From 8fd3e4e8a72bc16875ccab257988905468f09abd Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 26 Mar 2022 12:14:11 +0530 Subject: [PATCH] webapp: Updated html to add Flush option for Cache, Allowed and Blocked zone tabs. Added warning message for NTP issue for DNSSEC validation option. Updated UI for rollover feature implementation changes. Other minor changes done. --- DnsServerCore/www/index.html | 74 ++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/DnsServerCore/www/index.html b/DnsServerCore/www/index.html index d85b2088..178bcec5 100644 --- a/DnsServerCore/www/index.html +++ b/DnsServerCore/www/index.html @@ -427,7 +427,8 @@
technitium.com
- + +
@@ -465,7 +466,8 @@
- + +
@@ -503,7 +505,8 @@
- + +
@@ -552,7 +555,7 @@
-
+

Warning! Devices that do not have a real-time clock and rely on NTP when booting (e.g. Raspberry Pi), enabling DNSSEC validation will cause failure to resolve the NTP server domain name thus causing the DNS server to fail to validate all other domain names too due to invalid system date/time. To fix this issue, just create a Conditional Forwarder zone for the NTP server domain name (e.g. ntp.org) with forwarder set to this-server and Enable DNSSEC Validation option unchecked. This conditional forwarder zone will disable DNSSEC validation for the NTP server domain name and allow the device to update its system data/time on boot.

Warning! When forwarders are configured, DNSSEC validation will work only if the forwarders are security aware i.e. can respond to DNSSEC requests correctly.

-

Note! Enabling DNSSEC will increase delays in resolving domain names when the cache is initially empty. As the cache fills up, the performance will be normal as expected.

+

Note! Enabling DNSSEC may increase delays in resolving domain names when the cache is initially empty. As the cache fills up, the performance will be normal as expected.

@@ -920,7 +924,7 @@

Note! The web service port changes will be automatically applied and so you do not need to manually restart the main service. This web page will be automatically redirected to the new web console URL after saving settings. The HTTPS protocol will be enabled only when a TLS certificate is configured.

- +

When using a reverse proxy with the Web Service, you need to add X-Real-IP header to the proxy request with the IP address of the client to allow the Web server to know the real IP address of the client originating the request. For example, if you are using nginx as the reverse proxy, you can add proxy_set_header X-Real-IP $remote_addr; to make it work.

Use the following openssl command to convert your TLS certificate that is in PEM format to PKCS #12 certificate (.pfx) format:

openssl pkcs12 -export -out "example.com.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile "chain.pem"
@@ -1607,7 +1611,7 @@
- +
@@ -2994,7 +2998,7 @@ ns1.example.com ([2001:db8::])
- +
@@ -3161,7 +3165,7 @@ ns1.example.com ([2001:db8::])
@@ -3184,7 +3188,7 @@ ns1.example.com ([2001:db8::])
- +
@@ -3315,7 +3319,7 @@ ns1.example.com ([2001:db8::])