/*
Technitium DNS Server
Copyright (C) 2024 Shreyas Zare (shreyas@technitium.com)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
using DnsServerCore.Auth;
using DnsServerCore.Dns;
using Microsoft.AspNetCore.Http;
using System;
using System.Collections.Generic;
using System.Collections.Immutable;
using System.IO;
using System.IO.Compression;
using System.Linq;
using System.Net;
using System.Net.Mail;
using System.Net.Sockets;
using System.Text;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
using TechnitiumLibrary;
using TechnitiumLibrary.Net;
using TechnitiumLibrary.Net.Dns;
using TechnitiumLibrary.Net.Dns.ClientConnection;
using TechnitiumLibrary.Net.Dns.ResourceRecords;
using TechnitiumLibrary.Net.Proxy;
namespace DnsServerCore
{
sealed class WebServiceSettingsApi : IDisposable
{
#region variables
static readonly char[] _commaSeparator = new char[] { ',' };
readonly DnsWebService _dnsWebService;
Timer _blockListUpdateTimer;
DateTime _blockListLastUpdatedOn;
int _blockListUpdateIntervalHours = 24;
const int BLOCK_LIST_UPDATE_TIMER_INITIAL_INTERVAL = 5000;
const int BLOCK_LIST_UPDATE_TIMER_PERIODIC_INTERVAL = 900000;
Timer _temporaryDisableBlockingTimer;
DateTime _temporaryDisableBlockingTill;
#endregion
#region constructor
public WebServiceSettingsApi(DnsWebService dnsWebService)
{
_dnsWebService = dnsWebService;
}
#endregion
#region IDisposable
bool _disposed;
public void Dispose()
{
if (_disposed)
return;
if (_blockListUpdateTimer is not null)
_blockListUpdateTimer.Dispose();
if (_temporaryDisableBlockingTimer is not null)
_temporaryDisableBlockingTimer.Dispose();
_disposed = true;
}
#endregion
#region block list
private void ForceUpdateBlockLists(bool forceReload)
{
Task.Run(async delegate ()
{
if (await _dnsWebService.DnsServer.BlockListZoneManager.UpdateBlockListsAsync(forceReload))
{
//block lists were updated
//save last updated on time
_blockListLastUpdatedOn = DateTime.UtcNow;
_dnsWebService.SaveConfigFile();
}
});
}
public void StartBlockListUpdateTimer(bool forceUpdateAndReload)
{
if (_blockListUpdateTimer is null)
{
if (forceUpdateAndReload)
_blockListLastUpdatedOn = default;
_blockListUpdateTimer = new Timer(async delegate (object state)
{
try
{
if (DateTime.UtcNow > _blockListLastUpdatedOn.AddHours(_blockListUpdateIntervalHours))
{
if (await _dnsWebService.DnsServer.BlockListZoneManager.UpdateBlockListsAsync(_blockListLastUpdatedOn == default))
{
//block lists were updated
//save last updated on time
_blockListLastUpdatedOn = DateTime.UtcNow;
_dnsWebService.SaveConfigFile();
}
}
}
catch (Exception ex)
{
_dnsWebService._log.Write("DNS Server encountered an error while updating block lists.\r\n" + ex.ToString());
}
}, null, BLOCK_LIST_UPDATE_TIMER_INITIAL_INTERVAL, BLOCK_LIST_UPDATE_TIMER_PERIODIC_INTERVAL);
}
}
public void StopBlockListUpdateTimer()
{
if (_blockListUpdateTimer is not null)
{
_blockListUpdateTimer.Dispose();
_blockListUpdateTimer = null;
}
}
public void StopTemporaryDisableBlockingTimer()
{
Timer temporaryDisableBlockingTimer = _temporaryDisableBlockingTimer;
if (temporaryDisableBlockingTimer is not null)
temporaryDisableBlockingTimer.Dispose();
}
#endregion
#region private
private void RestartService(bool restartDnsService, bool restartWebService, IReadOnlyList oldWebServiceLocalAddresses, int oldWebServiceHttpPort, int oldWebServiceTlsPort)
{
if (restartDnsService)
{
_ = Task.Run(async delegate ()
{
_dnsWebService._log.Write("Attempting to restart DNS service.");
try
{
await _dnsWebService.DnsServer.StopAsync();
await _dnsWebService.DnsServer.StartAsync();
_dnsWebService._log.Write("DNS service was restarted successfully.");
}
catch (Exception ex)
{
_dnsWebService._log.Write("Failed to restart DNS service.\r\n" + ex.ToString());
}
});
}
if (restartWebService)
{
_ = Task.Run(async delegate ()
{
await Task.Delay(2000); //wait for this HTTP response to be delivered before stopping web server
_dnsWebService._log.Write("Attempting to restart web service.");
try
{
await _dnsWebService.StopWebServiceAsync();
await _dnsWebService.TryStartWebServiceAsync(oldWebServiceLocalAddresses, oldWebServiceHttpPort, oldWebServiceTlsPort);
_dnsWebService._log.Write("Web service was restarted successfully.");
}
catch (Exception ex)
{
_dnsWebService._log.Write("Failed to restart web service.\r\n" + ex.ToString());
}
});
}
}
private static async Task CreateBackupEntryFromFileAsync(ZipArchive backupZip, string sourceFileName, string entryName)
{
using (FileStream fS = new FileStream(sourceFileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
ZipArchiveEntry entry = backupZip.CreateEntry(entryName);
DateTime lastWrite = File.GetLastWriteTime(sourceFileName);
// If file to be archived has an invalid last modified time, use the first datetime representable in the Zip timestamp format
// (midnight on January 1, 1980):
if (lastWrite.Year < 1980 || lastWrite.Year > 2107)
lastWrite = new DateTime(1980, 1, 1, 0, 0, 0);
entry.LastWriteTime = lastWrite;
using (Stream sE = entry.Open())
{
await fS.CopyToAsync(sE);
}
}
}
private void WriteDnsSettings(Utf8JsonWriter jsonWriter)
{
//general
jsonWriter.WriteString("version", _dnsWebService.GetServerVersion());
jsonWriter.WriteString("uptimestamp", _dnsWebService._uptimestamp);
jsonWriter.WriteString("dnsServerDomain", _dnsWebService.DnsServer.ServerDomain);
jsonWriter.WriteStringArray("dnsServerLocalEndPoints", _dnsWebService.DnsServer.LocalEndPoints);
jsonWriter.WriteStringArray("dnsServerIPv4SourceAddresses", DnsClientConnection.IPv4SourceAddresses);
jsonWriter.WriteStringArray("dnsServerIPv6SourceAddresses", DnsClientConnection.IPv6SourceAddresses);
jsonWriter.WriteNumber("defaultRecordTtl", _dnsWebService._zonesApi.DefaultRecordTtl);
jsonWriter.WriteString("defaultResponsiblePerson", _dnsWebService.DnsServer.ResponsiblePersonInternal?.Address);
jsonWriter.WriteBoolean("useSoaSerialDateScheme", _dnsWebService.DnsServer.AuthZoneManager.UseSoaSerialDateScheme);
jsonWriter.WriteStringArray("zoneTransferAllowedNetworks", _dnsWebService.DnsServer.ZoneTransferAllowedNetworks);
jsonWriter.WriteStringArray("notifyAllowedNetworks", _dnsWebService.DnsServer.NotifyAllowedNetworks);
jsonWriter.WriteBoolean("dnsAppsEnableAutomaticUpdate", _dnsWebService._appsApi.EnableAutomaticUpdate);
jsonWriter.WriteBoolean("preferIPv6", _dnsWebService.DnsServer.PreferIPv6);
jsonWriter.WriteNumber("udpPayloadSize", _dnsWebService.DnsServer.UdpPayloadSize);
jsonWriter.WriteBoolean("dnssecValidation", _dnsWebService.DnsServer.DnssecValidation);
jsonWriter.WriteBoolean("eDnsClientSubnet", _dnsWebService.DnsServer.EDnsClientSubnet);
jsonWriter.WriteNumber("eDnsClientSubnetIPv4PrefixLength", _dnsWebService.DnsServer.EDnsClientSubnetIPv4PrefixLength);
jsonWriter.WriteNumber("eDnsClientSubnetIPv6PrefixLength", _dnsWebService.DnsServer.EDnsClientSubnetIPv6PrefixLength);
jsonWriter.WriteString("eDnsClientSubnetIpv4Override", _dnsWebService.DnsServer.EDnsClientSubnetIpv4Override?.ToString());
jsonWriter.WriteString("eDnsClientSubnetIpv6Override", _dnsWebService.DnsServer.EDnsClientSubnetIpv6Override?.ToString());
jsonWriter.WriteNumber("qpmLimitRequests", _dnsWebService.DnsServer.QpmLimitRequests);
jsonWriter.WriteNumber("qpmLimitErrors", _dnsWebService.DnsServer.QpmLimitErrors);
jsonWriter.WriteNumber("qpmLimitSampleMinutes", _dnsWebService.DnsServer.QpmLimitSampleMinutes);
jsonWriter.WriteNumber("qpmLimitIPv4PrefixLength", _dnsWebService.DnsServer.QpmLimitIPv4PrefixLength);
jsonWriter.WriteNumber("qpmLimitIPv6PrefixLength", _dnsWebService.DnsServer.QpmLimitIPv6PrefixLength);
jsonWriter.WritePropertyName("qpmLimitBypassList");
jsonWriter.WriteStartArray();
if (_dnsWebService.DnsServer.QpmLimitBypassList is not null)
{
foreach (NetworkAddress network in _dnsWebService.DnsServer.QpmLimitBypassList)
jsonWriter.WriteStringValue(network.ToString());
}
jsonWriter.WriteEndArray();
jsonWriter.WriteNumber("clientTimeout", _dnsWebService.DnsServer.ClientTimeout);
jsonWriter.WriteNumber("tcpSendTimeout", _dnsWebService.DnsServer.TcpSendTimeout);
jsonWriter.WriteNumber("tcpReceiveTimeout", _dnsWebService.DnsServer.TcpReceiveTimeout);
jsonWriter.WriteNumber("quicIdleTimeout", _dnsWebService.DnsServer.QuicIdleTimeout);
jsonWriter.WriteNumber("quicMaxInboundStreams", _dnsWebService.DnsServer.QuicMaxInboundStreams);
jsonWriter.WriteNumber("listenBacklog", _dnsWebService.DnsServer.ListenBacklog);
//web service
jsonWriter.WritePropertyName("webServiceLocalAddresses");
jsonWriter.WriteStartArray();
foreach (IPAddress localAddress in _dnsWebService._webServiceLocalAddresses)
{
if (localAddress.AddressFamily == AddressFamily.InterNetworkV6)
jsonWriter.WriteStringValue("[" + localAddress.ToString() + "]");
else
jsonWriter.WriteStringValue(localAddress.ToString());
}
jsonWriter.WriteEndArray();
jsonWriter.WriteNumber("webServiceHttpPort", _dnsWebService._webServiceHttpPort);
jsonWriter.WriteBoolean("webServiceEnableTls", _dnsWebService._webServiceEnableTls);
jsonWriter.WriteBoolean("webServiceEnableHttp3", _dnsWebService._webServiceEnableHttp3);
jsonWriter.WriteBoolean("webServiceHttpToTlsRedirect", _dnsWebService._webServiceHttpToTlsRedirect);
