projects / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6319be1)
dnsmasq: add UCI DNSSEC runtime support
authorcyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Wed, 18 Jun 2014 10:04:29 +0000 (10:04 +0000)
committercyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Wed, 18 Jun 2014 10:04:29 +0000 (10:04 +0000)
Ship keys for the root zone and add two uci options to enable
DNSSEC checks:

Option 'dnssec': Activate DNSSEC validation
Option 'dnsseccheckunsigned': Ensure answers without DNSSEC are in
unsigned zones.

Signed-off-by: Andre Heider <a.heider@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41245 3c298f89-4303-0410-b956-a3cf2f4a3e73

package/network/services/dnsmasq/files/dnsmasq.init patch | blob | history

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index f7edb28..9f16d5f 100644 (file)
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -14,6 +14,7 @@ ADD_LOCAL_HOSTNAME=1
 
 CONFIGFILE="/var/etc/dnsmasq.conf"
 HOSTFILE="/tmp/hosts/dhcp"
+TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf"
 
 xappend() {
        local value="$1"
@@ -186,6 +187,13 @@ dnsmasq() {
                config_list_foreach "$cfg" rebind_domain append_rebind_domain
        }
 
+       config_get dnssec "$cfg" dnssec
+       [ "$dnssec" -gt 0 ] && {
+               xappend "--conf-file=$TRUSTANCHORSFILE"
+               xappend "--dnssec"
+               append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned"
+       }
+
        dhcp_option_add "$cfg" "" 0
 
        xappend "--dhcp-broadcast=tag:needs-broadcast"
OpenWrt main development branch