From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. beac5489627eafefcc6dd3adabfd1c74ffacc4d0 Date: Mon, 11 Mar 2019 15:59:24 +0000 Message-ID: <20190311155925.1B52584FDD4@people01.i.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4080351805174204580==" List-Id: --===============4080351805174204580== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via beac5489627eafefcc6dd3adabfd1c74ffacc4d0 (commit) via e26e86dcaa2b35d7e6500c088d4f2afba4c4ddd8 (commit) via 56947acb12176f397cbd5078c5544cdc4f19b27b (commit) via 1ececb67a1f83dd931e31d66893893ce542d0814 (commit) via 025d8e63185e49d252ee6abb37008c8e5c26bf6b (commit) from f1042a5d4401ff6feb16eb18f1fcd48936e8c878 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit beac5489627eafefcc6dd3adabfd1c74ffacc4d0 Author: Michael Tremer Date: Mon Mar 11 15:58:45 2019 +0000 Update list of contributors =20 Signed-off-by: Michael Tremer commit e26e86dcaa2b35d7e6500c088d4f2afba4c4ddd8 Author: Michael Tremer Date: Mon Mar 11 15:58:04 2019 +0000 core129: Ship updated dnsforward.cgi =20 Signed-off-by: Michael Tremer commit 56947acb12176f397cbd5078c5544cdc4f19b27b Merge: f1042a5d4 1ececb67a Author: Michael Tremer Date: Mon Mar 11 15:57:15 2019 +0000 Merge remote-tracking branch 'ms/dns-forwarding' into next commit 1ececb67a1f83dd931e31d66893893ce542d0814 Author: Michael Tremer Date: Tue Mar 5 16:58:29 2019 +0000 unbound: Mark domains as insecure from DNS forwarding =20 Signed-off-by: Michael Tremer commit 025d8e63185e49d252ee6abb37008c8e5c26bf6b Author: Michael Tremer Date: Tue Mar 5 16:10:17 2019 +0000 DNS Forwarding: Add UI to Allow to disable DNSSEC for a zone =20 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/rootfiles/core/129/filelists/files | 2 ++ doc/language_issues.en | 2 ++ doc/language_issues.es | 2 ++ doc/language_issues.fr | 2 ++ doc/language_issues.it | 2 ++ doc/language_issues.nl | 2 ++ doc/language_issues.pl | 2 ++ doc/language_issues.ru | 2 ++ doc/language_issues.tr | 2 ++ doc/language_missings | 14 +++++++++++ html/cgi-bin/credits.cgi | 3 ++- html/cgi-bin/dnsforward.cgi | 40 +++++++++++++++++++++++++++--= -- langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ src/initscripts/system/unbound | 9 +++++-- 15 files changed, 81 insertions(+), 7 deletions(-) Difference in files: diff --git a/config/rootfiles/core/129/filelists/files b/config/rootfiles/cor= e/129/filelists/files index 3ab81b796..8e040cbbb 100644 --- a/config/rootfiles/core/129/filelists/files +++ b/config/rootfiles/core/129/filelists/files @@ -4,8 +4,10 @@ var/ipfire/langs etc/rc.d/init.d/firewall etc/rc.d/init.d/network etc/rc.d/init.d/networking/red.up/50-ipsec +etc/rc.d/init.d/unbound srv/web/ipfire/cgi-bin/credits.cgi srv/web/ipfire/cgi-bin/dhcp.cgi +srv/web/ipfire/cgi-bin/dnsforward.cgi srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/netovpnsrv.cgi srv/web/ipfire/cgi-bin/proxy.cgi diff --git a/doc/language_issues.en b/doc/language_issues.en index 4af86025f..5a3012207 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -606,6 +606,8 @@ WARNING: untranslated string: dns desc =3D If the red0 in= terface gets the IP addre WARNING: untranslated string: dns error 0 =3D The IP address of the = primary DNS server is not valid, please check your entries!