jsonWriter.WriteBoolean("webServiceUseSelfSignedTlsCertificate", _dnsWebService._webServiceUseSelfSignedTlsCertificate);
jsonWriter.WriteNumber("webServiceTlsPort", _dnsWebService._webServiceTlsPort);
jsonWriter.WriteString("webServiceTlsCertificatePath", _dnsWebService._webServiceTlsCertificatePath);
jsonWriter.WriteString("webServiceTlsCertificatePassword", "************");
jsonWriter.WriteString("webServiceRealIpHeader", _dnsWebService._webServiceRealIpHeader);
//optional protocols
jsonWriter.WriteBoolean("enableDnsOverUdpProxy", _dnsWebService.DnsServer.EnableDnsOverUdpProxy);
jsonWriter.WriteBoolean("enableDnsOverTcpProxy", _dnsWebService.DnsServer.EnableDnsOverTcpProxy);
jsonWriter.WriteBoolean("enableDnsOverHttp", _dnsWebService.DnsServer.EnableDnsOverHttp);
jsonWriter.WriteBoolean("enableDnsOverTls", _dnsWebService.DnsServer.EnableDnsOverTls);
jsonWriter.WriteBoolean("enableDnsOverHttps", _dnsWebService.DnsServer.EnableDnsOverHttps);
jsonWriter.WriteBoolean("enableDnsOverHttp3", _dnsWebService.DnsServer.EnableDnsOverHttp3);
jsonWriter.WriteBoolean("enableDnsOverQuic", _dnsWebService.DnsServer.EnableDnsOverQuic);
jsonWriter.WriteNumber("dnsOverUdpProxyPort", _dnsWebService.DnsServer.DnsOverUdpProxyPort);
jsonWriter.WriteNumber("dnsOverTcpProxyPort", _dnsWebService.DnsServer.DnsOverTcpProxyPort);
jsonWriter.WriteNumber("dnsOverHttpPort", _dnsWebService.DnsServer.DnsOverHttpPort);
jsonWriter.WriteNumber("dnsOverTlsPort", _dnsWebService.DnsServer.DnsOverTlsPort);
jsonWriter.WriteNumber("dnsOverHttpsPort", _dnsWebService.DnsServer.DnsOverHttpsPort);
jsonWriter.WriteNumber("dnsOverQuicPort", _dnsWebService.DnsServer.DnsOverQuicPort);
jsonWriter.WriteString("dnsTlsCertificatePath", _dnsWebService._dnsTlsCertificatePath);
jsonWriter.WriteString("dnsTlsCertificatePassword", "************");
jsonWriter.WriteString("dnsOverHttpRealIpHeader", _dnsWebService.DnsServer.DnsOverHttpRealIpHeader);
//tsig
jsonWriter.WritePropertyName("tsigKeys");
{
jsonWriter.WriteStartArray();
if (_dnsWebService.DnsServer.TsigKeys is not null)
{
foreach (KeyValuePair tsigKey in _dnsWebService.DnsServer.TsigKeys.ToImmutableSortedDictionary())
{
jsonWriter.WriteStartObject();
jsonWriter.WriteString("keyName", tsigKey.Key);
jsonWriter.WriteString("sharedSecret", tsigKey.Value.SharedSecret);
jsonWriter.WriteString("algorithmName", tsigKey.Value.AlgorithmName);
jsonWriter.WriteEndObject();
}
}
jsonWriter.WriteEndArray();
}
//recursion
jsonWriter.WriteString("recursion", _dnsWebService.DnsServer.Recursion.ToString());
jsonWriter.WritePropertyName("recursionNetworkACL");
{
jsonWriter.WriteStartArray();
if (_dnsWebService.DnsServer.RecursionNetworkACL is not null)
{
foreach (NetworkAccessControl nac in _dnsWebService.DnsServer.RecursionNetworkACL)
jsonWriter.WriteStringValue(nac.ToString());
}
jsonWriter.WriteEndArray();
}
jsonWriter.WriteBoolean("randomizeName", _dnsWebService.DnsServer.RandomizeName);
jsonWriter.WriteBoolean("qnameMinimization", _dnsWebService.DnsServer.QnameMinimization);
jsonWriter.WriteBoolean("nsRevalidation", _dnsWebService.DnsServer.NsRevalidation);
jsonWriter.WriteNumber("resolverRetries", _dnsWebService.DnsServer.ResolverRetries);
jsonWriter.WriteNumber("resolverTimeout", _dnsWebService.DnsServer.ResolverTimeout);
jsonWriter.WriteNumber("resolverConcurrency", _dnsWebService.DnsServer.ResolverConcurrency);
jsonWriter.WriteNumber("resolverMaxStackCount", _dnsWebService.DnsServer.ResolverMaxStackCount);
//cache
jsonWriter.WriteBoolean("saveCache", _dnsWebService._saveCache);
jsonWriter.WriteBoolean("serveStale", _dnsWebService.DnsServer.ServeStale);
jsonWriter.WriteNumber("serveStaleTtl", _dnsWebService.DnsServer.CacheZoneManager.ServeStaleTtl);
jsonWriter.WriteNumber("serveStaleAnswerTtl", _dnsWebService.DnsServer.CacheZoneManager.ServeStaleAnswerTtl);
jsonWriter.WriteNumber("serveStaleResetTtl", _dnsWebService.DnsServer.CacheZoneManager.ServeStaleResetTtl);
jsonWriter.WriteNumber("serveStaleMaxWaitTime", _dnsWebService.DnsServer.ServeStaleMaxWaitTime);
jsonWriter.WriteNumber("cacheMaximumEntries", _dnsWebService.DnsServer.CacheZoneManager.MaximumEntries);
jsonWriter.WriteNumber("cacheMinimumRecordTtl", _dnsWebService.DnsServer.CacheZoneManager.MinimumRecordTtl);
jsonWriter.WriteNumber("cacheMaximumRecordTtl", _dnsWebService.DnsServer.CacheZoneManager.MaximumRecordTtl);
jsonWriter.WriteNumber("cacheNegativeRecordTtl", _dnsWebService.DnsServer.CacheZoneManager.NegativeRecordTtl);
jsonWriter.WriteNumber("cacheFailureRecordTtl", _dnsWebService.DnsServer.CacheZoneManager.FailureRecordTtl);
jsonWriter.WriteNumber("cachePrefetchEligibility", _dnsWebService.DnsServer.CachePrefetchEligibility);
jsonWriter.WriteNumber("cachePrefetchTrigger", _dnsWebService.DnsServer.CachePrefetchTrigger);
jsonWriter.WriteNumber("cachePrefetchSampleIntervalInMinutes", _dnsWebService.DnsServer.CachePrefetchSampleIntervalInMinutes);
jsonWriter.WriteNumber("cachePrefetchSampleEligibilityHitsPerHour", _dnsWebService.DnsServer.CachePrefetchSampleEligibilityHitsPerHour);
//blocking
jsonWriter.WriteBoolean("enableBlocking", _dnsWebService.DnsServer.EnableBlocking);
jsonWriter.WriteBoolean("allowTxtBlockingReport", _dnsWebService.DnsServer.AllowTxtBlockingReport);
jsonWriter.WritePropertyName("blockingBypassList");
jsonWriter.WriteStartArray();
if (_dnsWebService.DnsServer.BlockingBypassList is not null)
{
foreach (NetworkAddress network in _dnsWebService.DnsServer.BlockingBypassList)
jsonWriter.WriteStringValue(network.ToString());
}
jsonWriter.WriteEndArray();
if (!_dnsWebService.DnsServer.EnableBlocking && (DateTime.UtcNow < _temporaryDisableBlockingTill))
jsonWriter.WriteString("temporaryDisableBlockingTill", _temporaryDisableBlockingTill);
jsonWriter.WriteString("blockingType", _dnsWebService.DnsServer.BlockingType.ToString());
jsonWriter.WriteNumber("blockingAnswerTtl", _dnsWebService.DnsServer.BlockingAnswerTtl);
jsonWriter.WritePropertyName("customBlockingAddresses");
jsonWriter.WriteStartArray();
foreach (DnsARecordData record in _dnsWebService.DnsServer.CustomBlockingARecords)
jsonWriter.WriteStringValue(record.Address.ToString());
foreach (DnsAAAARecordData record in _dnsWebService.DnsServer.CustomBlockingAAAARecords)
jsonWriter.WriteStringValue(record.Address.ToString());
jsonWriter.WriteEndArray();
jsonWriter.WritePropertyName("blockListUrls");
if ((_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Count == 0) && (_dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Count == 0))
{
jsonWriter.WriteNullValue();
}
else
{
jsonWriter.WriteStartArray();
foreach (Uri allowListUrl in _dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls)
jsonWriter.WriteStringValue("!" + allowListUrl.AbsoluteUri);
foreach (Uri blockListUrl in _dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls)
jsonWriter.WriteStringValue(blockListUrl.AbsoluteUri);
jsonWriter.WriteEndArray();
}
jsonWriter.WriteNumber("blockListUpdateIntervalHours", _blockListUpdateIntervalHours);
if (_blockListUpdateTimer is not null)
{
DateTime blockListNextUpdatedOn = _blockListLastUpdatedOn.AddHours(_blockListUpdateIntervalHours);
jsonWriter.WriteString("blockListNextUpdatedOn", blockListNextUpdatedOn);
}
//proxy & forwarders
jsonWriter.WritePropertyName("proxy");
if (_dnsWebService.DnsServer.Proxy == null)
{
jsonWriter.WriteNullValue();
}
else
{
jsonWriter.WriteStartObject();
NetProxy proxy = _dnsWebService.DnsServer.Proxy;
jsonWriter.WriteString("type", proxy.Type.ToString());
jsonWriter.WriteString("address", proxy.Address);
jsonWriter.WriteNumber("port", proxy.Port);
NetworkCredential credential = proxy.Credential;
if (credential != null)
{
jsonWriter.WriteString("username", credential.UserName);
jsonWriter.WriteString("password", credential.Password);
}
jsonWriter.WritePropertyName("bypass");
jsonWriter.WriteStartArray();
foreach (NetProxyBypassItem item in proxy.BypassList)
jsonWriter.WriteStringValue(item.Value);
jsonWriter.WriteEndArray();
jsonWriter.WriteEndObject();
}
jsonWriter.WritePropertyName("forwarders");
DnsTransportProtocol forwarderProtocol = DnsTransportProtocol.Udp;
if (_dnsWebService.DnsServer.Forwarders == null)
{
jsonWriter.WriteNullValue();
}
else
{
forwarderProtocol = _dnsWebService.DnsServer.Forwarders[0].Protocol;
jsonWriter.WriteStartArray();
foreach (NameServerAddress forwarder in _dnsWebService.DnsServer.Forwarders)
jsonWriter.WriteStringValue(forwarder.OriginalAddress);
jsonWriter.WriteEndArray();
}
jsonWriter.WriteString("forwarderProtocol", forwarderProtocol.ToString());
jsonWriter.WriteBoolean("concurrentForwarding", _dnsWebService.DnsServer.ConcurrentForwarding);
jsonWriter.WriteNumber("forwarderRetries", _dnsWebService.DnsServer.ForwarderRetries);
jsonWriter.WriteNumber("forwarderTimeout", _dnsWebService.DnsServer.ForwarderTimeout);
jsonWriter.WriteNumber("forwarderConcurrency", _dnsWebService.DnsServer.ForwarderConcurrency);
//logging
jsonWriter.WriteBoolean("enableLogging", _dnsWebService._log.EnableLogging);
jsonWriter.WriteBoolean("ignoreResolverLogs", _dnsWebService.DnsServer.ResolverLogManager == null);
