[ previous ] [ next ] [ threads ]
 
 From:  Joe Suhre <jsuhre at nullconcepts dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  PATCH dnsmasq domain overrides.
 Date:  Tue, 14 Jun 2005 19:08:57 -0400
Hi, All
   Well first off this is my first of what I hope will be many 
contributions to the OSS community! That said my patch to m0n0walls 
rootfs is to extend the capabilities of dnsmasq.  The patch adds the 
ability to make use of dnsmasq's --server=/domain/auth_server ARG in 
order to force queries for domain to a specific dns server rather then 
doing a full recursive query. In our case (my companies) our 
m0n0wall/s2s/openvpn clients use there isp dns servers for all queries 
except those to our internal DNS domain. I've dubbed this feature a 
domain override.

I wasn't sure of the proper way to transmit the patch (inline vs. 
attachment) so I opted to attach.

All feedback welcome!

Joe
diff -ruN ./etc/inc/services.inc ../../DEVEL_net45xx-1.2b8/fs/etc/inc/services.inc
--- ./etc/inc/services.inc	Sun May 29 05:26:35 2005
+++ ../../DEVEL_net45xx-1.2b8/fs/etc/inc/services.inc	Tue Jun 14 09:26:50 2005
@@ -365,6 +365,12 @@
 				" -s {$config['system']['domain']}";
 		}
 
+		if (isset($config['dnsmasq']['domainoverrides']) &&
is_array($config['dnsmasq']['domainoverrides'])) {
+			foreach($config['dnsmasq']['domainoverrides'] as $override) {
+				$args .= ' --server=/' . $override['domain'] . '/' . $override['ip'];
+			}
+		}
+
 		/* run dnsmasq */
 		mwexec("/usr/local/sbin/dnsmasq {$args}");
 
diff -ruN ./etc/inc/xmlparse.inc ../../DEVEL_net45xx-1.2b8/fs/etc/inc/xmlparse.inc
--- ./etc/inc/xmlparse.inc	Sun May 29 05:26:35 2005
+++ ../../DEVEL_net45xx-1.2b8/fs/etc/inc/xmlparse.inc	Tue Jun 14 09:27:03 2005
@@ -33,7 +33,7 @@
 $listtags = explode(" ", "rule user key dnsserver winsserver " .
 	"encryption-algorithm-option hash-algorithm-option hosts tunnel onetoone " .
 	"staticmap route alias pipe queue shellcmd earlyshellcmd mobilekey " .
-	"servernat proxyarpnet passthrumac allowedip wolentry vlan");
+	"servernat proxyarpnet passthrumac allowedip wolentry vlan domainoverrides");
 
 function startElement($parser, $name, $attrs) {
 	global $depth, $curpath, $config, $havedata, $listtags;
diff -ruN ./usr/local/www/guiconfig.inc ../../DEVEL_net45xx-1.2b8/fs/usr/local/www/guiconfig.inc
--- ./usr/local/www/guiconfig.inc	Sun May 29 05:26:35 2005
+++ ../../DEVEL_net45xx-1.2b8/fs/usr/local/www/guiconfig.inc	Tue Jun 14 15:22:19 2005
@@ -46,7 +46,7 @@
 $d_ipsecconfdirty_path = $g['varrun_path'] . "/ipsec.conf.dirty";
 $d_shaperconfdirty_path = $g['varrun_path'] . "/shaper.conf.dirty";
 $d_pptpuserdirty_path = $g['varrun_path'] . "/pptpd.user.dirty";
-$d_hostsdirty_path = $g['varrun_path'] . "/hosts.dirty";
+$d_dnsmasqdirty_path = $g['varrun_path'] . "/dnsmasq.dirty";
 $d_staticmapsdirty_path = $g['varrun_path'] . "/staticmaps.dirty";
 $d_staticroutesdirty_path = $g['varrun_path'] . "/staticroutes.dirty";
 $d_aliasesdirty_path = $g['varrun_path'] . "/aliases.dirty";
diff -ruN ./usr/local/www/services_dnsmasq.php
../../DEVEL_net45xx-1.2b8/fs/usr/local/www/services_dnsmasq.php
--- ./usr/local/www/services_dnsmasq.php	Sun May 29 05:26:35 2005
+++ ../../DEVEL_net45xx-1.2b8/fs/usr/local/www/services_dnsmasq.php	Tue Jun 14 16:39:10 2005
@@ -38,8 +38,14 @@
 if (!is_array($config['dnsmasq']['hosts'])) {
 	$config['dnsmasq']['hosts'] = array();
 }
+
+if (!is_array($config['dnsmasq']['domainoverrides'])) {
+	$config['dnsmasq']['domainoverrides'] = array();
+}
+
 hosts_sort();
 $a_hosts = &$config['dnsmasq']['hosts'];
+$a_domainOverrides = &$config['dnsmasq']['domainoverrides'];
 
 if ($_POST) {
 
@@ -59,25 +65,36 @@
 	$savemsg = get_std_save_message($retval);
 
