etc/rc.d/init.d/networking/red.up/30-ddns
srv/web/ipfire/cgi-bin/ddns.cgi
srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
+srv/web/ipfire/cgi-bin/netexternal.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/routing.cgi
usr/sbin/dhcrelay
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec information
+WARNING: untranslated string: dnssec not supported
+WARNING: untranslated string: dnssec validating
WARNING: untranslated string: downlink
WARNING: untranslated string: download tls-auth key
WARNING: untranslated string: dpd delay
WARNING: untranslated string: modem status
WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
+WARNING: untranslated string: nameserver
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec information
+WARNING: untranslated string: dnssec not supported
+WARNING: untranslated string: dnssec validating
WARNING: untranslated string: downlink
WARNING: untranslated string: download tls-auth key
WARNING: untranslated string: dpd delay
WARNING: untranslated string: modem status
WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
+WARNING: untranslated string: nameserver
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dh parameter
WARNING: untranslated string: dns servers
+WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec information
+WARNING: untranslated string: dnssec not supported
+WARNING: untranslated string: dnssec validating
WARNING: untranslated string: download tls-auth key
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: modem sim information
WARNING: untranslated string: modem status
WARNING: untranslated string: monitor interface
+WARNING: untranslated string: nameserver
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec information
+WARNING: untranslated string: dnssec not supported
+WARNING: untranslated string: dnssec validating
WARNING: untranslated string: downlink
WARNING: untranslated string: download tls-auth key
WARNING: untranslated string: dpd delay
WARNING: untranslated string: modem status
WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
+WARNING: untranslated string: nameserver
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec information
+WARNING: untranslated string: dnssec not supported
+WARNING: untranslated string: dnssec validating
WARNING: untranslated string: downlink
WARNING: untranslated string: download tls-auth key
WARNING: untranslated string: dpd delay
WARNING: untranslated string: modem status
WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
+WARNING: untranslated string: nameserver
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: dh key warn
WARNING: untranslated string: dh key warn1
WARNING: untranslated string: dh parameter
+WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec information
+WARNING: untranslated string: dnssec not supported
+WARNING: untranslated string: dnssec validating
WARNING: untranslated string: download tls-auth key
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: modem sim information
WARNING: untranslated string: modem status
WARNING: untranslated string: monitor interface
+WARNING: untranslated string: nameserver
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dnssec aware
+< dnssec information
+< dnssec not supported
+< dnssec validating
< dns servers
< downlink
< download dh parameter
< monitor interface
< most preferred
< MTU settings
+< nameserver
< never
< no hardware random number generator
< not a valid dh key
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dnssec aware
+< dnssec information
+< dnssec not supported
+< dnssec validating
< dns servers
< downlink
< download dh parameter
< monitor interface
< most preferred
< MTU settings
+< nameserver
< never
< no hardware random number generator
< not a valid dh key
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dnssec aware
+< dnssec information
+< dnssec not supported
+< dnssec validating
< dns servers
< downlink
< download dh parameter
< monitor interface
< most preferred
< MTU settings
+< nameserver
< never
< no hardware random number generator
< not a valid dh key
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dnssec aware