jsonWriter.WriteBoolean("logQueries", _dnsWebService.DnsServer.QueryLogManager != null);
jsonWriter.WriteBoolean("useLocalTime", _dnsWebService._log.UseLocalTime);
jsonWriter.WriteString("logFolder", _dnsWebService._log.LogFolder);
jsonWriter.WriteNumber("maxLogFileDays", _dnsWebService._log.MaxLogFileDays);
jsonWriter.WriteBoolean("enableInMemoryStats", _dnsWebService.DnsServer.StatsManager.EnableInMemoryStats);
jsonWriter.WriteNumber("maxStatFileDays", _dnsWebService.DnsServer.StatsManager.MaxStatFileDays);
}
private static List ParseNetworkAddresses(string networkAddresses)
{
if ((networkAddresses.Length == 0) || networkAddresses.Equals("false", StringComparison.OrdinalIgnoreCase))
return null;
string[] addresses = networkAddresses.Split(_commaSeparator, StringSplitOptions.RemoveEmptyEntries);
List networks = new List(addresses.Length);
foreach (string address in addresses)
{
if (NetworkAddress.TryParse(address, out NetworkAddress networkAddress))
networks.Add(networkAddress);
}
return networks;
}
#endregion
#region public
public void GetDnsSettings(HttpContext context)
{
UserSession session = context.GetCurrentSession();
if (!_dnsWebService._authManager.IsPermitted(PermissionSection.Settings, session.User, PermissionFlag.View))
throw new DnsWebServiceException("Access was denied.");
Utf8JsonWriter jsonWriter = context.GetCurrentJsonWriter();
WriteDnsSettings(jsonWriter);
}
public void SetDnsSettings(HttpContext context)
{
UserSession session = context.GetCurrentSession();
if (!_dnsWebService._authManager.IsPermitted(PermissionSection.Settings, session.User, PermissionFlag.Modify))
throw new DnsWebServiceException("Access was denied.");
bool serverDomainChanged = false;
bool restartDnsService = false;
bool restartWebService = false;
bool blockListUrlsUpdated = false;
IReadOnlyList oldWebServiceLocalAddresses = _dnsWebService._webServiceLocalAddresses;
int oldWebServiceHttpPort = _dnsWebService._webServiceHttpPort;
int oldWebServiceTlsPort = _dnsWebService._webServiceTlsPort;
bool _webServiceEnablingTls = false;
HttpRequest request = context.Request;
//general
if (request.TryGetQueryOrForm("dnsServerDomain", out string dnsServerDomain))
{
dnsServerDomain = dnsServerDomain.TrimEnd('.');
if (!_dnsWebService.DnsServer.ServerDomain.Equals(dnsServerDomain, StringComparison.OrdinalIgnoreCase))
{
_dnsWebService.DnsServer.ServerDomain = dnsServerDomain;
serverDomainChanged = true;
}
}
string dnsServerLocalEndPoints = request.QueryOrForm("dnsServerLocalEndPoints");
if (dnsServerLocalEndPoints is not null)
{
if (dnsServerLocalEndPoints.Length == 0)
dnsServerLocalEndPoints = "0.0.0.0:53,[::]:53";
IPEndPoint[] localEndPoints = dnsServerLocalEndPoints.Split(IPEndPoint.Parse, ',');
if (localEndPoints.Length > 0)
{
foreach (IPEndPoint localEndPoint in localEndPoints)
{
if (localEndPoint.Port == 0)
localEndPoint.Port = 53;
}
if (_dnsWebService.DnsServer.LocalEndPoints.Count != localEndPoints.Length)
{
restartDnsService = true;
}
else
{
foreach (IPEndPoint currentLocalEP in _dnsWebService.DnsServer.LocalEndPoints)
{
if (!localEndPoints.Contains(currentLocalEP))
{
restartDnsService = true;
break;
}
}
}
_dnsWebService.DnsServer.LocalEndPoints = localEndPoints;
}
}
string dnsServerIPv4SourceAddresses = request.QueryOrForm("dnsServerIPv4SourceAddresses");
if (dnsServerIPv4SourceAddresses is not null)
DnsClientConnection.IPv4SourceAddresses = ParseNetworkAddresses(dnsServerIPv4SourceAddresses);
string dnsServerIPv6SourceAddresses = request.QueryOrForm("dnsServerIPv6SourceAddresses");
if (dnsServerIPv6SourceAddresses is not null)
DnsClientConnection.IPv6SourceAddresses = ParseNetworkAddresses(dnsServerIPv6SourceAddresses);
if (request.TryGetQueryOrForm("defaultRecordTtl", uint.Parse, out uint defaultRecordTtl))
_dnsWebService._zonesApi.DefaultRecordTtl = defaultRecordTtl;
string defaultResponsiblePerson = request.QueryOrForm("defaultResponsiblePerson");
if (defaultResponsiblePerson is not null)
{
if (defaultResponsiblePerson.Length == 0)
_dnsWebService.DnsServer.ResponsiblePersonInternal = null;
else if (defaultResponsiblePerson.Length > 255)
throw new ArgumentException("Default responsible person email address length cannot exceed 255 characters.", "defaultResponsiblePerson");
else
_dnsWebService.DnsServer.ResponsiblePersonInternal = new MailAddress(defaultResponsiblePerson);
}
if (request.TryGetQueryOrForm("useSoaSerialDateScheme", bool.Parse, out bool useSoaSerialDateScheme))
_dnsWebService.DnsServer.AuthZoneManager.UseSoaSerialDateScheme = useSoaSerialDateScheme;
string zoneTransferAllowedNetworks = request.QueryOrForm("zoneTransferAllowedNetworks");
if (zoneTransferAllowedNetworks is not null)
_dnsWebService.DnsServer.ZoneTransferAllowedNetworks = ParseNetworkAddresses(zoneTransferAllowedNetworks);
string notifyAllowedNetworks = request.QueryOrForm("notifyAllowedNetworks");
if (notifyAllowedNetworks is not null)
_dnsWebService.DnsServer.NotifyAllowedNetworks = ParseNetworkAddresses(notifyAllowedNetworks);
if (request.TryGetQueryOrForm("dnsAppsEnableAutomaticUpdate", bool.Parse, out bool dnsAppsEnableAutomaticUpdate))
_dnsWebService._appsApi.EnableAutomaticUpdate = dnsAppsEnableAutomaticUpdate;
if (request.TryGetQueryOrForm("preferIPv6", bool.Parse, out bool preferIPv6))
_dnsWebService.DnsServer.PreferIPv6 = preferIPv6;
if (request.TryGetQueryOrForm("udpPayloadSize", ushort.Parse, out ushort udpPayloadSize))
_dnsWebService.DnsServer.UdpPayloadSize = udpPayloadSize;
if (request.TryGetQueryOrForm("dnssecValidation", bool.Parse, out bool dnssecValidation))
_dnsWebService.DnsServer.DnssecValidation = dnssecValidation;
if (request.TryGetQueryOrForm("eDnsClientSubnet", bool.Parse, out bool eDnsClientSubnet))
_dnsWebService.DnsServer.EDnsClientSubnet = eDnsClientSubnet;
if (request.TryGetQueryOrForm("eDnsClientSubnetIPv4PrefixLength", byte.Parse, out byte eDnsClientSubnetIPv4PrefixLength))
_dnsWebService.DnsServer.EDnsClientSubnetIPv4PrefixLength = eDnsClientSubnetIPv4PrefixLength;
if (request.TryGetQueryOrForm("eDnsClientSubnetIPv6PrefixLength", byte.Parse, out byte eDnsClientSubnetIPv6PrefixLength))
_dnsWebService.DnsServer.EDnsClientSubnetIPv6PrefixLength = eDnsClientSubnetIPv6PrefixLength;
string eDnsClientSubnetIpv4Override = request.QueryOrForm("eDnsClientSubnetIpv4Override");
if (eDnsClientSubnetIpv4Override is not null)
{
if (eDnsClientSubnetIpv4Override.Length == 0)
_dnsWebService.DnsServer.EDnsClientSubnetIpv4Override = null;
else
_dnsWebService.DnsServer.EDnsClientSubnetIpv4Override = NetworkAddress.Parse(eDnsClientSubnetIpv4Override);
}
string eDnsClientSubnetIpv6Override = request.QueryOrForm("eDnsClientSubnetIpv6Override");
if (eDnsClientSubnetIpv6Override is not null)
{
if (eDnsClientSubnetIpv6Override.Length == 0)
_dnsWebService.DnsServer.EDnsClientSubnetIpv6Override = null;
else
_dnsWebService.DnsServer.EDnsClientSubnetIpv6Override = NetworkAddress.Parse(eDnsClientSubnetIpv6Override);
}
if (request.TryGetQueryOrForm("qpmLimitRequests", int.Parse, out int qpmLimitRequests))
_dnsWebService.DnsServer.QpmLimitRequests = qpmLimitRequests;
if (request.TryGetQueryOrForm("qpmLimitErrors", int.Parse, out int qpmLimitErrors))
_dnsWebService.DnsServer.QpmLimitErrors = qpmLimitErrors;
if (request.TryGetQueryOrForm("qpmLimitSampleMinutes", int.Parse, out int qpmLimitSampleMinutes))
_dnsWebService.DnsServer.QpmLimitSampleMinutes = qpmLimitSampleMinutes;
if (request.TryGetQueryOrForm("qpmLimitIPv4PrefixLength", int.Parse, out int qpmLimitIPv4PrefixLength))
_dnsWebService.DnsServer.QpmLimitIPv4PrefixLength = qpmLimitIPv4PrefixLength;
if (request.TryGetQueryOrForm("qpmLimitIPv6PrefixLength", int.Parse, out int qpmLimitIPv6PrefixLength))
_dnsWebService.DnsServer.QpmLimitIPv6PrefixLength = qpmLimitIPv6PrefixLength;
string qpmLimitBypassList = request.QueryOrForm("qpmLimitBypassList");
if (qpmLimitBypassList is not null)
_dnsWebService.DnsServer.QpmLimitBypassList = ParseNetworkAddresses(qpmLimitBypassList);
if (request.TryGetQueryOrForm("clientTimeout", int.Parse, out int clientTimeout))
_dnsWebService.DnsServer.ClientTimeout = clientTimeout;
if (request.TryGetQueryOrForm("tcpSendTimeout", int.Parse, out int tcpSendTimeout))
_dnsWebService.DnsServer.TcpSendTimeout = tcpSendTimeout;
if (request.TryGetQueryOrForm("tcpReceiveTimeout", int.Parse, out int tcpReceiveTimeout))
_dnsWebService.DnsServer.TcpReceiveTimeout = tcpReceiveTimeout;
if (request.TryGetQueryOrForm("quicIdleTimeout", int.Parse, out int quicIdleTimeout))
_dnsWebService.DnsServer.QuicIdleTimeout = quicIdleTimeout;
if (request.TryGetQueryOrForm("quicMaxInboundStreams", int.Parse, out int quicMaxInboundStreams))
_dnsWebService.DnsServer.QuicMaxInboundStreams = quicMaxInboundStreams;
if (request.TryGetQueryOrForm("listenBacklog", int.Parse, out int listenBacklog))
_dnsWebService.DnsServer.ListenBacklog = listenBacklog;
//web service
string webServiceLocalAddresses = request.QueryOrForm("webServiceLocalAddresses");
if (webServiceLocalAddresses is not null)
{
if (webServiceLocalAddresses.Length == 0)
webServiceLocalAddresses = "0.0.0.0,[::]";
