Merge pull request #3794 from pi-hole/security/non_FQDNs_locality

Security enhancement for the "never forward non-FQDNs" feature
4 years ago · 50100017a5
parent de02bcc8a0 08a84e51d6
commit 50100017a5
1 changed files with 5 additions and 0 deletions
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@ -167,9 +167,11 @@ ProcessDNSSettings() {
    fi

    delete_dnsmasq_setting "domain-needed"
+    delete_dnsmasq_setting "expand-hosts"

    if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
        add_dnsmasq_setting "domain-needed"
+        add_dnsmasq_setting "expand-hosts"
    fi

    delete_dnsmasq_setting "bogus-priv"
@ -370,6 +372,9 @@ dhcp-leasefile=/etc/pihole/dhcp.leases

    if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
        echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
+        if  [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
+          echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}"
+        fi
    fi

    # Sourced from setupVars