X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Fdnsmasq;h=4e37925171a4687d056f4f93ef3ec7b317ed8e3d;hp=34eee0c26e8fbb2aa2bab5fe9b098c03d66ba8bd;hb=de7abd2cd52e3751ac94d5d56ae9ff510311fc67;hpb=e405fe9e3aa14116fe58aa0d9affb2bcf554214d

diff --git a/src/initscripts/init.d/dnsmasq b/src/initscripts/init.d/dnsmasq
index 34eee0c26e..4e37925171 100644
--- a/src/initscripts/init.d/dnsmasq
+++ b/src/initscripts/init.d/dnsmasq
@@ -20,7 +20,20 @@ if [ -e "/etc/sysconfig/dnsmasq" ]; then
 	. /etc/sysconfig/dnsmasq
 fi
 
+CACHE_SIZE=2500
+ENABLE_DNSSEC=1
 SHOW_SRV=1
+TRUST_ANCHOR=".,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
+
+function dnssec_args() {
+	local cmdline="--dnssec --dnssec-timestamp"
+
+	if [ -n "${TRUST_ANCHOR}" ]; then
+		cmdline="${cmdline} --trust-anchor=${TRUST_ANCHOR}"
+	fi
+
+	echo "${cmdline}"
+}
 
 function dns_forward_args() {
 	local file="${1}"
@@ -41,7 +54,6 @@ function dns_forward_args() {
 	echo "${cmdline}"
 }
 
-
 case "${1}" in
 	start)
 		# kill already running copy of dnsmasq...
@@ -73,6 +85,15 @@ case "${1}" in
 		# Add custom forward dns zones.
 		ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)"
 
+		# Enabled DNSSEC validation
+		if [ "${ENABLE_DNSSEC}" -eq 1 ]; then
+			ARGS="${ARGS} $(dnssec_args)"
+		fi
+
+		if [ -n "${CACHE_SIZE}" ]; then
+			ARGS="${ARGS} --cache-size=${CACHE_SIZE}"
+		fi
+
 		loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS
 		
 		if [ "${SHOW_SRV}" -eq 1 ] && [ "${DNS1}" != "" -o "${DNS2}" != "" ]; then