. /etc/sysconfig/dnsmasq
fi
+CACHE_SIZE=2500
+ENABLE_DNSSEC=1
SHOW_SRV=1
+TRUST_ANCHOR=".,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
+
+function dnssec_args() {
+ local cmdline="--dnssec --dnssec-timestamp"
+
+ if [ -n "${TRUST_ANCHOR}" ]; then
+ cmdline="${cmdline} --trust-anchor=${TRUST_ANCHOR}"
+ fi
+
+ echo "${cmdline}"
+}
function dns_forward_args() {
local file="${1}"
echo "${cmdline}"
}
-
case "${1}" in
start)
# kill already running copy of dnsmasq...
boot_mesg "Starting Domain Name Service Proxy..."
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- ARGS=
- [ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="-s $DOMAIN_NAME_GREEN"
+ ARGS="$CUSTOM_ARGS"
+ [ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"
echo > /var/ipfire/red/resolv.conf # Clear it
if [ -e "/var/ipfire/red/dns1" ]; then
# Add custom forward dns zones.
ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)"
- ARGS="$ARGS $CUSTOM_ARGS"
+ # Enabled DNSSEC validation
+ if [ "${ENABLE_DNSSEC}" -eq 1 ]; then
+ ARGS="${ARGS} $(dnssec_args)"
+ fi
+
+ if [ -n "${CACHE_SIZE}" ]; then
+ ARGS="${ARGS} --cache-size=${CACHE_SIZE}"
+ fi
loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS