[v2] fff-dhcp: Add DNS over TLS option inside the Freifunk backbone

Submitted by Christian Dresel on April 5, 2020, 12:20 p.m.

Details

Message ID 20200405122047.14784-1-fff@chrisi01.de
State New
Headers show

Commit Message

Christian Dresel April 5, 2020, 12:20 p.m. 
With this option it is possible to make DoT (DNS over TLS) from the layer3
router to the DoT DNS Server.

The DNS traffic from Client to the layer3 router is still uncryptet.

On the layer 3 router, dnsmasq forward the DNS to stubby.
Stubby use DoT to ask a resolver inside or outside the Freifunk backbone

For documentation for the options is here:
https://wiki.freifunk-franken.de/w/Gatewayfirmware_Config/mit_stubby#dns_mit_DoT_.C3.BCber_stubby

Signed-off-by: Christian Dresel <fff@chrisi01.de>

---

Changes in v2:
 - fix some quoting
 - increase PKG_RELEASE
---
 src/packages/fff/fff-dhcp/Makefile                 |  5 ++--
 .../fff/fff-dhcp/files/etc/gateway.d/35-dns        | 33 +++++++++++++++++-----
 2 files changed, 29 insertions(+), 9 deletions(-)

Patch hide | download patch | download mbox 

diff --git a/src/packages/fff/fff-dhcp/Makefile b/src/packages/fff/fff-dhcp/Makefile
index 3f0d65c..62e6c25 100644
--- a/src/packages/fff/fff-dhcp/Makefile
+++ b/src/packages/fff/fff-dhcp/Makefile
@@ -1,7 +1,7 @@ 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-dhcp
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-dhcp
 
@@ -12,7 +12,8 @@  define Package/fff-dhcp
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken dhcp
 	URL:=http://www.freifunk-franken.de
-	DEPENDS:=+dnsmasq
+	DEPENDS:=+dnsmasq \
+		 +stubby
 endef
 
 define Package/fff-dhcp/description
diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
index ad9f1cd..89105f0 100644
--- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
+++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
@@ -1,21 +1,40 @@ 
 configure() {
 	## dns
 	uci -q del dhcp.@dnsmasq[0].server
-	if dnsservers=$(uci -q get gateway.@dns[0].server); then
-		for f in $dnsservers; do
-			uci add_list dhcp.@dnsmasq[0].server=$f
-			uci add_list dhcp.@dnsmasq[0].server="/in-addr.arpa/$f"
-			uci add_list dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
-		done
+	if [ $(uci -q get gateway.@dns[0].dnsdot) = 1 ]; then
+		uci add_list dhcp.@dnsmasq[0].server="::1#5453"
+		uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453"
+		uci set dhcp.@dnsmasq[0].noresolv="1"
+		while uci -q delete stubby.@resolver[0]; do :; done
+		if dnsservers=$(uci -q get gateway.@dns[0].server); then
+			for f in $dnsservers; do
+				type="$(echo $f | cut -d @ -f 1)"
+				uci set stubby.$type="resolver"
+				uci set stubby.$type.address="$(echo $f | cut -d @ -f 2)"
+				uci set stubby.$type.tls_auth_name="$(echo $f | cut -d @ -f 3)"
+			done
+		else
+			echo "WARNING: No DNS servers set!"
+		fi
 	else
-		echo "WARNING: No DNS servers set!"
+		if dnsservers=$(uci -q get gateway.@dns[0].server); then
+			for f in $dnsservers; do
+				uci add_list dhcp.@dnsmasq[0].server=$f
+				uci add_list dhcp.@dnsmasq[0].server="/in-addr.arpa/$f"
+				uci add_list dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
+			done
+		else
+			echo "WARNING: No DNS servers set!"
+		fi
 	fi
 }
 
 apply() {
 	uci commit dhcp
+	uci commit stubby
 }
 
 revert() {
 	uci revert dhcp
+	uci revert stubby
 }

Comments

Robert Langhammer April 5, 2020, 3:54 p.m. 
Hi Christian,

Reviewed-by: Robert Langhammer <rlanghammer@web.de>

und sogar an das PKG_RELEASE gedacht!