The= entered secondary DNS server address is valid. WARNING: untranslated string: dns error 01 =3D The entered IP address of the= primary and secondary DNS server are not v= alid, please check your entries! WARNING: untranslated string: dns error 1 =3D The IP address of the = secondary DNS server is not valid, please check your entries!
T= he entered primary DNS server address is valid. +WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) +WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns header =3D Assign DNS server addresses onl= y for DHCP on red0 WARNING: untranslated string: dns list =3D List of free public DNS servers WARNING: untranslated string: dns menu =3D Assign DNS-Server diff --git a/doc/language_issues.es b/doc/language_issues.es index d1a593566..d8b49f918 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -778,6 +778,8 @@ WARNING: untranslated string: dhcp dns update algo =3D Al= gorithm: WARNING: untranslated string: dhcp dns update secret =3D Secret: WARNING: untranslated string: dl client arch insecure =3D Download insecure = Client Package (zip) WARNING: untranslated string: dnat address =3D Firewall Interface +WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) +WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns servers =3D DNS Servers WARNING: untranslated string: dnsforward =3D DNS Forwarding WARNING: untranslated string: dnsforward add a new entry =3D Add a new entry diff --git a/doc/language_issues.fr b/doc/language_issues.fr index ded039f5a..37b43569c 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -772,6 +772,8 @@ WARNING: untranslated string: Captive clients =3D unknown= string WARNING: untranslated string: Scan for Songs =3D unknown string WARNING: untranslated string: bytes =3D unknown string WARNING: untranslated string: default IP address =3D Default IP Address +WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) +WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: fwhost cust geoipgrp =3D unknown string WARNING: untranslated string: fwhost err hostip =3D unknown string WARNING: untranslated string: guardian block a host =3D unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 7c465aae6..c2b0b2327 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -798,6 +798,8 @@ WARNING: untranslated string: dhcp dns update =3D DNS Upd= ate WARNING: untranslated string: dhcp dns update algo =3D Algorithm: WARNING: untranslated string: dhcp dns update secret =3D Secret: WARNING: untranslated string: dl client arch insecure =3D Download insecure = Client Package (zip) +WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) +WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dnsforward forward_servers =3D Nameservers WARNING: untranslated string: dnssec disabled warning =3D WARNING: DNSSEC ha= s been disabled WARNING: untranslated string: eight hours =3D 8 Hours diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 2ed6e3d85..46d923fe5 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -801,6 +801,8 @@ WARNING: untranslated string: dhcp dns update =3D DNS Upd= ate WARNING: untranslated string: dhcp dns update algo =3D Algorithm: WARNING: untranslated string: dhcp dns update secret =3D Secret: WARNING: untranslated string: dl client arch insecure =3D Download insecure = Client Package (zip) +WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) +WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns servers =3D DNS Servers WARNING: untranslated string: dnsforward forward_servers =3D Nameservers WARNING: untranslated string: dnssec aware =3D DNSSEC Aware diff --git a/doc/language_issues.pl b/doc/language_issues.pl index d1a593566..d8b49f918 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -778,6 +778,8 @@ WARNING: untranslated string: dhcp dns update algo =3D Al= gorithm: WARNING: untranslated string: dhcp dns update secret =3D Secret: WARNING: untranslated string: dl client arch insecure =3D Download insecure = Client Package (zip) WARNING: untranslated string: dnat address =3D Firewall Interface +WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) +WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns servers =3D DNS Servers WARNING: untranslated string: dnsforward =3D DNS Forwarding WARNING: untranslated string: dnsforward add a new entry =3D Add a new entry diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 2f0b4d9e8..1286bcd87 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -782,6 +782,8 @@ WARNING: untranslated string: dhcp dns update secret =3D = Secret: WARNING: untranslated string: disk access per =3D Disk Access per WARNING: untranslated string: dl client arch insecure =3D Download insecure = Client Package (zip) WARNING: untranslated string: dnat address =3D Firewall Interface +WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) +WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns servers =3D DNS Servers WARNING: untranslated string: dnsforward =3D DNS Forwarding WARNING: untranslated string: dnsforward add a new entry =3D Add a new entry diff --git a/doc/language_issues.tr b/doc/language_issues.tr index c6fb9f255..0e95d6045 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -775,6 +775,8 @@ WARNING: untranslated string: bytes =3D unknown string WARNING: untranslated string: crypto error =3D Cryptographic error WARNING: untranslated string: crypto warning =3D Cryptographic warning WARNING: untranslated string: default IP address =3D Default IP Address +WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) +WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dnsforward forward_servers =3D Nameservers WARNING: untranslated string: fwdfw all subnets =3D All subnets WARNING: untranslated string: fwhost cust geoipgrp =3D unknown string diff --git a/doc/language_missings b/doc/language_missings index 4d0499960..12ef6e673 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -210,9 +210,11 @@ < dnsforward < dnsforward add a new entry < dnsforward configuration +< dns forward disable dnssec < dnsforward edit an entry < dnsforward entries < dnsforward forward_servers +< dns forwarding dnssec disabled notice < dnsforward zone < dnssec aware < dnssec disabled warning @@ -803,6 +805,8 @@ ############################################################################ < cryptographic settings < default IP address +< dns forward disable dnssec +< dns forwarding dnssec disabled notice < interface mode < invalid input for interface address < invalid input for interface mode @@ -898,7 +902,9 @@ < dhcp dns update algo < dhcp dns update secret < dl client arch insecure +< dns forward disable dnssec < dnsforward forward_servers +< dns forwarding dnssec disabled notice < dnssec disabled warning < eight hours < email config @@ -1141,7 +1147,9 @@ < dh name is invalid < dh parameter < dl client arch insecure +< dns forward disable dnssec < dnsforward forward_servers +< dns forwarding dnssec disabled notice < dnssec aware < dnssec disabled warning < dnssec information @@ -1501,9 +1509,11 @@ < dnsforward < dnsforward add a new entry < dnsforward configuration +< dns forward disable dnssec < dnsforward edit an entry < dnsforward entries < dnsforward forward_servers +< dns forwarding dnssec disabled notice < dnsforward zone < dnssec aware < dnssec disabled warning @@ -2235,9 +2245,11 @@ < dnsforward < dnsforward add a new entry < dnsforward configuration +< dns forward disable dnssec < dnsforward edit an entry < dnsforward entries < dnsforward forward_servers +< dns forwarding dnssec disabled notice < dnsforward zone < dnssec aware < dnssec disabled warning @@ -2820,7 +2832,9 @@ < cryptographic settings < crypto warning < default IP address +< dns forward disable dnssec < dnsforward forward_servers +< dns forwarding dnssec disabled notice < fwdfw all subnets < interface mode < invalid input for interface address diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index 6770cc5a4..e687c9559 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -92,10 +92,10 @@ Ronald Wiesinger, Stephan Feddersen, Justin Luth, Michael Eitelwein, +St=C3=A9phane Pautrel, Bernhard Bitsch, Dominik Hassler, Larsen, -St=C3=A9phane Pautrel, Gabriel Rolland, Anton D. Seliverstov, Bernhard Bittner, @@ -105,6 +105,7 @@ Jakub Ratajczak, Jorrit de Jonge, J=C3=B6rn-Ingo Weigert, Przemek Zdroik, +Alexander Koch, Alexander Rudolf Gruber, Andrew Bellows, Axel Gembe, diff --git a/html/cgi-bin/dnsforward.cgi b/html/cgi-bin/dnsforward.cgi index 0439817b9..d9807c90e 100644 --- a/html/cgi-bin/dnsforward.cgi +++ b/html/cgi-bin/dnsforward.cgi @@ -52,6 +52,7 @@ $cgiparams{'ACTION'} =3D ''; $cgiparams{'ZONE'} =3D ''; $cgiparams{'FORWARD_SERVERS'} =3D ''; $cgiparams{'REMARK'} =3D''; +$cgiparams{'DISABLE_DNSSEC'} =3D 'off'; &Header::getcgihash(\%cgiparams); open(FILE, $filename) or die 'Unable to open config file.'; my @current =3D ; @@ -76,6 +77,10 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) } } =20 + if ($cgiparams{'DISABLE_DNSSEC'} !