Message ID | 20200403173055.6194-1-fff@chrisi01.de |
---|---|
State | Superseded |
Headers | show |
diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns index 20503bf..9299135 100644 --- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns +++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns @@ -1,6 +1,9 @@ configure() { ## dns uci -q del dhcp.@dnsmasq[0].server + uci -q del dhcp.@dnsmasq[0].proxydnssec + uci -q del stubby.global.appdata_dir + uci -q del stubby.global.dnssec_return_status if [ $(uci -q get gateway.@dns[0].dnsdot) == 1 ]; then uci add_list dhcp.@dnsmasq[0].server="::1#5453" uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453" @@ -16,7 +19,11 @@ configure() { else echo "WARNING: No DNS servers set!" fi - + if [ $(uci -q get gateway.@dns[0].dnssec_validation) == 1 ]; then + uci set dhcp.@dnsmasq[0].proxydnssec="1" + uci set stubby.global.appdata_dir="/tmp/stubby" + uci set stubby.global.dnssec_return_status="1" + fi else if dnsservers=$(uci -q get gateway.@dns[0].server); then for f in $dnsservers; do
Hi Christian, > -----Original Message----- > From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf > Of Christian Dresel > Sent: Freitag, 3. April 2020 19:31 > To: franken-dev@freifunk.net > Subject: [PATCH] layer3: Add option to validate dnssec on the router > > With this patch it is possible to activate dnssec validation on the layer3 router > > Signed-off-by: Christian Dresel <fff@chrisi01.de> > --- > src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns > b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns > index 20503bf..9299135 100644 > --- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns > +++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns > @@ -1,6 +1,9 @@ > configure() { > ## dns > uci -q del dhcp.@dnsmasq[0].server > + uci -q del dhcp.@dnsmasq[0].proxydnssec > + uci -q del stubby.global.appdata_dir > + uci -q del stubby.global.dnssec_return_status > if [ $(uci -q get gateway.@dns[0].dnsdot) == 1 ]; then > uci add_list dhcp.@dnsmasq[0].server="::1#5453" > uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453" > @@ -16,7 +19,11 @@ configure() { > else > echo "WARNING: No DNS servers set!" > fi > - > + if [ $(uci -q get gateway.@dns[0].dnssec_validation) == 1 ]; Dieselbe Geschichte wie in dem anderen Patch (= statt == und ggf. Anführungszeichen). Ich würde da einen PKG_RELEASE bump machen, aber das soll zur Not jemand beim Applien ergänzen, sonst haut das mit den nummern eh nie hin. Grüße Adrian > then > + uci set dhcp.@dnsmasq[0].proxydnssec="1" > + uci set stubby.global.appdata_dir="/tmp/stubby" > + uci set stubby.global.dnssec_return_status="1" > + fi > else > if dnsservers=$(uci -q get gateway.@dns[0].server); then > for f in $dnsservers; do > -- > 2.11.0
hi Adrian On 06.04.20 21:11, mail@adrianschmutzler.de wrote: > Hi Christian, > >> -----Original Message----- >> From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf >> Of Christian Dresel >> Sent: Freitag, 3. April 2020 19:31 >> To: franken-dev@freifunk.net >> Subject: [PATCH] layer3: Add option to validate dnssec on the router >> >> With this patch it is possible to activate dnssec validation on the layer3 router >> >> Signed-off-by: Christian Dresel <fff@chrisi01.de> >> --- >> src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 ++++++++- >> 1 file changed, 8 insertions(+), 1 deletion(-) >> >> diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns >> b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns >> index 20503bf..9299135 100644 >> --- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns >> +++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns >> @@ -1,6 +1,9 @@ >> configure() { >> ## dns >> uci -q del dhcp.@dnsmasq[0].server >> + uci -q del dhcp.@dnsmasq[0].proxydnssec >> + uci -q del stubby.global.appdata_dir >> + uci -q del stubby.global.dnssec_return_status >> if [ $(uci -q get gateway.@dns[0].dnsdot) == 1 ]; then >> uci add_list dhcp.@dnsmasq[0].server="::1#5453" >> uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453" >> @@ -16,7 +19,11 @@ configure() { >> else >> echo "WARNING: No DNS servers set!" >> fi >> - >> + if [ $(uci -q get gateway.@dns[0].dnssec_validation) == 1 ]; > > Dieselbe Geschichte wie in dem anderen Patch (= statt == und ggf. Anführungszeichen). kommt morgen eine v2 > > Ich würde da einen PKG_RELEASE bump machen, aber das soll zur Not jemand beim Applien ergänzen, sonst haut das mit den nummern eh nie hin. mach ich dann mit Gruß Christian > > Grüße > > Adrian > >> then >> + uci set dhcp.@dnsmasq[0].proxydnssec="1" >> + uci set stubby.global.appdata_dir="/tmp/stubby" >> + uci set stubby.global.dnssec_return_status="1" >> + fi >> else >> if dnsservers=$(uci -q get gateway.@dns[0].server); then >> for f in $dnsservers; do >> -- >> 2.11.0
With this patch it is possible to activate dnssec validation on the layer3 router Signed-off-by: Christian Dresel <fff@chrisi01.de> --- src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)