T754: add DNSSEC to DNS forwarder

author: mb300sd <mb300sd@github> 2018-08-02 02:27:58 -0400
committer: mb300sd <mb300sd@github> 2018-08-02 14:00:22 -0400
commit: 63bcf3df3b33994ded58b5a47d38afc574c94c92 (patch)
tree: 77c8ecbf94a1a97415a4ff992b8df8d95f0de47e /src
parent: 5dd7958c616f186f878bf759ee61cbd6e2eabb06 (diff)
download: vyos-1x-63bcf3df3b33994ded58b5a47d38afc574c94c92.tar.gz
vyos-1x-63bcf3df3b33994ded58b5a47d38afc574c94c92.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index d28e8ff64..43be9d526 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -62,6 +62,9 @@ forward-zones={% for d in domains %}
 
 {% endif %}
 
+# dnssec
+dnssec={{ dnssec }}
+
 # name-server
 forward-zones-recurse=.={{ name_servers | join(';') }}
 
@@ -74,7 +77,8 @@ default_config_data = {
     'interfaces': [],
     'name_servers': [],
     'negative_ttl': 3600,
-    'domains': []
+    'domains': [],
+    'dnssec' : 'process-no-validate'
 }
 
 
@@ -137,6 +141,9 @@ def get_config():
     if conf.exists('listen-address'):
         dns['listen_on'] = conf.return_values('listen-address')
 
+    if conf.exists('dnssec'):
+        dns['dnssec'] = conf.return_value('dnssec')
+
     ## Hacks and tricks
 
     # The old VyOS syntax that comes from dnsmasq was "listen-on $interface".
author	mb300sd <mb300sd@github>	2018-08-02 02:27:58 -0400
committer	mb300sd <mb300sd@github>	2018-08-02 14:00:22 -0400
commit	63bcf3df3b33994ded58b5a47d38afc574c94c92 (patch)
tree	77c8ecbf94a1a97415a4ff992b8df8d95f0de47e /src
parent	5dd7958c616f186f878bf759ee61cbd6e2eabb06 (diff)
download	vyos-1x-63bcf3df3b33994ded58b5a47d38afc574c94c92.tar.gz vyos-1x-63bcf3df3b33994ded58b5a47d38afc574c94c92.zip