+< dnssec information
+< dnssec not supported
+< dnssec validating
< dns servers
< downlink
< download dh parameter
< month-graph
< most preferred
< MTU settings
+< nameserver
< never
< no hardware random number generator
< not a valid dh key
&Header::closebox();
}
+ ## DNSSEC
+ my @nameservers = ();
+ foreach my $f ("${General::swroot}/red/dns1", "${General::swroot}/red/dns2") {
+ open(DNS, "<$f");
+ my $nameserver = <DNS>;
+ close(DNS);
+
+ chomp($nameserver);
+ if ($nameserver) {
+ push(@nameservers, $nameserver);
+ }
+ }
+
+ &Header::openbox('100%', 'center', $Lang::tr{'dnssec information'});
+
+ print <<END;
+ <table class="tbl" width='66%'>
+ <thead>
+ <tr>
+ <th align="center">
+ <strong>$Lang::tr{'nameserver'}</strong>
+ </th>
+ <th align="center">
+ <strong>$Lang::tr{'status'}</strong>
+ </th>
+ </tr>
+ </thead>
+ <tbody>
+END
+
+ my $id = 0;
+ for my $nameserver (@nameservers) {
+ my $status = &check_dnssec($nameserver, "ping.ipfire.org");
+
+ my $colour = "";
+ my $message = "";
+
+ # DNSSEC Not supported
+ if ($status == 0) {
+ $message = $Lang::tr{'dnssec not supported'};
+ $colour = ${Header::colourred};
+
+ # DNSSEC Aware
+ } elsif ($status == 1) {
+ $message = $Lang::tr{'dnssec aware'};
+ $colour = ${Header::colouryellow};
+
+ # DNSSEC Validating
+ } elsif ($status == 2) {
+ $message = $Lang::tr{'dnssec validating'};
+ $colour = ${Header::colourgreen};
+
+ # Error
+ } else {
+ $colour = ${Header::colourred};
+ }
+
+ my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
+
+ print <<END;
+ <tr bgcolor="$table_colour">
+ <td>$nameserver</td>
+ <td bgcolor="$colour" align="center">
+ <font color='white'><strong>$message</strong></font>
+ </td>
+ </tr>
+END
+ }
+
+ print <<END;
+ </tbody>
+ </table>
+END
+
+ &Header::closebox();
+
if ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $netsettings{'RED_TYPE'} eq "DHCP"){
&Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}");
&Header::closebigbox();
&Header::closepage();
-}
+}
+
+sub check_dnssec($$) {
+ my $nameserver = shift;
+ my $record = shift;
+
+ my @command = ("dig", "+dnssec", $record, "\@$nameserver");
+
+ my @output = qx(@command);
+ my $output = join("", @output);
+
+ my $status = 0;
+ if ($output =~ m/status: (\w+)/) {
+ $status = ($1 eq "NOERROR");
+
+ if (!$status) {
+ return -1;
+ }
+ }
+
+ my @flags = ();
+ if ($output =~ m/flags: (.*);/) {
+ @flags = split(/ /, $1);
+ }
+
+ my $aware = ($output =~ m/RRSIG/);
+ my $validating = ("ad" ~~ @flags);
+
+ return $aware + $validating;
+}
'dnsforward entries' => 'Aktuelle Einträge',
'dnsforward forward_server' => 'DNS-Server',
'dnsforward zone' => 'Zone',
+'dnssec aware' => 'DNSSEC-aware',
+'dnssec information' => 'DNSSEC-Informationen',
+'dnssec not supported' => 'DNSSEC wird nicht unterstützt',
+'dnssec validating' => 'DNSSEC-validierend',
'do not log this port list' => 'Verwerfe diese Port-Liste kurz bevor sie protokolliert werden (reduziert Protokollgröße)',
'dod' => 'Dial-on-Demand-Modus',
'dod for dns' => 'Dial-on-Demand für DNS:',
'name is invalid' => 'Name ist ungültig',
'name must only contain characters' => 'Name darf nur Buchstaben enthalten.',
'name too long' => 'Der volle Benutzername oder der System Hostname ist zu lang',
+'nameserver' => 'Nameserver',
'nat-traversal' => 'Nat Traversal:',
'needreboot' => 'Ein Update benötigt einen Neustart',
'net' => 'Netz',
'dnsforward entries' => 'Current entries',
'dnsforward forward_server' => 'Nameserver',
'dnsforward zone' => 'Zone',
+'dnssec aware' => 'DNSSEC Aware',
+'dnssec information' => 'DNSSEC Information',
+'dnssec not supported' => 'DNSSEC Not supported',
+'dnssec validating' => 'DNSSEC Validating',
'do not log this port list' => 'Drop this port list just before they are logged (reduces log size)',
'dod' => 'Dial on Demand',
'dod for dns' => 'Dial on Demand for DNS:',
'name is invalid' => 'Name is invalid',
'name must only contain characters' => 'Name must only contain characters.',
'name too long' => 'User\'s full name or system hostname is too long',
+'nameserver' => 'Nameserver',
'nat-traversal' => 'Nat Traversal:',
'needreboot' => 'An update requires a restart',
'net' => 'Net',