From b30c1e04333202ed229151d7f4720af851f26dc2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 8 May 2023 13:10:09 +0200 Subject: [PATCH] Finish settings-advanced.lp Signed-off-by: DL6ER --- scripts/pi-hole/js/gravity.js | 66 ++-- scripts/pi-hole/js/settings-advanced.js | 115 +++++- scripts/pi-hole/js/settings-dns-records.js | 4 +- scripts/pi-hole/lua/sidebar.lp | 2 +- settings-api.lp | 3 + settings-dhcp.lp | 4 +- settings-dns.lp | 407 ++++++++++----------- style/pi-hole.css | 6 + 8 files changed, 360 insertions(+), 247 deletions(-) diff --git a/scripts/pi-hole/js/gravity.js b/scripts/pi-hole/js/gravity.js index 3cf2ab85..6bb78b50 100644 --- a/scripts/pi-hole/js/gravity.js +++ b/scripts/pi-hole/js/gravity.js @@ -23,41 +23,43 @@ function eventsource() { alInfo.show(); alSuccess.hide(); + // eslint-disable-next-line compat/compat fetch("/api/action/gravity", { method: "POST", }) - // Retrieve its body as ReadableStream - .then((response) => { - const reader = response.body.getReader(); - return new ReadableStream({ - start(controller) { - return pump(); - function pump() { - return reader.read().then(({ done, value }) => { - // When no more data needs to be consumed, close the stream - if (done) { - controller.close(); - alInfo.hide(); - $("#gravityBtn").prop("disabled", false); - return; - } - // Enqueue the next data chunk into our target stream - controller.enqueue(value); - var string = new TextDecoder().decode(value); - // Remove ${OVER} from the string - string = string.replaceAll("\r", "\n"); - console.log(string); - ta.append(string); - if (string.indexOf("Pi-hole blocking is") !== -1) { - alSuccess.show(); - } - return pump(); - }); - } - }, - }); - }) - .catch((err) => console.error(err)); + // Retrieve its body as ReadableStream + .then(response => { + const reader = response.body.getReader(); + return new ReadableStream({ + start(controller) { + return pump(); + function pump() { + return reader.read().then(({ done, value }) => { + // When no more data needs to be consumed, close the stream + if (done) { + controller.close(); + alInfo.hide(); + $("#gravityBtn").prop("disabled", false); + return; + } + + // Enqueue the next data chunk into our target stream + controller.enqueue(value); + var string = new TextDecoder().decode(value); + // Remove ${OVER} from the string + string = string.replaceAll("\r", "\n"); + ta.append(string); + if (string.indexOf("Pi-hole blocking is") !== -1) { + alSuccess.show(); + } + + return pump(); + }); + } + }, + }); + }) + .catch(error => console.error(error)); // eslint-disable-line no-console } $("#gravityBtn").on("click", function () { diff --git a/scripts/pi-hole/js/settings-advanced.js b/scripts/pi-hole/js/settings-advanced.js index 699f18d2..7282221f 100644 --- a/scripts/pi-hole/js/settings-advanced.js +++ b/scripts/pi-hole/js/settings-advanced.js @@ -93,6 +93,8 @@ function generateRow(topic, key, value) { '
' + ' ' + defaultValueHint + addAllowedValues(value.allowed) + @@ -107,7 +109,9 @@ function generateRow(topic, key, value) { (value.value ? " checked" : "") + ' id="' + key + - '-checkbox">
+
+ +
- + +
+
diff --git a/settings-dns.lp b/settings-dns.lp index c1365a77..02f7473c 100644 --- a/settings-dns.lp +++ b/settings-dns.lp @@ -10,230 +10,229 @@ mg.include('scripts/pi-hole/lua/header_authenticated.lp','r') ?>
-
-
-
-

Upstream DNS Servers

-
-
-
-
- - - - - - - - - - -
IPv4IPv6Name
-

ECS (Extended Client Subnet) defines a mechanism for recursive resolvers to send partial client IP address information to authoritative DNS name servers. Content Delivery Networks (CDNs) and latency-sensitive services use this to give geo-located responses when responding to name lookups coming through public DNS resolvers. Note that ECS may result in reduced privacy.

-
-
-
-
-

Custom DNS servers

-
- -
-
-
-

The following list contains all DNS servers selected above. Furthermore, you can add your own custom DNS servers here. The expected format is one server per line in form of IP#port, where the port is optional. If given, it has to be separated by a hash # from the address (e.g. 127.0.0.1#5335 for a local unbound istance running on port 5335). The port defaults to 53 if omitted.

