Skip to content
Permalink
Browse files

www/rc: make using dnsmasq as system resolver optional

  • Loading branch information...
themiron committed Mar 12, 2019
1 parent 840dcda commit 2b4fff3cd2a1cfd1ff80d5cbe4dcd1f8715267f7
@@ -1150,6 +1150,8 @@ void start_dnsmasq(void)
int unit;
char tmpStr[20];
#endif
char buf[sizeof("/rom/etc/resolv.conf")], *path;
int n;

TRACE_PT("begin\n");

@@ -1751,15 +1753,30 @@ void start_dnsmasq(void)
eval("dnsmasq", "--log-async");
#endif

for ( i = 1; i < 4; i++ ) {
if (!pids("dnsmasq")) {
sleep(i);
} else {
// Make the router use dnsmasq for its own local resolution if it did start
unlink("/etc/resolv.conf");
symlink("/rom/etc/resolv.conf", "/etc/resolv.conf"); // nameserver 127.0.0.1
i = 4;
/* Update local resolving mode */
n = readlink("/etc/resolv.conf", buf, sizeof(buf));
if (nvram_get_int("dns_local")) {
/* Use dnsmasq for local resolving if it did start,
* fallback to wan dns otherwise */
path = (char *)dmresolv;
for (i = 4; i > 0; i--) {
if (pids("dnsmasq")) {
/* nameserver 127.0.0.1 */
path = "/rom/etc/resolv.conf";
} else if (i)
sleep(1);
}
} else
if (n == sizeof("/rom/etc/resolv.conf") - 1 &&
strncmp(buf, "/rom/etc/resolv.conf", n) == 0) {
/* Use WAN DNS for local resolving only if
* nameservers were not changed externally */
path = (char *)dmresolv;
} else
path = NULL;
if (path && !(n == strlen(path) && strncmp(buf, path, n) == 0)) {
unlink("/etc/resolv.conf");
symlink(path, "/etc/resolv.conf");
}

TRACE_PT("end\n");
@@ -1338,6 +1338,7 @@ struct nvram_tuple router_defaults[] = {
{ "dns_probe_content", "131.107.255.255 112.4.20.71", CKN_STR_DEFAULT, CKN_TYPE_DEFAULT, CKN_ACC_LEVEL_DEFAULT, CKN_ENC_DEFAULT, 0 }, /* resolve target addr or wildcard */
#endif
{ "dns_delay_round", "2", CKN_STR6, CKN_TYPE_DEFAULT, CKN_ACC_LEVEL_DEFAULT, CKN_ENC_DEFAULT, 0 },
{ "dns_local", "1", CKN_STR1, CKN_TYPE_DEFAULT, CKN_ACC_LEVEL_DEFAULT, CKN_ENC_DEFAULT, 0 }, /* use local dns as system resolver */

/* Misc WAN parameters */
{ "wan_desc", "", CKN_STR_DEFAULT, CKN_TYPE_DEFAULT, CKN_ACC_LEVEL_DEFAULT, CKN_ENC_DEFAULT, 0 }, /* WAN connection description */
@@ -565,6 +565,9 @@ function applyRule(){
}
}
if (getRadioValue(document.form.dns_local) != "<% nvram_get("dns_local"); %>")
document.form.action_script.value += ";restart_dnsmasq";
document.form.submit();
}
@@ -903,6 +906,13 @@ function done_validating(action){
<input type="radio" name="ipv6_ns_drop" class="input" value="0" <% nvram_match_x("", "ipv6_ns_drop", "0", "checked"); %>><#checkbox_No#>
</td>
</tr>
<tr>
<th><a class="hintstyle" href="javascript:void(0);" onClick="openHint(50,27);">Wan: Use local caching DNS server as system resolver (default: Yes)</a></th>
<td>
<input type="radio" name="dns_local" class="input" value="1" <% nvram_match_x("", "dns_local", "1", "checked"); %>><#checkbox_Yes#>
<input type="radio" name="dns_local" class="input" value="0" <% nvram_match_x("", "dns_local", "0", "checked"); %>><#checkbox_No#>
</td>
</tr>
<tr>
<th>Disable Asusnat tunnel</th>
<td>
@@ -405,6 +405,7 @@ helpcontent[50] = new Array("",
"Restrict this rule to a specific source IP address",
"How should your router handle DNS servers pushed by the remote VPN server. Disabled = ignore them, Relaxed = just add to list of known DNS, Strict = add to list, but use all servers in order specified, Exclusive = use only these servers for all queries from clients routed through the tunnel.",
"When an unsigned reply is received, check that this zone really doesn't use DNSSEC. Disabling this will speed up lookups, but it also means someone can forge a reply in a signed zone by simply not signing the reply, bypassing any security benefit normally provided by DNSSEC.",
"Internal: use the IP configured on your router's WAN. External: query a remote service to use your public IP. The latter will work through double NAT, but might not work properly when using a VPN tunnel or with some DDNS providers.");
// Last: 50,26
"Internal: use the IP configured on your router's WAN. External: query a remote service to use your public IP. The latter will work through double NAT, but might not work properly when using a VPN tunnel or with some DDNS providers.",
"TODO");
// Last: 50,27

0 comments on commit 2b4fff3

Please sign in to comment.
You can’t perform that action at this time.