luci-mod-admin-full: Add DNSSEC dnsmasq option 679/head
authorDaniel Dickinson <openwrt@daniel.thecshore.com>
Fri, 25 Mar 2016 07:09:59 +0000 (03:09 -0400)
committerDaniel Dickinson <openwrt@daniel.thecshore.com>
Fri, 25 Mar 2016 07:09:59 +0000 (03:09 -0400)
If dnsmasq with DNSSEC support is enabled, display options
to enable DNSSEC.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/dhcp.lua

index ff9438ae7188ec9491bf67aa45e3173380a09da8..7bbc28c168f7e5c6c3a25e8edf877ce75c4a41a4 100644 (file)
@@ -2,6 +2,8 @@
 -- Licensed to the public under the Apache License 2.0.
 
 local ipc = require "luci.ip"
+local o
+require "luci.util"
 
 m = Map("dhcp", translate("DHCP and DNS"),
        translate("Dnsmasq is a combined <abbr title=\"Dynamic Host Configuration Protocol" ..
@@ -70,6 +72,19 @@ s:taboption("advanced", Flag, "localise_queries",
        translate("Localise queries"),
        translate("Localise hostname depending on the requesting subnet if multiple IPs are available"))
 
+local have_dnssec_support = luci.util.checklib("/usr/sbin/dnsmasq", "libhogweed.so")
+
+if have_dnssec_support then
+       o = s:taboption("advanced", Flag, "dnssec",
+               translate("DNSSEC"))
+       o.optional = true
+
+       o = s:taboption("advanced", Flag, "dnsseccheckunsigned",
+               translate("DNSSEC check unsigned"),
+               translate("Requires upstream supports DNSSEC; verify unsigned domain responses really come from unsigned domains"))
+       o.optional = true
+end
+
 s:taboption("general", Value, "local",
        translate("Local server"),
        translate("Local domain specification. Names matching this domain are never forwarded and are resolved from DHCP or hosts files only"))