hi
I’m looking for information to add a page to the menu to configure unbound. I found the information to add a menu unbound it’s displayed well.
I’d like to open a page with the possibility to display a field to create files and then for edit.
ty
Could you please specify more clearly, what you want to do?
If you want to configure unbound further ( with options or features not handled by IPFire so far ), be sure not to violate the standard behaviour ‘config by WebGUI → save/write config files → restart service’.
1 Like
Your best option is to look through the perl code of dns.cgi
This file is located in the IPFire git repo
https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/dns.cgi;h=f3dd5c7a915e38bc6089129121ad51bef76e5427;hb=refs/heads/next
or in your IPFire system at
/srv/web/ipfire/cgi-bin/dns.cgi
That code already opens a new page for adding additional DNS Servers to the list.
You should be able to use that code as a form of template to create a new page for doing what you describe.
2 Likes
hi
i test this page
the page is displayed well but I do not find how to display the 2 conf files in the respective 2 frames.
frames 1: /etc/unbound/local.d/file conf1
frames 2: /etc/unbound/local.d/file conf 2
the files are in /etc/unbound/local.d/
frames 3
display files rpz
frames 4 select files rpz
the files are in /etc/unbound/zone
if you can help me ty
There is a URL filter page now.
Assuming this works by a different mechanism.
Than it should have a unique name.
Like URL block list?
Looks interesting for sure.
1 Like
the titles and comments are not yet adapted to unbound
I’m leeing with the code to do all right 
ty
2 Likes
from what I know about unbound, I think unbound only need domains and subdomains, and not URLs.
A URL is something like and I dont believe this will work with unbound:
https://bad.evil.example.com
# -or-
https://bad.evil.example.com?name1234567890
And I think unbound only needs something like this:
bad.evil.example.com
# -and/or-
*.bad.evil.example.com
1 Like
I don’t get well what you say, but if I understand the domains will be managed by unbound and the syntax as well
ty
@jon,
your right!
unbound is a ‘DNS server’. Its purpose is to translate names into IPs.
An URL is the request to talk in a certain protocol ( HTTP e.g. ) to a device somewhere in the internet. Transport is based on IPs, so we have to look up the IP to send the packet.
1 Like
hi
i have isolate part of the code to make the page but I don’t understand some of the pieces of the code if you can explain to me
#!/usr/bin/perl
# use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
use File::Copy;
use IO::Socket;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my %besettings=();
my %checked=();
my %selected=();
# File which stores the configured unbound settings.
my $unboundsetting = "${General::swroot}/etc/unbound/local.d/setting.conf";
# File which stores the configured rpz settings.
my $rpzsetting = "${General::swroot}/etc/unbound/local.d/filtres.conf";
# Config file which stores the unbound rpz rule.
my $zonedir = "${General::swroot}/etc/unbound/zonefiles";
&Header::getcgihash(\%besettings);
if ($besettings{'ACTION'} eq $Lang::tr{'urlfilter blacklist editor'}) { $besettings{'BEMODE'} = 'on'; }
if ($besettings{'MODE'} eq 'BLACKLIST_EDITOR')
{
undef $besettings{'BE_DOMAINS'};
{
s/^\s+//g; s/\s+$//g;
if ($_) { $besettings{'BE_DOMAINS'} .= $_."\n"; }
}
chomp($besettings{'BE_DOMAINS'});
}
if (-e "$zonedir/$besettings{'BE_NAME'}/domains")
{
open(FILE, "$zonedir/$besettings{'BE_NAME'}/domains");
while (<FILE>) { unless ($_ eq '\n') { $besettings{'BE_DOMAINS'} .= $_ } };
close FILE;
chomp($besettings{'BE_DOMAINS'});
}
ERROR:
$checked{'ENABLE_CUSTOM_BLACKLIST'}{'off'} = '';
$checked{'ENABLE_CUSTOM_BLACKLIST'}{'on'} = '';
$checked{'ENABLE_CUSTOM_BLACKLIST'}{$filtersettings{'ENABLE_CUSTOM_BLACKLIST'}} = "checked='checked'";
$selected{'BE_BLACKLIST'}{$besettings{'BE_BLACKLIST'}} = "selected='selected'";
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'urlfilter configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base'>$errormessage </font>\n";
