This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 183b23b5ca703bd0ee837e135c84a9b91b1fcb91 (commit) from 73b3a1264fcfbf93390ec9d9cb1f12ec62e73878 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 183b23b5ca703bd0ee837e135c84a9b91b1fcb91 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Apr 2 19:48:20 2017 +0100
DNS: Show DNSSEC status on index page if deavtivated
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/general-functions.pl | 12 ++++++++++++ doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 4 ++++ html/cgi-bin/index.cgi | 5 +++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + src/initscripts/system/unbound | 6 ++++++ 13 files changed, 36 insertions(+)
Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 188bb7f..5e5417d 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -1128,4 +1128,16 @@ sub get_red_interface() { return $interface; }
+sub dnssec_status() { + my $path = "${General::swroot}/red/dnssec-status"; + + open(STATUS, $path) or return 0; + my $status = <STATUS>; + close(STATUS); + + chomp($status); + + return $status; +} + 1; diff --git a/doc/language_issues.es b/doc/language_issues.es index def789e..3dec2db 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec disabled warning WARNING: untranslated string: dnssec information WARNING: untranslated string: dnssec not supported WARNING: untranslated string: dnssec validating diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 25ee841..fa5387c 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -726,6 +726,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec disabled warning WARNING: untranslated string: dnssec information WARNING: untranslated string: dnssec not supported WARNING: untranslated string: dnssec validating diff --git a/doc/language_issues.it b/doc/language_issues.it index 83268a3..09338a2 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -714,6 +714,7 @@ WARNING: untranslated string: dhcp dns update WARNING: untranslated string: dhcp dns update algo WARNING: untranslated string: dhcp dns update secret WARNING: untranslated string: dl client arch insecure +WARNING: untranslated string: dnssec disabled warning WARNING: untranslated string: email config WARNING: untranslated string: email empty field WARNING: untranslated string: email invalid diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 5465372..3390ef3 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -721,6 +721,7 @@ WARNING: untranslated string: dhcp dns update secret WARNING: untranslated string: dl client arch insecure WARNING: untranslated string: dns servers WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec disabled warning WARNING: untranslated string: dnssec information WARNING: untranslated string: dnssec not supported WARNING: untranslated string: dnssec validating diff --git a/doc/language_issues.pl b/doc/language_issues.pl index def789e..3dec2db 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec disabled warning WARNING: untranslated string: dnssec information WARNING: untranslated string: dnssec not supported WARNING: untranslated string: dnssec validating diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 3d2b356..303e19b 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -720,6 +720,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec disabled warning WARNING: untranslated string: dnssec information WARNING: untranslated string: dnssec not supported WARNING: untranslated string: dnssec validating diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 51ba00d..af17e37 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -706,6 +706,7 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: application layer gateways WARNING: untranslated string: bytes +WARNING: untranslated string: dnssec disabled warning WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: guardian diff --git a/doc/language_missings b/doc/language_missings index acec275..a6c7188 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -106,6 +106,7 @@ < dnsforward forward_server < dnsforward zone < dnssec aware +< dnssec disabled warning < dnssec information < dnssec not supported < dnssec validating @@ -721,6 +722,7 @@ < dnsforward forward_server < dnsforward zone < dnssec aware +< dnssec disabled warning < dnssec information < dnssec not supported < dnssec validating @@ -1318,6 +1320,7 @@ < dnsforward forward_server < dnsforward zone < dnssec aware +< dnssec disabled warning < dnssec information < dnssec not supported < dnssec validating @@ -1904,6 +1907,7 @@ < dnsforward forward_server < dnsforward zone < dnssec aware +< dnssec disabled warning < dnssec information < dnssec not supported < dnssec validating diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 85a0c94..7c17462 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -500,6 +500,11 @@ END &Header::closebox(); }
+my $dnssec_status = &General::dnssec_status(); +if ($dnssec_status eq "off") { + $warnmessage .= "<li>$Lang::tr{'dnssec disabled warning'}</li>"; +} + # Fireinfo if ( ! -e "/var/ipfire/main/send_profile") { $warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>"; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index ad8db19..bda0e26 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -767,6 +767,7 @@ 'dnsforward forward_server' => 'DNS-Server', 'dnsforward zone' => 'Zone', 'dnssec aware' => 'DNSSEC-aware', +'dnssec disabled warning' => 'WARNING: DNSSEC wurde deaktiviert', 'dnssec information' => 'DNSSEC-Informationen', 'dnssec not supported' => 'DNSSEC wird nicht unterstützt', 'dnssec validating' => 'DNSSEC-validierend', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 3deb4b5..6608ceb 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -792,6 +792,7 @@ 'dnsforward forward_server' => 'Nameserver', 'dnsforward zone' => 'Zone', 'dnssec aware' => 'DNSSEC Aware', +'dnssec disabled warning' => 'WARNING: DNSSEC has been disabled', 'dnssec information' => 'DNSSEC Information', 'dnssec not supported' => 'DNSSEC Not supported', 'dnssec validating' => 'DNSSEC Validating', diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 7e80429..a1763a1 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -439,12 +439,18 @@ enable_dnssec() { # Don't do anything if DNSSEC is already activated [ "${status}" = "no" ] && return 0
+ # Log DNSSEC status + echo "on" > /var/ipfire/red/dnssec-status + # Activate DNSSEC and flush cache with any stale and unvalidated data unbound-control -q set_option val-permissive-mode: no unbound-control -q flush_zone . }
disable_dnssec() { + # Log DNSSEC status + echo "off" > /var/ipfire/red/dnssec-status + unbound-control -q set_option val-permissive-mode: yes }
hooks/post-receive -- IPFire 2.x development tree