From 63bcf3df3b33994ded58b5a47d38afc574c94c92 Mon Sep 17 00:00:00 2001
From: mb300sd <mb300sd@github>
Date: Thu, 2 Aug 2018 02:27:58 -0400
Subject: T754: add DNSSEC to DNS forwarder

---
 src/conf_mode/dns_forwarding.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/conf_mode/dns_forwarding.py')

diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index d28e8ff64..43be9d526 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -62,6 +62,9 @@ forward-zones={% for d in domains %}
 
 {% endif %}
 
+# dnssec
+dnssec={{ dnssec }}
+
 # name-server
 forward-zones-recurse=.={{ name_servers | join(';') }}
 
@@ -74,7 +77,8 @@ default_config_data = {
     'interfaces': [],
     'name_servers': [],
     'negative_ttl': 3600,
-    'domains': []
+    'domains': [],
+    'dnssec' : 'process-no-validate'
 }
 
 
@@ -137,6 +141,9 @@ def get_config():
     if conf.exists('listen-address'):
         dns['listen_on'] = conf.return_values('listen-address')
 
+    if conf.exists('dnssec'):
+        dns['dnssec'] = conf.return_value('dnssec')
+
     ## Hacks and tricks
 
     # The old VyOS syntax that comes from dnsmasq was "listen-on $interface".
-- 
cgit v1.2.3