dnsmasq: same as previous with bits for #1256

src/etc/inc/interfaces.inc

@@ -1141,8 +1141,8 @@ function interfaces_configure()
         /* reload IPsec tunnels */
         ipsec_configure();
 
-        /* restart dns servers (defering dhcp restart) */
-        services_dnsmasq_configure(false);
+        /* restart dns servers */
+        services_dnsmasq_configure();
         services_unbound_configure();
 
         /* reload dhcpd (interface enabled/disabled status may have changed) */
@@ -2889,8 +2889,8 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven
             /* reload ipsec tunnels */
             ipsec_configure();
 
-            /* restart dns servers (defering dhcp restart) */
-            services_dnsmasq_configure(false);
+            /* restart dns servers */
+            services_dnsmasq_configure();
             services_unbound_configure();
 
             /* reload dhcpd (interface enabled/disabled status may have changed) */

src/etc/inc/services.inc

@@ -1783,7 +1783,7 @@ function dyndnsCheckIP($int)
     return $ip_address;
 }
 
-function services_dnsmasq_configure($dhcp_reload = true)
+function services_dnsmasq_configure($verbose = false)
 {
     global $config;
 
@@ -1796,123 +1796,118 @@ function services_dnsmasq_configure($dhcp_reload = true)
 
     killbypid('/var/run/dnsmasq.pid', 'TERM', true);
 
-    if (isset($config['dnsmasq']['enable'])) {
-        if (file_exists("/var/run/booting")) {
-            echo gettext("Starting DNS forwarder...");
-        }
+    if (!isset($config['dnsmasq']['enable'])) {
+        return;
+    }
 
-        $args = "";
+    if ($verbose) {
+        echo 'Starting DNS forwarder...';
+        flush();
+    }
 
-        if (isset($config['dnsmasq']['regdhcp'])) {
-            $args .= " --dhcp-hostsfile=/etc/hosts ";
-        }
+    $args = "";
 
-        /* Setup listen port, if non-default */
-        if (isset($config['dnsmasq']['port']) && is_port($config['dnsmasq']['port'])) {
-            $args .= " --port={$config['dnsmasq']['port']} ";
-        }
+    if (isset($config['dnsmasq']['regdhcp'])) {
+        $args .= " --dhcp-hostsfile=/etc/hosts ";
+    }
 
-        if (isset($config['dnsmasq']['interface'])) {
-            $addresses = array();
-            foreach (explode(",", $config['dnsmasq']['interface']) as $interface) {
-                if (is_ipaddrv4($interface)) {
-                    $addresses[] = $interface;
-                } elseif (is_ipaddrv6($interface)) {
-                     // Since dnsmasq does not support link-local address with scope specified. strip address.
-                     $addresses[] = explode("%", $interface)[0];
-                } else {
-                    $intf_ipv4 = get_interface_ip($interface);
-                    $intf_ipv6 = get_interface_ipv6($interface);
-                    if (!empty($intf_ipv4)) {
-                        $addresses[] = $intf_ipv4;
-                    }
-                    if (!empty($intf_ipv6)) {
-                        $addresses[] = explode("%", $intf_ipv6)[0];
-                    }
+    /* Setup listen port, if non-default */
+    if (isset($config['dnsmasq']['port']) && is_port($config['dnsmasq']['port'])) {
+        $args .= " --port={$config['dnsmasq']['port']} ";
+    }
+
+    if (isset($config['dnsmasq']['interface'])) {
+        $addresses = array();
+        foreach (explode(",", $config['dnsmasq']['interface']) as $interface) {
+            if (is_ipaddrv4($interface)) {
+                $addresses[] = $interface;
+            } elseif (is_ipaddrv6($interface)) {
+                 // Since dnsmasq does not support link-local address with scope specified. strip address.
+                 $addresses[] = explode("%", $interface)[0];
+            } else {
+                $intf_ipv4 = get_interface_ip($interface);
+                $intf_ipv6 = get_interface_ipv6($interface);
+                if (!empty($intf_ipv4)) {
+                    $addresses[] = $intf_ipv4;
+                }
+                if (!empty($intf_ipv6)) {
+                    $addresses[] = explode("%", $intf_ipv6)[0];
                 }
-            }
-            foreach ($addresses as $address) {
-                $args .= " --listen-address={$address} ";
-            }
-            if (!empty($addresses) && isset($config['dnsmasq']['strictbind'])) {
-                $args .= " --bind-interfaces ";
             }
         }
-
-        /* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */
-        /* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */
-        /* the user-specified entry made later on the command line below will be the one that is effective. */
-        if (isset($config['dnsmasq']['no_private_reverse'])) {
-            /* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */
-            /* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */
-            /* Just the OPNsense WAN might get a CGN address from an ISP. */
-            $args .= " --server=/10.in-addr.arpa/ ";
-            $args .= " --server=/168.192.in-addr.arpa/ ";
-            /* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */
-            for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) {
-                $args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ ";
-            }
+        foreach ($addresses as $address) {
+            $args .= " --listen-address={$address} ";
         }
-
-        /* Setup forwarded domains */
-        if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
-          foreach($config['dnsmasq']['domainoverrides'] as $override) {
-            if ($override['ip'] == "!") {
-                $override['ip'] = "";
-            }
-            $args .= ' --server='. escapeshellarg('/' . $override['domain'] . '/' . $override['ip']);
-          }
+        if (!empty($addresses) && isset($config['dnsmasq']['strictbind'])) {
+            $args .= " --bind-interfaces ";
         }
+    }
 
