Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-19 18:28:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Finish settings-advanced.lp

Browse Source 
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER
2023-05-08 13:10:09 +02:00
parent 8302ed6aed
commit b30c1e0433
8 changed files with 360 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
scripts/pi-hole/js/gravity.js
View File

@@ -23,41 +23,43 @@ function eventsource() {
alInfo.show();
alSuccess.hide();
// eslint-disable-next-line compat/compat
fetch("/api/action/gravity", {
method: "POST",
})
// Retrieve its body as ReadableStream
.then((response) => {
const reader = response.body.getReader();
return new ReadableStream({
start(controller) {
return pump();
function pump() {
return reader.read().then(({ done, value }) => {
// When no more data needs to be consumed, close the stream
if (done) {
controller.close();
alInfo.hide();
$("#gravityBtn").prop("disabled", false);
return;
}
// Enqueue the next data chunk into our target stream
controller.enqueue(value);
var string = new TextDecoder().decode(value);
// Remove ${OVER} from the string
string = string.replaceAll("\r", "\n");
console.log(string);
ta.append(string);
if (string.indexOf("Pi-hole blocking is") !== -1) {
alSuccess.show();
}
return pump();
});
}
},
});
})
.catch((err) => console.error(err));
// Retrieve its body as ReadableStream
.then(response => {
const reader = response.body.getReader();
return new ReadableStream({
start(controller) {
return pump();
function pump() {
return reader.read().then(({ done, value }) => {
// When no more data needs to be consumed, close the stream
if (done) {
controller.close();
alInfo.hide();
$("#gravityBtn").prop("disabled", false);
return;
}
// Enqueue the next data chunk into our target stream
controller.enqueue(value);
var string = new TextDecoder().decode(value);
// Remove ${OVER} from the string
string = string.replaceAll("\r", "\n");
ta.append(string);
if (string.indexOf("Pi-hole blocking is") !== -1) {
alSuccess.show();
}
return pump();
});
}
},
});
})
.catch(error => console.error(error)); // eslint-disable-line no-console
}
$("#gravityBtn").on("click", function () {

