[RFC] layer3: Add option to validate dnssec on the router

Submitted by Christian Dresel on Dec. 30, 2019, 2:31 p.m.

Details

Message ID 20191230143128.4656-1-fff@chrisi01.de
State New
Headers show

Commit Message

Christian Dresel Dec. 30, 2019, 2:31 p.m.
With this patch it is possible to activate dnssec validation on the layer3 router

Signed-off-by: Christian Dresel <fff@chrisi01.de>
---
 src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
index 20503bf..9299135 100644
--- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
+++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
@@ -1,6 +1,9 @@ 
 configure() {
 	## dns
 	uci -q del dhcp.@dnsmasq[0].server
+	uci -q del dhcp.@dnsmasq[0].proxydnssec
+	uci -q del stubby.global.appdata_dir
+	uci -q del stubby.global.dnssec_return_status
 	if [ $(uci -q get gateway.@dns[0].dnsdot) == 1 ]; then
 		uci add_list dhcp.@dnsmasq[0].server="::1#5453"
 		uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453"
@@ -16,7 +19,11 @@  configure() {
 		else
 			echo "WARNING: No DNS servers set!"
 		fi
-		
+		if [ $(uci -q get gateway.@dns[0].dnssec_validation) == 1 ]; then
+			uci set dhcp.@dnsmasq[0].proxydnssec="1"
+			uci set stubby.global.appdata_dir="/tmp/stubby"
+			uci set stubby.global.dnssec_return_status="1"
+		fi
 	else
 		if dnsservers=$(uci -q get gateway.@dns[0].server); then
 			for f in $dnsservers; do