Am 05.04.20 um 14:20 schrieb Christian Dresel:
> With this option it is possible to make DoT (DNS over TLS) from the layer3
> router to the DoT DNS Server.
>
> The DNS traffic from Client to the layer3 router is still uncryptet.
>
> On the layer 3 router, dnsmasq forward the DNS to stubby.
> Stubby use DoT to ask a resolver inside or outside the Freifunk backbone
>
> For documentation for the options is here:
> https://wiki.freifunk-franken.de/w/Gatewayfirmware_Config/mit_stubby#dns_mit_DoT_.C3.BCber_stubby
>
> Signed-off-by: Christian Dresel <fff@chrisi01.de>
>
> ---
>
> Changes in v2:
>  - fix some quoting
>  - increase PKG_RELEASE
> ---
Adrian Schmutzler April 6, 2020, 5:59 p.m. 
Hallo Christian,

nur ein paar dumme Kommentare/Fragen:

> -----Original Message-----
> From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf
> Of Christian Dresel
> Sent: Sonntag, 5. April 2020 14:21
> To: franken-dev@freifunk.net
> Subject: [PATCH v2] fff-dhcp: Add DNS over TLS option inside the Freifunk
> backbone
> 
> With this option it is possible to make DoT (DNS over TLS) from the layer3
> router to the DoT DNS Server.
> 
> The DNS traffic from Client to the layer3 router is still uncryptet.

uncryptet -> unencrypted

> 
> On the layer 3 router, dnsmasq forward the DNS to stubby.

forward -> forwards

> Stubby use DoT to ask a resolver inside or outside the Freifunk backbone

use -> uses; "ask a" -> "ask for a"

> 
> For documentation for the options is here:

"of the options"

> https://wiki.freifunk-
> franken.de/w/Gatewayfirmware_Config/mit_stubby#dns_mit_DoT_.C3.BCb
> er_stubby
> 
> Signed-off-by: Christian Dresel <fff@chrisi01.de>
> 
> ---
> 
> Changes in v2:
>  - fix some quoting
>  - increase PKG_RELEASE
> ---
>  src/packages/fff/fff-dhcp/Makefile                 |  5 ++--
>  .../fff/fff-dhcp/files/etc/gateway.d/35-dns        | 33 +++++++++++++++++---
> --
>  2 files changed, 29 insertions(+), 9 deletions(-)
> 
> diff --git a/src/packages/fff/fff-dhcp/Makefile b/src/packages/fff/fff-
> dhcp/Makefile
> index 3f0d65c..62e6c25 100644
> --- a/src/packages/fff/fff-dhcp/Makefile
> +++ b/src/packages/fff/fff-dhcp/Makefile
> @@ -1,7 +1,7 @@
>  include $(TOPDIR)/rules.mk
> 
>  PKG_NAME:=fff-dhcp
> -PKG_RELEASE:=2
> +PKG_RELEASE:=3
> 
>  PKG_BUILD_DIR:=$(BUILD_DIR)/fff-dhcp
> 
> @@ -12,7 +12,8 @@ define Package/fff-dhcp
>  	CATEGORY:=Freifunk
>  	TITLE:=Freifunk-Franken dhcp
>  	URL:=http://www.freifunk-franken.de
> -	DEPENDS:=+dnsmasq
> +	DEPENDS:=+dnsmasq \
> +		 +stubby
>  endef
> 
>  define Package/fff-dhcp/description
> diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
> b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
> index ad9f1cd..89105f0 100644
> --- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
> +++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
> @@ -1,21 +1,40 @@
>  configure() {
>  	## dns
>  	uci -q del dhcp.@dnsmasq[0].server
> -	if dnsservers=$(uci -q get gateway.@dns[0].server); then
> -		for f in $dnsservers; do
> -			uci add_list dhcp.@dnsmasq[0].server=$f
> -			uci add_list dhcp.@dnsmasq[0].server="/in-
> addr.arpa/$f"
> -			uci add_list dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
> -		done
> +	if [ $(uci -q get gateway.@dns[0].dnsdot) = 1 ]; then

Ich würde beide zu vergleichende Werte in Anführungszeichen setzen, damit sicher Strings verglichen werden, und keine Zahlen:

[ "$(uci -q get gateway.@dns[0].dnsdot)" = "1" ]

Ist aber in der Praxis wahrscheinlich ziemlich wurscht.

