From 4c7138d9d40ef4bfd467741901e5cf2006940d70 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Wed, 16 Dec 2020 00:32:46 +0100 Subject: [PATCH 1/4] dns/bind: add support for transfer-source[-v6] --- .../controllers/OPNsense/Bind/forms/general.xml | 14 ++++++++++++++ .../mvc/app/models/OPNsense/Bind/General.xml | 10 ++++++++++ .../service/templates/OPNsense/Bind/named.conf | 8 ++++++++ 3 files changed, 32 insertions(+) diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml index 6b52705ab..bd3bcc951 100644 --- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml +++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml @@ -33,6 +33,20 @@ text Set the port the service should listen to. + + general.transfersource + + text + true + This determines which local address is bound to IPv4 TCP connections used to fetch zones transferred inbound by the server. + + + general.transfersourcev6 + + text + true + This determines which local address is bound to IPv6 TCP connections used to fetch zones transferred inbound by the server. + general.forwarders diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml index 2411472f1..1d0dc3c7f 100644 --- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml +++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml @@ -27,6 +27,16 @@ Y Y + + N + ipv4 + N + + + N + ipv6 + N + 53530 Y diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf index 1a8de537a..72acb1353 100644 --- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf +++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf @@ -22,6 +22,14 @@ options { listen-on-v6 port {{ OPNsense.bind.general.port }} { {{ OPNsense.bind.general.listenv6.replace(',', '; ') }}; }; {% endif %}{% endif %} +{% if helpers.exists('OPNsense.bind.general.transfersource') and OPNsense.bind.general.transfersource != '' %} + transfer-source {{ OPNsense.bind.general.transfersource }}; +{% endif -%} + +{% if helpers.exists('OPNsense.bind.general.transfersourcev6') and OPNsense.bind.general.transfersourcev6 != '' %} + transfer-source-v6 {{ OPNsense.bind.general.transfersourcev6 }}; +{% endif -%} + {% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %} forwarders { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; }; {% endif %} From 9e54cff47c46f1b3cafaaea596c1c079be4884e6 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Wed, 16 Dec 2020 00:36:52 +0100 Subject: [PATCH 2/4] dns/bind: cleanup: simplify if-rule, fix indention --- .../service/templates/OPNsense/Bind/named.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf index 72acb1353..7196cf2c2 100644 --- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf +++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf @@ -15,12 +15,12 @@ options { dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; -{% if helpers.exists('OPNsense.bind.general.listenv4') and OPNsense.bind.general.listenv4 != '' %} {% if helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %} +{% if helpers.exists('OPNsense.bind.general.listenv4') and OPNsense.bind.general.listenv4 != '' and helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %} listen-on port {{ OPNsense.bind.general.port }} { {{ OPNsense.bind.general.listenv4.replace(',', '; ') }}; }; -{% endif %}{% endif %} -{% if helpers.exists('OPNsense.bind.general.listenv6') and OPNsense.bind.general.listenv6 != '' %} {% if helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %} +{% endif %} +{% if helpers.exists('OPNsense.bind.general.listenv6') and OPNsense.bind.general.listenv6 != '' and helpers.exists('OPNsense.bind.general.port') and OPNsense.bind.general.port != '' %} listen-on-v6 port {{ OPNsense.bind.general.port }} { {{ OPNsense.bind.general.listenv6.replace(',', '; ') }}; }; -{% endif %}{% endif %} +{% endif -%} {% if helpers.exists('OPNsense.bind.general.transfersource') and OPNsense.bind.general.transfersource != '' %} transfer-source {{ OPNsense.bind.general.transfersource }}; @@ -32,7 +32,7 @@ options { {% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %} forwarders { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; }; -{% endif %} +{% endif -%} {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %} response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}zone "rpzduckduckgo";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %} }; From d263cbcbeef29a1a1158804ca22d7ef84d710626 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Wed, 16 Dec 2020 00:37:11 +0100 Subject: [PATCH 3/4] dns/bind: bump version --- dns/bind/Makefile | 2 +- dns/bind/pkg-descr | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/dns/bind/Makefile b/dns/bind/Makefile index 48b788c2a..0407be82f 100644 --- a/dns/bind/Makefile +++ b/dns/bind/Makefile @@ -1,5 +1,5 @@ PLUGIN_NAME= bind -PLUGIN_VERSION= 1.14 +PLUGIN_VERSION= 1.15 PLUGIN_COMMENT= BIND domain name service PLUGIN_DEPENDS= bind916 PLUGIN_MAINTAINER= m.muenz@gmail.com diff --git a/dns/bind/pkg-descr b/dns/bind/pkg-descr index 4c59d1e86..02fed8ac0 100644 --- a/dns/bind/pkg-descr +++ b/dns/bind/pkg-descr @@ -8,6 +8,10 @@ necessary for asking and answering name service questions. Plugin Changelog ================ +1.15 + +* Add support for "Transfer Source [IP|IPv6]" options + 1.14 * Reject built-in ACL names From 4950385e953b2db0a2c0cedf42b0d0f03acf625c Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Sun, 20 Dec 2020 22:19:59 +0100 Subject: [PATCH 4/4] dns/bind: rephrase help text Co-authored-by: Manuel <8191@users.noreply.github.com> --- .../mvc/app/controllers/OPNsense/Bind/forms/general.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml index bd3bcc951..1889a6a47 100644 --- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml +++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml @@ -38,7 +38,7 @@ text true - This determines which local address is bound to IPv4 TCP connections used to fetch zones transferred inbound by the server. + Specify the IPv4 address used as a source for zone transfers. general.transfersourcev6