Merge pull request #2147 from fraenki/bind_115

dns/bind: add support for transfer-source[-v6] options
2026-06-03 22:08:11 -04:00 · 2020-12-21 14:38:21 +01:00 · 2020-12-21 14:38:21 +01:00 · dccbca215f
commit dccbca215f
parent ff42188994 4950385e95
5 changed files with 42 additions and 6 deletions
--- a/dns/bind/Makefile
+++ b/dns/bind/Makefile
@ -1,5 +1,5 @@
 PLUGIN_NAME=		bind
-PLUGIN_VERSION=		1.14
+PLUGIN_VERSION=		1.15
 PLUGIN_COMMENT=		BIND domain name service
 PLUGIN_DEPENDS=		bind916
 PLUGIN_MAINTAINER=	m.muenz@gmail.com
--- a/dns/bind/pkg-descr
+++ b/dns/bind/pkg-descr
@ -8,6 +8,10 @@ necessary for asking and answering name service questions.
 Plugin Changelog
 ================

+1.15
+
+* Add support for "Transfer Source [IP|IPv6]" options
+
 1.14

 * Reject built-in ACL names
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
@ -33,6 +33,20 @@
        <type>text</type>
        <help>Set the port the service should listen to.</help>
    </field>
+    <field>
+        <id>general.transfersource</id>
+        <label>Transfer Source IP</label>
+        <type>text</type>
+        <advanced>true</advanced>
+        <help>Specify the IPv4 address used as a source for zone transfers.</help>
+    </field>
+    <field>
+        <id>general.transfersourcev6</id>
+        <label>Transfer Source IPv6</label>
+        <type>text</type>
+        <advanced>true</advanced>
+        <help>This determines which local address is bound to IPv6 TCP connections used to fetch zones transferred inbound by the server.</help>
+    </field>
    <field>
        <id>general.forwarders</id>
        <label>DNS Forwarders</label>
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
@ -27,6 +27,16 @@
            <Required>Y</Required>
            <asList>Y</asList>
        </listenv6>
+        <transfersource type="NetworkField">
+            <Required>N</Required>
+            <AddressFamily>ipv4</AddressFamily>
+            <NetMaskAllowed>N</NetMaskAllowed>
+        </transfersource>
+        <transfersourcev6 type="NetworkField">
+            <Required>N</Required>
+            <AddressFamily>ipv6</AddressFamily>
+            <NetMaskAllowed>N</NetMaskAllowed>
+        </transfersourcev6>
        <port type="PortField">
            <default>53530</default>
            <Required>Y</Required>
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@ -15,16 +15,24 @@ options {
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

-{% if helpers.exists('OPNsense.bind.general.listenv4') and OPNsense.bind.general.listenv4 != '' %} {% if helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %}
+{% if helpers.exists('OPNsense.bind.general.listenv4') and OPNsense.bind.general.listenv4 != '' and helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %}
        listen-on port {{ OPNsense.bind.general.port }} { {{ OPNsense.bind.general.listenv4.replace(',', '; ') }}; };
-{% endif %}{% endif %}
-{% if helpers.exists('OPNsense.bind.general.listenv6') and OPNsense.bind.general.listenv6 != '' %} {% if helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %}
+{% endif %}
+{% if helpers.exists('OPNsense.bind.general.listenv6') and OPNsense.bind.general.listenv6 != '' and helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %}
        listen-on-v6 port {{ OPNsense.bind.general.port }} { {{ OPNsense.bind.general.listenv6.replace(',', '; ') }}; };
-{% endif %}{% endif %}
+{% endif -%}
+
+{% if helpers.exists('OPNsense.bind.general.transfersource') and OPNsense.bind.general.transfersource != '' %}
+        transfer-source {{ OPNsense.bind.general.transfersource }};
+{% endif -%}
+
+{% if helpers.exists('OPNsense.bind.general.transfersourcev6') and OPNsense.bind.general.transfersourcev6 != '' %}
+        transfer-source-v6 {{ OPNsense.bind.general.transfersourcev6 }};
+{% endif -%}

 {% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
        forwarders    { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
-{% endif %}
+{% endif -%}

 {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
        response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}zone "rpzduckduckgo";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %} };