unbound: Update dnssec-status file

The status file was not updated when DNSSEC was disabled
before and has been enabled after which always caused
the webif to show that DNSSEC was disabled.

Fixes #11315

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index a1763a1fed7564532991e176ee542fc6125674c2..7437d93b835c6e4c9f76835b95ea7f6cdeecc3ea 100644 (file)
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -436,12 +436,12 @@ can_resolve_root() {
 enable_dnssec() {
        local status=$(unbound-control get_option val-permissive-mode)
 
-       # Don't do anything if DNSSEC is already activated
-       [ "${status}" = "no" ] && return 0
-
        # Log DNSSEC status
        echo "on" > /var/ipfire/red/dnssec-status
 
+       # Don't do anything if DNSSEC is already activated
+       [ "${status}" = "no" ] && return 0
+
        # Activate DNSSEC and flush cache with any stale and unvalidated data
        unbound-control -q set_option val-permissive-mode: no
        unbound-control -q flush_zone .