115
scripts/pi-hole/js/settings-advanced.js
View File

@@ -93,6 +93,8 @@ function generateRow(topic, key, value) {
'<div class="col-sm-8">' +
'<input type="text" class="form-control" value="' +
value.value +
'" data-key="' +
key +
'"> ' +
defaultValueHint +
addAllowedValues(value.allowed) +
@@ -107,7 +109,9 @@ function generateRow(topic, key, value) {
(value.value ? " checked" : "") +
' id="' +
key +
'-checkbox"><label for="' +
'-checkbox" data-key="' +
key +
'"><label for="' +
key +
'-checkbox">Enabled ' +
defaultValueHint +
@@ -123,7 +127,9 @@ function generateRow(topic, key, value) {
'<div class="col-sm-8">' +
'<input type="number" class="form-control" value="' +
value.value +
'"> ' +
'" data-key="' +
key +
'" data-type="float"> ' +
defaultValueHint +
"</div>";
@@ -136,7 +142,9 @@ function generateRow(topic, key, value) {
'<div class="col-sm-8">' +
'<input type="number" step="1" class="form-control" value="' +
value.value +
'"> ' +
'" data-key="' +
key +
'" data-type="integer"> ' +
defaultValueHint +
"</div>";
@@ -149,7 +157,9 @@ function generateRow(topic, key, value) {
'<div class="col-sm-8">' +
'<input type="number" step="1" min="0" class="form-control" value="' +
value.value +
'"> ' +
'" data-key="' +
key +
'" data-type="integer"> ' +
defaultValueHint +
"</div>";
@@ -162,7 +172,9 @@ function generateRow(topic, key, value) {
'<div class="col-sm-8">' +
'<input type="number" step="1" min="0" max="65535" class="form-control" value="' +
value.value +
'"> ' +
'" data-key="' +
key +
'" data-type="integer"> ' +
defaultValueHint +
"</div>";
@@ -173,7 +185,9 @@ function generateRow(topic, key, value) {
box +=
'<label class="col-sm-5 control-label">Values (one item per line)</label>' +
'<div class="col-sm-7">' +
'<textarea class="form-control">' +
'<textarea class="form-control" data-key="' +
key +
'">' +
value.value.join("\n") +
"</textarea> " +
defaultValueHint +
@@ -187,7 +201,9 @@ function generateRow(topic, key, value) {
box +=
'<label class="col-sm-4 control-label">Selected Option</label>' +
'<div class="col-sm-8">' +
'<select class="form-control">';
'<select class="form-control" data-key="' +
key +
'">';
value.allowed.forEach(function (option) {
box +=
'<option value="' +
@@ -209,6 +225,22 @@ function generateRow(topic, key, value) {
break;
}
case "password (write-only string)": {
box +=
'<label class="col-sm-4 control-label">Value (string)</label>' +
'<div class="col-sm-8">' +
'<input type="password" class="form-control" value="' +
value.value +
'" data-key="' +
key +
'"> ' +
defaultValueHint +
addAllowedValues(value.allowed) +
"</div>";
break;
}
default: {
box += "TYPE " + value.type + " NOT DEFINED";
}
@@ -260,6 +292,15 @@ function createDynamicConfigTabs() {
});
$("#advanced-overlay").hide();
$("#advanced-content").append(
'<div class="col-lg-12 settings-level-1">' +
'<button type="button" class="btn btn-primary save-button" id="save"><i class="fa-solid fa-fw fa-floppy-disk"></i>&nbsp;Save & Apply</button>' +
"</div>"
);
$("button[id='save']").on("click", function () {
saveSettings();
});
applyCheckboxRadioStyle();
})
.fail(function (data) {
@@ -267,6 +308,66 @@ function createDynamicConfigTabs() {
});
}
function saveSettings() {
var settings = {};
$("[data-key]").each(function () {
var key = $(this).data("key");
var value = $(this).val();
if ($(this).is(":checkbox")) {
value = $(this).is(":checked");
}
if ($(this).is("textarea")) {
value = $(this).val();
value = value === "" ? [] : value.split("\n");
}
if ($(this).data("type") === "integer") {
value = parseInt(value, 10);
}
if ($(this).data("type") === "float") {
value = parseFloat(value);
}
// Build deep object
// Transform "foo.bar.baz" into {foo: {bar: {baz: value}}}
var parts = key.split(".");
var obj = {};
var tmp = obj;
for (var i = 0; i < parts.length - 1; i++) {
tmp[parts[i]] = {};
tmp = tmp[parts[i]];
}
tmp[parts[parts.length - 1]] = value;
// Merge deep object into settings
$.extend(true, settings, obj);
});
// Apply changes
$.ajax({
url: "/api/config",
method: "PATCH",
data: JSON.stringify({ config: settings }),
contentType: "application/json; charset=utf-8",
})
.done(function () {
// Success
utils.showAlert(
"success",
"fa-solid fa-fw fa-floppy-disk",
"Successfully saved and applied settings",
""
);
// Reload page
location.reload();
})
.fail(function (data) {
apiFailure(data);
});
}
$(document).ready(function () {
createDynamicConfigTabs();
});

4
scripts/pi-hole/js/settings-dns-records.js
View File

@@ -242,7 +242,7 @@ $(document).ready(function () {
.done(function (response) {
utils.enableAll();
if (response === undefined) {
utils.showAlert("success", "far fa-trash-alt", "Successfully added DNS record", "");
utils.showAlert("success", "far fa-plus", "Successfully added DNS record", "");
dnsRecordsTable.ajax.reload(null, false);
} else {
utils.showAlert("error", "", "Error while adding DNS record", response.record);
@@ -266,7 +266,7 @@ $(document).ready(function () {
.done(function (response) {
utils.enableAll();
if (response === undefined) {
utils.showAlert("success", "far fa-trash-alt", "Successfully added CNAME record", "");
utils.showAlert("success", "far fa-plus", "Successfully added CNAME record", "");
dnsRecordsTable.ajax.reload(null, false);
} else {
utils.showAlert("error", "", "Error while adding CNAME record", response.record);

