From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 2 Apr 2017 18:48:20 +0000 (+0100)
Subject: DNS: Show DNSSEC status on index page if deavtivated
X-Git-Tag: v2.19-core110^2~5
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=183b23b5ca703bd0ee837e135c84a9b91b1fcb91;hp=73b3a1264fcfbf93390ec9d9cb1f12ec62e73878

DNS: Show DNSSEC status on index page if deavtivated

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 188bb7f8b6..5e5417d097 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -1128,4 +1128,16 @@ sub get_red_interface() {
 	return $interface;
 }
 
+sub dnssec_status() {
+	my $path = "${General::swroot}/red/dnssec-status";
+
+	open(STATUS, $path) or return 0;
+	my $status = <STATUS>;
+	close(STATUS);
+
+	chomp($status);
+
+	return $status;
+}
+
 1;
diff --git a/doc/language_issues.es b/doc/language_issues.es
index def789e333..3dec2dbb36 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 25ee84103f..fa5387c8b1 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -726,6 +726,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 83268a3c73..09338a28ab 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -714,6 +714,7 @@ WARNING: untranslated string: dhcp dns update
 WARNING: untranslated string: dhcp dns update algo
 WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dl client arch insecure
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: email config
 WARNING: untranslated string: email empty field
 WARNING: untranslated string: email invalid
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 54653728d4..3390ef368d 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -721,6 +721,7 @@ WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dl client arch insecure
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index def789e333..3dec2dbb36 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 3d2b356686..303e19b959 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -720,6 +720,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 51ba00de4d..af17e3756c 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -706,6 +706,7 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: application layer gateways
 WARNING: untranslated string: bytes
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: guardian
diff --git a/doc/language_missings b/doc/language_missings
index acec27520d..a6c7188a66 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -106,6 +106,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
@@ -721,6 +722,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
@@ -1318,6 +1320,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
@@ -1904,6 +1907,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 85a0c94cd9..7c1746259d 100644
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -500,6 +500,11 @@ END
 &Header::closebox();
 }
 
+my $dnssec_status = &General::dnssec_status();
+if ($dnssec_status eq "off") {
+	$warnmessage .= "<li>$Lang::tr{'dnssec disabled warning'}</li>";
+}
+
 # Fireinfo
 if ( ! -e "/var/ipfire/main/send_profile") {
 	$warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index ad8db192bb..bda0e26923 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -767,6 +767,7 @@
 'dnsforward forward_server' => 'DNS-Server',
 'dnsforward zone' => 'Zone',
 'dnssec aware' => 'DNSSEC-aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC wurde deaktiviert',
 'dnssec information' => 'DNSSEC-Informationen',
 'dnssec not supported' => 'DNSSEC wird nicht unterstÃ¼tzt',
 'dnssec validating' => 'DNSSEC-validierend',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 3deb4b555a..6608ceb639 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -792,6 +792,7 @@
 'dnsforward forward_server' => 'Nameserver',
 'dnsforward zone' => 'Zone',
 'dnssec aware' => 'DNSSEC Aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC has been disabled',
 'dnssec information' => 'DNSSEC Information',
 'dnssec not supported' => 'DNSSEC Not supported',
 'dnssec validating' => 'DNSSEC Validating',
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 7e80429185..a1763a1fed 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -439,12 +439,18 @@ enable_dnssec() {
 	# Don't do anything if DNSSEC is already activated
 	[ "${status}" = "no" ] && return 0
 
+	# Log DNSSEC status
+	echo "on" > /var/ipfire/red/dnssec-status
+
 	# Activate DNSSEC and flush cache with any stale and unvalidated data
 	unbound-control -q set_option val-permissive-mode: no
 	unbound-control -q flush_zone .
 }
 
 disable_dnssec() {
+	# Log DNSSEC status
+	echo "off" > /var/ipfire/red/dnssec-status
+
 	unbound-control -q set_option val-permissive-mode: yes
 }
 
