dns/bind: Forwarding feature expansion

benyamin-codez · benyamin-codez · commit ce24078de4ef · 2025-09-20T23:00:30.000+10:00
Expands the forwarding feature set by:

1. Adding global "forward only" option to forwarders
2. Adding "forward only" option to forward zones
3. Improving forward zone dialog help expansion and reformatting
4. Bumps model versions:
    * General to v1.0.13
    * Domain to v1.1.3

Signed-off-by: benyamin-codez &lt;115509179+benyamin-codez@users.noreply.github.com&gt;
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
@@ -9,14 +9,20 @@
         <id>domain.domainname</id>
         <label>Zone Name</label>
         <type>text</type>
-        <help>Set the name for this zone. Both forward and reverse zones may be specified, i.e. example.com or 0.168.192.in-addr.arpa.</help>
+        <help>Set the name for this zone. Both forward and reverse zones may be specified, e.g. "example.com" or "0.168.192.in-addr.arpa"</help>
+    </field>
+    <field>
+        <id>domain.forwardonly</id>
+        <label>Forward Only</label>
+        <type>checkbox</type>
+        <help>Disables recursion if forwarding fails. The default is to attempt resolution via forwarders first and only perform recursive lookups if forwarding fails. This setting is only meaningful if the list of forwarders is not empty. Can be used to override global forwarding behaviour for this domain by specifying the same servers below as those on the General tab.</help>
     </field>
     <field>
         <id>domain.forwardserver</id>
-        <label>Primary IP</label>
+        <label>Forwarder IPs</label>
         <style>tokenize</style>
         <type>select_multiple</type>
         <allownew>true</allownew>
-        <help>Set the IP address of server to forward requests to.</help>
+        <help>Set any combination of IPv4 and IPv6 addresses. Queries for this domain will be forwarded to these addresses. Used to override global forwarders for this domain.</help>
     </field>
 </form>
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
@@ -61,13 +61,20 @@
         <advanced>true</advanced>
         <help>Specify the IPv6 address used as a source for zone transfers.</help>
     </field>
+    <field>
+        <id>general.forwardonly</id>
+        <label>Forward Only</label>
+        <type>checkbox</type>
+        <advanced>true</advanced>
+        <help>Disables recursion if forwarding fails. The default is to attempt resolution via forwarders first and only perform recursive lookups if forwarding fails. This setting is only meaningful if the list of forwarders is not empty.</help>
+    </field>
     <field>
         <id>general.forwarders</id>
-        <label>DNS Forwarders</label>
+        <label>Forwarders</label>
         <style>tokenize</style>
         <type>select_multiple</type>
         <allownew>true</allownew>
-        <help>Set one or more hosts to send your DNS queries if the request is unknown.</help>
+        <help>Set any combination of IPv4 and IPv6 addresses to forward queries to when the answer is unknown.</help>
     </field>
     <field>
         <id>general.filteraaaav4</id>
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/bind/domain</mount>
     <description>BIND domain configuration</description>
-    <version>1.1.2</version>
+    <version>1.1.3</version>
     <items>
         <domains>
             <domain type="ArrayField">
@@ -21,6 +21,10 @@
                 <primaryip type="NetworkField">
                     <AsList>Y</AsList>
                 </primaryip>
+                <forwardonly type="BooleanField">
+                    <Default>0</Default>
+                    <Required>Y</Required>
+                </forwardonly>
                 <forwardserver type="NetworkField">
                     <AsList>Y</AsList>
                 </forwardserver>
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/bind/general</mount>
     <description>BIND configuration</description>
-    <version>1.0.12</version>
+    <version>1.0.13</version>
     <items>
         <enabled type="BooleanField">
             <Default>0</Default>
@@ -45,6 +45,10 @@
             <Default>53530</Default>
             <Required>Y</Required>
         </port>
+        <forwardonly type="BooleanField">
+            <Default>0</Default>
+            <Required>Y</Required>
+        </forwardonly>
         <forwarders type="NetworkField">
             <AsList>Y</AsList>
         </forwarders>
diff --git a/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt b/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
@@ -200,6 +200,7 @@
                     <tr>
                         <th data-column-id="enabled" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
                         <th data-column-id="domainname" data-type="string" data-visible="true">{{ lang._('Zone') }}</th>
+                        <th data-column-id="forwardonly" data-type="string" data-formatter="boolean" data-visible="true">{{ lang._('Forward Only') }}</th>
                         <th data-column-id="forwardserver" data-type="string" data-visible="true">{{ lang._('Forwarder IPs') }}</th>
                         <th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
                         <th data-column-id="commands" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@@ -39,7 +39,10 @@ options {
 {% endif -%}
 
 {% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
-        forwarders    { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
+{%   if helpers.exists('OPNsense.bind.general.forwardonly') and OPNsense.bind.general.forwardonly == '1' %}
+        forward            only
+{%   endif -%}
+        forwarders         { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
 {% endif -%}
 
 {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
@@ -154,6 +157,11 @@ zone "rpzbing" { type primary; file "/usr/local/etc/namedb/primary/bing.db"; not
 zone "{{ domain.domainname }}" {
         type {{ domain.type }};
 {%       if domain.type == 'forward' %}
+{%         if domain.forwardonly == '1' %}
+        forward only;
+{%         else %}
+        forward first;
+{%         endif %}
         forwarders { {{ domain.forwardserver.replace(',', '; ') }}; };
 {%       elif domain.type == 'secondary' %}
 {%         if domain.transferkey is defined %}