2
scripts/pi-hole/lua/sidebar.lp
View File

@@ -160,7 +160,7 @@
</li>
<li class="<? if scriptname == 'settings-advanced.lp' then mg.write(" active") end ?> settings-level-2">
<a href="settings-advanced.lp">
<i class="fa-fw menu-icon fa-solid fa-pen-to-square"></i> <span class="text-orange">Advanced</span>
<i class="fa-fw menu-icon fa-solid fa-pen-to-square"></i> <span class="text-green">Advanced</span>
</a>
</li>
<li class="<? if scriptname == 'settings-teleporter.lp' then mg.write(" active") end ?>">

3
settings-api.lp
View File

@@ -130,6 +130,9 @@ mg.include('scripts/pi-hole/lua/header_authenticated.lp','r')
</div>
</div>
</div>
<div class="col-lg-12 settings-level-1">
<button type="button" class="btn btn-primary save-button"><i class="fa-solid fa-fw fa-floppy-disk"></i>&nbsp;Save & Apply</button>
</div>
</div>
<div class="modal fade" id="modal-totp" style="display: none;">

4
settings-dhcp.lp
View File

@@ -195,7 +195,9 @@ mg.include('scripts/pi-hole/lua/header_authenticated.lp','r')
</div>
</div>
</div>
<button type="submit" class="btn btn-primary pull-right">Save</button>
</div>
<div class="col-lg-12 settings-level-1">
<button type="button" class="btn btn-primary save-button"><i class="fa-solid fa-fw fa-floppy-disk"></i>&nbsp;Save & Apply</button>
</div>
</div>
<script src="<?=pihole.fileversion('scripts/pi-hole/js/settings-dhcp.js')?>"></script>