IPAddress[] localAddresses = webServiceLocalAddresses.Split(IPAddress.Parse, ',');
if (localAddresses.Length > 0)
{
if (_dnsWebService._webServiceLocalAddresses.Count != localAddresses.Length)
{
restartWebService = true;
}
else
{
foreach (IPAddress currentlocalAddress in _dnsWebService._webServiceLocalAddresses)
{
if (!localAddresses.Contains(currentlocalAddress))
{
restartWebService = true;
break;
}
}
}
_dnsWebService._webServiceLocalAddresses = DnsServer.GetValidKestralLocalAddresses(localAddresses);
}
}
if (request.TryGetQueryOrForm("webServiceHttpPort", int.Parse, out int webServiceHttpPort))
{
if (_dnsWebService._webServiceHttpPort != webServiceHttpPort)
{
_dnsWebService._webServiceHttpPort = webServiceHttpPort;
restartWebService = true;
}
}
if (request.TryGetQueryOrForm("webServiceEnableTls", bool.Parse, out bool webServiceEnableTls))
{
if (_dnsWebService._webServiceEnableTls != webServiceEnableTls)
{
_dnsWebService._webServiceEnableTls = webServiceEnableTls;
_webServiceEnablingTls = webServiceEnableTls;
restartWebService = true;
}
}
if (request.TryGetQueryOrForm("webServiceEnableHttp3", bool.Parse, out bool webServiceEnableHttp3))
{
if (_dnsWebService._webServiceEnableHttp3 != webServiceEnableHttp3)
{
if (webServiceEnableHttp3)
DnsWebService.ValidateQuicSupport("HTTP/3");
_dnsWebService._webServiceEnableHttp3 = webServiceEnableHttp3;
restartWebService = true;
}
}
if (request.TryGetQueryOrForm("webServiceHttpToTlsRedirect", bool.Parse, out bool webServiceHttpToTlsRedirect))
{
if (_dnsWebService._webServiceHttpToTlsRedirect != webServiceHttpToTlsRedirect)
{
_dnsWebService._webServiceHttpToTlsRedirect = webServiceHttpToTlsRedirect;
restartWebService = true;
}
}
if (request.TryGetQueryOrForm("webServiceUseSelfSignedTlsCertificate", bool.Parse, out bool webServiceUseSelfSignedTlsCertificate))
_dnsWebService._webServiceUseSelfSignedTlsCertificate = webServiceUseSelfSignedTlsCertificate;
if (request.TryGetQueryOrForm("webServiceTlsPort", int.Parse, out int webServiceTlsPort))
{
if (_dnsWebService._webServiceTlsPort != webServiceTlsPort)
{
_dnsWebService._webServiceTlsPort = webServiceTlsPort;
restartWebService = true;
}
}
string webServiceTlsCertificatePath = request.QueryOrForm("webServiceTlsCertificatePath");
if (webServiceTlsCertificatePath is not null)
{
if (webServiceTlsCertificatePath.Length == 0)
{
_dnsWebService._webServiceTlsCertificatePath = null;
_dnsWebService._webServiceTlsCertificatePassword = "";
}
else
{
string webServiceTlsCertificatePassword = request.QueryOrForm("webServiceTlsCertificatePassword");
if ((webServiceTlsCertificatePassword is null) || (webServiceTlsCertificatePassword == "************"))
webServiceTlsCertificatePassword = _dnsWebService._webServiceTlsCertificatePassword;
if ((webServiceTlsCertificatePath != _dnsWebService._webServiceTlsCertificatePath) || (webServiceTlsCertificatePassword != _dnsWebService._webServiceTlsCertificatePassword))
{
if (webServiceTlsCertificatePath.Length > 255)
throw new ArgumentException("Web service TLS certificate path length cannot exceed 255 characters.", "webServiceTlsCertificatePath");
if (webServiceTlsCertificatePassword?.Length > 255)
throw new ArgumentException("Web service TLS certificate password length cannot exceed 255 characters.", "webServiceTlsCertificatePassword");
_dnsWebService.LoadWebServiceTlsCertificate(_dnsWebService.ConvertToAbsolutePath(webServiceTlsCertificatePath), webServiceTlsCertificatePassword);
_dnsWebService._webServiceTlsCertificatePath = _dnsWebService.ConvertToRelativePath(webServiceTlsCertificatePath);
_dnsWebService._webServiceTlsCertificatePassword = webServiceTlsCertificatePassword;
_dnsWebService.StartTlsCertificateUpdateTimer();
}
}
}
if (request.TryGetQueryOrForm("webServiceRealIpHeader", out string webServiceRealIpHeader))
{
if (webServiceRealIpHeader.Length > 255)
throw new ArgumentException("Web service Real IP header name cannot exceed 255 characters.", "webServiceRealIpHeader");
if (webServiceRealIpHeader.Contains(' '))
throw new ArgumentException("Web service Real IP header name cannot contain invalid characters.", "webServiceRealIpHeader");
_dnsWebService._webServiceRealIpHeader = webServiceRealIpHeader;
}
//optional protocols
if (request.TryGetQueryOrForm("enableDnsOverUdpProxy", bool.Parse, out bool enableDnsOverUdpProxy))
{
if (_dnsWebService.DnsServer.EnableDnsOverUdpProxy != enableDnsOverUdpProxy)
{
_dnsWebService.DnsServer.EnableDnsOverUdpProxy = enableDnsOverUdpProxy;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("enableDnsOverTcpProxy", bool.Parse, out bool enableDnsOverTcpProxy))
{
if (_dnsWebService.DnsServer.EnableDnsOverTcpProxy != enableDnsOverTcpProxy)
{
_dnsWebService.DnsServer.EnableDnsOverTcpProxy = enableDnsOverTcpProxy;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("enableDnsOverHttp", bool.Parse, out bool enableDnsOverHttp))
{
if (_dnsWebService.DnsServer.EnableDnsOverHttp != enableDnsOverHttp)
{
_dnsWebService.DnsServer.EnableDnsOverHttp = enableDnsOverHttp;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("enableDnsOverTls", bool.Parse, out bool enableDnsOverTls))
{
if (_dnsWebService.DnsServer.EnableDnsOverTls != enableDnsOverTls)
{
_dnsWebService.DnsServer.EnableDnsOverTls = enableDnsOverTls;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("enableDnsOverHttps", bool.Parse, out bool enableDnsOverHttps))
{
if (_dnsWebService.DnsServer.EnableDnsOverHttps != enableDnsOverHttps)
{
_dnsWebService.DnsServer.EnableDnsOverHttps = enableDnsOverHttps;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("enableDnsOverHttp3", bool.Parse, out bool enableDnsOverHttp3))
{
if (_dnsWebService.DnsServer.EnableDnsOverHttp3 != enableDnsOverHttp3)
{
if (enableDnsOverHttp3)
DnsWebService.ValidateQuicSupport("DNS-over-HTTP/3");
_dnsWebService.DnsServer.EnableDnsOverHttp3 = enableDnsOverHttp3;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("enableDnsOverQuic", bool.Parse, out bool enableDnsOverQuic))
{
if (_dnsWebService.DnsServer.EnableDnsOverQuic != enableDnsOverQuic)
{
if (enableDnsOverQuic)
DnsWebService.ValidateQuicSupport();
_dnsWebService.DnsServer.EnableDnsOverQuic = enableDnsOverQuic;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("dnsOverUdpProxyPort", int.Parse, out int dnsOverUdpProxyPort))
{
if (_dnsWebService.DnsServer.DnsOverUdpProxyPort != dnsOverUdpProxyPort)
{
_dnsWebService.DnsServer.DnsOverUdpProxyPort = dnsOverUdpProxyPort;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("dnsOverTcpProxyPort", int.Parse, out int dnsOverTcpProxyPort))
{
if (_dnsWebService.DnsServer.DnsOverTcpProxyPort != dnsOverTcpProxyPort)
{
_dnsWebService.DnsServer.DnsOverTcpProxyPort = dnsOverTcpProxyPort;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("dnsOverHttpPort", int.Parse, out int dnsOverHttpPort))
{
if (_dnsWebService.DnsServer.DnsOverHttpPort != dnsOverHttpPort)
{
_dnsWebService.DnsServer.DnsOverHttpPort = dnsOverHttpPort;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("dnsOverTlsPort", int.Parse, out int dnsOverTlsPort))
{
if (_dnsWebService.DnsServer.DnsOverTlsPort != dnsOverTlsPort)
{
_dnsWebService.DnsServer.DnsOverTlsPort = dnsOverTlsPort;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("dnsOverHttpsPort", int.Parse, out int dnsOverHttpsPort))
{
if (_dnsWebService.DnsServer.DnsOverHttpsPort != dnsOverHttpsPort)
{
_dnsWebService.DnsServer.DnsOverHttpsPort = dnsOverHttpsPort;
restartDnsService = true;
}
}
if (request.TryGetQueryOrForm("dnsOverQuicPort", int.Parse, out int dnsOverQuicPort))
{
if (_dnsWebService.DnsServer.DnsOverQuicPort != dnsOverQuicPort)
{
_dnsWebService.DnsServer.DnsOverQuicPort = dnsOverQuicPort;
restartDnsService = true;
}
}
string dnsTlsCertificatePath = request.QueryOrForm("dnsTlsCertificatePath");
if (dnsTlsCertificatePath is not null)
{
if (dnsTlsCertificatePath.Length == 0)
{
if (!string.IsNullOrEmpty(_dnsWebService._dnsTlsCertificatePath) && (_dnsWebService.DnsServer.EnableDnsOverTls || _dnsWebService.DnsServer.EnableDnsOverHttps || _dnsWebService.DnsServer.EnableDnsOverQuic))
restartDnsService = true;
_dnsWebService.DnsServer.CertificateCollection = null;
_dnsWebService._dnsTlsCertificatePath = null;
_dnsWebService._dnsTlsCertificatePassword = "";
}
else
{
string dnsTlsCertificatePassword = request.QueryOrForm("dnsTlsCertificatePassword");
if ((dnsTlsCertificatePassword is null) || (dnsTlsCertificatePassword == "************"))
dnsTlsCertificatePassword = _dnsWebService._dnsTlsCertificatePassword;
if ((dnsTlsCertificatePath != _dnsWebService._dnsTlsCertificatePath) || (dnsTlsCertificatePassword != _dnsWebService._dnsTlsCertificatePassword))
{
if (dnsTlsCertificatePath.Length > 255)
throw new ArgumentException("DNS optional protocols TLS certificate path length cannot exceed 255 characters.", "dnsTlsCertificatePath");
if (dnsTlsCertificatePassword?.Length > 255)
throw new ArgumentException("DNS optional protocols TLS certificate password length cannot exceed 255 characters.", "dnsTlsCertificatePassword");
_dnsWebService.LoadDnsTlsCertificate(_dnsWebService.ConvertToAbsolutePath(dnsTlsCertificatePath), dnsTlsCertificatePassword);
