DNS: Show DNSSEC status on index page if deavtivated

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/cfgroot/general-functions.pl

@@ -1128,4 +1128,16 @@ sub get_red_interface() {
 	return $interface;
 }
 
+sub dnssec_status() {
+	my $path = "${General::swroot}/red/dnssec-status";
+
+	open(STATUS, $path) or return 0;
+	my $status = <STATUS>;
+	close(STATUS);
+
+	chomp($status);
+
+	return $status;
+}
+
 1;

doc/language_issues.es

@@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating

doc/language_issues.fr

@@ -726,6 +726,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating

doc/language_issues.it

@@ -714,6 +714,7 @@ WARNING: untranslated string: dhcp dns update
 WARNING: untranslated string: dhcp dns update algo
 WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dl client arch insecure
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: email config
 WARNING: untranslated string: email empty field
 WARNING: untranslated string: email invalid

doc/language_issues.nl

@@ -721,6 +721,7 @@ WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dl client arch insecure
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating

doc/language_issues.pl

@@ -716,6 +716,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating

doc/language_issues.ru

@@ -720,6 +720,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: dnssec aware
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: dnssec information
 WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating

doc/language_issues.tr

@@ -706,6 +706,7 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: application layer gateways
 WARNING: untranslated string: bytes
+WARNING: untranslated string: dnssec disabled warning
 WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: guardian

doc/language_missings

@@ -106,6 +106,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
@@ -721,6 +722,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
@@ -1318,6 +1320,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating
@@ -1904,6 +1907,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dnssec aware
+< dnssec disabled warning
 < dnssec information
 < dnssec not supported
 < dnssec validating

html/cgi-bin/index.cgi

@@ -500,6 +500,11 @@ END
 &Header::closebox();
 }
 
+my $dnssec_status = &General::dnssec_status();
+if ($dnssec_status eq "off") {
+	$warnmessage .= "<li>$Lang::tr{'dnssec disabled warning'}</li>";
+}
+
 # Fireinfo
 if ( ! -e "/var/ipfire/main/send_profile") {
 	$warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";

langs/de/cgi-bin/de.pl

@@ -767,6 +767,7 @@
 'dnsforward forward_server' => 'DNS-Server',
 'dnsforward zone' => 'Zone',
 'dnssec aware' => 'DNSSEC-aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC wurde deaktiviert',
 'dnssec information' => 'DNSSEC-Informationen',
 'dnssec not supported' => 'DNSSEC wird nicht unterstützt',
 'dnssec validating' => 'DNSSEC-validierend',

langs/en/cgi-bin/en.pl

@@ -792,6 +792,7 @@
 'dnsforward forward_server' => 'Nameserver',
 'dnsforward zone' => 'Zone',
 'dnssec aware' => 'DNSSEC Aware',
+'dnssec disabled warning' => 'WARNING: DNSSEC has been disabled',
 'dnssec information' => 'DNSSEC Information',
 'dnssec not supported' => 'DNSSEC Not supported',
 'dnssec validating' => 'DNSSEC Validating',

src/initscripts/system/unbound

@@ -439,12 +439,18 @@ enable_dnssec() {
 	# Don't do anything if DNSSEC is already activated
 	[ "${status}" = "no" ] && return 0
 
+	# Log DNSSEC status
+	echo "on" > /var/ipfire/red/dnssec-status
+
 	# Activate DNSSEC and flush cache with any stale and unvalidated data
 	unbound-control -q set_option val-permissive-mode: no
 	unbound-control -q flush_zone .
 }
 
 disable_dnssec() {
+	# Log DNSSEC status
+	echo "off" > /var/ipfire/red/dnssec-status
+
 	unbound-control -q set_option val-permissive-mode: yes
 }