[PATCH] layer3: Add option to validate dnssec on the router

[Christian Dresel]

With this patch it is possible to activate dnssec validation on the layer3 router

Signed-off-by: Christian Dresel <fff at chrisi01.de>
---
 src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
index 20503bf..9299135 100644
--- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
+++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
@@ -1,6 +1,9 @@
 configure() {
 	## dns
 	uci -q del dhcp. at dnsmasq[0].server
+	uci -q del dhcp. at dnsmasq[0].proxydnssec
+	uci -q del stubby.global.appdata_dir
+	uci -q del stubby.global.dnssec_return_status
 	if [ $(uci -q get gateway. at dns[0].dnsdot) == 1 ]; then
 		uci add_list dhcp. at dnsmasq[0].server="::1#5453"
 		uci add_list dhcp. at dnsmasq[0].server="127.0.0.1#5453"
@@ -16,7 +19,11 @@ configure() {
 		else
 			echo "WARNING: No DNS servers set!"
 		fi
-		
+		if [ $(uci -q get gateway. at dns[0].dnssec_validation) == 1 ]; then
+			uci set dhcp. at dnsmasq[0].proxydnssec="1"
+			uci set stubby.global.appdata_dir="/tmp/stubby"
+			uci set stubby.global.dnssec_return_status="1"
+		fi
 	else
 		if dnsservers=$(uci -q get gateway. at dns[0].server); then
 			for f in $dnsservers; do
-- 
2.11.0