&Header::closebox();
}
#==========================================================
#
# Section: Main Configuration
#
#==========================================================
print "<form method='post' action='$ENV{'SCRIPT_NAME'}' enctype='multipart/form-data'>\n";
&Header::openbox('100%', 'left', "$Lang::tr{'urlfilter filter settings'}");
print <<END
</table>
<hr size='1'>
<table width='100%'>
<tr>
<td><b>$Lang::tr{'urlfilter custom blacklist'}</b></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td colspan='2'>$Lang::tr{'urlfilter blocked domains'}</td>
<td colspan='2'>$Lang::tr{'urlfilter blocked urls'}</td>
</tr>
<tr>
<td colspan='2'>$Lang::tr{'urlfilter example'}</td>
<td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
</tr>
<td colspan='2' width='50%'><textarea name='CUSTOM_BLACK_DOMAINS' cols='32' rows='6' wrap='off'>
END
;
print $unboundsetting{'CUSTOM_BLACK_DOMAINS'};
print <<END
</textarea></td>
<td colspan='2' width='50%'><textarea name='CUSTOM_BLACK_URLS' cols='32' rows='6' wrap='off'>
END
;
print $rpzsetting{'CUSTOM_BLACK_URLS'};
print <<END
</textarea></td>
</tr>
</table>
<table width='100%'>
<tr>
<td class='base' width='25%'>$Lang::tr{'urlfilter enable custom blacklist'}:</td>
<td><input type='checkbox' name='ENABLE_CUSTOM_BLACKLIST' $checked{'ENABLE_CUSTOM_BLACKLIST'}{'on'} /></td>
<td> </td>
<td> </td>
</tr>
</table>
<table width='100%'>
<tr>
<hr size='1'>
<td> </td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'urlfilter save and restart'}' /></td>
<td> </td>
</tr>
</table>
END
;
&Header::closebox();
#==========================================================
#
# Section: Blacklist editor
#
#==========================================================
print "<form method='post' action='$ENV{'SCRIPT_NAME'}' enctype='multipart/form-data'>\n";
&Header::openbox('100%', 'left', $Lang::tr{'urlfilter urlfilter blacklist editor'}.':');
print <<END
<table width='100%'>
<tr>
<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
</tr>
<tr>
<td class='base'><b>$Lang::tr{'urlfilter blacklist name'}</b></td>
</tr>
<tr>
<td class='base'>$Lang::tr{'urlfilter blacklist category name'}: <img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='BE_NAME' value='$besettings{'BE_NAME'}' size='12' /></td>
</tr>
</table>
<hr size='1'>
<table width='100%'>
<tr>
<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='20%'></td>
</tr>
<tr>
<td class='base' colspan='4'><b>$Lang::tr{'urlfilter edit domains urls expressions'}</b> <img src='/blob.gif' alt='*' /></td>
</tr>
<tr>
<td colspan='2'>$Lang::tr{'urlfilter domains'}</td>
</tr>
<tr>
<td colspan='2'><textarea name='BE_DOMAINS' cols='38' rows='10' wrap='off'>
END
;
print $besettings{'BE_DOMAINS'};
print <<END
</textarea></td>
</tr>
</table>
<hr size='1'>
<table width='100%'>
<tr>
<td class='base' colspan='4'><b>$Lang::tr{'urlfilter load blacklist'}</b></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'urlfilter select blacklist'}:</td>
<td width='20%' class='base'>
<select name='BE_BLACKLIST'>
END
;
{
print "<option value='$_' $selected{'BE_BLACKLIST'}{$_}>$_</option>\n";
}
print <<END
</select>
</td>
<td> </td>
<td> </td>
<tr>
<td colpsan='4'><input type='submit' name='ACTION' value='$Lang::tr{'urlfilter load blacklist'}' /></td>
</tr>
</tr>
</table>
<hr size='1'>
<table width='100%'>
</tr>
</table>
</tr>
</table>
<table width='100%'>
<tr>
<td> </td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'urlfilter save and restart'}' /></td>
<td> </td>
</tr>
</table>
END
;
&Header::closebox();
print "</form>\n";
&Header::closebigbox();
&Header::closepage();
# -------------------------------------------------------------------
sub readcustomlists
{
if (-e "$zonedir/") {
open(FILE,"$zonedir/");
while (<FILE>) { $zonedir{'CUSTOM_BLACK_DOMAINS'} .= $_ };
close(FILE);
}
}
# -------------------------------------------------------------------
a what’s this part?
my %besettings=();
ty
%besettings is the hash which gets the call parameters ( cgi parameters ), see
&Header::getcgihash(\%besettings);
They are generated by the click (re)opening the page.