407
settings-dns.lp
View File

@@ -10,230 +10,229 @@
mg.include('scripts/pi-hole/lua/header_authenticated.lp','r')
?>
<div class="row">
<div class="col-lg-6">
<div class="box box-warning">
<div class="box-header with-border">
<h1 class="box-title">Upstream DNS Servers</h1>
</div>
<div class="box-body">
<div class="row">
<div class="col-sm-12">
<table class="table table-bordered">
<thead>
<tr>
<th colspan="2">IPv4</th>
<th colspan="2">IPv6</th>
<th>Name</th>
</tr>
</thead>
<tbody id="DNSupstreamsTable">
</tbody>
</table>
<p>ECS (Extended Client Subnet) defines a mechanism for recursive resolvers to send partial client IP address information to authoritative DNS name servers. Content Delivery Networks (CDNs) and latency-sensitive services use this to give geo-located responses when responding to name lookups coming through public DNS resolvers. <em>Note that ECS may result in reduced privacy.</em></p>
</div>
<div class="col-sm-12">
<div class="box collapsed-box">
<div class="box-header with-border pointer no-user-select" data-widget="collapse">
<h3 class="box-title">Custom DNS servers <span id="custom-servers-title"></span></h3>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool">
<i class="fa fa-plus"></i>
</button>
</div>
</div>
<div class="box-body">
<p>The following list contains all DNS servers selected above. Furthermore, you can add your own custom DNS servers here. The expected format is one server per line in form of <code>IP#port</code>, where the <code>port</code> is optional. If given, it has to be separated by a hash <code>#</code> from the address (e.g. <code>127.0.0.1#5335</code> for a local <code>unbound</code> istance running on port <code>5335</code>). The port defaults to 53 if omitted.</p>
<textarea class="form-control" rows="3" id="DNSupstreamsTextfield" placeholder="Enter upstream DNS servers, one per line" style="resize: vertical;"></textarea>
<div class="col-lg-6">
<div class="box box-warning">
<div class="box-header with-border">
<h1 class="box-title">Upstream DNS Servers</h1>
</div>
<div class="box-body">
<div class="row">
<div class="col-sm-12">
<table class="table table-bordered">
<thead>
<tr>
<th colspan="2">IPv4</th>
<th colspan="2">IPv6</th>
<th>Name</th>
</tr>
</thead>
<tbody id="DNSupstreamsTable">
</tbody>
</table>
<p>ECS (Extended Client Subnet) defines a mechanism for recursive resolvers to send partial client IP address information to authoritative DNS name servers. Content Delivery Networks (CDNs) and latency-sensitive services use this to give geo-located responses when responding to name lookups coming through public DNS resolvers. <em>Note that ECS may result in reduced privacy.</em></p>
</div>
<div class="col-sm-12">
<div class="box collapsed-box">
<div class="box-header with-border pointer no-user-select" data-widget="collapse">
<h3 class="box-title">Custom DNS servers <span id="custom-servers-title"></span></h3>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool">
<i class="fa fa-plus"></i>
</button>
</div>
</div>
<div class="box-body">
<p>The following list contains all DNS servers selected above. Furthermore, you can add your own custom DNS servers here. The expected format is one server per line in form of <code>IP#port</code>, where the <code>port</code> is optional. If given, it has to be separated by a hash <code>#</code> from the address (e.g. <code>127.0.0.1#5335</code> for a local <code>unbound</code> istance running on port <code>5335</code>). The port defaults to 53 if omitted.</p>
<textarea class="form-control" rows="3" id="DNSupstreamsTextfield" placeholder="Enter upstream DNS servers, one per line" style="resize: vertical;"></textarea>
</div>
</div>
</div>
<div class="overlay" id="dns-upstreams-overlay">
<i class="fa fa-sync fa-spin"></i>
</div>
<div class="overlay" id="dns-upstreams-overlay">
<i class="fa fa-sync fa-spin"></i>
</div>
</div>
</div>
<div class="box box-warning settings-level-1">
<div class="box-header with-border">
<h3 class="box-title">Conditional forwarding&nbsp;&nbsp;<i class="fas fa-wrench" title="This is an advanced-level setting"></i></h3>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<p>If not configured as your DHCP server, Pi-hole typically won't be able to
determine the names of devices on your local network. As a
