From c5bc1d743be46b775ec949ffcc3fe2814bee39c9 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 7 Aug 2021 12:52:11 +0530 Subject: [PATCH] webapp: updated index page with ip addresses of DoH url in the DNS client tab server dropdown. Added TSIG Keys html in settings. Updated settings html for query rate limiting changes. Other minor changes done. --- DnsServerCore/www/index.html | 101 +++++++++++++++++++++++------------ 1 file changed, 67 insertions(+), 34 deletions(-) diff --git a/DnsServerCore/www/index.html b/DnsServerCore/www/index.html index d8e73f1e..95292f81 100644 --- a/DnsServerCore/www/index.html +++ b/DnsServerCore/www/index.html @@ -582,8 +582,8 @@
  • Cloudflare TLS {cloudflare-dns.com (1.0.0.1:853)}
  • Cloudflare TLS {cloudflare-dns.com ([2606:4700:4700::1111]:853)}
  • Cloudflare TLS {cloudflare-dns.com ([2606:4700:4700::1001]:853)}
    • -
  • Cloudflare HTTPS {https://cloudflare-dns.com/dns-query}
    • -
  • Cloudflare HTTPS-JSON {https://cloudflare-dns.com/dns-query}
    • +
  • Cloudflare HTTPS {https://cloudflare-dns.com/dns-query (1.1.1.1)}
    • +
  • Cloudflare HTTPS-JSON {https://cloudflare-dns.com/dns-query (1.1.1.1)}
  • Google {8.8.8.8}
  • Google {8.8.4.4}
  • Google {[2001:4860:4860::8888]}
    • @@ -592,18 +592,18 @@
  • Google TLS {dns.google (8.8.4.4:853)}
  • Google TLS {dns.google ([2001:4860:4860::8888]:853)}
  • Google TLS {dns.google ([2001:4860:4860::8844]:853)}
    • -
  • Google HTTPS {https://dns.google/dns-query}
    • -
  • Google HTTPS-JSON {https://dns.google/resolve}
    • +
  • Google HTTPS {https://dns.google/dns-query (8.8.8.8)}
    • +
  • Google HTTPS-JSON {https://dns.google/resolve (8.8.8.8)}
  • Quad9 Secure {9.9.9.9}
  • Quad9 Secure {[2620:fe::fe]}
  • Quad9 Secure TLS {dns.quad9.net (9.9.9.9:853)}
  • Quad9 Secure TLS {dns.quad9.net ([2620:fe::fe]:853)}
    • -
  • Quad9 Secure HTTPS {https://dns.quad9.net/dns-query}
    • +
  • Quad9 Secure HTTPS {https://dns.quad9.net/dns-query (9.9.9.9)}
  • Quad9 Unsecure {9.9.9.10}
  • Quad9 Unsecure {[2620:fe::10]}
  • Quad9 Unsecure TLS {dns10.quad9.net (9.9.9.10:853)}
  • Quad9 Unsecure TLS {dns10.quad9.net ([2620:fe::10]:853)}
    • -
  • Quad9 Unsecure HTTPS {https://dns10.quad9.net/dns-query}
    • +
  • Quad9 Unsecure HTTPS {https://dns10.quad9.net/dns-query (9.9.9.10)}
  • OpenDNS {208.67.222.222}
  • OpenDNS {208.67.220.220}
  • OpenDNS {[2620:0:ccc::2]}
    • @@ -828,6 +828,27 @@
    Help: How To Host Your Own DNS-over-HTTPS And DNS-over-TLS Services
    +
    +
    + +
    + + + + + + + + + +
    Key NameShared Secret
    +
    +
    The shared secret can be a base64 string or a literal string. Keep the shared secret empty if you want to auto generate a strong key.
    +
    + +
    Note! You will need to select these TSIG keys for zone transfer in the zone options separately. This DNS server supports hmac-md5, hmac-sha1, hmac-sha256 (recommended), hmac-sha256-128, hmac-sha384, hmac-sha384-192, hmac-sha512, and hmac-sha512-256 algorithms.
    +
    +
    @@ -969,12 +990,21 @@
    - +
    - + (set 0 to disable)
    -
    The maximum queries a client can make per minute on average based on the sample size.
    +
    The maximum queries a client subnet can make per minute on average based on the sample size.
    +
    + +
    + +
    + + (set 0 to disable) +
    +
    The maximum queries that generate an error response a client subnet can make per minute on average based on the sample size. Responses with RCODE as FormatError, ServerFailure, or Refused are considered as error responses.
    @@ -987,15 +1017,24 @@
    - +
    - - minutes (valid range 1-60; default 1) + + (valid range 0-32; default 24)
    -
    The interval to sample client query stats.
    +
    The IPv4 prefix length to define the client subnet.
    -
    Note! Queries Per Minute (QPM) feature will limit requests from a client based on its IP address. The QPM limit configured will be compared with the average count from the sample size which means a client may exceed the QPM limit for a given minute but won't exceed for the given sample size in minutes. Additionally, any client hitting QPM limit for Refused responses will be automatically blocked for 12 hours.
    +
    + +
    + + (valid range 0-64; default 56) +
    +
    The IPv6 prefix length to define the client subnet.
    +
    + +
    Note! Queries Per Minute (QPM) feature will limit requests from a client subnet based on its IP address and the specified subnet prefix lengths. The QPM limit configured will be compared with the average count from the sample size which means a client may exceed the QPM limit for a given minute but won't exceed for the given sample size in minutes.
    @@ -1922,8 +1961,8 @@
    @@ -2178,8 +2217,8 @@ ns1.example.com ([2001:db8::]:853)
    @@ -2372,7 +2411,7 @@ ns1.example.com ([2001:db8::]:853)
    - +
    @@ -2497,23 +2536,17 @@ ns1.example.com ([2001:db8::]:853)
    - -
    - - - - - - - - - -
    Key NameShared Secret
    + +
    + + + +
    -
    The shared secret can be a base64 string or a literal string. Keep the shared secret empty if you want to auto generate a strong key.
    -
    Note! TSIG allows authenticating requests when at least one key is configured. A secondary zone must be configured with one of the above keys to be able to perform zone transfer. This server supports hmac-md5, hmac-sha1, hmac-sha256 (recommended), hmac-sha256-128, hmac-sha384, hmac-sha384-192, hmac-sha512, and hmac-sha512-256 algorithms.
    +
    Note! Entering one or more TSIG key names above will cause the DNS server to authenticate all zone transfer requests. A secondary zone must be configured with one of the above keys to be able to perform a zone transfer.
    @@ -2703,7 +2736,7 @@ ns1.example.com ([2001:db8::]:853)
    - +

    Note: The app will reload the config automatically after you save it.