1 Like
ty
if I understand this variable is indispensible to reload the page with the variable
my %besettings=();
if I want to display the file setting.conf
my $unboundsetting = "${General::swroot}/etc/unbound/local.d/setting.conf";
in
<td colspan='2' width='50%'><textarea name='CUSTOM_BLACK_DOMAINS' cols='32' rows='6' wrap='off'>
How to proceed ?
ty
Hello,
This is about a case that is not detailed in documentation for www.ipfire.org - Domain Name System
My case: how can I have in use a local DNS server (ipfire CU 186) AND 81.3.27.54 (recursor01.dns.lightningwirelabs.com) for a client (another ipfire)
DHCP pushes as DNS servers its own IP address and as second DNS server 81.3.27.54 (recursor01.dns.lightningwirelabs.com)
I also tested the case where I manually added inside /var/ipfire/dns/servers 3 servers, 2 of them being exactly de ones DHCP pushed in the hope that all 3 will be used.
BUT!
If I turn one “Use ISP-assigned DNS servers” (which forces me to use UDP) then recursor01.dns.lightningwirelabs.com gets status Error.
If I turn “Use ISP-assigned DNS servers” off, and USE UDP same results: recursor01.dns.lightningwirelabs.com gets status Error.
If I turn TLS on, then recursor01.dns.lightningwirelabs.com works, but local DNS server (hosted on another ipfire CU 186) gets status Error
So: how can I have in use a local DNS server (ipfire CU 186) AND 81.3.27.54 (recursor01.dns.lightningwirelabs.com) for a client (another ipfire)?
The DNS WUI page configures unbound, IPFire’s DNS server.
The DNS servers used by a client are configured either in the client itself or by information shared by the DHCP server. The WUI for the DHCP server allows two entries. Usually you use the IPFire address as first entry. But you are free to enter two server addresses distinct from IPFire.
The errors on the DNS page my have two sources:
- 81.3.27.54 may not accept UDP requests or times out. The reason is shown if you hover over ‘Error’
- the ‘gateway’ doesn’t speak DNSSEC or/and TLS
With ‘Use ISP-assigned DNS servers’ unchecked ‘gateway’ should not be checked.
How did you configure unbound elsewhere? Because all supplied DNS servers have the ‘enable’, ‘edit’, ‘delete’ options. In your screenshots these are lacking for gateway and recursor01.dns.lightningwirelabs.com.
In this very particular case “the client” is Another ipfire box that uses the IPFIRE router (different one) for DNS service (and to reach Internet).
So, to simplify: when one IPfire is a DNS client of another Ipfire I have the above issue.
In the client ipfire, some many versions ago I used GUI until GUI simply removed the “enable”, “edit” and ‘delete’ options for (and only for!) entries that first Ipfire sends via DHCP.
So my guess is that I am having a very particular case here: /var/ipfire/dns/servers contains in first 2 lines the EXACT same DNS servers the DHCP sends to ipfire that plays client role.
This client Ipfire has standalone IP config and Gateway, but this dns.cgi is one of the rare pages where I can “consume” the setting DHCP sens to each client: the DNS servers
Does it clarifies how this particular case looks like?
Summary:
IPFIRE [1] = Router, DHCP Server, DNS server, etc - you might say all services up and available for all clients in the network
IPFIRE [2]= Client (all network cards in bridge mode attached to green), Static IP address, Static Gateway pointing to IPFIRE [1], trying to make it act as DNS client (IPFIRE [1] has a custom PiHole development inside it that I found it very usefull)
IPFire_router can’t be a DNS server for IPFire_client, because unbound doesn’t speak DNSSEC which is required for IPFire_clients DNS server.
3 Likes
Thank you @bbitsch ! That fully explains what I observed in dns.cgi - that I can have either primary IPFIRE working (when using UDP) or recursor01.dns.lightningwirelabs.com working when using TLS but never both!