 	if ($retval == 0) {
-		if (file_exists($d_hostsdirty_path))
-			unlink($d_hostsdirty_path);
+		if (file_exists($d_dnsmasqdirty_path))
+			unlink($d_dnsmasqdirty_path);
 	}
 }
 
 if ($_GET['act'] == "del") {
-	if ($a_hosts[$_GET['id']]) {
-		unset($a_hosts[$_GET['id']]);
-		write_config();
-		touch($d_hostsdirty_path);
-		header("Location: services_dnsmasq.php");
-		exit;
+	if ($_GET['type'] == 'host') {
+		if ($a_hosts[$_GET['id']]) {
+			unset($a_hosts[$_GET['id']]);
+			write_config();
+			touch($d_dnsmasqdirty_path);
+			header("Location: services_dnsmasq.php");
+			exit;
+		}
+	}
+	elseif ($_GET['type'] == 'doverride') {
+		if ($a_domainOverrides[$_GET['id']]) {
+			unset($a_domainOverrides[$_GET['id']]);
+			write_config();
+			touch($d_dnsmasqdirty_path);
+			header("Location: services_dnsmasq.php");
+			exit;
+		}
 	}
 }
 ?>
 <?php include("fbegin.inc"); ?>
 <form action="services_dnsmasq.php" method="post">
 <?php if ($savemsg) print_info_box($savemsg); ?>
-<?php if (file_exists($d_hostsdirty_path)): ?><p>
+<?php if (file_exists($d_dnsmasqdirty_path)): ?><p>
 <?php print_info_box_np("The DNS forwarder configuration has been changed.<br>You must apply the
changes in order for them to take effect.");?><br>
 <input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
 <?php endif; ?>
@@ -143,7 +160,7 @@
                     <?=htmlspecialchars($hostent['descr']);?>&nbsp;
                   </td>
                   <td valign="middle" nowrap class="list"> <a
href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
-                     &nbsp;<a href="services_dnsmasq.php?act=del&id=<?=$i;?>" onclick="return
confirm('Do you really want to delete this host?')"><img src="x.gif" width="17" height="17"
border="0"></a></td>
+                     &nbsp;<a href="services_dnsmasq.php?act=del&type=host&id=<?=$i;?>"
onclick="return confirm('Do you really want to delete this host?')"><img src="x.gif" width="17"
height="17" border="0"></a></td>
 				</tr>
 			  <?php $i++; endforeach; ?>
                 <tr> 
@@ -151,5 +168,38 @@
                   <td class="list"> <a href="services_dnsmasq_edit.php"><img src="plus.gif"
width="17" height="17" border="0"></a></td>
 				</tr>
               </table>
+ <!-- update to enable domain overrides -->
+			  <table width="100%" border="0" cellpadding="6" cellspacing="0">
+                <tr> 
+                  <td><p>Below you can override an entire domain by specifying an
+                         authoritative dns server to be queried for that domain.</p></td>
+                </tr>
+              </table>
+              <table width="100%" border="0" cellpadding="0" cellspacing="0">
+                <tr>
+                  <td width="35%" class="listhdrr">Domain</td>
+                  <td width="20%" class="listhdrr">IP</td>
+                  <td width="35%" class="listhdr">Description</td>
+                  <td width="10%" class="list"></td>
+				</tr>
+			  <?php $i = 0; foreach ($a_domainOverrides as $doment): ?>
+                <tr>
+                  <td class="listlr">
+                    <?=strtolower($doment['domain']);?>&nbsp;
+                  </td>
+                  <td class="listr">
+                    <?=$doment['ip'];?>&nbsp;
+                  </td>
+                  <td class="listbg">
+                    <?=htmlspecialchars($doment['descr']);?>&nbsp;
+                  </td>
+                  <td valign="middle" nowrap class="list"> <a
href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17"
border="0"></a>
+                     &nbsp;<a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>"
onclick="return confirm('Do you really want to delete this domain override?')"><img src="x.gif"
width="17" height="17" border="0"></a></td>
+				</tr>
+			  <?php $i++; endforeach; ?>
+                <tr> 
+                  <td class="list" colspan="3"></td>
+                  <td class="list"> <a href="services_dnsmasq_domainoverride_edit.php"><img
src="plus.gif" width="17" height="17" border="0"></a></td>
+				</tr>
             </form>
 <?php include("fend.inc"); ?>
diff -ruN ./usr/local/www/services_dnsmasq_domainoverride_edit.php
../../DEVEL_net45xx-1.2b8/fs/usr/local/www/services_dnsmasq_domainoverride_edit.php
--- ./usr/local/www/services_dnsmasq_domainoverride_edit.php	Wed Dec 31 19:00:00 1969
+++ ../../DEVEL_net45xx-1.2b8/fs/usr/local/www/services_dnsmasq_domainoverride_edit.php	Tue Jun 14
16:12:45 2005
@@ -0,0 +1,135 @@
+#!/usr/local/bin/php
+<?php 
+/*
+	services_dnsmasq_domainoverride_edit.php
+	part of m0n0wall (http://m0n0.ch/wall)
+	
+	Copyright (C) 2003-2005 Bob Zoller <bob at kludgebox dot com> and Manuel Kasper <mk at neon1 dot net>.
