From 094a27c8f9bf39b5b5b6df1a28d976d9f52e776f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 30 Apr 2017 13:09:51 +0100
Subject: [PATCH] unbound: Update dnssec-status file

The status file was not updated when DNSSEC was disabled
before and has been enabled after which always caused
the webif to show that DNSSEC was disabled.

Fixes #11315

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/unbound | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index a1763a1fed..7437d93b83 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -436,12 +436,12 @@ can_resolve_root() {
 enable_dnssec() {
 	local status=$(unbound-control get_option val-permissive-mode)
 
-	# Don't do anything if DNSSEC is already activated
-	[ "${status}" = "no" ] && return 0
-
 	# Log DNSSEC status
 	echo "on" > /var/ipfire/red/dnssec-status
 
+	# Don't do anything if DNSSEC is already activated
+	[ "${status}" = "no" ] && return 0
+
 	# Activate DNSSEC and flush cache with any stale and unvalidated data
 	unbound-control -q set_option val-permissive-mode: no
 	unbound-control -q flush_zone .
-- 
2.39.2