~ /^(on|off)?$/) { + $errormessage =3D $Lang::tr{'invalid input'}; + } + # Go further if there was no error. if ( ! $errormessage) { @@ -85,11 +90,16 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) # Check if a remark has been entered. $cgiparams{'REMARK'} =3D &Header::cleanhtml($cgiparams{'REMARK'}); =20 + # Set to off if not enabled + if (!$cgiparams{'DISABLE_DNSSEC'}) { + $cgiparams{'DISABLE_DNSSEC'} =3D "off"; + } + # Check if we want to edit an existing or add a new entry. if($cgiparams{'EDITING'} eq 'no') { open(FILE,">>$filename") or die 'Unable to open config file.'; flock FILE, 2; - print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_= SERVERS'},$cgiparams{'REMARK'}\n"; + print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_= SERVERS'},$cgiparams{'REMARK'},$cgiparams{'DISABLE_DNSSEC'}\n"; } else { open(FILE, ">$filename") or die 'Unable to open config file.'; flock FILE, 2; @@ -98,7 +108,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) { $id++; if ($cgiparams{'EDITING'} eq $id) { - print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWAR= D_SERVERS'},$cgiparams{'REMARK'}\n"; + print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWAR= D_SERVERS'},$cgiparams{'REMARK'},$cgiparams{'DISABLE_DNSSEC'}\n"; } else { print FILE "$line"; } } } @@ -151,7 +161,10 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable dis= able'}) { chomp($line); my @temp =3D split(/\,/,$line); - print FILE "$cgiparams{'ENABLE'},$temp[1],$temp[2],$temp[3]\n"; + + $temp[0] =3D $cgiparams{'ENABLE'}; + + print FILE join(",", @temp) . "\n"; } } close(FILE); @@ -176,6 +189,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) $cgiparams{'ZONE'} =3D $temp[1]; $cgiparams{'FORWARD_SERVERS'} =3D join(",", split(/\|/, $temp[2])); $cgiparams{'REMARK'} =3D $temp[3]; + $cgiparams{'DISABLE_DNSSEC'} =3D $temp[4]; } } } @@ -184,6 +198,10 @@ $checked{'ENABLED'}{'off'} =3D ''; $checked{'ENABLED'}{'on'} =3D ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} =3D "checked=3D'checked'"; =20 +$checked{'DISABLE_DNSSEC'}{'off'} =3D ''; +$checked{'DISABLE_DNSSEC'}{'on'} =3D ''; +$checked{'DISABLE_DNSSEC'}{$cgiparams{'DISABLE_DNSSEC'}} =3D "checked=3D'che= cked'"; + &Header::openpage($Lang::tr{'dnsforward configuration'}, 1, ''); =20 &Header::openbigbox('100%', 'left', '', $errormessage); @@ -230,6 +248,10 @@ print <$Lang::tr{'remark'}: + + $Lang::tr{'dns forward disable dnssec'}:= + +
@@ -291,13 +313,19 @@ foreach my $line (@current) my $gif =3D ''; my $gdesc =3D ''; my $toggle =3D ''; + my $notice =3D ""; =20 # Format lists of servers my $servers =3D join(", ", split(/\|/, $temp[2])); =20 + my $disable_dnssec =3D $temp[4]; + if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) { print ""; $col=3D"bgcolor=3D'${Header::colouryellow}'"; } + elsif ($disable_dnssec eq 'on') { + print ""; + $col=3D"bgcolor=3D'${Header::colourred}' style=3D'color: white'"; } elsif ($id % 2) { print ""; $col=3D"bgcolor=3D'$color{'color22'}'"; } @@ -308,11 +336,15 @@ foreach my $line (@current) if ($temp[0] eq 'on') { $gif=3D'on.gif'; $toggle=3D'off'; $gdesc=3D$Lang::t= r{'click to disable'};} else { $gif=3D'off.gif'; $toggle=3D'on'; $gdesc=3D$Lang::tr{'click to enabl= e'}; } =20 + if ($disable_dnssec eq "on") { + $notice =3D $Lang::tr{'dns forwarding dnssec disabled notice'}; + } + ### # Display edit page. # print <$temp[1] + $temp[1] $notice $servers $temp[3] diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index cf33567a1..ce7090c39 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -805,6 +805,8 @@ 'dns error 0' =3D> 'Die IP Adresse vom prim=C3=A4ren DNS Se= rver ist nicht g=C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingabe!