+	All rights reserved.
+	
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+	
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+	
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+	
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$pgtitle = array("Services", "DNS forwarder", "Edit Domain Override");
+require("guiconfig.inc");
+
+if (!is_array($config['dnsmasq']['domainoverrides'])) {
+	$config['dnsmasq']['domainoverrides'] = array();
+}
+$a_domainOverrides = &$config['dnsmasq']['domainoverrides'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+	$id = $_POST['id'];
+
+if (isset($id) && $a_domainOverrides[$id]) {
+	$pconfig['domain'] = $a_domainOverrides[$id]['domain'];
+	$pconfig['ip'] = $a_domainOverrides[$id]['ip'];
+	$pconfig['descr'] = $a_domainOverrides[$id]['descr'];
+}
+
+if ($_POST) {
+
+	unset($input_errors);
+	$pconfig = $_POST;
+
+	/* input validation */
+	$reqdfields = explode(" ", "domain ip");
+	$reqdfieldsn = explode(",", "Domain,IP address");
+	
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+	
+	if (($_POST['domain'] && !is_domain($_POST['domain']))) {
+		$input_errors[] = "A valid domain must be specified.";
+	}
+	if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) {
+		$input_errors[] = "A valid IP address must be specified.";
+	}
+
+	/* check for overlaps */
+	foreach ($a_domainOverrides as $doment) {
+		if (isset($id) && ($a_domainOverrides[$id]) && ($a_domainOverrides[$id] === $doment))
+			continue;
+
+		if (($doment['host'] == $_POST['host']) && ($doment['domain'] == $_POST['domain'])) {
+			$input_errors[] = "A override already exists for this domain.";
+			break;
+		}
+	}
+
+	if (!$input_errors) {
+		$doment = array();
+		$doment['domain'] = $_POST['domain'];
+		$doment['ip'] = $_POST['ip'];
+		$doment['descr'] = $_POST['descr'];
+
+		if (isset($id) && $a_domainOverrides[$id])
+			$a_domainOverrides[$id] = $doment;
+		else
+			$a_domainOverrides[] = $doment;
+		
+		touch($d_dnsmasqdirty_path);
+		
+		write_config();
+		
+		header("Location: services_dnsmasq.php");
+		exit;
+	}
+}
+?>
+<?php include("fbegin.inc"); ?>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+            <form action="services_dnsmasq_domainoverride_edit.php" method="post" name="iform"
id="iform">
+              <table width="100%" border="0" cellpadding="6" cellspacing="0">
+				<tr>
+                  <td width="22%" valign="top" class="vncellreq">Domain</td>
+                  <td width="78%" class="vtable"> 
+                    <?=$mandfldhtml;?><input name="domain" type="text" class="formfld" id="domain"
size="40" value="<?=htmlspecialchars($pconfig['domain']);?>">
+                    <br> <span class="vexpl">Domain to override (NOTE: this does not have to be a
valid TLD!)<br>
+                    e.g. <em>test</em></span></td>
+                </tr>
+				<tr>
+                  <td width="22%" valign="top" class="vncellreq">IP address</td>
+                  <td width="78%" class="vtable"> 
+                    <?=$mandfldhtml;?><input name="ip" type="text" class="formfld" id="ip"
size="40" value="<?=htmlspecialchars($pconfig['ip']);?>">
+                    <br> <span class="vexpl">IP address of the authoritative dns server for this
domain<br>
+                    e.g. <em>192.168.100.100</em></span></td>
+                </tr>
+				<tr>
+                  <td width="22%" valign="top" class="vncell">Description</td>
+                  <td width="78%" class="vtable"> 
+                    <input name="descr" type="text" class="formfld" id="descr" size="40"
value="<?=htmlspecialchars($pconfig['descr']);?>">
+                    <br> <span class="vexpl">You may enter a description here
+                    for your reference (not parsed).</span></td>
+                </tr>
+                <tr>
+                  <td width="22%" valign="top">&nbsp;</td>
+                  <td width="78%"> 
+                    <input name="Submit" type="submit" class="formbtn" value="Save">
+                    <?php if (isset($id) && $a_domainOverrides[$id]): ?>
+                    <input name="id" type="hidden" value="<?=$id;?>">
+                    <?php endif; ?>
+                  </td>
+                </tr>
+              </table>
+</form>
+<?php include("fend.inc"); ?>
diff -ruN ./usr/local/www/services_dnsmasq_edit.php
../../DEVEL_net45xx-1.2b8/fs/usr/local/www/services_dnsmasq_edit.php
--- ./usr/local/www/services_dnsmasq_edit.php	Sun May 29 05:26:35 2005
+++ ../../DEVEL_net45xx-1.2b8/fs/usr/local/www/services_dnsmasq_edit.php	Tue Jun 14 16:12:58 2005
@@ -93,7 +93,7 @@
 		else
 			$a_hosts[] = $hostent;
 		
-		touch($d_hostsdirty_path);
+		touch($d_dnsmasqdirty_path);
 		
 		write_config();