+ my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
if ($dns_status_ret eq "2") {
$dns_status_string = "$Lang::tr{'working'}";
$dns_status_col = "${Header::colourgreen}";
+ $dns_working = 1;
} else {
$dns_status_string = "$Lang::tr{'broken'}";
$dns_status_col = "${Header::colourred}";
}
+ if ($recursor) {
+ $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
+ }
+
print <<END;
<table width='100%'>
<tr>
$status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
}
- if (!$status) {
+ if (!defined $status) {
$status_short = "$Lang::tr{'disabled'}";
# DNSSEC Not supported
my $rdns;
# Only do the reverse lookup if the system is online.
- if (&red_is_active()) {
+ if ($dns_working) {
my $iaddr = inet_aton($nameserver);
$rdns = gethostbyaddr($iaddr, AF_INET);
}
# Nameservers with an ID's of one or two are ISP assigned,
# and we cannot perform any actions on them, so hide the tools for
# them.
- if ($id gt "2") {
+ if ($id > 2) {
print <<END;
<td align='center' width='5%' $col>
print"<table width='100%'>\n";
# Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
- if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
+ if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) {
print <<END;
<tr>
<td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
</table>
END
;
-
} else {
-print <<END;
+ print <<END;
<table width="100%">
- <tr>
- <td colspan="6" align="center">
- <br>$Lang::tr{'guardian no entries'}<br>
- </td>
- </tr>
-
<tr>
<form method="post" action="$ENV{'SCRIPT_NAME'}">
<td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
</form>
</tr>
</table>
-
END
-;
}
&Header::closebox();
# Private function to handle the restart of unbound and more.
sub _handle_unbound_and_more () {
# Restart unbound
- system('/usr/local/bin/unboundctrl restart >/dev/null');
+ system('/usr/local/bin/unboundctrl reload >/dev/null');
# Check if the IDS is running.
if(&IDS::ids_is_running()) {
}
# Function to check a given nameserver against propper work.
-sub check_nameserver($$$$) {
- my ($nameserver, $record, $proto, $tls_hostname) = @_;
+sub check_nameserver($$$$$) {
+ my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
# Check if the system is online.
unless (&red_is_active()) {
}
# Default values.
- my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
- "+bufsize=1232");
+ my @command = ("kdig", "+dnssec",
+ "+bufsize=1232", @args);
# Handle different protols.
if ($proto eq "TCP") {