-        /* Allow DNS Rebind for forwarded domains */
-        if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
-            if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
-                foreach($config['dnsmasq']['domainoverrides'] as $override) {
-                    $args .= ' --rebind-domain-ok=' . escapeshellarg('/'.$override['domain'].'/') . ' ' ;
-                }
-            }
+    /* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */
+    /* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */
+    /* the user-specified entry made later on the command line below will be the one that is effective. */
+    if (isset($config['dnsmasq']['no_private_reverse'])) {
+        /* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */
+        /* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */
+        /* Just the OPNsense WAN might get a CGN address from an ISP. */
+        $args .= " --server=/10.in-addr.arpa/ ";
+        $args .= " --server=/168.192.in-addr.arpa/ ";
+        /* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */
+        for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) {
+            $args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ ";
         }
+    }
 
-        if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
-            $dns_rebind = "--rebind-localhost-ok --stop-dns-rebind";
+    /* Setup forwarded domains */
+    if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
+      foreach($config['dnsmasq']['domainoverrides'] as $override) {
+        if ($override['ip'] == "!") {
+            $override['ip'] = "";
         }
+        $args .= ' --server='. escapeshellarg('/' . $override['domain'] . '/' . $override['ip']);
+      }
+    }
 
-        if (isset($config['dnsmasq']['strict_order'])) {
-            $args .= " --strict-order ";
+    /* Allow DNS Rebind for forwarded domains */
+    if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
+        if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
+            foreach($config['dnsmasq']['domainoverrides'] as $override) {
+                $args .= ' --rebind-domain-ok=' . escapeshellarg('/'.$override['domain'].'/') . ' ' ;
+            }
         }
+    }
 
-        if (isset($config['dnsmasq']['domain_needed'])) {
-            $args .= " --domain-needed ";
-        }
+    if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
+        $dns_rebind = "--rebind-localhost-ok --stop-dns-rebind";
+    }
 
-        if (isset($config['dnsmasq']['custom_options']) && !empty($config['dnsmasq']['custom_options'])) {
-            foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) {
-                $args .= " " . escapeshellarg("--{$c}");
-                $p = explode('=', $c);
-                if (array_key_exists($p[0], $standard_args)) {
-                    unset($standard_args[$p[0]]);
-                }
-            }
-        }
-        $args .= ' ' . implode(' ', array_values($standard_args));
+    if (isset($config['dnsmasq']['strict_order'])) {
+        $args .= " --strict-order ";
+    }
 