> +		uci add_list dhcp.@dnsmasq[0].server="::1#5453"
> +		uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453"
> +		uci set dhcp.@dnsmasq[0].noresolv="1"
> +		while uci -q delete stubby.@resolver[0]; do :; done

Diese Zeile ist eigentlich der Grund, warum ich überhaupt eine Mail geschrieben habe:
Was tut die?
Für mich sieht das aus wie ein kompliziertes Äquivalent von
uci -q delete stubby.@resolver[0]

Beste Grüße

Adrian

> +		if dnsservers=$(uci -q get gateway.@dns[0].server); then
> +			for f in $dnsservers; do
> +				type="$(echo $f | cut -d @ -f 1)"
> +				uci set stubby.$type="resolver"
> +				uci set stubby.$type.address="$(echo $f | cut
> -d @ -f 2)"
> +				uci set stubby.$type.tls_auth_name="$(echo
> $f | cut -d @ -f 3)"
> +			done
> +		else
> +			echo "WARNING: No DNS servers set!"
> +		fi
>  	else
> -		echo "WARNING: No DNS servers set!"
> +		if dnsservers=$(uci -q get gateway.@dns[0].server); then
> +			for f in $dnsservers; do
> +				uci add_list dhcp.@dnsmasq[0].server=$f
> +				uci add_list dhcp.@dnsmasq[0].server="/in-
> addr.arpa/$f"
> +				uci add_list
> dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
> +			done
> +		else
> +			echo "WARNING: No DNS servers set!"
> +		fi
>  	fi
>  }
> 
>  apply() {
>  	uci commit dhcp
> +	uci commit stubby
>  }
> 
>  revert() {
>  	uci revert dhcp
> +	uci revert stubby
>  }
> --
> 2.11.0
Christian Dresel April 6, 2020, 8:23 p.m. 
Hallo Adrian

On 06.04.20 19:59, mail@adrianschmutzler.de wrote:
> Hallo Christian,
> 
> nur ein paar dumme Kommentare/Fragen:
> 
>> -----Original Message-----
>> From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf
>> Of Christian Dresel
>> Sent: Sonntag, 5. April 2020 14:21
>> To: franken-dev@freifunk.net
>> Subject: [PATCH v2] fff-dhcp: Add DNS over TLS option inside the Freifunk
>> backbone
>>
>> With this option it is possible to make DoT (DNS over TLS) from the layer3
>> router to the DoT DNS Server.
>>
>> The DNS traffic from Client to the layer3 router is still uncryptet.
> 
> uncryptet -> unencrypted
> 
>>
>> On the layer 3 router, dnsmasq forward the DNS to stubby.
> 
> forward -> forwards
> 
>> Stubby use DoT to ask a resolver inside or outside the Freifunk backbone
> 
> use -> uses; "ask a" -> "ask for a"
> 
>>
>> For documentation for the options is here:
> 
> "of the options"
> 
>> https://wiki.freifunk-
>> franken.de/w/Gatewayfirmware_Config/mit_stubby#dns_mit_DoT_.C3.BCb
>> er_stubby
>>
>> Signed-off-by: Christian Dresel <fff@chrisi01.de>
>>
>> ---
>>
>> Changes in v2:
>>  - fix some quoting
>>  - increase PKG_RELEASE
>> ---
>>  src/packages/fff/fff-dhcp/Makefile                 |  5 ++--
>>  .../fff/fff-dhcp/files/etc/gateway.d/35-dns        | 33 +++++++++++++++++---
>> --
>>  2 files changed, 29 insertions(+), 9 deletions(-)
>>
>> diff --git a/src/packages/fff/fff-dhcp/Makefile b/src/packages/fff/fff-
>> dhcp/Makefile
>> index 3f0d65c..62e6c25 100644
>> --- a/src/packages/fff/fff-dhcp/Makefile
>> +++ b/src/packages/fff/fff-dhcp/Makefile
>> @@ -1,7 +1,7 @@
>>  include $(TOPDIR)/rules.mk
>>
>>  PKG_NAME:=fff-dhcp
>> -PKG_RELEASE:=2
>> +PKG_RELEASE:=3
>>
>>  PKG_BUILD_DIR:=$(BUILD_DIR)/fff-dhcp
>>
>> @@ -12,7 +12,8 @@ define Package/fff-dhcp
>>  	CATEGORY:=Freifunk
>>  	TITLE:=Freifunk-Franken dhcp
>>  	URL:=http://www.freifunk-franken.de
>> -	DEPENDS:=+dnsmasq
>> +	DEPENDS:=+dnsmasq \
>> +		 +stubby
>>  endef
>>
>>  define Package/fff-dhcp/description
>> diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
>> b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
>> index ad9f1cd..89105f0 100644
>> --- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
>> +++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
>> @@ -1,21 +1,40 @@
>>  configure() {
>>  	## dns
>>  	uci -q del dhcp.@dnsmasq[0].server
>> -	if dnsservers=$(uci -q get gateway.@dns[0].server); then
>> -		for f in $dnsservers; do
>> -			uci add_list dhcp.@dnsmasq[0].server=$f
>> -			uci add_list dhcp.@dnsmasq[0].server="/in-
>> addr.arpa/$f"
>> -			uci add_list dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
>> -		done
>> +	if [ $(uci -q get gateway.@dns[0].dnsdot) = 1 ]; then
> 
> Ich würde beide zu vergleichende Werte in Anführungszeichen setzen, damit sicher Strings verglichen werden, und keine Zahlen:
> 
> [ "$(uci -q get gateway.@dns[0].dnsdot)" = "1" ]
> 
> Ist aber in der Praxis wahrscheinlich ziemlich wurscht.

