DNS: Show DNSSEC status on index page if deavtivated

[people/pmueller/ipfire-2.x.git] / src / initscripts / system / unbound

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index d11ca82a4ffb0b6ad533135444d850d2c865a891..a1763a1fed7564532991e176ee542fc6125674c2 100644 (file)
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -244,10 +244,22 @@ write_tuning_conf() {
        # In the worst case scenario, unbound can use double the
        # amount of memory allocated to a cache due to malloc overhead
 
+       # Even larger systems with more than 8GB of RAM
+       if [ ${mem} -ge 8192 ]; then
+               mem=1024
+
+       # Extra large systems with more than 4GB of RAM
+       elif [ ${mem} -ge 4096 ]; then
+               mem=512
+
        # Large systems with more than 2GB of RAM
-       if [ ${mem} -ge 2048 ]; then
+       elif [ ${mem} -ge 2048 ]; then
                mem=256
 
+       # Medium systems with more than 1GB of RAM
+       elif [ ${mem} -ge 1024 ]; then
+               mem=128
+
        # Small systems with less than 256MB of RAM
        elif [ ${mem} -le 256 ]; then
                mem=16
@@ -427,12 +439,18 @@ enable_dnssec() {
        # Don't do anything if DNSSEC is already activated
        [ "${status}" = "no" ] && return 0
 
+       # Log DNSSEC status
+       echo "on" > /var/ipfire/red/dnssec-status
+
        # Activate DNSSEC and flush cache with any stale and unvalidated data
        unbound-control -q set_option val-permissive-mode: no
        unbound-control -q flush_zone .
 }
 
 disable_dnssec() {
+       # Log DNSSEC status
+       echo "off" > /var/ipfire/red/dnssec-status
+
        unbound-control -q set_option val-permissive-mode: yes
 }