2 files changed, 64 insertions, 1 deletions

diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index 8b89bf758..993d69fe1 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -28,7 +28,7 @@
               </leafNode>
               <leafNode name="dhcp">
                 <properties>
-                  <help>Use DNS servers received from DHCP server for specified interface</help>
+                  <help>Interfaces whose DHCP client nameservers to forward requests to</help>
                   <completionHelp>
                     <script>${vyos_completion_dir}/list_interfaces.py</script>
                   </completionHelp>
@@ -89,6 +89,18 @@
                       </constraint>
                     </properties>
                   </leafNode>
+                  <leafNode name="addnta">
+                    <properties>
+                      <help>Add NTA (negative trust anchor) for this domain (must be set if the domain doesn't support DNSSEC)</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="recursion-desired">
+                    <properties>
+                      <help>Set the "recursion desired" bit in requests to the upstream nameserver</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
                 </children>
               </tagNode>
               <leafNode name="ignore-hosts-file">
diff --git a/src/migration-scripts/dns-forwarding/2-to-3 b/src/migration-scripts/dns-forwarding/2-to-3
new file mode 100755
index 000000000..01e445b22
--- /dev/null
+++ b/src/migration-scripts/dns-forwarding/2-to-3
@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Sets the new options "addnta" and "recursion-desired" for all
+# 'dns forwarding domain' as this is usually desired
+
+import sys
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+base = ['service', 'dns', 'forwarding']
+if not config.exists(base):
+    # Nothing to do
+    sys.exit(0)
+
+if config.exists(base + ['domain']):
+    for domain in config.list_nodes(base + ['domain']):
+        domain_base = base + ['domain', domain]
+        config.set(domain_base + ['addnta'])
+        config.set(domain_base + ['recursion-desired'])
+
+    try:
+        with open(file_name, 'w') as f:
+            f.write(config.to_string())
+    except OSError as e:
+        print("Failed to save the modified config: {}".format(e))
+        sys.exit(1)