am Ende gibts viele Möglichkeiten, ich hab ja sogar über ein

if uci -q get gateway.@dns[0].dnsdot; then

nachgedacht aber am Ende... wurscht.

> 
>> +		uci add_list dhcp.@dnsmasq[0].server="::1#5453"
>> +		uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453"
>> +		uci set dhcp.@dnsmasq[0].noresolv="1"
>> +		while uci -q delete stubby.@resolver[0]; do :; done
> 
> Diese Zeile ist eigentlich der Grund, warum ich überhaupt eine Mail geschrieben habe:
> Was tut die?
> Für mich sieht das aus wie ein kompliziertes Äquivalent von
> uci -q delete stubby.@resolver[0]

tja sagen wir so, meine Programmierkenntnisse sind in etwa so gut wie
meine Englischkenntnisse (scheiße was kann ich eigentlich überhaupt?
Deutsch klappt ja auch nie... ah Fränkisch wäre was ;)) hab ich mich
hier einfach aus dem OpenWRT Wiki bedient:

https://openwrt.org/docs/guide-user/services/dns/dot_dnsmasq_stubby#dot_provider

also ja, vermutlich macht sie genau das gleiche.

Gruß

Christian

> 
> Beste Grüße
> 
> Adrian
> 
>> +		if dnsservers=$(uci -q get gateway.@dns[0].server); then
>> +			for f in $dnsservers; do
>> +				type="$(echo $f | cut -d @ -f 1)"
>> +				uci set stubby.$type="resolver"
>> +				uci set stubby.$type.address="$(echo $f | cut
>> -d @ -f 2)"
>> +				uci set stubby.$type.tls_auth_name="$(echo
>> $f | cut -d @ -f 3)"
>> +			done
>> +		else
>> +			echo "WARNING: No DNS servers set!"
>> +		fi
>>  	else
>> -		echo "WARNING: No DNS servers set!"
>> +		if dnsservers=$(uci -q get gateway.@dns[0].server); then
>> +			for f in $dnsservers; do
>> +				uci add_list dhcp.@dnsmasq[0].server=$f
>> +				uci add_list dhcp.@dnsmasq[0].server="/in-
>> addr.arpa/$f"
>> +				uci add_list
>> dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
>> +			done
>> +		else
>> +			echo "WARNING: No DNS servers set!"
>> +		fi
>>  	fi
>>  }
>>
>>  apply() {
>>  	uci commit dhcp
>> +	uci commit stubby
>>  }
>>
>>  revert() {
>>  	uci revert dhcp
>> +	uci revert stubby
>>  }
>> --
>> 2.11.0
Adrian Schmutzler April 6, 2020, 8:39 p.m. 
Hallo Christian,