result, tables such as Top Clients will only show IP addresses.</p>
<p>One solution for this is to configure Pi-hole to forward these
requests to your DHCP server (most likely your router), but only for devices on your
home network. To configure this we will need to know the IP
address of your DHCP server and which addresses belong to your local network.
Exemplary input is given below as placeholder in the text boxes (if empty).</p>
<p>If your local network spans 192.168.0.1 - 192.168.0.255, then you will have to input
<code>192.168.0.0/24</code>. If your local network is 192.168.47.1 - 192.168.47.255, it will
be <code>192.168.47.0/24</code> and similar. If your network is larger, the CIDR has to be
different, for instance a range of 10.8.0.1 - 10.8.255.255 results in <code>10.8.0.0/16</code>,
whereas an even wider network of 10.0.0.1 - 10.255.255.255 results in <code>10.0.0.0/8</code>.
Setting up IPv6 ranges is exactly similar to setting up IPv4 here and fully supported.
Feel free to reach out to us on our
<a href="https://discourse.pi-hole.net" rel="noopener" target="_blank">Discourse forum</a>
in case you need any assistance setting up local host name resolution for your particular system.</p>
<p>You can also specify a local domain name (like <code>fritz.box</code>) to ensure queries to
devices ending in your local domain name will not leave your network, however, this is optional.
The local domain name must match the domain name specified
in your DHCP server for this to work. You can likely find it within the DHCP settings.</p>
<p>Enabling Conditional Forwarding will also forward all hostnames (i.e., non-FQDNs) to the router
when "Never forward non-FQDNs" is <em>not</em> enabled.</p>
<div class="form-group">
<div>
<input type="checkbox" id="dns.revServer.active">
<label for="dns.revServer.active"><strong>Use Conditional Forwarding</strong></label>
</div>
<div class="input-group">
<table class="table table-bordered">
<thead>
<tr>
<th>Local network in <a href="https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing" target="_blank">CIDR notation</a></th>
<th>IP address of your DHCP server (router)</th>
<th>Local domain name (optional)</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<input type="text" id="dns.revServer.cidr" placeholder="192.168.0.0/16" class="form-control" autocomplete="off" spellcheck="false" autocapitalize="none" autocorrect="off" value="">
</td>
<td>
<input type="text" id="dns.revServer.target" placeholder="192.168.0.1" class="form-control" autocomplete="off" spellcheck="false" autocapitalize="none" autocorrect="off" value="">
</td>
<td>
<input type="text" id="dns.revServer.domain" placeholder="local" class="form-control" data-mask autocomplete="off" spellcheck="false" autocapitalize="none" autocorrect="off" value="">
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<div class="box box-warning settings-level-1">
<div class="box-header with-border">
<h3 class="box-title">Conditional forwarding&nbsp;&nbsp;<i class="fas fa-wrench" title="This is an advanced-level setting"></i></h3>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<p>If not configured as your DHCP server, Pi-hole typically won't be able to
determine the names of devices on your local network. As a
result, tables such as Top Clients will only show IP addresses.</p>
<p>One solution for this is to configure Pi-hole to forward these
requests to your DHCP server (most likely your router), but only for devices on your
home network. To configure this we will need to know the IP
address of your DHCP server and which addresses belong to your local network.
Exemplary input is given below as placeholder in the text boxes (if empty).</p>
<p>If your local network spans 192.168.0.1 - 192.168.0.255, then you will have to input
<code>192.168.0.0/24</code>. If your local network is 192.168.47.1 - 192.168.47.255, it will
be <code>192.168.47.0/24</code> and similar. If your network is larger, the CIDR has to be
different, for instance a range of 10.8.0.1 - 10.8.255.255 results in <code>10.8.0.0/16</code>,
whereas an even wider network of 10.0.0.1 - 10.255.255.255 results in <code>10.0.0.0/8</code>.
Setting up IPv6 ranges is exactly similar to setting up IPv4 here and fully supported.