if (string.IsNullOrEmpty(_dnsWebService._dnsTlsCertificatePath) && (_dnsWebService.DnsServer.EnableDnsOverTls || _dnsWebService.DnsServer.EnableDnsOverHttps || _dnsWebService.DnsServer.EnableDnsOverQuic))
restartDnsService = true;
_dnsWebService._dnsTlsCertificatePath = _dnsWebService.ConvertToRelativePath(dnsTlsCertificatePath);
_dnsWebService._dnsTlsCertificatePassword = dnsTlsCertificatePassword;
_dnsWebService.StartTlsCertificateUpdateTimer();
}
}
}
if (request.TryGetQueryOrForm("dnsOverHttpRealIpHeader", out string dnsOverHttpRealIpHeader))
_dnsWebService.DnsServer.DnsOverHttpRealIpHeader = dnsOverHttpRealIpHeader;
//tsig
string strTsigKeys = request.QueryOrForm("tsigKeys");
if (strTsigKeys is not null)
{
if ((strTsigKeys.Length == 0) || strTsigKeys.Equals("false", StringComparison.OrdinalIgnoreCase))
{
_dnsWebService.DnsServer.TsigKeys = null;
}
else
{
string[] strTsigKeyParts = strTsigKeys.Split('|');
Dictionary tsigKeys = new Dictionary(strTsigKeyParts.Length);
for (int i = 0; i < strTsigKeyParts.Length; i += 3)
{
string keyName = strTsigKeyParts[i + 0].TrimEnd('.').ToLowerInvariant();
string sharedSecret = strTsigKeyParts[i + 1];
string algorithmName = strTsigKeyParts[i + 2];
if (DnsClient.IsDomainNameUnicode(keyName))
keyName = DnsClient.ConvertDomainNameToAscii(keyName);
DnsClient.IsDomainNameValid(keyName, true);
if (sharedSecret.Length == 0)
tsigKeys.Add(keyName, new TsigKey(keyName, algorithmName));
else
tsigKeys.Add(keyName, new TsigKey(keyName, sharedSecret, algorithmName));
}
_dnsWebService.DnsServer.TsigKeys = tsigKeys;
}
}
//recursion
if (request.TryGetQueryOrFormEnum("recursion", out DnsServerRecursion recursion))
_dnsWebService.DnsServer.Recursion = recursion;
string recursionNetworkACL = request.QueryOrForm("recursionNetworkACL");
if (recursionNetworkACL is not null)
{
if ((recursionNetworkACL.Length == 0) || recursionNetworkACL.Equals("false", StringComparison.OrdinalIgnoreCase))
_dnsWebService.DnsServer.RecursionNetworkACL = null;
else
_dnsWebService.DnsServer.RecursionNetworkACL = recursionNetworkACL.Split(NetworkAccessControl.Parse, ',');
}
if (request.TryGetQueryOrForm("randomizeName", bool.Parse, out bool randomizeName))
_dnsWebService.DnsServer.RandomizeName = randomizeName;
if (request.TryGetQueryOrForm("qnameMinimization", bool.Parse, out bool qnameMinimization))
_dnsWebService.DnsServer.QnameMinimization = qnameMinimization;
if (request.TryGetQueryOrForm("nsRevalidation", bool.Parse, out bool nsRevalidation))
_dnsWebService.DnsServer.NsRevalidation = nsRevalidation;
if (request.TryGetQueryOrForm("resolverRetries", int.Parse, out int resolverRetries))
_dnsWebService.DnsServer.ResolverRetries = resolverRetries;
if (request.TryGetQueryOrForm("resolverTimeout", int.Parse, out int resolverTimeout))
_dnsWebService.DnsServer.ResolverTimeout = resolverTimeout;
if (request.TryGetQueryOrForm("resolverConcurrency", int.Parse, out int resolverConcurrency))
_dnsWebService.DnsServer.ResolverConcurrency = resolverConcurrency;
if (request.TryGetQueryOrForm("resolverMaxStackCount", int.Parse, out int resolverMaxStackCount))
_dnsWebService.DnsServer.ResolverMaxStackCount = resolverMaxStackCount;
//cache
if (request.TryGetQueryOrForm("saveCache", bool.Parse, out bool saveCache))
{
if (!saveCache)
_dnsWebService.DnsServer.CacheZoneManager.DeleteCacheZoneFile();
_dnsWebService._saveCache = saveCache;
}
if (request.TryGetQueryOrForm("serveStale", bool.Parse, out bool serveStale))
_dnsWebService.DnsServer.ServeStale = serveStale;
if (request.TryGetQueryOrForm("serveStaleTtl", uint.Parse, out uint serveStaleTtl))
_dnsWebService.DnsServer.CacheZoneManager.ServeStaleTtl = serveStaleTtl;
if (request.TryGetQueryOrForm("serveStaleAnswerTtl", uint.Parse, out uint serveStaleAnswerTtl))
_dnsWebService.DnsServer.CacheZoneManager.ServeStaleAnswerTtl = serveStaleAnswerTtl;
if (request.TryGetQueryOrForm("serveStaleResetTtl", uint.Parse, out uint serveStaleResetTtl))
_dnsWebService.DnsServer.CacheZoneManager.ServeStaleResetTtl = serveStaleResetTtl;
if (request.TryGetQueryOrForm("serveStaleMaxWaitTime", int.Parse, out int serveStaleMaxWaitTime))
_dnsWebService.DnsServer.ServeStaleMaxWaitTime = serveStaleMaxWaitTime;
if (request.TryGetQueryOrForm("cacheMaximumEntries", long.Parse, out long cacheMaximumEntries))
_dnsWebService.DnsServer.CacheZoneManager.MaximumEntries = cacheMaximumEntries;
if (request.TryGetQueryOrForm("cacheMinimumRecordTtl", uint.Parse, out uint cacheMinimumRecordTtl))
_dnsWebService.DnsServer.CacheZoneManager.MinimumRecordTtl = cacheMinimumRecordTtl;
if (request.TryGetQueryOrForm("cacheMaximumRecordTtl", uint.Parse, out uint cacheMaximumRecordTtl))
_dnsWebService.DnsServer.CacheZoneManager.MaximumRecordTtl = cacheMaximumRecordTtl;
if (request.TryGetQueryOrForm("cacheNegativeRecordTtl", uint.Parse, out uint cacheNegativeRecordTtl))
_dnsWebService.DnsServer.CacheZoneManager.NegativeRecordTtl = cacheNegativeRecordTtl;
if (request.TryGetQueryOrForm("cacheFailureRecordTtl", uint.Parse, out uint cacheFailureRecordTtl))
_dnsWebService.DnsServer.CacheZoneManager.FailureRecordTtl = cacheFailureRecordTtl;
if (request.TryGetQueryOrForm("cachePrefetchEligibility", int.Parse, out int cachePrefetchEligibility))
_dnsWebService.DnsServer.CachePrefetchEligibility = cachePrefetchEligibility;
if (request.TryGetQueryOrForm("cachePrefetchTrigger", int.Parse, out int cachePrefetchTrigger))
_dnsWebService.DnsServer.CachePrefetchTrigger = cachePrefetchTrigger;
if (request.TryGetQueryOrForm("cachePrefetchSampleIntervalInMinutes", int.Parse, out int cachePrefetchSampleIntervalInMinutes))
_dnsWebService.DnsServer.CachePrefetchSampleIntervalInMinutes = cachePrefetchSampleIntervalInMinutes;
if (request.TryGetQueryOrForm("cachePrefetchSampleEligibilityHitsPerHour", int.Parse, out int cachePrefetchSampleEligibilityHitsPerHour))
_dnsWebService.DnsServer.CachePrefetchSampleEligibilityHitsPerHour = cachePrefetchSampleEligibilityHitsPerHour;
//blocking
if (request.TryGetQueryOrForm("enableBlocking", bool.Parse, out bool enableBlocking))
{
_dnsWebService.DnsServer.EnableBlocking = enableBlocking;
if (_dnsWebService.DnsServer.EnableBlocking)
{
if (_temporaryDisableBlockingTimer is not null)
_temporaryDisableBlockingTimer.Dispose();
}
}
if (request.TryGetQueryOrForm("allowTxtBlockingReport", bool.Parse, out bool allowTxtBlockingReport))
_dnsWebService.DnsServer.AllowTxtBlockingReport = allowTxtBlockingReport;
string blockingBypassList = request.QueryOrForm("blockingBypassList");
if (blockingBypassList is not null)
_dnsWebService.DnsServer.BlockingBypassList = ParseNetworkAddresses(blockingBypassList);
if (request.TryGetQueryOrFormEnum("blockingType", out DnsServerBlockingType blockingType))
_dnsWebService.DnsServer.BlockingType = blockingType;
if (request.TryGetQueryOrForm("blockingAnswerTtl", uint.Parse, out uint blockingAnswerTtl))
_dnsWebService.DnsServer.BlockingAnswerTtl = blockingAnswerTtl;
string customBlockingAddresses = request.QueryOrForm("customBlockingAddresses");
if (customBlockingAddresses is not null)
{
if ((customBlockingAddresses.Length == 0) || customBlockingAddresses.Equals("false", StringComparison.OrdinalIgnoreCase))
{
_dnsWebService.DnsServer.CustomBlockingARecords = null;
_dnsWebService.DnsServer.CustomBlockingAAAARecords = null;
}
else
{
string[] strAddresses = customBlockingAddresses.Split(_commaSeparator, StringSplitOptions.RemoveEmptyEntries);
List dnsARecords = new List();
List dnsAAAARecords = new List();
foreach (string strAddress in strAddresses)
{
if (IPAddress.TryParse(strAddress, out IPAddress customAddress))
{
switch (customAddress.AddressFamily)
{
case AddressFamily.InterNetwork:
dnsARecords.Add(new DnsARecordData(customAddress));
break;
case AddressFamily.InterNetworkV6:
dnsAAAARecords.Add(new DnsAAAARecordData(customAddress));
break;
}
}
}
_dnsWebService.DnsServer.CustomBlockingARecords = dnsARecords;
_dnsWebService.DnsServer.CustomBlockingAAAARecords = dnsAAAARecords;
}
}
string blockListUrls = request.QueryOrForm("blockListUrls");
if (blockListUrls is not null)
{
if ((blockListUrls.Length == 0) || blockListUrls.Equals("false", StringComparison.OrdinalIgnoreCase))
{
_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Clear();
_dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Clear();
_dnsWebService.DnsServer.BlockListZoneManager.Flush();
}
else
{
string[] blockListUrlList = blockListUrls.Split(_commaSeparator, StringSplitOptions.RemoveEmptyEntries);
if (oldWebServiceHttpPort != _dnsWebService._webServiceHttpPort)
{
for (int i = 0; i < blockListUrlList.Length; i++)
{
if (blockListUrlList[i].Contains("http://localhost:" + oldWebServiceHttpPort + "/blocklist.txt"))
{
blockListUrlList[i] = "http://localhost:" + _dnsWebService._webServiceHttpPort + "/blocklist.txt";
blockListUrlsUpdated = true;
break;
}
}
}
if (!blockListUrlsUpdated)
{
if (blockListUrlList.Length != (_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Count + _dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Count))
{
blockListUrlsUpdated = true;
}
else
{
foreach (string strBlockListUrl in blockListUrlList)
{
if (strBlockListUrl.StartsWith('!'))
