From 585a3ccfa73a9b41adb9c1fd900e322dcd4773e0 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 3 Mar 2021 11:28:36 +0100
Subject: [PATCH] Enable DNSSEC by default

---
 openmptcprouter/files/etc/uci-defaults/1940-omr-dns | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns
index e66213732..7afa1e92e 100755
--- a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns
+++ b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns
@@ -6,6 +6,8 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 			set unbound.@unbound[-1].protocol="ip4_only"
 			set unbound.@unbound[-1].enabled=1
 			set unbound.@unbound[-1].recursion="aggressive"
+			set unbound.@unbound[-1].validator='1'
+			set unbound.@unbound[-1].validator_ntp='1'
 			commit unbound
 		EOF
 	fi
@@ -13,6 +15,7 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 		uci -q batch <<-EOF >/dev/null
 			add_list dhcp.@dnsmasq[-1].server="127.0.0.1#5353"
 			add_list dhcp.@dnsmasq[-1].server="/lan/"
+			set dhcp.@dnsmasq[-1].dnssec='1'
 			commit dhcp
 		EOF
 	fi