return $interface;
}
+sub dnssec_status() {
+ my $path = "${General::swroot}/red/dnssec-status";
+
+ open(STATUS, $path) or return 0;
+ my $status = <STATUS>;
+ close(STATUS);
+
+ chomp($status);
+
+ return $status;
+}
+
1;
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
WARNING: untranslated string: dhcp dns update algo
WARNING: untranslated string: dhcp dns update secret
WARNING: untranslated string: dl client arch insecure
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: email config
WARNING: untranslated string: email empty field
WARNING: untranslated string: email invalid
WARNING: untranslated string: dl client arch insecure
WARNING: untranslated string: dns servers
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: application layer gateways
WARNING: untranslated string: bytes
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: fwhost cust geoipgrp
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: guardian
< dnsforward forward_server
< dnsforward zone
< dnssec aware
+< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
< dnsforward forward_server
< dnsforward zone
< dnssec aware
+< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
< dnsforward forward_server
< dnsforward zone
< dnssec aware
+< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
< dnsforward forward_server
< dnsforward zone
< dnssec aware
+< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
&Header::closebox();
}
+my $dnssec_status = &General::dnssec_status();
+if ($dnssec_status eq "off") {
+ $warnmessage .= "<li>$Lang::tr{'dnssec disabled warning'}</li>";
+}
+
# Fireinfo
if ( ! -e "/var/ipfire/main/send_profile") {
$warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";
'dnsforward forward_server' => 'DNS-Server',
'dnsforward zone' => 'Zone',
'dnssec aware' => 'DNSSEC-aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC wurde deaktiviert',
'dnssec information' => 'DNSSEC-Informationen',
'dnssec not supported' => 'DNSSEC wird nicht unterstützt',
'dnssec validating' => 'DNSSEC-validierend',
'dnsforward forward_server' => 'Nameserver',
'dnsforward zone' => 'Zone',
'dnssec aware' => 'DNSSEC Aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC has been disabled',
'dnssec information' => 'DNSSEC Information',
'dnssec not supported' => 'DNSSEC Not supported',
'dnssec validating' => 'DNSSEC Validating',
# Don't do anything if DNSSEC is already activated
[ "${status}" = "no" ] && return 0
+ # Log DNSSEC status
+ echo "on" > /var/ipfire/red/dnssec-status
+
# Activate DNSSEC and flush cache with any stale and unvalidated data
unbound-control -q set_option val-permissive-mode: no
unbound-control -q flush_zone .
}
disable_dnssec() {
+ # Log DNSSEC status
+ echo "off" > /var/ipfire/red/dnssec-status
+
unbound-control -q set_option val-permissive-mode: yes
}