[v2 1/1] layer3: Add option to validate dnssec on the router
Christian Dresel
fff at chrisi01.de
Sa Apr 11 11:06:08 CEST 2020
With this patch it is possible to activate dnssec validation on the layer3 router
Signed-off-by: Christian Dresel <fff at chrisi01.de>
---
Changes in v2:
- increase PKG_RELEASE
- fix if to only one "="
---
src/packages/fff/fff-dhcp/Makefile | 2 +-
src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/packages/fff/fff-dhcp/Makefile b/src/packages/fff/fff-dhcp/Makefile
index 62e6c25..d6ba954 100644
--- a/src/packages/fff/fff-dhcp/Makefile
+++ b/src/packages/fff/fff-dhcp/Makefile
@@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-dhcp
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_BUILD_DIR:=$(BUILD_DIR)/fff-dhcp
diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
index 89105f0..b852197 100644
--- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
+++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
@@ -1,6 +1,9 @@
configure() {
## dns
uci -q del dhcp. at dnsmasq[0].server
+ uci -q del dhcp. at dnsmasq[0].proxydnssec
+ uci -q del stubby.global.appdata_dir
+ uci -q del stubby.global.dnssec_return_status
if [ $(uci -q get gateway. at dns[0].dnsdot) = 1 ]; then
uci add_list dhcp. at dnsmasq[0].server="::1#5453"
uci add_list dhcp. at dnsmasq[0].server="127.0.0.1#5453"
@@ -16,6 +19,12 @@ configure() {
else
echo "WARNING: No DNS servers set!"
fi
+ if [ $(uci -q get gateway. at dns[0].dnssec_validation) = 1 ]; then
+ uci set dhcp. at dnsmasq[0].proxydnssec="1"
+ uci set stubby.global.appdata_dir="/tmp/stubby"
+ uci set stubby.global.dnssec_return_status="1"
+
+ fi
else
if dnsservers=$(uci -q get gateway. at dns[0].server); then
for f in $dnsservers; do
--
2.11.0
Mehr Informationen über die Mailingliste franken-dev