{
string strAllowListUrl = strBlockListUrl.Substring(1);
if (!_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Contains(new Uri(strAllowListUrl)))
{
blockListUrlsUpdated = true;
break;
}
}
else
{
if (!_dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Contains(new Uri(strBlockListUrl)))
{
blockListUrlsUpdated = true;
break;
}
}
}
}
}
if (blockListUrlsUpdated)
{
_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Clear();
_dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Clear();
foreach (string strBlockListUrl in blockListUrlList)
{
if (strBlockListUrl.StartsWith('!'))
{
Uri allowListUrl = new Uri(strBlockListUrl.Substring(1));
if (allowListUrl.AbsoluteUri.Length > 255)
throw new ArgumentException("Allow list URL length cannot exceed 255 characters.", "blockListUrls");
if (!_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Contains(allowListUrl))
_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Add(allowListUrl);
}
else
{
Uri blockListUrl = new Uri(strBlockListUrl);
if (blockListUrl.AbsoluteUri.Length > 255)
throw new ArgumentException("Block list URL length cannot exceed 255 characters.", "blockListUrls");
if (!_dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Contains(blockListUrl))
_dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Add(blockListUrl);
}
}
}
}
}
if (request.TryGetQueryOrForm("blockListUpdateIntervalHours", int.Parse, out int blockListUpdateIntervalHours))
{
if ((blockListUpdateIntervalHours < 0) || (blockListUpdateIntervalHours > 168))
throw new DnsWebServiceException("Parameter `blockListUpdateIntervalHours` must be between 1 hour and 168 hours (7 days) or 0 to disable automatic update.");
_blockListUpdateIntervalHours = blockListUpdateIntervalHours;
}
//proxy & forwarders
if (request.TryGetQueryOrFormEnum("proxyType", out NetProxyType proxyType))
{
if (proxyType == NetProxyType.None)
{
_dnsWebService.DnsServer.Proxy = null;
}
else
{
NetworkCredential credential = null;
if (request.TryGetQueryOrForm("proxyUsername", out string proxyUsername))
{
if (proxyUsername.Length > 255)
throw new ArgumentException("Proxy username length cannot exceed 255 characters.", "proxyUsername");
string proxyPassword = request.QueryOrForm("proxyPassword");
if (proxyPassword?.Length > 255)
throw new ArgumentException("Proxy password length cannot exceed 255 characters.", "proxyPassword");
credential = new NetworkCredential(proxyUsername, proxyPassword);
}
_dnsWebService.DnsServer.Proxy = NetProxy.CreateProxy(proxyType, request.QueryOrForm("proxyAddress"), int.Parse(request.QueryOrForm("proxyPort")), credential);
if (request.TryGetQueryOrForm("proxyBypass", out string proxyBypass))
_dnsWebService.DnsServer.Proxy.BypassList = proxyBypass.Split(delegate (string value) { return new NetProxyBypassItem(value); }, ',');
}
}
string strForwarders = request.QueryOrForm("forwarders");
if (strForwarders is not null)
{
if ((strForwarders.Length == 0) || strForwarders.Equals("false", StringComparison.OrdinalIgnoreCase))
{
_dnsWebService.DnsServer.Forwarders = null;
}
else
{
DnsTransportProtocol forwarderProtocol = request.GetQueryOrFormEnum("forwarderProtocol", DnsTransportProtocol.Udp);
switch (forwarderProtocol)
{
case DnsTransportProtocol.Udp:
if (proxyType == NetProxyType.Http)
throw new DnsWebServiceException("HTTP proxy server can transport only DNS-over-TCP, DNS-over-TLS, or DNS-over-HTTPS forwarder protocols. Use SOCKS5 proxy server for DNS-over-UDP or DNS-over-QUIC forwarder protocols.");
break;
case DnsTransportProtocol.HttpsJson:
forwarderProtocol = DnsTransportProtocol.Https;
break;
case DnsTransportProtocol.Quic:
DnsWebService.ValidateQuicSupport();
if (proxyType == NetProxyType.Http)
throw new DnsWebServiceException("HTTP proxy server can transport only DNS-over-TCP, DNS-over-TLS, or DNS-over-HTTPS forwarder protocols. Use SOCKS5 proxy server for DNS-over-UDP or DNS-over-QUIC forwarder protocols.");
break;
}
NameServerAddress[] forwarders = strForwarders.Split(delegate (string value)
{
NameServerAddress forwarder = NameServerAddress.Parse(value);
if (forwarder.Protocol != forwarderProtocol)
forwarder = forwarder.ChangeProtocol(forwarderProtocol);
return forwarder;
}, ',');
if (!_dnsWebService.DnsServer.Forwarders.ListEquals(forwarders))
_dnsWebService.DnsServer.Forwarders = forwarders;
}
}
if (request.TryGetQueryOrForm("concurrentForwarding", bool.Parse, out bool concurrentForwarding))
_dnsWebService.DnsServer.ConcurrentForwarding = concurrentForwarding;
if (request.TryGetQueryOrForm("forwarderRetries", int.Parse, out int forwarderRetries))
_dnsWebService.DnsServer.ForwarderRetries = forwarderRetries;
if (request.TryGetQueryOrForm("forwarderTimeout", int.Parse, out int forwarderTimeout))
_dnsWebService.DnsServer.ForwarderTimeout = forwarderTimeout;
if (request.TryGetQueryOrForm("forwarderConcurrency", int.Parse, out int forwarderConcurrency))
_dnsWebService.DnsServer.ForwarderConcurrency = forwarderConcurrency;
//logging
if (request.TryGetQueryOrForm("enableLogging", bool.Parse, out bool enableLogging))
_dnsWebService._log.EnableLogging = enableLogging;
if (request.TryGetQueryOrForm("ignoreResolverLogs", bool.Parse, out bool ignoreResolverLogs))
_dnsWebService.DnsServer.ResolverLogManager = ignoreResolverLogs ? null : _dnsWebService._log;
if (request.TryGetQueryOrForm("logQueries", bool.Parse, out bool logQueries))
_dnsWebService.DnsServer.QueryLogManager = logQueries ? _dnsWebService._log : null;
if (request.TryGetQueryOrForm("useLocalTime", bool.Parse, out bool useLocalTime))
_dnsWebService._log.UseLocalTime = useLocalTime;
if (request.TryGetQueryOrForm("logFolder", out string logFolder))
_dnsWebService._log.LogFolder = logFolder;
if (request.TryGetQueryOrForm("maxLogFileDays", int.Parse, out int maxLogFileDays))
_dnsWebService._log.MaxLogFileDays = maxLogFileDays;
if (request.TryGetQueryOrForm("enableInMemoryStats", bool.Parse, out bool enableInMemoryStats))
_dnsWebService.DnsServer.StatsManager.EnableInMemoryStats = enableInMemoryStats;
if (request.TryGetQueryOrForm("maxStatFileDays", int.Parse, out int maxStatFileDays))
_dnsWebService.DnsServer.StatsManager.MaxStatFileDays = maxStatFileDays;
//TLS actions
if ((_dnsWebService._webServiceTlsCertificatePath is null) && (_dnsWebService._dnsTlsCertificatePath is null))
_dnsWebService.StopTlsCertificateUpdateTimer();
_dnsWebService.SelfSignedCertCheck(serverDomainChanged, true);
if (_dnsWebService._webServiceEnableTls && string.IsNullOrEmpty(_dnsWebService._webServiceTlsCertificatePath) && !_dnsWebService._webServiceUseSelfSignedTlsCertificate)
{
//disable TLS
_dnsWebService._webServiceEnableTls = false;
restartWebService = true;
}
//blocklist timers
if ((_blockListUpdateIntervalHours > 0) && ((_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Count + _dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Count) > 0))
{
if (_blockListUpdateTimer is null)
StartBlockListUpdateTimer(blockListUrlsUpdated);
else if (blockListUrlsUpdated)
ForceUpdateBlockLists(true);
}
else
{
StopBlockListUpdateTimer();
}
//save config
_dnsWebService.SaveConfigFile();
_dnsWebService._log.SaveConfig();
_dnsWebService._log.Write(context.GetRemoteEndPoint(_dnsWebService._webServiceRealIpHeader), "[" + session.User.Username + "] DNS Settings were updated successfully.");
Utf8JsonWriter jsonWriter = context.GetCurrentJsonWriter();
WriteDnsSettings(jsonWriter);
RestartService(restartDnsService, restartWebService, oldWebServiceLocalAddresses, oldWebServiceHttpPort, oldWebServiceTlsPort);
}
public void GetTsigKeyNames(HttpContext context)
{
UserSession session = context.GetCurrentSession();
if (
!_dnsWebService._authManager.IsPermitted(PermissionSection.Settings, session.User, PermissionFlag.View) &&
!_dnsWebService._authManager.IsPermitted(PermissionSection.Zones, session.User, PermissionFlag.Modify)
)
{
throw new DnsWebServiceException("Access was denied.");
}
Utf8JsonWriter jsonWriter = context.GetCurrentJsonWriter();
jsonWriter.WritePropertyName("tsigKeyNames");
{
jsonWriter.WriteStartArray();
if (_dnsWebService.DnsServer.TsigKeys is not null)
{
foreach (KeyValuePair tsigKey in _dnsWebService.DnsServer.TsigKeys)
jsonWriter.WriteStringValue(tsigKey.Key);
}
jsonWriter.WriteEndArray();
}
}
public async Task BackupSettingsAsync(HttpContext context)
{
UserSession session = context.GetCurrentSession();
if (!_dnsWebService._authManager.IsPermitted(PermissionSection.Settings, session.User, PermissionFlag.Delete))
throw new DnsWebServiceException("Access was denied.");
HttpRequest request = context.Request;
bool blockLists = request.GetQueryOrForm("blockLists", bool.Parse, false);
bool logs = request.GetQueryOrForm("logs", bool.Parse, false);
bool scopes = request.GetQueryOrForm("scopes", bool.Parse, false);
bool apps = request.GetQueryOrForm("apps", bool.Parse, false);
bool stats = request.GetQueryOrForm("stats", bool.Parse, false);
bool zones = request.GetQueryOrForm("zones", bool.Parse, false);
