mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
ffa628c4e4
Closes: #603. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: Veiko Aasa <veiko17@disroot.org>
67 lines
3.2 KiB
Python
67 lines
3.2 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""Forms for the names app."""
|
|
|
|
from django import forms
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
from plinth.utils import format_lazy
|
|
|
|
|
|
class NamesConfigurationForm(forms.Form):
|
|
"""Form to configure names app."""
|
|
|
|
dns_over_tls = forms.ChoiceField(
|
|
label=_('Use DNS-over-TLS for resolving domains (global preference)'),
|
|
widget=forms.RadioSelect, choices=[
|
|
('yes',
|
|
format_lazy(
|
|
'Yes. Encrypt connections to the DNS server. <p '
|
|
'class="help-block">This improves privacy as domain name '
|
|
'queries will not be made as plain text over the network. It '
|
|
'also improves security as responses from the server cannot '
|
|
'be manipulated. If the configured DNS servers do not '
|
|
'support DNS-over-TLS, all name resolutions will fail. If '
|
|
'your DNS provider (likely your ISP) does not support '
|
|
'DNS-over-TLS or blocks some domains, you can configure '
|
|
'well-known public DNS servers in individual network '
|
|
'connection settings.</p>', allow_markup=True)),
|
|
('opportunistic',
|
|
format_lazy(
|
|
'Opportunistic. <p class="help-block">Encrypt connections to '
|
|
'the DNS server if the server supports DNS-over-TLS. '
|
|
'Otherwise, use unencrypted connections. There is no '
|
|
'protection against response manipulation.</p>',
|
|
allow_markup=True)),
|
|
('no',
|
|
format_lazy(
|
|
'No. <p class="help-block">Do not encrypt domain name '
|
|
'resolutions.</p>', allow_markup=True)),
|
|
], initial='no')
|
|
|
|
dnssec = forms.ChoiceField(
|
|
label=_('Use DNSSEC when resolving domains (global preference)'),
|
|
widget=forms.RadioSelect, choices=[
|
|
('yes',
|
|
format_lazy(
|
|
'Yes. Verify authenticity and integrity of domain '
|
|
'resolutions. <p class="help-block">This improves security. '
|
|
'If the configured DNS servers do not support DNSSEC, all '
|
|
'name resolutions will fail. If your DNS provider (likely '
|
|
'your ISP) does not support DNSSEC or is manipulating '
|
|
'responses, you can configure well-known public DNS servers '
|
|
'in individual network connection settings.</p>',
|
|
allow_markup=True)),
|
|
('allow-downgrade',
|
|
format_lazy(
|
|
'Allow downgrade. <p class="help-block">Verify name '
|
|
'resolutions done by the DNS server if the server supports '
|
|
'DNSSEC. Otherwise, allow unverified resolutions. Limited '
|
|
'improvement to security. Detecting whether a DNS server '
|
|
'supports DNSSEC is not very reliable currently.</p>',
|
|
allow_markup=True)),
|
|
('no',
|
|
format_lazy(
|
|
'No. <p class="help-block">Do not verify domain name '
|
|
'resolutions.</p>', allow_markup=True)),
|
|
], initial='no')
|