- +
+
+
+

Upstream DNS Servers

+
+
+
+
+ + + + + + + + + + +
IPv4IPv6Name
+

ECS (Extended Client Subnet) defines a mechanism for recursive resolvers to send partial client IP address information to authoritative DNS name servers. Content Delivery Networks (CDNs) and latency-sensitive services use this to give geo-located responses when responding to name lookups coming through public DNS resolvers. Note that ECS may result in reduced privacy.

+
+
+
+
+

Custom DNS servers

+
+
+
+

The following list contains all DNS servers selected above. Furthermore, you can add your own custom DNS servers here. The expected format is one server per line in form of IP#port, where the port is optional. If given, it has to be separated by a hash # from the address (e.g. 127.0.0.1#5335 for a local unbound istance running on port 5335). The port defaults to 53 if omitted.

+ +
-
- +
+
+ +
+
+
+
+
+

Conditional forwarding  

+
+
+
+
+

If not configured as your DHCP server, Pi-hole typically won't be able to + determine the names of devices on your local network. As a + result, tables such as Top Clients will only show IP addresses.

+

One solution for this is to configure Pi-hole to forward these + requests to your DHCP server (most likely your router), but only for devices on your + home network. To configure this we will need to know the IP + address of your DHCP server and which addresses belong to your local network. + Exemplary input is given below as placeholder in the text boxes (if empty).

+

If your local network spans 192.168.0.1 - 192.168.0.255, then you will have to input + 192.168.0.0/24. If your local network is 192.168.47.1 - 192.168.47.255, it will + be 192.168.47.0/24 and similar. If your network is larger, the CIDR has to be + different, for instance a range of 10.8.0.1 - 10.8.255.255 results in 10.8.0.0/16, + whereas an even wider network of 10.0.0.1 - 10.255.255.255 results in 10.0.0.0/8. + Setting up IPv6 ranges is exactly similar to setting up IPv4 here and fully supported. + Feel free to reach out to us on our + Discourse forum + in case you need any assistance setting up local host name resolution for your particular system.

+

You can also specify a local domain name (like fritz.box) to ensure queries to + devices ending in your local domain name will not leave your network, however, this is optional. + The local domain name must match the domain name specified + in your DHCP server for this to work. You can likely find it within the DHCP settings.

+

Enabling Conditional Forwarding will also forward all hostnames (i.e., non-FQDNs) to the router + when "Never forward non-FQDNs" is not enabled.

+
+
+ + +
+
+ + + + + + + + + + + + + + + +
Local network in CIDR notationIP address of your DHCP server (router)Local domain name (optional)
+ + + + + +
+
+
-
-
-

Conditional forwarding  

-
-
-
-
-

If not configured as your DHCP server, Pi-hole typically won't be able to - determine the names of devices on your local network. As a - result, tables such as Top Clients will only show IP addresses.

-

One solution for this is to configure Pi-hole to forward these - requests to your DHCP server (most likely your router), but only for devices on your - home network. To configure this we will need to know the IP - address of your DHCP server and which addresses belong to your local network. - Exemplary input is given below as placeholder in the text boxes (if empty).

-

If your local network spans 192.168.0.1 - 192.168.0.255, then you will have to input - 192.168.0.0/24. If your local network is 192.168.47.1 - 192.168.47.255, it will - be 192.168.47.0/24 and similar. If your network is larger, the CIDR has to be - different, for instance a range of 10.8.0.1 - 10.8.255.255 results in 10.8.0.0/16, - whereas an even wider network of 10.0.0.1 - 10.255.255.255 results in 10.0.0.0/8. - Setting up IPv6 ranges is exactly similar to setting up IPv4 here and fully supported. - Feel free to reach out to us on our - Discourse forum - in case you need any assistance setting up local host name resolution for your particular system.

-

You can also specify a local domain name (like fritz.box) to ensure queries to - devices ending in your local domain name will not leave your network, however, this is optional. - The local domain name must match the domain name specified - in your DHCP server for this to work. You can likely find it within the DHCP settings.

-

Enabling Conditional Forwarding will also forward all hostnames (i.e., non-FQDNs) to the router - when "Never forward non-FQDNs" is not enabled.

-
+
+
+
+
+
+

Interface settings  

+
+
+
+
+
+
+

Recommended setting

- - -
-
- - - - - - - - - - - - - - - -
Local network in CIDR notationIP address of your DHCP server (router)Local domain name (optional)
- - - - - -
+ +
+
+

Potentially dangerous options

Make sure your Pi-hole is properly firewalled! +
+ + +
+
+ + +
+
+ + +
+

These options are dangerous on devices + directly connected to the Internet such as cloud instances and are only safe if your + Pi-hole is properly firewalled. In a typical at-home setup where your Pi-hole is + located within your local network (and you have not forwarded port 53 + in your router!) they are safe to use.

+
+
+

See our documentation for further technical details.

