unbound: Update dnssec-status file

The status file was not updated when DNSSEC was disabled
before and has been enabled after which always caused
the webif to show that DNSSEC was disabled.

Fixes #11315

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

src/initscripts/system/unbound

@@ -436,12 +436,12 @@ can_resolve_root() {
 enable_dnssec() {
 	local status=$(unbound-control get_option val-permissive-mode)
 
-	# Don't do anything if DNSSEC is already activated
-	[ "${status}" = "no" ] && return 0
-
 	# Log DNSSEC status
 	echo "on" > /var/ipfire/red/dnssec-status
 
+	# Don't do anything if DNSSEC is already activated
+	[ "${status}" = "no" ] && return 0
+
 	# Activate DNSSEC and flush cache with any stale and unvalidated data
 	unbound-control -q set_option val-permissive-mode: no
 	unbound-control -q flush_zone .