> -----Original Message-----
> From: Christian Dresel [mailto:fff@chrisi01.de]
> Sent: Montag, 6. April 2020 22:23
> To: mail@adrianschmutzler.de; franken-dev@freifunk.net
> Subject: Re: [PATCH v2] fff-dhcp: Add DNS over TLS option inside the
> Freifunk backbone
> 
> Hallo Adrian
> 
> On 06.04.20 19:59, mail@adrianschmutzler.de wrote:
> > Hallo Christian,
> >
> > nur ein paar dumme Kommentare/Fragen:
> >
> >> -----Original Message-----
> >> From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On
> Behalf
> >> Of Christian Dresel
> >> Sent: Sonntag, 5. April 2020 14:21
> >> To: franken-dev@freifunk.net
> >> Subject: [PATCH v2] fff-dhcp: Add DNS over TLS option inside the
> >> Freifunk backbone
> >>
> >> With this option it is possible to make DoT (DNS over TLS) from the
> >> layer3 router to the DoT DNS Server.
> >>
> >> The DNS traffic from Client to the layer3 router is still uncryptet.
> >
> > uncryptet -> unencrypted
> >
> >>
> >> On the layer 3 router, dnsmasq forward the DNS to stubby.
> >
> > forward -> forwards
> >
> >> Stubby use DoT to ask a resolver inside or outside the Freifunk
> >> backbone
> >
> > use -> uses; "ask a" -> "ask for a"
> >
> >>
> >> For documentation for the options is here:
> >
> > "of the options"
> >
> >> https://wiki.freifunk-
> >>
> franken.de/w/Gatewayfirmware_Config/mit_stubby#dns_mit_DoT_.C3.BCb
> >> er_stubby
> >>
> >> Signed-off-by: Christian Dresel <fff@chrisi01.de>
> >>
> >> ---
> >>
> >> Changes in v2:
> >>  - fix some quoting
> >>  - increase PKG_RELEASE
> >> ---
> >>  src/packages/fff/fff-dhcp/Makefile                 |  5 ++--
> >>  .../fff/fff-dhcp/files/etc/gateway.d/35-dns        | 33
> +++++++++++++++++---
> >> --
> >>  2 files changed, 29 insertions(+), 9 deletions(-)
> >>
> >> diff --git a/src/packages/fff/fff-dhcp/Makefile
> >> b/src/packages/fff/fff- dhcp/Makefile index 3f0d65c..62e6c25 100644
> >> --- a/src/packages/fff/fff-dhcp/Makefile
> >> +++ b/src/packages/fff/fff-dhcp/Makefile
> >> @@ -1,7 +1,7 @@
> >>  include $(TOPDIR)/rules.mk
> >>
> >>  PKG_NAME:=fff-dhcp
> >> -PKG_RELEASE:=2
> >> +PKG_RELEASE:=3
> >>
> >>  PKG_BUILD_DIR:=$(BUILD_DIR)/fff-dhcp
> >>
> >> @@ -12,7 +12,8 @@ define Package/fff-dhcp
> >>  	CATEGORY:=Freifunk
> >>  	TITLE:=Freifunk-Franken dhcp
> >>  	URL:=http://www.freifunk-franken.de
> >> -	DEPENDS:=+dnsmasq
> >> +	DEPENDS:=+dnsmasq \
> >> +		 +stubby
> >>  endef
> >>
> >>  define Package/fff-dhcp/description
> >> diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
> >> b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
> >> index ad9f1cd..89105f0 100644
> >> --- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
> >> +++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns
> >> @@ -1,21 +1,40 @@
> >>  configure() {
> >>  	## dns
> >>  	uci -q del dhcp.@dnsmasq[0].server
> >> -	if dnsservers=$(uci -q get gateway.@dns[0].server); then
> >> -		for f in $dnsservers; do
> >> -			uci add_list dhcp.@dnsmasq[0].server=$f
> >> -			uci add_list dhcp.@dnsmasq[0].server="/in-
> >> addr.arpa/$f"
> >> -			uci add_list dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
> >> -		done
> >> +	if [ $(uci -q get gateway.@dns[0].dnsdot) = 1 ]; then
> >
> > Ich würde beide zu vergleichende Werte in Anführungszeichen setzen,
> damit sicher Strings verglichen werden, und keine Zahlen:
> >
> > [ "$(uci -q get gateway.@dns[0].dnsdot)" = "1" ]
> >
> > Ist aber in der Praxis wahrscheinlich ziemlich wurscht.
> 
> am Ende gibts viele Möglichkeiten, ich hab ja sogar über ein
> 
> if uci -q get gateway.@dns[0].dnsdot; then
> 
> nachgedacht aber am Ende... wurscht.
> 
> >
> >> +		uci add_list dhcp.@dnsmasq[0].server="::1#5453"
> >> +		uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453"
> >> +		uci set dhcp.@dnsmasq[0].noresolv="1"
> >> +		while uci -q delete stubby.@resolver[0]; do :; done
> >
> > Diese Zeile ist eigentlich der Grund, warum ich überhaupt eine Mail
> geschrieben habe:
> > Was tut die?
> > Für mich sieht das aus wie ein kompliziertes Äquivalent von uci -q
> > delete stubby.@resolver[0]
> 
> tja sagen wir so, meine Programmierkenntnisse sind in etwa so gut wie
> meine Englischkenntnisse (scheiße was kann ich eigentlich überhaupt?
> Deutsch klappt ja auch nie... ah Fränkisch wäre was ;)) hab ich mich hier
> einfach aus dem OpenWRT Wiki bedient:
> 
> https://openwrt.org/docs/guide-
> user/services/dns/dot_dnsmasq_stubby#dot_provider
> 
> also ja, vermutlich macht sie genau das gleiche.

