[PATCH] layer3: Add option to validate dnssec on the router

Mo Apr 6 22:24:20 CEST 2020

hi Adrian

On 06.04.20 21:11, mail at adrianschmutzler.de wrote:
> Hi Christian,
> 
>> -----Original Message-----
>> From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf
>> Of Christian Dresel
>> Sent: Freitag, 3. April 2020 19:31
>> To: franken-dev at freifunk.net
>> Subject: [PATCH] layer3: Add option to validate dnssec on the router
>>
>> With this patch it is possible to activate dnssec validation on the layer3 router
>>
>> Signed-off-by: Christian Dresel <fff at chrisi01.de>
>> ---
>>  src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 ++++++++-
>>  1 file changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
>> b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
>> index 20503bf..9299135 100644
>> --- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
>> +++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
>> @@ -1,6 +1,9 @@
>>  configure() {
>>  	## dns
>>  	uci -q del dhcp. at dnsmasq[0].server
>> +	uci -q del dhcp. at dnsmasq[0].proxydnssec
>> +	uci -q del stubby.global.appdata_dir
>> +	uci -q del stubby.global.dnssec_return_status
>>  	if [ $(uci -q get gateway. at dns[0].dnsdot) == 1 ]; then
>>  		uci add_list dhcp. at dnsmasq[0].server="::1#5453"
>>  		uci add_list dhcp. at dnsmasq[0].server="127.0.0.1#5453"
>> @@ -16,7 +19,11 @@ configure() {
>>  		else
>>  			echo "WARNING: No DNS servers set!"
>>  		fi
>> -
>> +		if [ $(uci -q get gateway. at dns[0].dnssec_validation) == 1 ];
> 
> Dieselbe Geschichte wie in dem anderen Patch (= statt == und ggf. Anführungszeichen).

kommt morgen eine v2

> 
> Ich würde da einen PKG_RELEASE bump machen, aber das soll zur Not jemand beim Applien ergänzen, sonst haut das mit den nummern eh nie hin.

mach ich dann mit

Gruß

Christian

> 
> Grüße
> 
> Adrian
> 
>> then
>> +			uci set dhcp. at dnsmasq[0].proxydnssec="1"
>> +			uci set stubby.global.appdata_dir="/tmp/stubby"
>> +			uci set stubby.global.dnssec_return_status="1"
>> +		fi
>>  	else
>>  		if dnsservers=$(uci -q get gateway. at dns[0].server); then
>>  			for f in $dnsservers; do
>> --
>> 2.11.0