# In the worst case scenario, unbound can use double the
# amount of memory allocated to a cache due to malloc overhead
+ # Even larger systems with more than 8GB of RAM
+ if [ ${mem} -ge 8192 ]; then
+ mem=1024
+
+ # Extra large systems with more than 4GB of RAM
+ elif [ ${mem} -ge 4096 ]; then
+ mem=512
+
# Large systems with more than 2GB of RAM
- if [ ${mem} -ge 2048 ]; then
+ elif [ ${mem} -ge 2048 ]; then
mem=256
+ # Medium systems with more than 1GB of RAM
+ elif [ ${mem} -ge 1024 ]; then
+ mem=128
+
# Small systems with less than 256MB of RAM
elif [ ${mem} -le 256 ]; then
mem=16
# Don't do anything if DNSSEC is already activated
[ "${status}" = "no" ] && return 0
+ # Log DNSSEC status
+ echo "on" > /var/ipfire/red/dnssec-status
+
# Activate DNSSEC and flush cache with any stale and unvalidated data
unbound-control -q set_option val-permissive-mode: no
unbound-control -q flush_zone .
}
disable_dnssec() {
+ # Log DNSSEC status
+ echo "off" > /var/ipfire/red/dnssec-status
+
unbound-control -q set_option val-permissive-mode: yes
}