WARNING: untranslated string: dns error 0 = The IP address of the <strong>primary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>secondary</strong> DNS server address is valid.
WARNING: untranslated string: dns error 01 = The entered IP address of the <strong>primary</strong> and <strong>secondary</strong> DNS server are not valid, please check your entries!
WARNING: untranslated string: dns error 1 = The IP address of the <strong>secondary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>primary</strong> DNS server address is valid.
+WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
+WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns header = Assign DNS server addresses only for DHCP on red0
WARNING: untranslated string: dns list = List of free public DNS servers
WARNING: untranslated string: dns menu = Assign DNS-Server
WARNING: untranslated string: dhcp dns update secret = Secret:
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
+WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
+WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns servers = DNS Servers
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: default IP address = Default IP Address
+WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
+WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian block a host = unknown string
WARNING: untranslated string: dhcp dns update algo = Algorithm:
WARNING: untranslated string: dhcp dns update secret = Secret:
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
+WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
+WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
WARNING: untranslated string: eight hours = 8 Hours
WARNING: untranslated string: dhcp dns update algo = Algorithm:
WARNING: untranslated string: dhcp dns update secret = Secret:
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
+WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
+WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns servers = DNS Servers
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dhcp dns update secret = Secret:
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
+WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
+WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns servers = DNS Servers
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: disk access per = Disk Access per
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
+WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
+WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns servers = DNS Servers
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: default IP address = Default IP Address
+WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
+WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: fwdfw all subnets = All subnets
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
+< dns forward disable dnssec
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_servers
+< dns forwarding dnssec disabled notice
< dnsforward zone
< dnssec aware
< dnssec disabled warning
############################################################################
< cryptographic settings
< default IP address
+< dns forward disable dnssec
+< dns forwarding dnssec disabled notice
< interface mode
< invalid input for interface address
< invalid input for interface mode
< dhcp dns update algo
< dhcp dns update secret
< dl client arch insecure
+< dns forward disable dnssec
< dnsforward forward_servers
+< dns forwarding dnssec disabled notice
< dnssec disabled warning
< eight hours
< email config
< dh name is invalid
< dh parameter
< dl client arch insecure
+< dns forward disable dnssec
< dnsforward forward_servers
+< dns forwarding dnssec disabled notice
< dnssec aware
< dnssec disabled warning
< dnssec information
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
+< dns forward disable dnssec
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_servers
+< dns forwarding dnssec disabled notice
< dnsforward zone
< dnssec aware
< dnssec disabled warning
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
+< dns forward disable dnssec
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_servers
+< dns forwarding dnssec disabled notice
< dnsforward zone
< dnssec aware
< dnssec disabled warning
< cryptographic settings
< crypto warning
< default IP address
+< dns forward disable dnssec
< dnsforward forward_servers
+< dns forwarding dnssec disabled notice
< fwdfw all subnets
< interface mode
< invalid input for interface address
$cgiparams{'ZONE'} = '';
$cgiparams{'FORWARD_SERVERS'} = '';
$cgiparams{'REMARK'} ='';
+$cgiparams{'DISABLE_DNSSEC'} = 'off';
&Header::getcgihash(\%cgiparams);
open(FILE, $filename) or die 'Unable to open config file.';
my @current = <FILE>;
}
}
+ if ($cgiparams{'DISABLE_DNSSEC'} !~ /^(on|off)?$/) {
+ $errormessage = $Lang::tr{'invalid input'};
+ }
+
# Go further if there was no error.
if ( ! $errormessage)
{
# Check if a remark has been entered.
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
+ # Set to off if not enabled
+ if (!$cgiparams{'DISABLE_DNSSEC'}) {
+ $cgiparams{'DISABLE_DNSSEC'} = "off";
