This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 183b23b5ca703bd0ee837e135c84a9b91b1fcb91 (commit)
from 73b3a1264fcfbf93390ec9d9cb1f12ec62e73878 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 183b23b5ca703bd0ee837e135c84a9b91b1fcb91
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Apr 2 19:48:20 2017 +0100
DNS: Show DNSSEC status on index page if deavtivated
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/general-functions.pl | 12 ++++++++++++
doc/language_issues.es | 1 +
doc/language_issues.fr | 1 +
doc/language_issues.it | 1 +
doc/language_issues.nl | 1 +
doc/language_issues.pl | 1 +
doc/language_issues.ru | 1 +
doc/language_issues.tr | 1 +
doc/language_missings | 4 ++++
html/cgi-bin/index.cgi | 5 +++++
langs/de/cgi-bin/de.pl | 1 +
langs/en/cgi-bin/en.pl | 1 +
src/initscripts/system/unbound | 6 ++++++
13 files changed, 36 insertions(+)
Difference in files:
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 188bb7f..5e5417d 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -1128,4 +1128,16 @@ sub get_red_interface() {
return $interface;
}
+sub dnssec_status() {
+ my $path = "${General::swroot}/red/dnssec-status";
+
+ open(STATUS, $path) or return 0;
+ my $status = <STATUS>;
+ close(STATUS);
+
+ chomp($status);
+
+ return $status;
+}
+
1;
diff --git a/doc/language_issues.es b/doc/language_issues.es
index def789e..3dec2db 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 25ee841..fa5387c 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -726,6 +726,7 @@ WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 83268a3..09338a2 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -714,6 +714,7 @@ WARNING: untranslated string: dhcp dns update
WARNING: untranslated string: dhcp dns update algo
WARNING: untranslated string: dhcp dns update secret
WARNING: untranslated string: dl client arch insecure
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: email config
WARNING: untranslated string: email empty field
WARNING: untranslated string: email invalid
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 5465372..3390ef3 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -721,6 +721,7 @@ WARNING: untranslated string: dhcp dns update secret
WARNING: untranslated string: dl client arch insecure
WARNING: untranslated string: dns servers
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index def789e..3dec2db 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 3d2b356..303e19b 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -720,6 +720,7 @@ WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: dnssec information
WARNING: untranslated string: dnssec not supported
WARNING: untranslated string: dnssec validating
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 51ba00d..af17e37 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -706,6 +706,7 @@ WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: application layer gateways
WARNING: untranslated string: bytes
+WARNING: untranslated string: dnssec disabled warning
WARNING: untranslated string: fwhost cust geoipgrp
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: guardian
diff --git a/doc/language_missings b/doc/language_missings
index acec275..a6c7188 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -106,6 +106,7 @@
< dnsforward forward_server
< dnsforward zone
< dnssec aware
+< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
@@ -721,6 +722,7 @@
< dnsforward forward_server
< dnsforward zone
< dnssec aware
+< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
@@ -1318,6 +1320,7 @@
< dnsforward forward_server
< dnsforward zone
< dnssec aware
+< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
@@ -1904,6 +1907,7 @@
< dnsforward forward_server
< dnsforward zone
< dnssec aware
+< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 85a0c94..7c17462 100644
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -500,6 +500,11 @@ END
&Header::closebox();
}
+my $dnssec_status = &General::dnssec_status();
+if ($dnssec_status eq "off") {
+ $warnmessage .= "<li>$Lang::tr{'dnssec disabled warning'}</li>";
+}
+
# Fireinfo
if ( ! -e "/var/ipfire/main/send_profile") {
$warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index ad8db19..bda0e26 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -767,6 +767,7 @@
'dnsforward forward_server' => 'DNS-Server',
'dnsforward zone' => 'Zone',
'dnssec aware' => 'DNSSEC-aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC wurde deaktiviert',
'dnssec information' => 'DNSSEC-Informationen',
'dnssec not supported' => 'DNSSEC wird nicht unterstützt',
'dnssec validating' => 'DNSSEC-validierend',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 3deb4b5..6608ceb 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -792,6 +792,7 @@
'dnsforward forward_server' => 'Nameserver',
'dnsforward zone' => 'Zone',
'dnssec aware' => 'DNSSEC Aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC has been disabled',
'dnssec information' => 'DNSSEC Information',
'dnssec not supported' => 'DNSSEC Not supported',
'dnssec validating' => 'DNSSEC Validating',
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 7e80429..a1763a1 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -439,12 +439,18 @@ enable_dnssec() {
# Don't do anything if DNSSEC is already activated
[ "${status}" = "no" ] && return 0
+ # Log DNSSEC status
+ echo "on" > /var/ipfire/red/dnssec-status
+
# Activate DNSSEC and flush cache with any stale and unvalidated data
unbound-control -q set_option val-permissive-mode: no
unbound-control -q flush_zone .
}
disable_dnssec() {
+ # Log DNSSEC status
+ echo "off" > /var/ipfire/red/dnssec-status
+
unbound-control -q set_option val-permissive-mode: yes
}
hooks/post-receive
--
IPFire 2.x development tree