Feel free to reach out to us on our
<a href="https://discourse.pi-hole.net" rel="noopener" target="_blank">Discourse forum</a>
in case you need any assistance setting up local host name resolution for your particular system.</p>
<p>You can also specify a local domain name (like <code>fritz.box</code>) to ensure queries to
devices ending in your local domain name will not leave your network, however, this is optional.
The local domain name must match the domain name specified
in your DHCP server for this to work. You can likely find it within the DHCP settings.</p>
<p>Enabling Conditional Forwarding will also forward all hostnames (i.e., non-FQDNs) to the router
when "Never forward non-FQDNs" is <em>not</em> enabled.</p>
<div class="form-group">
</div>
</div>
<div class="col-lg-6 settings-level-1">
<div class="box box-warning">
<div class="box-header with-border">
<h1 class="box-title">Interface settings&nbsp;&nbsp;<i class="fas fa-wrench" title="This is an advanced-level setting"></i></h1>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<div class="form-group">
<div class="no-danger-area">
<h4>Recommended setting</h4>
<div>
<input type="checkbox" id="dns.revServer.active">
<label for="dns.revServer.active"><strong>Use Conditional Forwarding</strong></label>
</div>
<div class="input-group">
<table class="table table-bordered">
<thead>
<tr>
<th>Local network in <a href="https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing" target="_blank">CIDR notation</a></th>
<th>IP address of your DHCP server (router)</th>
<th>Local domain name (optional)</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<input type="text" id="dns.revServer.cidr" placeholder="192.168.0.0/16" class="form-control" autocomplete="off" spellcheck="false" autocapitalize="none" autocorrect="off" value="">
</td>
<td>
<input type="text" id="dns.revServer.target" placeholder="192.168.0.1" class="form-control" autocomplete="off" spellcheck="false" autocapitalize="none" autocorrect="off" value="">
</td>
<td>
<input type="text" id="dns.revServer.domain" placeholder="local" class="form-control" data-mask autocomplete="off" spellcheck="false" autocapitalize="none" autocorrect="off" value="">
</td>
</tr>
</tbody>
</table>
<input type="radio" name="DNSinterface" id="dns.listeningMode-LOCAL">
<label for="dns.listeningMode-LOCAL"><strong>Allow only local requests</strong><br>Allows only queries from devices that are at most one hop away (local devices)</label>
</div>
</div>
<div class="danger-area">
<h4>Potentially dangerous options</h4>Make sure your Pi-hole is properly firewalled!
<div>
<input type="radio" name="DNSinterface" id="dns.listeningMode-SINGLE">
<label for="dns.listeningMode-SINGLE"><strong>Respond only on interface <span id="interface-name-1"></span></strong></label>
</div>
<div>
<input type="radio" name="DNSinterface" id="dns.listeningMode-BIND">
<label for="dns.listeningMode-BIND"><strong>Bind only to interface <span id="interface-name-2"></span></strong></label>
</div>
<div>
<input type="radio" name="DNSinterface" id="dns.listeningMode-ALL">
<label for="dns.listeningMode-ALL"><strong>Permit all origins</strong></label>
</div>
<p>These options are dangerous on devices
directly connected to the Internet such as cloud instances and are only safe if your
Pi-hole is properly firewalled. In a typical at-home setup where your Pi-hole is
located within your local network (and you have <strong>not</strong> forwarded port 53
in your router!) they are safe to use.</p>
</div>
</div>
<p>See <a href="https://docs.pi-hole.net/ftldns/interfaces/" target="_blank">our documentation</a> for further technical details.</p>
</div>
</div>
</div>
</div>
<div class="box box-warning">
<div class="box-header with-border">
<h3 class="box-title">Advanced DNS settings</h3>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<div>
<input type="checkbox" id="dns.domainNeeded" title="domain-needed">
<label for="dns.domainNeeded"><strong>Never forward non-FQDN <code>A</code> and <code>AAAA</code> queries</strong></label>
<p>Tells Pi-hole to never forward A or AAAA queries for plain
names, without dots or domain parts, to upstream nameservers. If
the name is not known from <code>/etc/hosts</code> or DHCP then a "not found"