Die eingegebene sekund=C3=A4ren DNS Server Adresse ist jedo= ch g=C3=BCltig.
', 'dns error 01' =3D> 'Die eingegebene IP Adresse des prim=C3=A4ren wie auch des sekund=C3=A4ren DNS-Servers sind nicht g= =C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingaben!', 'dns error 1' =3D> 'Die IP Adresse vom sekund=C3=A4ren DNS = Server ist nicht g=C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingabe!Die eingegebene prim=C3=A4re DNS Server Adresse ist jedoc= h g=C3=BCltig.', +'dns forward disable dnssec' =3D> 'DNSSEC deaktivieren (nicht empfohlen)', +'dns forwarding dnssec disabled notice' =3D> '(DNSSEC deaktiviert)', 'dns header' =3D> 'DNS Server Adressen zuweisen nur mit DHCP an red0', 'dns list' =3D> 'Liste von freien =C3=B6ffentlichen DNS Servern', 'dns menu' =3D> 'DNS-Server zuweisen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 4f4b4d9c1..7697dc202 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -832,6 +832,8 @@ 'dns error 0' =3D> 'The IP address of the primary DNS serve= r is not valid, please check your entries!
The entered secondary= DNS server address is valid.', 'dns error 01' =3D> 'The entered IP address of the primary = and secondary DNS server are not valid, please check your en= tries!', 'dns error 1' =3D> 'The IP address of the secondary DNS ser= ver is not valid, please check your entries!
The entered primary= DNS server address is valid.', +'dns forward disable dnssec' =3D> 'Disable DNSSEC (dangerous)', +'dns forwarding dnssec disabled notice' =3D> '(DNSSEC disabled)', 'dns header' =3D> 'Assign DNS server addresses only for DHCP on red0', 'dns list' =3D> 'List of free public DNS servers', 'dns menu' =3D> 'Assign DNS-Server', diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 2ef994e96..af9bcef73 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -197,8 +197,8 @@ write_forward_conf() { =20 local insecure_zones=3D"${INSECURE_ZONES}" =20 - local enabled zone server servers remark - while IFS=3D"," read -r enabled zone servers remark; do + local enabled zone server servers remark disable_dnssec rest + while IFS=3D"," read -r enabled zone servers remark disable_dnssec rest; do # Line must be enabled. [ "${enabled}" =3D "on" ] || continue =20 @@ -208,6 +208,11 @@ write_forward_conf() { *.local) insecure_zones=3D"${insecure_zones} ${zone}" ;; + *) + if [ "${disable_dnssec}" =3D "on" ]; then + insecure_zones=3D"${insecure_zones} ${zone}" + fi + ;; esac =20 # Reverse-lookup zones must be stubs hooks/post-receive -- IPFire 2.x development tree --===============4080351805174204580==--