mirror of https://github.com/hak5/openwrt-owl.git
dnsmasq: add UCI DNSSEC runtime support
Ship keys for the root zone and add two uci options to enable DNSSEC checks: Option 'dnssec': Activate DNSSEC validation Option 'dnsseccheckunsigned': Ensure answers without DNSSEC are in unsigned zones. Signed-off-by: Andre Heider <a.heider@gmail.com> SVN-Revision: 41245owl
parent
5f64a3e7ce
commit
132cbe5e29
|
@ -14,6 +14,7 @@ ADD_LOCAL_HOSTNAME=1
|
||||||
|
|
||||||
CONFIGFILE="/var/etc/dnsmasq.conf"
|
CONFIGFILE="/var/etc/dnsmasq.conf"
|
||||||
HOSTFILE="/tmp/hosts/dhcp"
|
HOSTFILE="/tmp/hosts/dhcp"
|
||||||
|
TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf"
|
||||||
|
|
||||||
xappend() {
|
xappend() {
|
||||||
local value="$1"
|
local value="$1"
|
||||||
|
@ -186,6 +187,13 @@ dnsmasq() {
|
||||||
config_list_foreach "$cfg" rebind_domain append_rebind_domain
|
config_list_foreach "$cfg" rebind_domain append_rebind_domain
|
||||||
}
|
}
|
||||||
|
|
||||||
|
config_get dnssec "$cfg" dnssec
|
||||||
|
[ "$dnssec" -gt 0 ] && {
|
||||||
|
xappend "--conf-file=$TRUSTANCHORSFILE"
|
||||||
|
xappend "--dnssec"
|
||||||
|
append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned"
|
||||||
|
}
|
||||||
|
|
||||||
dhcp_option_add "$cfg" "" 0
|
dhcp_option_add "$cfg" "" 0
|
||||||
|
|
||||||
xappend "--dhcp-broadcast=tag:needs-broadcast"
|
xappend "--dhcp-broadcast=tag:needs-broadcast"
|
||||||
|
|
Loading…
Reference in New Issue