diff options
| author | mb300sd <mb300sd@github> | 2018-08-02 02:27:58 -0400 |
|---|---|---|
| committer | mb300sd <mb300sd@github> | 2018-08-02 14:00:22 -0400 |
| commit | 63bcf3df3b33994ded58b5a47d38afc574c94c92 (patch) | |
| tree | 77c8ecbf94a1a97415a4ff992b8df8d95f0de47e | |
| parent | 5dd7958c616f186f878bf759ee61cbd6e2eabb06 (diff) | |
| download | vyos-1x-63bcf3df3b33994ded58b5a47d38afc574c94c92.tar.gz vyos-1x-63bcf3df3b33994ded58b5a47d38afc574c94c92.zip | |
T754: add DNSSEC to DNS forwarder
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | interface-definitions/dns-forwarding.xml | 28 | ||||
| -rwxr-xr-x | src/conf_mode/dns_forwarding.py | 9 |
3 files changed, 37 insertions, 1 deletions
diff --git a/.gitignore b/.gitignore index a5b100a5b..5d0af4bae 100644 --- a/.gitignore +++ b/.gitignore @@ -115,3 +115,4 @@ debian/vyos-1x.* # Sonar Cloud .scannerwork +/.vs diff --git a/interface-definitions/dns-forwarding.xml b/interface-definitions/dns-forwarding.xml index a00b23d8d..01e8ad7d3 100644 --- a/interface-definitions/dns-forwarding.xml +++ b/interface-definitions/dns-forwarding.xml @@ -32,6 +32,34 @@ <multi/> </properties> </leafNode> + <leafNode name="dnssec"> + <properties> + <help>DNSSEC mode</help> + <valueHelp> + <format>off</format> + <description></description> + </valueHelp> + <valueHelp> + <format>process-no-validate</format> + <description></description> + </valueHelp> + <valueHelp> + <format>process</format> + <description></description> + </valueHelp> + <valueHelp> + <format>log-fail</format> + <description></description> + </valueHelp> + <valueHelp> + <format>validate</format> + <description></description> + </valueHelp> + <constraint> + <regex>(off|process-no-validate|process|log-fail|validate)</regex> + </constraint> + </properties> + </leafNode> <tagNode name="domain"> <properties> <help>Domain to forward to a custom DNS server</help> diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index d28e8ff64..43be9d526 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -62,6 +62,9 @@ forward-zones={% for d in domains %} {% endif %} +# dnssec +dnssec={{ dnssec }} + # name-server forward-zones-recurse=.={{ name_servers | join(';') }} @@ -74,7 +77,8 @@ default_config_data = { 'interfaces': [], 'name_servers': [], 'negative_ttl': 3600, - 'domains': [] + 'domains': [], + 'dnssec' : 'process-no-validate' } @@ -137,6 +141,9 @@ def get_config(): if conf.exists('listen-address'): dns['listen_on'] = conf.return_values('listen-address') + if conf.exists('dnssec'): + dns['dnssec'] = conf.return_value('dnssec') + ## Hacks and tricks # The old VyOS syntax that comes from dnsmasq was "listen-on $interface". |