From d7e0752d12e5b30691122da6f2c8bf0d065dd199 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Wed, 28 Aug 2024 15:40:24 -0700 Subject: [PATCH] privacy: Implement a way to disable fallback DNS servers - Using public DNS servers leads to user's domain queries being known to the servers, violating privacy. However, it is necessary to address many corner cases when DNS servers are not known to systemd-resolved but internet connectivity is working. Allow users to disable fallback DNS servers. Tests: - After upgrade to latest version of FreedomBox, the setting is on by default. - Disabling removes the /etc configuration file and resolvectl shows no fallback DNS entries. - Enabling add the /etc configuration file and resolvectl shows fallback entries. After removing existing DNS servers using resolvectl, one can still query using fallback servers. Signed-off-by: Sunil Mohan Adapa Reviewed-by: Veiko Aasa --- plinth/modules/privacy/forms.py | 8 ++++++++ plinth/modules/privacy/views.py | 10 ++++++++++ 2 files changed, 18 insertions(+) diff --git a/plinth/modules/privacy/forms.py b/plinth/modules/privacy/forms.py index c824b63a5..065a7ffa2 100644 --- a/plinth/modules/privacy/forms.py +++ b/plinth/modules/privacy/forms.py @@ -22,3 +22,11 @@ class PrivacyForm(forms.Form): 'target="_blank">popcon.debian.org. Submission happens over ' 'the Tor network for additional anonymity if Tor app is enabled.' ), box_name=_(cfg.box_name))) + + dns_fallback = forms.BooleanField( + label=_('Allow using fallback DNS servers'), required=False, + help_text=_( + 'Use well-known public DNS servers to resolve domain names in ' + 'unusual circumstances where no DNS servers are known but ' + 'internet connectivity is available. Can be disabled in most ' + 'cases if network connectivity is stable and reliable.')) diff --git a/plinth/modules/privacy/views.py b/plinth/modules/privacy/views.py index a60e091e1..ead4fc455 100644 --- a/plinth/modules/privacy/views.py +++ b/plinth/modules/privacy/views.py @@ -4,6 +4,7 @@ from django.contrib import messages from django.utils.translation import gettext as _ +import plinth.modules.names.privileged as names_privileged from plinth.modules.privacy.forms import PrivacyForm from plinth.views import AppView @@ -20,6 +21,7 @@ class PrivacyAppView(AppView): """Return the values to fill in the form.""" initial = super().get_initial() initial.update(privileged.get_configuration()) + initial.update(names_privileged.get_resolved_configuration()) return initial def form_valid(self, form): @@ -28,11 +30,19 @@ class PrivacyAppView(AppView): old_config = form.initial changes = {} + is_changed = False if old_config['enable_popcon'] != new_config['enable_popcon']: changes['enable_popcon'] = new_config['enable_popcon'] + if old_config['dns_fallback'] != new_config['dns_fallback']: + names_privileged.set_resolved_configuration( + dns_fallback=new_config['dns_fallback']) + is_changed = True + if changes: privileged.set_configuration(**changes) + + if changes or is_changed: messages.success(self.request, _('Configuration updated')) return super().form_valid(form)