dns/bind: Add Forward Zones (#4802)

2026-06-03 13:59:06 -04:00 · 2025-07-10 10:08:47 +02:00 · 2025-07-10 10:08:47 +02:00 · 07d67b4dea
commit 07d67b4dea
parent ee49893e54
7 changed files with 109 additions and 4 deletions
--- a/dns/bind/pkg-descr
+++ b/dns/bind/pkg-descr
@ -12,6 +12,7 @@ Plugin Changelog
 1.34

 * Add custom configuration include directory /usr/local/etc/namedb/named.conf.d (contributed by Nicholas Card)
+* Add forward zones

 1.33

--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/Api/DomainController.php
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/Api/DomainController.php
@ -73,6 +73,18 @@ class DomainController extends ApiMutableModelControllerBase
        );
    }

+    public function searchForwardDomainAction()
+    {
+        return $this->searchBase(
+            'domains.domain',
+            [ 'enabled', 'type', 'domainname', 'forwardserver' ],
+            'domainname',
+            function ($record) {
+                return $record->type->getNodeData()['forward']['selected'] === 1;
+            }
+        );
+    }
+
    public function getDomainAction($uuid = null)
    {
        return $this->getBase('domain', 'domains.domain', $uuid);
@ -88,6 +100,11 @@ class DomainController extends ApiMutableModelControllerBase
        return $this->addBase('domain', 'domains.domain', ['type' => 'secondary']);
    }

+    public function addForwardDomainAction($uuid = null)
+    {
+        return $this->addBase('domain', 'domains.domain', ['type' => 'forward']);
+    }
+
    public function delDomainAction($uuid)
    {
        return $this->delBase('domains.domain', $uuid);
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/GeneralController.php
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/GeneralController.php
@ -37,6 +37,7 @@ class GeneralController extends \OPNsense\Base\IndexController
        $this->view->formDialogEditBindAcl = $this->getForm("dialogEditBindAcl");
        $this->view->formDialogEditBindPrimaryDomain = $this->getForm("dialogEditBindPrimaryDomain");
        $this->view->formDialogEditBindSecondaryDomain = $this->getForm("dialogEditBindSecondaryDomain");
+        $this->view->formDialogEditBindForwardDomain = $this->getForm("dialogEditBindForwardDomain");
        $this->view->formDialogEditBindRecord = $this->getForm("dialogEditBindRecord");
        $this->view->pick('OPNsense/Bind/general');
    }
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
@ -0,0 +1,22 @@
+<form>
+    <field>
+        <id>domain.enabled</id>
+        <label>Enabled</label>
+        <type>checkbox</type>
+        <help>This will enable or disable this zone.</help>
+    </field>
+    <field>
+        <id>domain.domainname</id>
+        <label>Zone Name</label>
+        <type>text</type>
+        <help>Set the name for this zone. Both forward and reverse zones may be specified, i.e. example.com or 0.168.192.in-addr.arpa.</help>
+    </field>
+    <field>
+        <id>domain.forwardserver</id>
+        <label>Primary IP</label>
+        <style>tokenize</style>
+        <type>select_multiple</type>
+        <allownew>true</allownew>
+        <help>Set the IP address of server to forward requests to.</help>
+    </field>
+</form>
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
@ -1,7 +1,7 @@
 <model>
    <mount>//OPNsense/bind/domain</mount>
    <description>BIND domain configuration</description>
-    <version>1.1.1</version>
+    <version>1.1.2</version>
    <items>
        <domains>
            <domain type="ArrayField">
@ -15,12 +15,16 @@
                    <OptionValues>
                        <primary>primary</primary>
                        <secondary>secondary</secondary>
+                        <forward>forward</forward>
                    </OptionValues>
                </type>
                <primaryip type="NetworkField">
                    <FieldSeparator>,</FieldSeparator>
                    <AsList>Y</AsList>
                </primaryip>
+                <forwardserver type="NetworkField">
+                    <AsList>Y</AsList>
+                </forwardserver>
                <transferkeyalgo type="OptionField">
                    <OptionValues>
                        <hmac-sha512>HMAC-SHA512</hmac-sha512>
--- a/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
+++ b/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
@ -33,6 +33,7 @@
    <li><a data-toggle="tab" href="#acls">{{ lang._('ACLs') }}</a></li>
    <li><a data-toggle="tab" href="#primary-domains">{{ lang._('Primary Zones') }}</a></li>
    <li><a data-toggle="tab" href="#secondary-domains">{{ lang._('Secondary Zones') }}</a></li>
+    <li><a data-toggle="tab" href="#forward-domains">{{ lang._('Forward Zones') }}</a></li>
 </ul>

