local insecure_zones="${INSECURE_ZONES}"
- local enabled zone server remark
- while IFS="," read -r enabled zone server remark; do
+ local enabled zone server servers remark disable_dnssec rest
+ while IFS="," read -r enabled zone servers remark disable_dnssec rest; do
# Line must be enabled.
[ "${enabled}" = "on" ] || continue
*.local)
insecure_zones="${insecure_zones} ${zone}"
;;
+ *)
+ if [ "${disable_dnssec}" = "on" ]; then
+ insecure_zones="${insecure_zones} ${zone}"
+ fi
+ ;;
esac
# Reverse-lookup zones must be stubs
case "${zone}" in
*.in-addr.arpa)
echo "stub-zone:"
- echo " name: ${zone}."
- echo " stub-addr: ${server}"
+ echo " name: ${zone}"
+ for server in ${servers//|/ }; do
+ if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+ echo " stub-addr: ${server}"
+ else
+ echo " stub-host: ${server}"
+ fi
+ done
echo
echo "server:"
- echo " local-zone: \"${zone}.\" transparent"
+ echo " local-zone: \"${zone}\" transparent"
echo
;;
*)
echo "forward-zone:"
- echo " name: ${zone}."
- echo " forward-addr: ${server}"
+ echo " name: ${zone}"
+ for server in ${servers//|/ }; do
+ if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+ echo " forward-addr: ${server}"
+ else
+ echo " forward-host: ${server}"
+ fi
+ done
echo
;;
esac
local ns=${1}
shift
- dig @${ns} A ${TEST_DOMAIN_FAIL} $@ | grep -q SERVFAIL
+ if ! dig @${ns} A ${TEST_DOMAIN_FAIL} $@ | grep -q SERVFAIL; then
+ return 1
+ else
+ # Determine if NS replies with "ad" data flag if DNSSEC enabled
+ dig @${ns} +dnssec SOA ${TEST_DOMAIN} $@ | awk -F: '/\;\;\ flags\:/ { s=1; if (/\ ad/) s=0; exit s }'
+ fi
}
# Checks if we can retrieve the DNSKEY for this domain.
if [ -e /var/ipfire/red/active ]; then
host 0.ipfire.pool.ntp.org > /dev/null 2>&1
if [ "${?}" != "0" ]; then
- boot_mesg "DNS still not work ... init time with ntp.ipfire.org at 81.3.27.46 ..."
+ boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
loadproc /usr/local/bin/settime 81.3.27.46
fi
fi
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- # Create control keys at first run
- if [ ! -r "/etc/unbound/unbound_control.key" ]; then
- unbound-control-setup -d /etc/unbound &>/dev/null
- fi
-
# Update configuration files
write_tuning_conf
write_forward_conf
projects / ipfire-2.x.git / blobdiff