Kommando zurück, ich habe das jetzt erst wirklich verstanden:

Sobald ein Eintrag gelöscht ist, wird der bisherige @resolver[1] zum neuen @resolver[0].
Damit cyclest du doch tatsächlich über alle Einträge, ich dachte nur zunächst, dass das [0] ja statisch wäre. Aber die Daten sind nicht statisch....
Also unbedingt die Schleife belassen und einen Kommentar ergänzen, damit das nicht jemand wie ich in nem halben Jahr rausoptimieren will.

Beste Grüße

Adrian

> 
> Gruß
> 
> Christian
> 
> >
> > Beste Grüße
> >
> > Adrian
> >
> >> +		if dnsservers=$(uci -q get gateway.@dns[0].server); then
> >> +			for f in $dnsservers; do
> >> +				type="$(echo $f | cut -d @ -f 1)"
> >> +				uci set stubby.$type="resolver"
> >> +				uci set stubby.$type.address="$(echo $f | cut
> >> -d @ -f 2)"
> >> +				uci set stubby.$type.tls_auth_name="$(echo
> >> $f | cut -d @ -f 3)"
> >> +			done
> >> +		else
> >> +			echo "WARNING: No DNS servers set!"
> >> +		fi
> >>  	else
> >> -		echo "WARNING: No DNS servers set!"
> >> +		if dnsservers=$(uci -q get gateway.@dns[0].server); then
> >> +			for f in $dnsservers; do
> >> +				uci add_list dhcp.@dnsmasq[0].server=$f
> >> +				uci add_list dhcp.@dnsmasq[0].server="/in-
> >> addr.arpa/$f"
> >> +				uci add_list
> >> dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
> >> +			done
> >> +		else
> >> +			echo "WARNING: No DNS servers set!"
> >> +		fi
> >>  	fi
> >>  }
> >>
> >>  apply() {
> >>  	uci commit dhcp
> >> +	uci commit stubby
> >>  }
> >>
> >>  revert() {
> >>  	uci revert dhcp
> >> +	uci revert stubby
> >>  }
> >> --
> >> 2.11.0
Adrian Schmutzler April 15, 2020, 4:01 p.m. 
Hallo nochmal,

stubby ist aus den Packages, d.h. man muss das in „buildscript“ hier mit auflisten:

https://github.com/FreifunkFranken/firmware/blob/master/buildscript#L27

Außerdem braucht man die dependency auch für deinen dnssec patch?

Grüße

Adrian