[PATCH] layer3: Add option to validate dnssec on the router
Christian Dresel
fff at chrisi01.de
Fr Apr 3 19:30:55 CEST 2020
With this patch it is possible to activate dnssec validation on the layer3 router
Signed-off-by: Christian Dresel <fff at chrisi01.de>
---
src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
index 20503bf..9299135 100644
--- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
+++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
@@ -1,6 +1,9 @@
configure() {
## dns
uci -q del dhcp. at dnsmasq[0].server
+ uci -q del dhcp. at dnsmasq[0].proxydnssec
+ uci -q del stubby.global.appdata_dir
+ uci -q del stubby.global.dnssec_return_status
if [ $(uci -q get gateway. at dns[0].dnsdot) == 1 ]; then
uci add_list dhcp. at dnsmasq[0].server="::1#5453"
uci add_list dhcp. at dnsmasq[0].server="127.0.0.1#5453"
@@ -16,7 +19,11 @@ configure() {
else
echo "WARNING: No DNS servers set!"
fi
-
+ if [ $(uci -q get gateway. at dns[0].dnssec_validation) == 1 ]; then
+ uci set dhcp. at dnsmasq[0].proxydnssec="1"
+ uci set stubby.global.appdata_dir="/tmp/stubby"
+ uci set stubby.global.dnssec_return_status="1"
+ fi
else
if dnsservers=$(uci -q get gateway. at dns[0].server); then
for f in $dnsservers; do
--
2.11.0
Mehr Informationen über die Mailingliste franken-dev