 <div class="tab-content content-box tab-content">
@ -189,11 +190,48 @@
            <br /><br />
        </div>
    </div>
+    <div id="forward-domains" class="tab-pane fade in">
+        <div class="col-md-12">
+            <h2>{{ lang._('Zones') }}</h2>
+        </div>
+        <div id="forward-domains-area" class="table-responsive">
+            <table id="grid-forward-domains" class="table table-condensed table-hover table-striped" data-editAlert="ChangeMessage" data-editDialog="dialogEditBindForwardDomain">
+                <thead>
+                    <tr>
+                        <th data-column-id="enabled" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
+                        <th data-column-id="domainname" data-type="string" data-visible="true">{{ lang._('Zone') }}</th>
+                        <th data-column-id="forwardserver" data-type="string" data-visible="true">{{ lang._('Forwarder IPs') }}</th>
+                        <th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
+                        <th data-column-id="commands" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
+                    </tr>
+                </thead>
+                <tbody>
+                </tbody>
+                <tfoot>
+                    <tr>
+                        <td colspan="5"></td>
+                        <td>
+                            <button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
+                        </td>
+                    </tr>
+                </tfoot>
+            </table>
+        </div>
+        <hr/>
+        <div class="col-md-12">
+            <div id="ChangeMessage" class="alert alert-info" style="display: none" role="alert">
+                {{ lang._('After changing settings, please remember to apply them with the button below') }}
+            </div>
+            <button class="btn btn-primary saveAct_domain" type="button"><b>{{ lang._('Save') }}</b> <i class="saveAct_domain_progress"></i></button>
+            <br /><br />
+        </div>
+    </div>
 </div>

 {{ partial("layout_partials/base_dialog",['fields':formDialogEditBindAcl,'id':'dialogEditBindAcl','label':lang._('Edit ACL')])}}
 {{ partial("layout_partials/base_dialog",['fields':formDialogEditBindPrimaryDomain,'id':'dialogEditBindPrimaryDomain','label':lang._('Edit Primary Zone')])}}
 {{ partial("layout_partials/base_dialog",['fields':formDialogEditBindSecondaryDomain,'id':'dialogEditBindSecondaryDomain','label':lang._('Edit Secondary Zone')])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogEditBindForwardDomain,'id':'dialogEditBindForwardDomain','label':lang._('Edit Forward Zone')])}}
 {{ partial("layout_partials/base_dialog",['fields':formDialogEditBindRecord,'id':'dialogEditBindRecord','label':lang._('Edit Record')])}}

 <style>
@ -433,6 +471,26 @@ $(document).ready(function() {
        }
    });

+    $("#grid-forward-domains").UIBootgrid({
+        'search': '/api/bind/domain/search_forward_domain',
+        'get': '/api/bind/domain/get_domain/',
+        'set': '/api/bind/domain/set_domain/',
+        'add': '/api/bind/domain/add_forward_domain/',
+        'del': '/api/bind/domain/del_domain/',
+        'toggle': '/api/bind/domain/toggle_domain/',
+        options: {
+            selection: false,
+            multiSelect: false,
+            rowSelect: false,
+            rowCount: [7, 14, 20, 50, 100, -1]
+        }
+    }).on("loaded.rs.jquery.bootgrid", function(e) {
+        let ids = $("#grid-forward-domains").bootgrid("getCurrentRows");
+        if (ids.length > 0) {
+            $("#grid-forward-domains").bootgrid('select', [ids[0].uuid]);
+        }
+    });
+
    $("#grid-primary-records").UIBootgrid({
        'search': '/api/bind/record/search_record',
        'get': '/api/bind/record/get_record/',
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@ -153,7 +153,9 @@ zone "rpzbing" { type primary; file "/usr/local/etc/namedb/primary/bing.db"; not
 {%     if domain.enabled == '1' %}
 zone "{{ domain.domainname }}" {
        type {{ domain.type }};
-{%       if domain.type == 'secondary' %}
+{%       if domain.type == 'forward' %}
+        forwarders { {{ domain.forwardserver.replace(',', '; ') }}; };
+{%       elif domain.type == 'secondary' %}
 {%         if domain.transferkey is defined %}
        primaries { {{ domain.primaryip.replace(',', ' key "' ~ domain.transferkeyname ~ '"; ') }} key "{{ domain.transferkeyname }}"; };
 {%         else %}
@ -163,7 +165,7 @@ zone "{{ domain.domainname }}" {
        allow-notify { {{ domain.allownotifysecondary.replace(',', '; ') }}; };
 {%         endif %}
        file "/usr/local/etc/namedb/secondary/{{ domain.domainname }}.db";
-{%       else %}
+{%       elif domain.type == 'primary' %}
        file "/usr/local/etc/namedb/primary/{{ domain.domainname }}.db";
 {%       endif %}
 {%      if domain.allowtransfer is defined or (domain.allowrndctransfer is defined and domain.allowrndctransfer == "1") %}
@ -187,7 +189,7 @@ zone "{{ domain.domainname }}" {
 {%              endfor %}
        };
 {%      endif %}
-{%      if domain.allowrndcupdate is defined and domain.allowrndcupdate == "1" and domain.type != 'secondary' %}
+{%      if domain.allowrndcupdate is defined and domain.allowrndcupdate == "1" and domain.type == 'primary' %}
        update-policy {
 		grant rndc-key zonesub ANY;
        };