dns/bind: Forwarding feature expansion

benyamin-codez · benyamin-codez · commit 2da9b7fdf983 · 2025-08-14T20:43:02.000+10:00
Expands the forwarding feature set by:

1. Adding global "forward only" option to forwarders
2. Adding "forward only" option to forward zones
3. Improving forward zone dialog help expansion and reformatting

Signed-off-by: benyamin-codez &lt;115509179+benyamin-codez@users.noreply.github.com&gt;
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
@@ -9,14 +9,39 @@
         <id>domain.domainname</id>
         <label>Zone Name</label>
         <type>text</type>
-        <help>Set the name for this zone. Both forward and reverse zones may be specified, i.e. example.com or 0.168.192.in-addr.arpa.</help>
+        <help><![CDATA[
+              Set the name for this zone.
+              <br/>Both forward and reverse zones may be specified.
+              <br/>Examples include:
+              <br/>example.com
+              <br/>0.168.192.in-addr.arpa
+              ]]></help>
+    </field>
+    <field>
+        <id>domain.forwardonly</id>
+        <label>Forward Only</label>
+        <type>checkbox</type>
+        <help><![CDATA[
+              Disables recursion if forwarding fails.
+              <br/>The default is to attempt forwarders first and only perform
+              <br/>recursive lookups if forwarding fails. This setting is only
+              <br/>meaningful if the list of forwarders is not empty.
+              <br/>Can be used to override global forwarding behaviour for this
+              <br/>domain by specifying the same servers below.
+              <br/>This directive is explictily set to either forward only; or
+              <br/>forward first; to avoid any furtherance of doubt.
+              ]]></help>
     </field>
     <field>
         <id>domain.forwardserver</id>
-        <label>Primary IP</label>
+        <label>Forwarder IPs</label>
         <style>tokenize</style>
         <type>select_multiple</type>
         <allownew>true</allownew>
-        <help>Set the IP address of server to forward requests to.</help>
+        <help><![CDATA[
+              Set any combination of IPv4 and IPv6 addresses for which to
+              <br/>forward queries to for this domain.
+              <br/>Used to override global forwarders for this domain.
+              ]]></help>
     </field>
 </form>
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
@@ -61,13 +61,24 @@
         <advanced>true</advanced>
         <help>Specify the IPv6 address used as a source for zone transfers.</help>
     </field>
+    <field>
+        <id>general.forwardonly</id>
+        <label>Forward Only</label>
+        <type>checkbox</type>
+        <advanced>true</advanced>
+        <help><![CDATA[
+              Disables recursion if forwarding fails.
+              <br/>The default is to attempt forwarders first and perform recursive lookups if forwarding fails.
+              <br/>Only meaningful if the list of forwarders is not empty.
+              ]]></help>
+    </field>
     <field>
         <id>general.forwarders</id>
-        <label>DNS Forwarders</label>
+        <label>Forwarders</label>
         <style>tokenize</style>
         <type>select_multiple</type>
         <allownew>true</allownew>
-        <help>Set one or more hosts to send your DNS queries if the request is unknown.</help>
+        <help>Set any combination of IPv4 and IPv6 addresses to forward queries to when the answer is unknown.</help>
     </field>
     <field>
         <id>general.filteraaaav4</id>
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
@@ -21,6 +21,10 @@
                 <primaryip type="NetworkField">
                     <AsList>Y</AsList>
                 </primaryip>
+                <forwardonly type="BooleanField">
+                    <Default>0</Default>
+                    <Required>Y</Required>
+                </forwardonly>
                 <forwardserver type="NetworkField">
                     <AsList>Y</AsList>
                 </forwardserver>
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
@@ -45,6 +45,10 @@
             <Default>53530</Default>
             <Required>Y</Required>
         </port>
+        <forwardonly type="BooleanField">
+            <Default>0</Default>
+            <Required>Y</Required>
+        </forwardonly>
         <forwarders type="NetworkField">
             <AsList>Y</AsList>
         </forwarders>
diff --git a/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt b/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
@@ -200,6 +200,7 @@
                     <tr>
                         <th data-column-id="enabled" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
                         <th data-column-id="domainname" data-type="string" data-visible="true">{{ lang._('Zone') }}</th>
+                        <th data-column-id="forwardonly" data-type="string" data-formatter="boolean" data-visible="true">{{ lang._('Forward Only') }}</th>
                         <th data-column-id="forwardserver" data-type="string" data-visible="true">{{ lang._('Forwarder IPs') }}</th>
                         <th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
                         <th data-column-id="commands" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@@ -39,7 +39,10 @@ options {
 {% endif -%}
 
 {% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
-        forwarders    { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
+{%   if helpers.exists('OPNsense.bind.general.forwardonly') and OPNsense.bind.general.forwardonly == '1' %}
+        forward            only
+{%   endif -%}
+        forwarders         { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
 {% endif -%}
 
 {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
@@ -154,6 +157,11 @@ zone "rpzbing" { type primary; file "/usr/local/etc/namedb/primary/bing.db"; not
 zone "{{ domain.domainname }}" {
         type {{ domain.type }};
 {%       if domain.type == 'forward' %}
+{%         if domain.forwardonly == '1' %}
+        forward only;
+{%         else %}
+        forward first;
+{%         endif %}
         forwarders { {{ domain.forwardserver.replace(',', '; ') }}; };
 {%       elif domain.type == 'secondary' %}
 {%         if domain.transferkey is defined %}
