From patchwork Sat Apr 11 09:06:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [v2,1/1] layer3: Add option to validate dnssec on the router From: Christian Dresel X-Patchwork-Id: 1334 Message-Id: <20200411090608.8178-1-fff@chrisi01.de> To: franken-dev@freifunk.net Date: Sat, 11 Apr 2020 11:06:08 +0200 With this patch it is possible to activate dnssec validation on the layer3 router Signed-off-by: Christian Dresel --- Changes in v2: - increase PKG_RELEASE - fix if to only one "=" --- src/packages/fff/fff-dhcp/Makefile | 2 +- src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/packages/fff/fff-dhcp/Makefile b/src/packages/fff/fff-dhcp/Makefile index 62e6c25..d6ba954 100644 --- a/src/packages/fff/fff-dhcp/Makefile +++ b/src/packages/fff/fff-dhcp/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-dhcp -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-dhcp diff --git a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns index 89105f0..b852197 100644 --- a/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns +++ b/src/packages/fff/fff-dhcp/files/etc/gateway.d/35-dns @@ -1,6 +1,9 @@ configure() { ## dns uci -q del dhcp.@dnsmasq[0].server + uci -q del dhcp.@dnsmasq[0].proxydnssec + uci -q del stubby.global.appdata_dir + uci -q del stubby.global.dnssec_return_status if [ $(uci -q get gateway.@dns[0].dnsdot) = 1 ]; then uci add_list dhcp.@dnsmasq[0].server="::1#5453" uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453" @@ -16,6 +19,12 @@ configure() { else echo "WARNING: No DNS servers set!" fi + if [ $(uci -q get gateway.@dns[0].dnssec_validation) = 1 ]; then + uci set dhcp.@dnsmasq[0].proxydnssec="1" + uci set stubby.global.appdata_dir="/tmp/stubby" + uci set stubby.global.dnssec_return_status="1" + + fi else if dnsservers=$(uci -q get gateway.@dns[0].server); then for f in $dnsservers; do