Remove the harden-glue option entirely and hard code it to yes. Ticket …

…#4402
pfsense · Mar 6, 2015 · 5c7c369 · 5c7c369
1 parent 6d1db7e
commit 5c7c369
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 18 deletions.
diff --git a/conf.default/config.xml b/conf.default/config.xml
@@ -274,7 +274,6 @@
 		<custom_options/>
 		<hideidentity/>
 		<hideversion/>
-		<hardenglue/>
 		<dnssecstripped/>
 	</unbound>
 </pfsense>
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc
@@ -213,7 +213,6 @@ EOF;
 	$port = (is_port($config['unbound']['port'])) ? $config['unbound']['port'] : "53";
 	$hide_identity = isset($config['unbound']['hideidentity']) ? "yes" : "no";
 	$hide_version = isset($config['unbound']['hideversion']) ? "yes" : "no";
-	$harden_glue = isset($config['unbound']['hardenglue']) ? "yes" : "no";
 	$harden_dnssec_stripped = isset($config['unbound']['dnssecstripped']) ? "yes" : "no";
 	$prefetch = isset($config['unbound']['prefetch']) ? "yes" : "no";
 	$prefetch_key = isset($config['unbound']['prefetchkey']) ? "yes" : "no";
@@ -290,7 +289,7 @@ port: {$port}
 verbosity: {$verbosity}
 hide-identity: {$hide_identity}
 hide-version: {$hide_version}
-harden-glue: {$harden_glue}
+harden-glue: yes
 do-ip4: yes
 do-ip6: yes
 do-udp: yes

diff --git a/usr/local/www/services_unbound_advanced.php b/usr/local/www/services_unbound_advanced.php
@@ -58,9 +58,6 @@
 if (isset($config['unbound']['prefetchkey'])) {
 	$pconfig['prefetchkey'] = true;
 }
-if (isset($config['unbound']['hardenglue'])) {
-	$pconfig['hardenglue'] = true;
-}
 if (isset($config['unbound']['dnssecstripped'])) {
 	$pconfig['dnssecstripped'] = true;
 }
@@ -153,11 +150,6 @@
 		} else {
 			unset($config['unbound']['prefetchkey']);
 		}
-		if (isset($_POST['hardenglue'])) {
-			$config['unbound']['hardenglue'] = true;
-		} else {
-			unset($config['unbound']['hardenglue']);
-		}
 		if (isset($_POST['dnssecstripped'])) {
 			$config['unbound']['dnssecstripped'] = true;
 		} else {
@@ -257,13 +249,6 @@
 									<?=sprintf(gettext("DNSKEYs are fetched earlier in the validation process when a %sDelegation signer%s is encountered. This helps lower the latency of requests but does utilize a little more CPU."), "<a href='http://en.wikipedia.org/wiki/List_of_DNS_record_types'>", "</a>");?>
 								</td>
 							</tr>
-							<tr>
-								<td width="22%" valign="top" class="vncell"><?=gettext("Harden Glue");?></td>
-								<td width="78%" class="vtable">
-									<input name="hardenglue" type="checkbox" id="hardenglue" value="yes" <?php if (isset($pconfig['hardenglue'])) echo "checked=\"checked\"";?> /><br />
-									<?=gettext("Only trust glue if it is within the server's authority.");?>
-								</td>
-							</tr>
 							<tr>
 								<td width="22%" valign="top" class="vncell"><?=gettext("Harden DNSSEC data");?></td>
 								<td width="78%" class="vtable">