answer is returned.<br>
If Conditional Forwarding is enabled, unticking this box may cause a partial
DNS loop under certain circumstances (e.g. if a client would send TLD DNSSEC queries).</p>
</div>
<br>
<div>
<input type="checkbox" id="dns.bogusPriv" title="bogus-priv">
<label for="dns.bogusPriv"><strong>Never forward reverse lookups for private IP ranges</strong></label>
<p>All reverse lookups for private IP ranges (i.e., <code>192.168.0.x/24</code>, etc.)
which are not found in <code>/etc/hosts</code> or the DHCP leases are answered
with "no such domain" rather than being forwarded upstream. The set
of prefixes affected is the list given in <a href="https://tools.ietf.org/html/rfc6303">RFC6303</a>.</p>
<p><strong>Important</strong>: Enabling these two options may increase your privacy,
but may also prevent you from being able to access
local hostnames if the Pi-hole is not used as DHCP server.</p>
</div>
<br>
<div>
<input type="checkbox" id="dns.dnssec">
<label for="dns.dnssec"><strong>Use DNSSEC</strong></label>
<p>Validate DNS replies and cache DNSSEC data. When forwarding DNS
queries, Pi-hole requests the DNSSEC records needed to validate
the replies. If a domain fails validation or the upstream does not
support DNSSEC, this setting can cause issues resolving domains.
Use an upstream DNS server which supports DNSSEC when activating DNSSEC. Note that
the size of your log might increase significantly
when enabling DNSSEC. A DNSSEC resolver test can be found
<a href="https://dnssec.vs.uni-due.de/" rel="noopener" target="_blank">here</a>.</p>
</div>
</div>
</div>
</div>
</div>
<div class="col-lg-6 settings-level-1">
<div class="box box-warning">
<div class="box-header with-border">
<h1 class="box-title">Interface settings&nbsp;&nbsp;<i class="fas fa-wrench" title="This is an advanced-level setting"></i></h1>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<div class="form-group">
<div class="no-danger-area">
<h4>Recommended setting</h4>
<div>
<input type="radio" name="DNSinterface" id="dns.listeningMode-LOCAL">
<label for="dns.listeningMode-LOCAL"><strong>Allow only local requests</strong><br>Allows only queries from devices that are at most one hop away (local devices)</label>
</div>
</div>
<div class="danger-area">
<h4>Potentially dangerous options</h4>Make sure your Pi-hole is properly firewalled!
<div>
<input type="radio" name="DNSinterface" id="dns.listeningMode-SINGLE">
<label for="dns.listeningMode-SINGLE"><strong>Respond only on interface <span id="interface-name-1"></span></strong></label>
</div>
<div>
<input type="radio" name="DNSinterface" id="dns.listeningMode-BIND">
<label for="dns.listeningMode-BIND"><strong>Bind only to interface <span id="interface-name-2"></span></strong></label>
</div>
<div>
<input type="radio" name="DNSinterface" id="dns.listeningMode-ALL">
<label for="dns.listeningMode-ALL"><strong>Permit all origins</strong></label>
</div>
<p>These options are dangerous on devices
directly connected to the Internet such as cloud instances and are only safe if your
Pi-hole is properly firewalled. In a typical at-home setup where your Pi-hole is
located within your local network (and you have <strong>not</strong> forwarded port 53
in your router!) they are safe to use.</p>
</div>
</div>
<p>See <a href="https://docs.pi-hole.net/ftldns/interfaces/" target="_blank">our documentation</a> for further technical details.</p>
</div>
</div>
</div>
<div class="box box-warning settings-level-1">
<div class="box-header with-border">
<h3 class="box-title">Rate-limiting&nbsp;&nbsp;<i class="fas fa-wrench" title="This is an advanced-level setting"></i></h3>
</div>
<div class="box box-warning">
<div class="box-header with-border">
<h3 class="box-title">Advanced DNS settings</h3>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<div>
<input type="checkbox" id="dns.domainNeeded" title="domain-needed">
<label for="dns.domainNeeded"><strong>Never forward non-FQDN <code>A</code> and <code>AAAA</code> queries</strong></label>
<p>Tells Pi-hole to never forward A or AAAA queries for plain
names, without dots or domain parts, to upstream nameservers. If
the name is not known from <code>/etc/hosts</code> or DHCP then a "not found"
answer is returned.<br>
