From 8bf3b729ea6a1c848323735e7c32d0c9c021ba0a Mon Sep 17 00:00:00 2001
From: max-foss <9641709+max-foss@users.noreply.github.com>
Date: Sun, 10 May 2026 12:47:32 +0200
Subject: [PATCH] radvd: allow disabling DNSSL per interface
---
src/etc/inc/plugins.inc.d/radvd.inc | 4 ++-
.../OPNsense/Radvd/forms/dialogEntry.xml | 2 +-
.../mvc/app/models/OPNsense/Radvd/Radvd.php | 27 +++++++++++++++++++
.../mvc/app/models/OPNsense/Radvd/Radvd.xml | 6 +----
4 files changed, 32 insertions(+), 7 deletions(-)
diff --git a/src/etc/inc/plugins.inc.d/radvd.inc b/src/etc/inc/plugins.inc.d/radvd.inc
index a6e0ee48ca..0f37ebc168 100644
--- a/src/etc/inc/plugins.inc.d/radvd.inc
+++ b/src/etc/inc/plugins.inc.d/radvd.inc
@@ -340,7 +340,9 @@ function radvd_configure_do($verbose = false, $ignorelist = [])
$rdnss[] = $server;
}
- if (count($searchlist_tmp)) {
+ if (count($searchlist_tmp) == 1 && $searchlist_tmp[0] == '.') {
+ /* explicitly disabled */
+ } elseif (count($searchlist_tmp)) {
$dnssl = $searchlist_tmp;
} elseif (!empty($config['system']['domain'])) {
$dnssl = [$config['system']['domain']];
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml b/src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
index f22992e06a..8342fcbbce 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
@@ -192,7 +192,7 @@
select_multiple
true
- The default is to use the domain name of this system as the DNSSL option. You may specify explicit domains here instead.
+ The default is to use the domain name of this system as the DNSSL option. You may specify explicit domains here instead. Use "." by itself to disable DNS search domains.
false
diff --git a/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php b/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
index f73650c7da..d7d0e0154b 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
@@ -37,6 +37,12 @@ use OPNsense\Base\Messages\Message;
*/
class Radvd extends BaseModel
{
+ private function isValidSearchDomain(string $domain): bool
+ {
+ return filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) !== false &&
+ filter_var($domain, FILTER_VALIDATE_IP) === false;
+ }
+
/**
* {@inheritdoc}
*/
@@ -86,6 +92,27 @@ class Radvd extends BaseModel
}
}
+ $dnssl = $entry->DNSSL->getValues();
+ if (in_array('.', $dnssl, true) && count($dnssl) > 1) {
+ $messages->appendMessage(
+ new Message(
+ gettext('Use "." by itself to disable DNS search domains.'),
+ $key . '.DNSSL'
+ )
+ );
+ }
+ foreach ($dnssl as $domain) {
+ if ($domain !== '.' && !$this->isValidSearchDomain($domain)) {
+ $messages->appendMessage(
+ new Message(
+ gettext('A DNS search domain must be a valid hostname.'),
+ $key . '.DNSSL'
+ )
+ );
+ break;
+ }
+ }
+
$raMax = $entry->MaxRtrAdvInterval->asInt();
if (
$raMax < $entry->MaxRtrAdvInterval->getMinimumvalue() ||
diff --git a/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml b/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml
index e419f9d05e..1f1ee28cfd 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml
@@ -60,11 +60,7 @@
ipv6
Y
-
- Y
- N
- Y
-
+
Y
1