bool allowedZones = request.GetQueryOrForm("allowedZones", bool.Parse, false);
bool blockedZones = request.GetQueryOrForm("blockedZones", bool.Parse, false);
bool dnsSettings = request.GetQueryOrForm("dnsSettings", bool.Parse, false);
bool authConfig = request.GetQueryOrForm("authConfig", bool.Parse, false);
bool logSettings = request.GetQueryOrForm("logSettings", bool.Parse, false);
string tmpFile = Path.GetTempFileName();
try
{
using (FileStream backupZipStream = new FileStream(tmpFile, FileMode.Create, FileAccess.ReadWrite))
{
//create backup zip
using (ZipArchive backupZip = new ZipArchive(backupZipStream, ZipArchiveMode.Create, true, Encoding.UTF8))
{
if (blockLists)
{
string[] blockListFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "blocklists"), "*", SearchOption.TopDirectoryOnly);
foreach (string blockListFile in blockListFiles)
{
string entryName = "blocklists/" + Path.GetFileName(blockListFile);
backupZip.CreateEntryFromFile(blockListFile, entryName);
}
}
if (logs)
{
string[] logFiles = Directory.GetFiles(_dnsWebService._log.LogFolderAbsolutePath, "*.log", SearchOption.TopDirectoryOnly);
foreach (string logFile in logFiles)
{
string entryName = "logs/" + Path.GetFileName(logFile);
if (logFile.Equals(_dnsWebService._log.CurrentLogFile, StringComparison.OrdinalIgnoreCase))
{
await CreateBackupEntryFromFileAsync(backupZip, logFile, entryName);
}
else
{
backupZip.CreateEntryFromFile(logFile, entryName);
}
}
}
if (scopes)
{
string[] scopeFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "scopes"), "*.scope", SearchOption.TopDirectoryOnly);
foreach (string scopeFile in scopeFiles)
{
string entryName = "scopes/" + Path.GetFileName(scopeFile);
backupZip.CreateEntryFromFile(scopeFile, entryName);
}
}
if (apps)
{
string[] appFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "apps"), "*", SearchOption.AllDirectories);
foreach (string appFile in appFiles)
{
string entryName = appFile.Substring(_dnsWebService._configFolder.Length);
if (Path.DirectorySeparatorChar != '/')
entryName = entryName.Replace(Path.DirectorySeparatorChar, '/');
entryName = entryName.TrimStart('/');
await CreateBackupEntryFromFileAsync(backupZip, appFile, entryName);
}
}
if (stats)
{
string[] hourlyStatsFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "stats"), "*.stat", SearchOption.TopDirectoryOnly);
foreach (string hourlyStatsFile in hourlyStatsFiles)
{
string entryName = "stats/" + Path.GetFileName(hourlyStatsFile);
backupZip.CreateEntryFromFile(hourlyStatsFile, entryName);
}
string[] dailyStatsFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "stats"), "*.dstat", SearchOption.TopDirectoryOnly);
foreach (string dailyStatsFile in dailyStatsFiles)
{
string entryName = "stats/" + Path.GetFileName(dailyStatsFile);
backupZip.CreateEntryFromFile(dailyStatsFile, entryName);
}
}
if (zones)
{
string[] zoneFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "zones"), "*.zone", SearchOption.TopDirectoryOnly);
foreach (string zoneFile in zoneFiles)
{
string entryName = "zones/" + Path.GetFileName(zoneFile);
backupZip.CreateEntryFromFile(zoneFile, entryName);
}
}
if (allowedZones)
{
string allowedZonesFile = Path.Combine(_dnsWebService._configFolder, "allowed.config");
if (File.Exists(allowedZonesFile))
backupZip.CreateEntryFromFile(allowedZonesFile, "allowed.config");
}
if (blockedZones)
{
string blockedZonesFile = Path.Combine(_dnsWebService._configFolder, "blocked.config");
if (File.Exists(blockedZonesFile))
backupZip.CreateEntryFromFile(blockedZonesFile, "blocked.config");
}
if (dnsSettings)
{
string dnsSettingsFile = Path.Combine(_dnsWebService._configFolder, "dns.config");
if (File.Exists(dnsSettingsFile))
backupZip.CreateEntryFromFile(dnsSettingsFile, "dns.config");
//backup web service cert
if (!string.IsNullOrEmpty(_dnsWebService._webServiceTlsCertificatePath))
{
string webServiceTlsCertificatePath = _dnsWebService.ConvertToAbsolutePath(_dnsWebService._webServiceTlsCertificatePath);
if (File.Exists(webServiceTlsCertificatePath) && webServiceTlsCertificatePath.StartsWith(_dnsWebService._configFolder, Environment.OSVersion.Platform == PlatformID.Win32NT ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
{
string entryName = _dnsWebService.ConvertToRelativePath(webServiceTlsCertificatePath).Replace('\\', '/');
backupZip.CreateEntryFromFile(webServiceTlsCertificatePath, entryName);
}
}
//backup optional protocols cert
if (!string.IsNullOrEmpty(_dnsWebService._dnsTlsCertificatePath))
{
string dnsTlsCertificatePath = _dnsWebService.ConvertToAbsolutePath(_dnsWebService._dnsTlsCertificatePath);
if (File.Exists(dnsTlsCertificatePath) && dnsTlsCertificatePath.StartsWith(_dnsWebService._configFolder, Environment.OSVersion.Platform == PlatformID.Win32NT ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
{
string entryName = _dnsWebService.ConvertToRelativePath(dnsTlsCertificatePath).Replace('\\', '/');
backupZip.CreateEntryFromFile(dnsTlsCertificatePath, entryName);
}
}
}
if (authConfig)
{
string authSettingsFile = Path.Combine(_dnsWebService._configFolder, "auth.config");
if (File.Exists(authSettingsFile))
backupZip.CreateEntryFromFile(authSettingsFile, "auth.config");
}
if (logSettings)
{
string logSettingsFile = Path.Combine(_dnsWebService._configFolder, "log.config");
if (File.Exists(logSettingsFile))
backupZip.CreateEntryFromFile(logSettingsFile, "log.config");
}
}
//send zip file
backupZipStream.Position = 0;
HttpResponse response = context.Response;
response.ContentType = "application/zip";
response.ContentLength = backupZipStream.Length;
response.Headers.ContentDisposition = "attachment;filename=" + _dnsWebService.DnsServer.ServerDomain + DateTime.UtcNow.ToString("_yyyy-MM-dd_HH-mm-ss") + "_backup.zip";
using (Stream output = response.Body)
{
await backupZipStream.CopyToAsync(output);
}
}
}
finally
{
try
{
File.Delete(tmpFile);
}
catch (Exception ex)
{
_dnsWebService._log.Write(ex);
}
}
_dnsWebService._log.Write(context.GetRemoteEndPoint(_dnsWebService._webServiceRealIpHeader), "[" + session.User.Username + "] Settings backup zip file was exported.");
}
public async Task RestoreSettingsAsync(HttpContext context)
{
UserSession session = context.GetCurrentSession();
if (!_dnsWebService._authManager.IsPermitted(PermissionSection.Settings, session.User, PermissionFlag.Delete))
throw new DnsWebServiceException("Access was denied.");
HttpRequest request = context.Request;
bool blockLists = request.GetQueryOrForm("blockLists", bool.Parse, false);
bool logs = request.GetQueryOrForm("logs", bool.Parse, false);
bool scopes = request.GetQueryOrForm("scopes", bool.Parse, false);
bool apps = request.GetQueryOrForm("apps", bool.Parse, false);
bool stats = request.GetQueryOrForm("stats", bool.Parse, false);
bool zones = request.GetQueryOrForm("zones", bool.Parse, false);
bool allowedZones = request.GetQueryOrForm("allowedZones", bool.Parse, false);
bool blockedZones = request.GetQueryOrForm("blockedZones", bool.Parse, false);
bool dnsSettings = request.GetQueryOrForm("dnsSettings", bool.Parse, false);
bool authConfig = request.GetQueryOrForm("authConfig", bool.Parse, false);
bool logSettings = request.GetQueryOrForm("logSettings", bool.Parse, false);
bool deleteExistingFiles = request.GetQueryOrForm("deleteExistingFiles", bool.Parse, false);
if (!request.HasFormContentType || (request.Form.Files.Count == 0))
throw new DnsWebServiceException("DNS backup zip file is missing.");
IReadOnlyList oldWebServiceLocalAddresses = _dnsWebService._webServiceLocalAddresses;
int oldWebServiceHttpPort = _dnsWebService._webServiceHttpPort;
int oldWebServiceTlsPort = _dnsWebService._webServiceTlsPort;
//write to temp file
string tmpFile = Path.GetTempFileName();
try
{
using (FileStream fS = new FileStream(tmpFile, FileMode.Create, FileAccess.ReadWrite))
{
await request.Form.Files[0].CopyToAsync(fS);
fS.Position = 0;
using (ZipArchive backupZip = new ZipArchive(fS, ZipArchiveMode.Read, false, Encoding.UTF8))
{
if (logSettings || logs)
{
//stop logging
_dnsWebService._log.StopLogging();
}
try
{
if (logSettings)
{
ZipArchiveEntry entry = backupZip.GetEntry("log.config");
if (entry is not null)
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, entry.Name), true);
//reload config
_dnsWebService._log.LoadConfig();
}
if (logs)
{
if (deleteExistingFiles)
{
//delete existing log files
string[] logFiles = Directory.GetFiles(_dnsWebService._log.LogFolderAbsolutePath, "*.log", SearchOption.TopDirectoryOnly);
foreach (string logFile in logFiles)
{
File.Delete(logFile);
}
}
//extract log files from backup
foreach (ZipArchiveEntry entry in backupZip.Entries)
{
if (entry.FullName.StartsWith("logs/"))
entry.ExtractToFile(Path.Combine(_dnsWebService._log.LogFolderAbsolutePath, entry.Name), true);
}
}
}
finally
{
if (logSettings || logs)
{
//start logging
if (_dnsWebService._log.EnableLogging)
_dnsWebService._log.StartLogging();
}
}
if (authConfig)
{