-        /* run dnsmasq */
-        $cmd = "/usr/local/sbin/dnsmasq --all-servers {$dns_rebind} {$args}";
-        mwexec_bg($cmd);
-        services_dhcpleases_configure();
-        unset($args);
+    if (isset($config['dnsmasq']['domain_needed'])) {
+        $args .= " --domain-needed ";
+    }
 
-        if (file_exists("/var/run/booting")) {
-            echo gettext("done.") . "\n";
+    if (isset($config['dnsmasq']['custom_options']) && !empty($config['dnsmasq']['custom_options'])) {
+        foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) {
+            $args .= " " . escapeshellarg("--{$c}");
+            $p = explode('=', $c);
+            if (array_key_exists($p[0], $standard_args)) {
+                unset($standard_args[$p[0]]);
+            }
         }
     }
+    $args .= ' ' . implode(' ', array_values($standard_args));
 
-    /*
-     * XXX this is overly convoluted, potentiall
-     * restarting all of dhcp up to three times ;)
-     */
-    if ($dhcp_reload) {
-        services_dhcpd_configure();
+    /* run dnsmasq */
+    $cmd = "/usr/local/sbin/dnsmasq --all-servers {$dns_rebind} {$args}";
+    mwexec_bg($cmd);
+    services_dhcpleases_configure();
+    unset($args);
+
+    if ($verbose) {
+        echo "done.\n";
     }
 }
 

src/etc/inc/xmlrpc/legacy.inc

@@ -137,7 +137,7 @@ function filter_configure_xmlrpc()
     system_hosts_generate();
     services_dhcpleases_configure();
     local_sync_accounts();
-    services_dnsmasq_configure(false);
+    services_dnsmasq_configure();
     services_unbound_configure();
     services_dhcpd_configure();
     relayd_configure_do();

src/etc/rc.bootup

@@ -188,7 +188,7 @@ system_routing_configure();
 system_routing_enable();
 
 /* start dnsmasq service */
-services_dnsmasq_configure(false);
+services_dnsmasq_configure(true);
 
 /* start unbound service */
 services_unbound_configure(true);

src/www/services_dhcp.php

@@ -112,7 +112,7 @@ function reconfigure_dhcpd()
     system_hosts_generate();
     services_dhcpleases_configure();
     if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic']))  {
-        services_dnsmasq_configure(false);
+        services_dnsmasq_configure();
         clear_subsystem_dirty('hosts');
     }
     if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) {

src/www/services_dhcpv6.php

@@ -42,7 +42,7 @@ require_once("services.inc");
 function reconfigure_dhcpd()
 {
     if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic']))  {
-        services_dnsmasq_configure(false);
+        services_dnsmasq_configure();
         clear_subsystem_dirty('hosts');
     }
 

src/www/services_dnsmasq.php

@@ -109,6 +109,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             }
             write_config();
             services_dnsmasq_configure();
+            services_dhcpd_configure();
             header(url_safe('Location: /services_dnsmasq.php'));
             exit;
         }
@@ -120,6 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         system_hosts_generate();
         services_dhcpleases_configure();
         services_dnsmasq_configure();
+        services_dhcpd_configure();
         clear_subsystem_dirty('hosts');
         header(url_safe('Location: /services_dnsmasq.php'));
         exit;

src/www/services_dnsmasq_domainoverride_edit.php

@@ -116,6 +116,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $a_domainOverrides[] = $doment;
         }
         services_dnsmasq_configure();
+        services_dhcpd_configure();
         write_config();
         header(url_safe('Location: /services_dnsmasq.php'));
         exit;

src/www/system_advanced_admin.php

@@ -253,7 +253,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         system_login_configure();
         system_hosts_generate();
         services_dhcpleases_configure();
-        services_dnsmasq_configure(false);
+        services_dnsmasq_configure();
         services_unbound_configure();
         services_dhcpd_configure();
 

src/www/system_general.php

@@ -227,7 +227,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         system_hosts_generate();
         services_dhcpleases_configure();
         system_resolvconf_generate();
-        services_dnsmasq_configure(false);
+        services_dnsmasq_configure();
         services_unbound_configure();
         services_dhcpd_configure();
         system_timezone_configure();