[v2 1/1] layer3: Add option to validate dnssec on the router

Christian Dresel fff at chrisi01.de
Sa Apr 11 11:06:08 CEST 2020


With this patch it is possible to activate dnssec validation on the layer3 router

Signed-off-by: Christian Dresel <fff at chrisi01.de>

---
Changes in v2:
 - increase PKG_RELEASE
 - fix if to only one "="
---
 src/packages/fff/fff-dhcp/Makefile                   | 2 +-
 src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/packages/fff/fff-dhcp/Makefile b/src/packages/fff/fff-dhcp/Makefile
index 62e6c25..d6ba954 100644
--- a/src/packages/fff/fff-dhcp/Makefile
+++ b/src/packages/fff/fff-dhcp/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-dhcp
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-dhcp
 
diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
index 89105f0..b852197 100644
--- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
+++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
@@ -1,6 +1,9 @@
 configure() {
 	## dns
 	uci -q del dhcp. at dnsmasq[0].server
+	uci -q del dhcp. at dnsmasq[0].proxydnssec
+	uci -q del stubby.global.appdata_dir
+	uci -q del stubby.global.dnssec_return_status
 	if [ $(uci -q get gateway. at dns[0].dnsdot) = 1 ]; then
 		uci add_list dhcp. at dnsmasq[0].server="::1#5453"
 		uci add_list dhcp. at dnsmasq[0].server="127.0.0.1#5453"
@@ -16,6 +19,12 @@ configure() {
 		else
 			echo "WARNING: No DNS servers set!"
 		fi
+		if [ $(uci -q get gateway. at dns[0].dnssec_validation) = 1 ]; then
+			uci set dhcp. at dnsmasq[0].proxydnssec="1"
+			uci set stubby.global.appdata_dir="/tmp/stubby"
+			uci set stubby.global.dnssec_return_status="1"
+
+		fi
 	else
 		if dnsservers=$(uci -q get gateway. at dns[0].server); then
 			for f in $dnsservers; do
-- 
2.11.0



Mehr Informationen über die Mailingliste franken-dev