2 # Add lookaside and trusted key records for ICS's DLV zone
4 require './bind8-lib.pl';
5 $access{'defaults'} || &error($text{'trusted_ecannot'});
6 &error_setup($text{'trusted_err'});
9 &lock_file(&make_chroot($config{'named_conf'}));
10 $parent = &get_config_parent();
11 $conf = $parent->{'members'};
12 $options = &find("options", $conf);
15 &save_directive($options, "dnssec-enable",
16 [ { 'name' => 'dnssec-enable',
17 'values' => [ 'yes' ] } ], 1);
18 if (&supports_dnssec_client() == 2) {
19 &save_directive($options, "dnssec-validation",
20 [ { 'name' => 'dnssec-validation',
21 'values' => [ 'yes' ] } ], 1);
25 &save_directive($options, "dnssec-lookaside",
26 [ { 'name' => 'dnssec-lookaside',
27 'values' => [ ".", "trust-anchor", $dnssec_dlv_zone ] } ],
31 $trusted = &find("trusted-keys", $conf);
33 # Need to create block
34 $trusted = { 'name' => 'trusted-keys',
37 &save_directive($parent, "trusted-keys", [ $trusted ]);
39 &save_directive($trusted, [ ],
40 [ { 'name' => $dnssec_dlv_zone,
41 'values' => \@dnssec_dlv_key } ], 1);
44 &unlock_file(&make_chroot($config{'named_conf'}));
46 &webmin_log("trusted");