+
+
+
+
+
+
+

Advanced DNS settings

+
+
+
+
+
+ + +

Tells Pi-hole to never forward A or AAAA queries for plain + names, without dots or domain parts, to upstream nameservers. If + the name is not known from /etc/hosts or DHCP then a "not found" + answer is returned.
+ If Conditional Forwarding is enabled, unticking this box may cause a partial + DNS loop under certain circumstances (e.g. if a client would send TLD DNSSEC queries).

+
+
+
+ + +

All reverse lookups for private IP ranges (i.e., 192.168.0.x/24, etc.) + which are not found in /etc/hosts or the DHCP leases are answered + with "no such domain" rather than being forwarded upstream. The set + of prefixes affected is the list given in RFC6303.

+

Important: Enabling these two options may increase your privacy, + but may also prevent you from being able to access + local hostnames if the Pi-hole is not used as DHCP server.

+
+
+
+ + +

Validate DNS replies and cache DNSSEC data. When forwarding DNS + queries, Pi-hole requests the DNSSEC records needed to validate + the replies. If a domain fails validation or the upstream does not + support DNSSEC, this setting can cause issues resolving domains. + Use an upstream DNS server which supports DNSSEC when activating DNSSEC. Note that + the size of your log might increase significantly + when enabling DNSSEC. A DNSSEC resolver test can be found + here.

-
-
-
-

Interface settings  

-
-
-
-
-
-
-

Recommended setting

-
- - -
-
-
-

Potentially dangerous options

Make sure your Pi-hole is properly firewalled! -
- - -
-
- - -
-
- - -
-

These options are dangerous on devices - directly connected to the Internet such as cloud instances and are only safe if your - Pi-hole is properly firewalled. In a typical at-home setup where your Pi-hole is - located within your local network (and you have not forwarded port 53 - in your router!) they are safe to use.

-
-
-

See our documentation for further technical details.

-
-
-
+
+
+

Rate-limiting  

-
-
-

Advanced DNS settings

-
-
-
-
-
- - -

Tells Pi-hole to never forward A or AAAA queries for plain - names, without dots or domain parts, to upstream nameservers. If - the name is not known from /etc/hosts or DHCP then a "not found" - answer is returned.
- If Conditional Forwarding is enabled, unticking this box may cause a partial - DNS loop under certain circumstances (e.g. if a client would send TLD DNSSEC queries).

-
-
-
- - -

All reverse lookups for private IP ranges (i.e., 192.168.0.x/24, etc.) - which are not found in /etc/hosts or the DHCP leases are answered - with "no such domain" rather than being forwarded upstream. The set - of prefixes affected is the list given in RFC6303.

-

Important: Enabling these two options may increase your privacy, - but may also prevent you from being able to access - local hostnames if the Pi-hole is not used as DHCP server.

-
-
-
- - -

Validate DNS replies and cache DNSSEC data. When forwarding DNS - queries, Pi-hole requests the DNSSEC records needed to validate - the replies. If a domain fails validation or the upstream does not - support DNSSEC, this setting can cause issues resolving domains. - Use an upstream DNS server which supports DNSSEC when activating DNSSEC. Note that - the size of your log might increase significantly - when enabling DNSSEC. A DNSSEC resolver test can be found - here.

-
-
-
-
-
-
-
-

Rate-limiting  

-
-
-
-
-

Block clients making more than queries within - seconds.

-

When a client makes too many queries in too short time, it - gets rate-limited. Rate-limited queries are answered with a - REFUSED reply and not further processed by FTL - and prevent Pi-holes getting overwhelmed by rogue clients. - It is important to note that rate-limiting is happening on a - per-client basis. Other clients can continue to use FTL while - rate-limited clients are short-circuited at the same time.

-

Rate-limiting may be disabled altogether by setting both - values to zero. See - our documentation - for further details.

-
+
+
+
+

Block clients making more than queries within + seconds.

+

When a client makes too many queries in too short time, it + gets rate-limited. Rate-limited queries are answered with a + REFUSED reply and not further processed by FTL + and prevent Pi-holes getting overwhelmed by rogue clients. + It is important to note that rate-limiting is happening on a + per-client basis. Other clients can continue to use FTL while + rate-limited clients are short-circuited at the same time.

+

Rate-limiting may be disabled altogether by setting both + values to zero. See + our documentation + for further details.

-
- -
+
+
+
diff --git a/style/pi-hole.css b/style/pi-hole.css index f88cff86..a721ac02 100644 --- a/style/pi-hole.css +++ b/style/pi-hole.css @@ -1103,3 +1103,9 @@ table.dataTable tbody > tr > .selected { .totp_token::placeholder { opacity: 0.1; } + +.save-button { + position: fixed; + bottom: 2%; + right: 2%; +}