DNS: Show DNSSEC status on index page if deavtivated
authorMichael Tremer <michael.tremer@ipfire.org>
Sun, 2 Apr 2017 18:48:20 +0000 (19:48 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sun, 2 Apr 2017 18:48:20 +0000 (19:48 +0100)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
13 files changed:
config/cfgroot/general-functions.pl
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.it
doc/language_issues.nl
doc/language_issues.pl
doc/language_issues.ru
doc/language_issues.tr
doc/language_missings
html/cgi-bin/index.cgi
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
src/initscripts/system/unbound

index 188bb7f..5e5417d 100644 (file)
@@ -1128,4 +1128,16 @@ sub get_red_interface() {
        return $interface;
 }
 
+sub dnssec_status() {
+       my $path = "${General::swroot}/red/dnssec-status";
+
+       open(STATUS, $path) or return 0;
+       my $status = <STATUS>;
+       close(STATUS);
+
+       chomp($status);
+
+       return $status;
+}
+
 1;
index def789e..3dec2db 100644 (file)
@@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
index 25ee841..fa5387c 100644 (file)
@@ -726,6 +726,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
index 83268a3..09338a2 100644 (file)
@@ -714,6 +714,7 @@ WARNING: untranslated string: dhcp dns update
 WARNING: untranslated string: dhcp dns update algo
 WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dl client arch insecure
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: email config
 WARNING: untranslated string: email empty field
 WARNING: untranslated string: email invalid
index 5465372..3390ef3 100644 (file)
@@ -721,6 +721,7 @@ WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dl client arch insecure
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
index def789e..3dec2db 100644 (file)
@@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
index 3d2b356..303e19b 100644 (file)
@@ -720,6 +720,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
index 51ba00d..af17e37 100644 (file)
@@ -706,6 +706,7 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: application layer gateways
 WARNING: untranslated string: bytes
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: guardian
index acec275..a6c7188 100644 (file)
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
index 85a0c94..7c17462 100644 (file)
@@ -500,6 +500,11 @@ END
 &Header::closebox();
 }
 
+my $dnssec_status = &General::dnssec_status();
+if ($dnssec_status eq "off") {
+       $warnmessage .= "<li>$Lang::tr{'dnssec disabled warning'}</li>";
+}
+
 # Fireinfo
 if ( ! -e "/var/ipfire/main/send_profile") {
        $warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";
index ad8db19..bda0e26 100644 (file)
 'dnsforward forward_server' => 'DNS-Server',
 'dnsforward zone' => 'Zone',
 'dnssec aware' => 'DNSSEC-aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC wurde deaktiviert',
 'dnssec information' => 'DNSSEC-Informationen',
 'dnssec not supported' => 'DNSSEC wird nicht unterst├╝tzt',
 'dnssec validating' => 'DNSSEC-validierend',
index 3deb4b5..6608ceb 100644 (file)
 'dnsforward forward_server' => 'Nameserver',
 'dnsforward zone' => 'Zone',
 'dnssec aware' => 'DNSSEC Aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC has been disabled',
 'dnssec information' => 'DNSSEC Information',
 'dnssec not supported' => 'DNSSEC Not supported',
 'dnssec validating' => 'DNSSEC Validating',
index 7e80429..a1763a1 100644 (file)
@@ -439,12 +439,18 @@ enable_dnssec() {
        # Don't do anything if DNSSEC is already activated
        [ "${status}" = "no" ] && return 0
 
+       # Log DNSSEC status
+       echo "on" > /var/ipfire/red/dnssec-status
+
        # Activate DNSSEC and flush cache with any stale and unvalidated data
        unbound-control -q set_option val-permissive-mode: no
        unbound-control -q flush_zone .
 }
 
 disable_dnssec() {
+       # Log DNSSEC status
+       echo "off" > /var/ipfire/red/dnssec-status
+
        unbound-control -q set_option val-permissive-mode: yes
 }