1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
-- Copyright 2018 Eric Luehrsen <ericluehrsen@gmail.com>
-- Licensed to the public under the Apache License 2.0.
local sy = require "luci.sys"
local ds = require "luci.dispatcher"
local hp = require "luci.http"
local m7, s7
local ena, flb, zty, znm, srv, rlv, tlu
local prt, tlp, tli, url
arg[1] = arg[1] or ""
m7 = Map("unbound")
m7.redirect = ds.build_url("admin/services/unbound/zones")
if (arg[1] == "") then
hp.redirect(m7.redirect)
return
else
s7 = m7:section(NamedSection, arg[1], "zone",
translatef("Directed Zone"),
translatef("Edit a forward, stub, or zone-file-cache zone "
.. "for Unbound to use instead of recursion."))
s7.anonymous = true
s7.addremove = false
ena = s7:option(Flag, "enabled", translate("Enabled"),
translate("Enable this directed zone"))
ena.rmempty = false
flb = s7:option(Flag, "fallback", translate("Fall Back"),
translate("Allow open recursion when record not in zone"))
flb.rmempty = false
zty = s7:option(ListValue, "zone_type", translate("Zone Type"))
zty:value("auth_zone", translate("Authoritative (zone file)"))
zty:value("stub_zone", translate("Stub (forced recursion)"))
zty:value("forward_zone", translate("Forward (simple handoff)"))
zty.rmempty = false
znm = s7:option(DynamicList, "zone_name", translate("Zone Names"),
translate("Zone (Domain) names included in this zone combination"))
znm.placeholder="new.example.net."
srv = s7:option(DynamicList, "server", translate("Servers"),
translate("Servers for this zone; see README.md for optional form"))
srv.placeholder="192.0.2.53"
ast = s7:option(ListValue, "dns_assist", translate("DNS Plugin"),
translate("Check for local program to allow forward to localhost"))
ast:value("none", translate("(none)"))
ast:value("bind", "bind")
ast:value("dnsmasq", "dnsmasq")
ast:value("ipset-dns", "ipset-dns")
ast:value("nsd", "nsd")
ast:value("unprotected-loop", "unprotected-loop")
rlv = s7:option(Flag, "resolv_conf", translate("Use 'resolv.conf.auto'"),
translate("Forward to upstream nameservers (ISP)"))
rlv:depends("zone_type", "forward_zone")
tlu = s7:option(Flag, "tls_upstream", translate("DNS over TLS"),
translate("Connect to servers using TLS"))
tlu:depends("zone_type", "forward_zone")
prt = s7:option(Value, "port", translate("Server Port"),
translate("Port servers will receive queries on"))
prt:depends("tls_upstream", false)
prt.datatype = "port"
prt.placeholder="53"
tlp = s7:option(Value, "tls_port", translate("Server TLS Port"),
translate("Port servers will receive queries on"))
tlp:depends("tls_upstream", true)
tlp.datatype = "port"
tlp.placeholder="853"
tli = s7:option(Value, "tls_index", translate("TLS Name Index"),
translate("Domain name to verify TLS certificate"))
tli:depends("tls_upstream", true)
tli.placeholder="dns.example.net"
url = s7:option(Value, "url_dir", translate("Zone Download URL"),
translate("Directory only part of URL"))
url:depends("zone_type", "auth_zone")
url.placeholder="https://www.example.net/dl/zones/"
end
function m7.on_commit(self)
if sy.init.enabled("unbound") then
-- Restart Unbound with configuration
sy.call("/etc/init.d/unbound restart >/dev/null 2>&1")
else
sy.call("/etc/init.d/unbound stop >/dev/null 2>&1")
end
end
return m7
|