If Conditional Forwarding is enabled, unticking this box may cause a partial
DNS loop under certain circumstances (e.g. if a client would send TLD DNSSEC queries).</p>
</div>
<br>
<div>
<input type="checkbox" id="dns.bogusPriv" title="bogus-priv">
<label for="dns.bogusPriv"><strong>Never forward reverse lookups for private IP ranges</strong></label>
<p>All reverse lookups for private IP ranges (i.e., <code>192.168.0.x/24</code>, etc.)
which are not found in <code>/etc/hosts</code> or the DHCP leases are answered
with "no such domain" rather than being forwarded upstream. The set
of prefixes affected is the list given in <a href="https://tools.ietf.org/html/rfc6303">RFC6303</a>.</p>
<p><strong>Important</strong>: Enabling these two options may increase your privacy,
but may also prevent you from being able to access
local hostnames if the Pi-hole is not used as DHCP server.</p>
</div>
<br>
<div>
<input type="checkbox" id="dns.dnssec">
<label for="dns.dnssec"><strong>Use DNSSEC</strong></label>
<p>Validate DNS replies and cache DNSSEC data. When forwarding DNS
queries, Pi-hole requests the DNSSEC records needed to validate
the replies. If a domain fails validation or the upstream does not
support DNSSEC, this setting can cause issues resolving domains.
Use an upstream DNS server which supports DNSSEC when activating DNSSEC. Note that
the size of your log might increase significantly
when enabling DNSSEC. A DNSSEC resolver test can be found
<a href="https://dnssec.vs.uni-due.de/" rel="noopener" target="_blank">here</a>.</p>
</div>
</div>
</div>
</div>
</div>
<div class="box box-warning settings-level-1">
<div class="box-header with-border">
<h3 class="box-title">Rate-limiting&nbsp;&nbsp;<i class="fas fa-wrench" title="This is an advanced-level setting"></i></h3>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<p>Block clients making more than <input type="number" id="dns.rateLimit.count" value="" min="0" step="10" style="width: 5em;"> queries within
<input type="number" id="dns.rateLimit.interval" value="" min="0" step="10" style="width: 4em;"> seconds.</p>
<p>When a client makes too many queries in too short time, it
gets rate-limited. Rate-limited queries are answered with a
<code>REFUSED</code> reply and not further processed by FTL
and prevent Pi-holes getting overwhelmed by rogue clients.
It is important to note that rate-limiting is happening on a
per-client basis. Other clients can continue to use FTL while
rate-limited clients are short-circuited at the same time.</p>
<p>Rate-limiting may be disabled altogether by setting both
values to zero. See
<a href="https://docs.pi-hole.net/ftldns/configfile/#rate_limit" target="_blank">our documentation</a>
for further details.</p>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<p>Block clients making more than <input type="number" id="dns.rateLimit.count" value="" min="0" step="10" style="width: 5em;"> queries within
<input type="number" id="dns.rateLimit.interval" value="" min="0" step="10" style="width: 4em;"> seconds.</p>
<p>When a client makes too many queries in too short time, it
gets rate-limited. Rate-limited queries are answered with a
<code>REFUSED</code> reply and not further processed by FTL
and prevent Pi-holes getting overwhelmed by rogue clients.
It is important to note that rate-limiting is happening on a
per-client basis. Other clients can continue to use FTL while
rate-limited clients are short-circuited at the same time.</p>
<p>Rate-limiting may be disabled altogether by setting both
values to zero. See
<a href="https://docs.pi-hole.net/ftldns/configfile/#rate_limit" target="_blank">our documentation</a>
for further details.</p>
</div>
</div>
</div>
</div>
<div class="col-lg-6 settings-level-1">
<button type="submit" class="btn btn-primary pull-right">Save</button>
</div>
</div>
<div class="col-lg-12 settings-level-1">
<button type="button" class="btn btn-primary save-button"><i class="fa-solid fa-fw fa-floppy-disk"></i>&nbsp;Save & Apply</button>
</div>
</div>
<script src="<?=pihole.fileversion('scripts/pi-hole/js/settings-dns.js')?>"></script>

6
style/pi-hole.css
View File

@@ -1103,3 +1103,9 @@ table.dataTable tbody > tr > .selected {
.totp_token::placeholder {
opacity: 0.1;
}
.save-button {
position: fixed;
bottom: 2%;
right: 2%;
}