ZipArchiveEntry entry = backupZip.GetEntry("auth.config");
if (entry is not null)
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, entry.Name), true);
//reload auth config
_dnsWebService._authManager.LoadConfigFile(session);
}
if (blockLists)
{
if (deleteExistingFiles)
{
//delete existing block list files
string[] blockListFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "blocklists"), "*", SearchOption.TopDirectoryOnly);
foreach (string blockListFile in blockListFiles)
{
File.Delete(blockListFile);
}
}
//extract block list files from backup
foreach (ZipArchiveEntry entry in backupZip.Entries)
{
if (entry.FullName.StartsWith("blocklists/"))
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, "blocklists", entry.Name), true);
}
}
if (dnsSettings)
{
ZipArchiveEntry entry = backupZip.GetEntry("dns.config");
if (entry is not null)
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, entry.Name), true);
//extract any certs
foreach (ZipArchiveEntry certEntry in backupZip.Entries)
{
if (certEntry.FullName.StartsWith("apps/"))
continue;
if (certEntry.FullName.EndsWith(".pfx", StringComparison.OrdinalIgnoreCase) || certEntry.FullName.EndsWith(".p12", StringComparison.OrdinalIgnoreCase))
{
string certFile = Path.Combine(_dnsWebService._configFolder, certEntry.FullName);
Directory.CreateDirectory(Path.GetDirectoryName(certFile));
certEntry.ExtractToFile(certFile, true);
}
}
//flush zones to avoid UpdateServerDomain task for old zones and old allowed/blocked zones
if (zones)
_dnsWebService.DnsServer.AuthZoneManager.Flush();
if (allowedZones)
_dnsWebService.DnsServer.AllowedZoneManager.Flush();
if (blockedZones)
_dnsWebService.DnsServer.BlockedZoneManager.Flush();
//reload settings and block list zone
_dnsWebService.LoadConfigFile();
if ((_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Count + _dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Count) > 0)
{
ThreadPool.QueueUserWorkItem(delegate (object state)
{
try
{
_dnsWebService.DnsServer.BlockListZoneManager.LoadBlockLists();
}
catch (Exception ex)
{
_dnsWebService._log.Write(ex);
}
});
if (_blockListUpdateIntervalHours > 0)
StartBlockListUpdateTimer(false);
else
StopBlockListUpdateTimer();
}
else
{
_dnsWebService.DnsServer.BlockListZoneManager.Flush();
StopBlockListUpdateTimer();
}
}
if (apps)
{
//unload apps
_dnsWebService.DnsServer.DnsApplicationManager.UnloadAllApplications();
if (deleteExistingFiles)
{
//delete existing apps
string appFolder = Path.Combine(_dnsWebService._configFolder, "apps");
if (Directory.Exists(appFolder))
Directory.Delete(appFolder, true);
//create apps folder
Directory.CreateDirectory(appFolder);
}
//extract apps files from backup
foreach (ZipArchiveEntry entry in backupZip.Entries)
{
if (entry.FullName.StartsWith("apps/"))
{
string entryPath = entry.FullName;
if (Path.DirectorySeparatorChar != '/')
entryPath = entryPath.Replace('/', '\\');
string filePath = Path.Combine(_dnsWebService._configFolder, entryPath);
Directory.CreateDirectory(Path.GetDirectoryName(filePath));
entry.ExtractToFile(filePath, true);
}
}
//reload apps
_dnsWebService.DnsServer.DnsApplicationManager.LoadAllApplications();
}
if (zones)
{
if (deleteExistingFiles)
{
//delete existing zone files
string[] zoneFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "zones"), "*.zone", SearchOption.TopDirectoryOnly);
foreach (string zoneFile in zoneFiles)
{
File.Delete(zoneFile);
}
}
//extract zone files from backup
foreach (ZipArchiveEntry entry in backupZip.Entries)
{
if (entry.FullName.StartsWith("zones/"))
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, "zones", entry.Name), true);
}
//reload zones
_dnsWebService.DnsServer.AuthZoneManager.LoadAllZoneFiles();
_dnsWebService.InspectAndFixZonePermissions();
}
if (allowedZones)
{
ZipArchiveEntry entry = backupZip.GetEntry("allowed.config");
if (entry == null)
{
string fileName = Path.Combine(_dnsWebService._configFolder, "allowed.config");
if (File.Exists(fileName))
File.Delete(fileName);
}
else
{
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, entry.Name), true);
}
//reload
_dnsWebService.DnsServer.AllowedZoneManager.LoadAllowedZoneFile();
}
if (blockedZones)
{
ZipArchiveEntry entry = backupZip.GetEntry("blocked.config");
if (entry == null)
{
string fileName = Path.Combine(_dnsWebService._configFolder, "blocked.config");
if (File.Exists(fileName))
File.Delete(fileName);
}
else
{
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, entry.Name), true);
}
//reload
_dnsWebService.DnsServer.BlockedZoneManager.LoadBlockedZoneFile();
}
if (scopes)
{
//stop dhcp server
_dnsWebService.DhcpServer.Stop();
try
{
if (deleteExistingFiles)
{
//delete existing scope files
string[] scopeFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "scopes"), "*.scope", SearchOption.TopDirectoryOnly);
foreach (string scopeFile in scopeFiles)
{
File.Delete(scopeFile);
}
}
//extract scope files from backup
foreach (ZipArchiveEntry entry in backupZip.Entries)
{
if (entry.FullName.StartsWith("scopes/"))
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, "scopes", entry.Name), true);
}
}
finally
{
//start dhcp server
_dnsWebService.DhcpServer.Start();
}
}
if (stats)
{
if (deleteExistingFiles)
{
//delete existing stats files
string[] hourlyStatsFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "stats"), "*.stat", SearchOption.TopDirectoryOnly);
foreach (string hourlyStatsFile in hourlyStatsFiles)
{
File.Delete(hourlyStatsFile);
}
string[] dailyStatsFiles = Directory.GetFiles(Path.Combine(_dnsWebService._configFolder, "stats"), "*.dstat", SearchOption.TopDirectoryOnly);
foreach (string dailyStatsFile in dailyStatsFiles)
{
File.Delete(dailyStatsFile);
}
}
//extract stats files from backup
foreach (ZipArchiveEntry entry in backupZip.Entries)
{
if (entry.FullName.StartsWith("stats/"))
entry.ExtractToFile(Path.Combine(_dnsWebService._configFolder, "stats", entry.Name), true);
}
//reload stats
_dnsWebService.DnsServer.StatsManager.ReloadStats();
}
_dnsWebService._log.Write(context.GetRemoteEndPoint(_dnsWebService._webServiceRealIpHeader), "[" + session.User.Username + "] Settings backup zip file was restored.");
}
}
}
finally
{
try
{
File.Delete(tmpFile);
}
catch (Exception ex)
{
_dnsWebService._log.Write(ex);
}
}
Utf8JsonWriter jsonWriter = context.GetCurrentJsonWriter();
WriteDnsSettings(jsonWriter);
if (dnsSettings)
RestartService(true, true, oldWebServiceLocalAddresses, oldWebServiceHttpPort, oldWebServiceTlsPort);
}
public void ForceUpdateBlockLists(HttpContext context)
{
UserSession session = context.GetCurrentSession();
if (!_dnsWebService._authManager.IsPermitted(PermissionSection.Settings, session.User, PermissionFlag.Modify))
throw new DnsWebServiceException("Access was denied.");
ForceUpdateBlockLists(false);
_dnsWebService._log.Write(context.GetRemoteEndPoint(_dnsWebService._webServiceRealIpHeader), "[" + session.User.Username + "] Block list update was triggered.");
}
public void TemporaryDisableBlocking(HttpContext context)
{
UserSession session = context.GetCurrentSession();
if (!_dnsWebService._authManager.IsPermitted(PermissionSection.Settings, session.User, PermissionFlag.Modify))
throw new DnsWebServiceException("Access was denied.");
int minutes = context.Request.GetQueryOrForm("minutes", int.Parse);
Timer temporaryDisableBlockingTimer = _temporaryDisableBlockingTimer;
if (temporaryDisableBlockingTimer is not null)
temporaryDisableBlockingTimer.Dispose();
Timer newTemporaryDisableBlockingTimer = new Timer(delegate (object state)
{
try
{
_dnsWebService.DnsServer.EnableBlocking = true;
_dnsWebService._log.Write(context.GetRemoteEndPoint(_dnsWebService._webServiceRealIpHeader), "[" + session.User.Username + "] Blocking was enabled after " + minutes + " minute(s) being temporarily disabled.");
}
catch (Exception ex)
{
_dnsWebService._log.Write(ex);
}
});
Timer originalTimer = Interlocked.CompareExchange(ref _temporaryDisableBlockingTimer, newTemporaryDisableBlockingTimer, temporaryDisableBlockingTimer);
if (ReferenceEquals(originalTimer, temporaryDisableBlockingTimer))
{
newTemporaryDisableBlockingTimer.Change(minutes * 60 * 1000, Timeout.Infinite);
_dnsWebService.DnsServer.EnableBlocking = false;
_temporaryDisableBlockingTill = DateTime.UtcNow.AddMinutes(minutes);
_dnsWebService._log.Write(context.GetRemoteEndPoint(_dnsWebService._webServiceRealIpHeader), "[" + session.User.Username + "] Blocking was temporarily disabled for " + minutes + " minute(s).");
}
else
{
newTemporaryDisableBlockingTimer.Dispose();
}
Utf8JsonWriter jsonWriter = context.GetCurrentJsonWriter();
jsonWriter.WriteString("temporaryDisableBlockingTill", _temporaryDisableBlockingTill);
}
#endregion
#region properties
public DateTime BlockListLastUpdatedOn
{
get { return _blockListLastUpdatedOn; }
set { _blockListLastUpdatedOn = value; }
}
public int BlockListUpdateIntervalHours
{
get { return _blockListUpdateIntervalHours; }
set { _blockListUpdateIntervalHours = value; }
}
#endregion
}
}