git.ipfire.org Git - people/ummeegge/ipfire-2.x.git/commit

author	Erik Kapfer <ummeegge@ipfire.org>
	Fri, 1 Nov 2019 13:38:57 +0000 (14:38 +0100)
committer	Erik Kapfer <ummeegge@ipfire.org>
	Fri, 1 Nov 2019 13:38:57 +0000 (14:38 +0100)
commit	d62c9a43abb76b0ca0de16236f9f93a6a2306df3
tree	410f07a57b23315a66760f0525a8cc1ab9c0caf7	tree
parent	c772b7550c4dd06f7945e32cc6af47e8f6a0f229	commit \| diff

DNS-over-TLS: Integration into web user interface

- unbound init has been modified and do not uses 'update_forwarders' function if DoT has been detected.
- DoT works with forward.conf which includes also 'qname-minimization strict'.
- dnsovertls.cgi can be used to configure DoT connections but do also accepts other ports (e.g. 53).
- dot-indexCGI-check checks if and how the connections has been established and delivers the result
to /var/ipfire/red/dot which will be used by index.cgi to deliver the status via color codes.
color codes: red = server is off ; orange = DNSsec do not works but certificate is trustworthy and crypto works ; green = all is working.
- check_connections.sh is a shell script which checks all configured connections also with the above color codes.
- test_tls.sh is also a shell script which check also all configured connections but with the raw output of kdig.
- language file has only be adapted for english.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>

config/dot/EX-dnsovertls.menu	[new file with mode: 0644]	blob
config/dot/check_connection.sh	[new file with mode: 0644]	blob
config/dot/dot-indexCGI-check	[new file with mode: 0755]	blob
config/dot/test_tls.sh	[new file with mode: 0644]	blob
html/cgi-bin/dnsovertls.cgi	[new file with mode: 0644]	blob
html/cgi-bin/index.cgi		diff \| blob \| blame \| history
langs/en/cgi-bin/en.pl		diff \| blob \| blame \| history
src/initscripts/system/unbound		diff \| blob \| blame \| history