dns/rfc2136: allow "*." prefix in hostname for wildcard updates (#5460)

When using rfc2136 dynamic DNS, users may want the same address record to apply to every subdomain of the configured hostname (e.g. for host.example.org and *.host.example.org to resolve to the same IP).
2026-05-28 04:34:15 -04:00 · 2026-05-21 18:07:45 -04:00 · 2026-05-21 18:07:45 -04:00 · 6a8edb972b
commit 6a8edb972b
parent 13ed9a251c
4 changed files with 16 additions and 6 deletions
--- a/dns/rfc2136/Makefile
+++ b/dns/rfc2136/Makefile
@ -1,6 +1,5 @@
 PLUGIN_NAME=		rfc2136
-PLUGIN_VERSION=		1.9
-PLUGIN_REVISION=	5
+PLUGIN_VERSION=		1.10
 PLUGIN_COMMENT=		RFC-2136 Support
 PLUGIN_MAINTAINER=	franco@opnsense.org
 PLUGIN_DEPENDS=		bind-tools
--- a/dns/rfc2136/pkg-descr
+++ b/dns/rfc2136/pkg-descr
@ -3,6 +3,10 @@ Support for RFC-2136 based dynamic DNS updates using Bind
 Plugin Changelog
 ================

+1.10
+
+* Allow a leading "*." in the hostname to update a wildcard record
+
 1.9

 * Add support for interface map in newwanip event
--- a/dns/rfc2136/src/etc/inc/plugins.inc.d/rfc2136.inc
+++ b/dns/rfc2136/src/etc/inc/plugins.inc.d/rfc2136.inc
@ -84,7 +84,10 @@ function rfc2136_cache_file($dnsupdate, $ipver = 4)
 {
    $ipver = $ipver == 6 ? '_v6' : '';

-    return "/var/cache/rfc2136_{$dnsupdate['interface']}_{$dnsupdate['host']}_{$dnsupdate['server']}{$ipver}.cache";
+    /* rawurlencode is identity on the LDH+underscore set is_domain() accepts; only "*." gets encoded */
+    $host = rawurlencode($dnsupdate['host']);
+
+    return "/var/cache/rfc2136_{$dnsupdate['interface']}_{$host}_{$dnsupdate['server']}{$ipver}.cache";
 }

 function rfc2136_configure_do($verbose = false, $int = null, $updatehost = '', $forced = false)
--- a/dns/rfc2136/src/www/services_rfc2136_edit.php
+++ b/dns/rfc2136/src/www/services_rfc2136_edit.php
@ -81,8 +81,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {

    do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);

-    if (!empty($pconfig['host']) && !is_domain($pconfig['host'])) {
-        $input_errors[] = gettext("The DNS update host name contains invalid characters.");
+    if (!empty($pconfig['host'])) {
+        /* allow a leading "*." to designate a wildcard record */
+        $host_to_check = str_starts_with($pconfig['host'], '*.') ? substr($pconfig['host'], 2) : $pconfig['host'];
+        if (!is_domain($host_to_check)) {
+            $input_errors[] = gettext("The DNS update host name contains invalid characters.");
+        }
    }
    if (!empty($pconfig['ttl']) && !is_numericint($pconfig['ttl'])) {
        $input_errors[] = gettext("The DNS update TTL must be an integer.");
@ -176,7 +180,7 @@ include("head.inc");
                    <td>
                      <input name="host" type="text" id="host" value="<?=$pconfig['host'];?>" />
                      <div class="hidden" data-for="help_for_host">
-                        <?= gettext('Fully qualified hostname of the host to be updated.') ?>
+                        <?= gettext('Fully qualified hostname of the host to be updated. A leading "*." may be used to update a wildcard record (e.g. "*.example.org"); the DNS server must permit wildcard updates in its update policy.') ?>
                      </div>
                    </td>
                  </tr>