From ce24078de4ef2cdb9bda3a7cf009c475d7879710 Mon Sep 17 00:00:00 2001
From: benyamin-codez <115509179+benyamin-codez@users.noreply.github.com>
Date: Thu, 14 Aug 2025 20:43:02 +1000
Subject: [PATCH] dns/bind: Forwarding feature expansion
Expands the forwarding feature set by:
1. Adding global "forward only" option to forwarders
2. Adding "forward only" option to forward zones
3. Improving forward zone dialog help expansion and reformatting
4. Bumps model versions:
* General to v1.0.13
* Domain to v1.1.3
Signed-off-by: benyamin-codez <115509179+benyamin-codez@users.noreply.github.com>
---
.../Bind/forms/dialogEditBindForwardDomain.xml | 12 +++++++++---
.../app/controllers/OPNsense/Bind/forms/general.xml | 11 +++++++++--
.../opnsense/mvc/app/models/OPNsense/Bind/Domain.xml | 6 +++++-
.../mvc/app/models/OPNsense/Bind/General.xml | 6 +++++-
.../mvc/app/views/OPNsense/Bind/general.volt | 1 +
.../service/templates/OPNsense/Bind/named.conf | 10 +++++++++-
6 files changed, 38 insertions(+), 8 deletions(-)
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
index 4ca30f87c6..ce1e420ff6 100644
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindForwardDomain.xml
@@ -9,14 +9,20 @@
domain.domainnametext
- Set the name for this zone. Both forward and reverse zones may be specified, i.e. example.com or 0.168.192.in-addr.arpa.
+ Set the name for this zone. Both forward and reverse zones may be specified, e.g. "example.com" or "0.168.192.in-addr.arpa"
+
+
+ domain.forwardonly
+
+ checkbox
+ Disables recursion if forwarding fails. The default is to attempt resolution via forwarders first and only perform recursive lookups if forwarding fails. This setting is only meaningful if the list of forwarders is not empty. Can be used to override global forwarding behaviour for this domain by specifying the same servers below as those on the General tab.domain.forwardserver
-
+
select_multipletrue
- Set the IP address of server to forward requests to.
+ Set any combination of IPv4 and IPv6 addresses. Queries for this domain will be forwarded to these addresses. Used to override global forwarders for this domain.
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
index 23e9c92026..e83a927d96 100644
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
@@ -61,13 +61,20 @@
trueSpecify the IPv6 address used as a source for zone transfers.
+
+ general.forwardonly
+
+ checkbox
+ true
+ Disables recursion if forwarding fails. The default is to attempt resolution via forwarders first and only perform recursive lookups if forwarding fails. This setting is only meaningful if the list of forwarders is not empty.
+ general.forwarders
-
+
select_multipletrue
- Set one or more hosts to send your DNS queries if the request is unknown.
+ Set any combination of IPv4 and IPv6 addresses to forward queries to when the answer is unknown.general.filteraaaav4
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
index 6743b66ae4..8d35003ada 100644
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Domain.xml
@@ -1,7 +1,7 @@
//OPNsense/bind/domainBIND domain configuration
- 1.1.2
+ 1.1.3
@@ -21,6 +21,10 @@
Y
+
+ 0
+ Y
+ Y
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
index 238c9dc248..57feaba189 100644
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
@@ -1,7 +1,7 @@
//OPNsense/bind/generalBIND configuration
- 1.0.12
+ 1.0.130
@@ -45,6 +45,10 @@
53530Y
+
+ 0
+ Y
+ Y
diff --git a/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt b/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
index 0d9b55eda9..6a21cacc97 100644
--- a/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
+++ b/dns/bind/src/opnsense/mvc/app/views/OPNsense/Bind/general.volt
@@ -200,6 +200,7 @@
{{ lang._('Enabled') }}
{{ lang._('Zone') }}
+
{{ lang._('Forward Only') }}
{{ lang._('Forwarder IPs') }}
{{ lang._('ID') }}
{{ lang._('Commands') }}
diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
index 9196b5de3e..7f0dabed26 100644
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@@ -39,7 +39,10 @@ options {
{% endif -%}
{% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
- forwarders { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
+{% if helpers.exists('OPNsense.bind.general.forwardonly') and OPNsense.bind.general.forwardonly == '1' %}
+ forward only
+{% endif -%}
+ forwarders { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
{% endif -%}
{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
@@ -154,6 +157,11 @@ zone "rpzbing" { type primary; file "/usr/local/etc/namedb/primary/bing.db"; not
zone "{{ domain.domainname }}" {
type {{ domain.type }};
{% if domain.type == 'forward' %}
+{% if domain.forwardonly == '1' %}
+ forward only;
+{% else %}
+ forward first;
+{% endif %}
forwarders { {{ domain.forwardserver.replace(',', '; ') }}; };
{% elif domain.type == 'secondary' %}
{% if domain.transferkey is defined %}