+ }
+
# Check if we want to edit an existing or add a new entry.
if($cgiparams{'EDITING'} eq 'no') {
open(FILE,">>$filename") or die 'Unable to open config file.';
flock FILE, 2;
- print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVERS'},$cgiparams{'REMARK'}\n";
+ print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVERS'},$cgiparams{'REMARK'},$cgiparams{'DISABLE_DNSSEC'}\n";
} else {
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
{
$id++;
if ($cgiparams{'EDITING'} eq $id) {
- print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVERS'},$cgiparams{'REMARK'}\n";
+ print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVERS'},$cgiparams{'REMARK'},$cgiparams{'DISABLE_DNSSEC'}\n";
} else { print FILE "$line"; }
}
}
{
chomp($line);
my @temp = split(/\,/,$line);
- print FILE "$cgiparams{'ENABLE'},$temp[1],$temp[2],$temp[3]\n";
+
+ $temp[0] = $cgiparams{'ENABLE'};
+
+ print FILE join(",", @temp) . "\n";
}
}
close(FILE);
$cgiparams{'ZONE'} = $temp[1];
$cgiparams{'FORWARD_SERVERS'} = join(",", split(/\|/, $temp[2]));
$cgiparams{'REMARK'} = $temp[3];
+ $cgiparams{'DISABLE_DNSSEC'} = $temp[4];
}
}
}
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
+$checked{'DISABLE_DNSSEC'}{'off'} = '';
+$checked{'DISABLE_DNSSEC'}{'on'} = '';
+$checked{'DISABLE_DNSSEC'}{$cgiparams{'DISABLE_DNSSEC'}} = "checked='checked'";
+
&Header::openpage($Lang::tr{'dnsforward configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
<td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
<td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
</tr>
+ <tr>
+ <td width ='20%' class='base'>$Lang::tr{'dns forward disable dnssec'}:</td>
+ <td><input type='checkbox' name='DISABLE_DNSSEC' $checked{'DISABLE_DNSSEC'}' /></td>
+ </tr>
</table>
<br>
<hr>
my $gif = '';
my $gdesc = '';
my $toggle = '';
+ my $notice = "";
# Format lists of servers
my $servers = join(", ", split(/\|/, $temp[2]));
+ my $disable_dnssec = $temp[4];
+
if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
print "<tr>";
$col="bgcolor='${Header::colouryellow}'"; }
+ elsif ($disable_dnssec eq 'on') {
+ print "<tr>";
+ $col="bgcolor='${Header::colourred}' style='color: white'"; }
elsif ($id % 2) {
print "<tr>";
$col="bgcolor='$color{'color22'}'"; }
if ($temp[0] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
else { $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
+ if ($disable_dnssec eq "on") {
+ $notice = $Lang::tr{'dns forwarding dnssec disabled notice'};
+ }
+
###
# Display edit page.
#
print <<END
- <td align='center' $col>$temp[1]</td>
+ <td align='center' $col>$temp[1] $notice</td>
<td align='center' $col>$servers</td>
<td align='center' $col>$temp[3]</td>
<td align='center' $col>
'dns error 0' => 'Die IP Adresse vom <strong>primären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>sekundären</strong> DNS Server Adresse ist jedoch gültig.<br />',
'dns error 01' => 'Die eingegebene IP Adresse des <strong>primären</strong> wie auch des <strong>sekundären</strong> DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!',
'dns error 1' => 'Die IP Adresse vom <strong>sekundären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>primäre</strong> DNS Server Adresse ist jedoch gültig.',
+'dns forward disable dnssec' => 'DNSSEC deaktivieren (nicht empfohlen)',
+'dns forwarding dnssec disabled notice' => '(DNSSEC deaktiviert)',
'dns header' => 'DNS Server Adressen zuweisen nur mit DHCP an red0',
'dns list' => 'Liste von freien öffentlichen DNS Servern',
'dns menu' => 'DNS-Server zuweisen',
'dns error 0' => 'The IP address of the <strong>primary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>secondary</strong> DNS server address is valid.',
'dns error 01' => 'The entered IP address of the <strong>primary</strong> and <strong>secondary</strong> DNS server are not valid, please check your entries!',
'dns error 1' => 'The IP address of the <strong>secondary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>primary</strong> DNS server address is valid.',
+'dns forward disable dnssec' => 'Disable DNSSEC (dangerous)',
+'dns forwarding dnssec disabled notice' => '(DNSSEC disabled)',
'dns header' => 'Assign DNS server addresses only for DHCP on red0',
'dns list' => 'List of free public DNS servers',
'dns menu' => 'Assign DNS-Server',
local insecure_zones="${INSECURE_ZONES}"
- local enabled zone server servers remark
- while IFS="," read -r enabled zone servers remark; do
+ local enabled zone server servers remark disable_dnssec rest
+ while IFS="," read -r enabled zone servers remark disable_dnssec rest; do
# Line must be enabled.
[ "${enabled}" = "on" ] || continue
*.local)
insecure_zones="${insecure_zones} ${zone}"
;;
+ *)
+ if [ "${disable_dnssec}" = "on" ]; then
+ insecure_zones="${insecure_zones} ${zone}"
+ fi
+ ;;
esac
# Reverse-lookup zones must be stubs
projects / ipfire-2.x.git / commitdiff
