hi
I almost finished the script to control unbound it’s making me the meat to run a script to reload unbound if you know how to do I’d like a little help if you can test the script to tell me if it works in your home Thank you
the file :
unboumdcontrol.zip (7,0 Ko)
Some comments:
- script
reloaddoes a restart - What do you want to achieve?
hi
I would like to relaunch unbound for aplicate the rules
i have problem a right for execute the bash reload script
ty
for a service, usually you would pass the command directly to the system.
either in the background with system() or output echoed with Print .
for the command:
/etc/init.d/unbound restart
Also, there is nothing in /etc/unbound/local.d/ so the check config and restart is not going to work in the CGI file you posted.
1 Like
hi
Thank you for your help I tried this meat
system("/etc/init.d/unbound restart");
but jobs this mistake
Can't exec "/etc/init.d/unbound": Permission denied at /srv/web/ipfire/cgi-bin/unboumdcontrol.cgi
ty
try:.
&General::system('/usr/local/bin/unboundctrl', 'reload');
but I think
require '/var/ipfire/general-functions.pl';
must be declared in the beginning for &General to work.
1 Like
hi
Thank you for your help its function well.
if you dont mind, i would like to play with that
I’m confused buy what each section does?
1 Like
hi
this script is experimental you get careful about what you do with thank you for the return or help to improve it.
ty
unboundcontrol.zip (9,0 Ko)
It is not only experimental, it allows users to turn off important security features in the IPFire unbound configuration without understanding that they have weakened their security.
1 Like
I don’t see the purpose.
Switching parameters of unbound on or off, without describing the background is not desirable. Doing this with a simple web page is dangerous!
Adding local policies can be done in /etc/unbound/local.d, yet. To do this you must adhere the unbound.conf syntax. This means you have to read the documentation, which gives clues for the effects.
How is the set of parameters chosen?
In case of RPZ DNS filtering, what does your approach better do than @jon 's RPZ addon ( see also the community thread )?
hi
Thank you for your comments this scrypt was not done to do better than @jon
There are descriptions for the options
the scrypt didn’t finish there’s still things to do
ty
This is not just a script. It is mainly a web interface to modify unbound configuration in an easy way. Just click this or that setting and apply.
This perhaps allows to change a core functionality. DNS resolution is a security part! The standard configuration is chosen, to harden the trustiness of name resolution. In times of HTTPS access to the web this is urgent more and more. The contents cannot be analysed without breaking privacy. Therefore the resolution process must be trustworthy.
I haven’t checked your selection of parameters, yet. But you didn’t explain it either.
the selection of parameters I made sure not to duplicate with the conf file of ipfire
I’ll add a chekbox to disable all the options with a warning
if you put the smile on the chekbx you a bubble that appears with info
Some of the parameters are part of the standard configuration because they are set to on by default such as aggressive-nsec and rrset-roundrobin for example.
I don’t think the by default on parameters should end up being disabled.
1 Like
you’re right to you. i can’t remove unnecessary options without problems
There’s so much parmeter for unbound it’s amazing