DNSSEC fixes

bind8/conf_trusted.cgi

@@ -33,6 +33,9 @@ print &ui_table_start($text{'trusted_header'}, undef, 2);
 print &choice_input($text{'trusted_dnssec'}, 'dnssec-enable', $mems,
 		    $text{'yes'}, 'yes', $text{'no'}, 'no',
 		    $text{'default'}, undef);
+print &choice_input($text{'trusted_validation'}, 'dnssec-validation', $mems,
+		    $text{'yes'}, 'yes', $text{'no'}, 'no',
+		    $text{'default'}, undef);
 
 # Trusted DLVs
 @dtable = ( );

bind8/lang/en

@@ -1046,7 +1046,8 @@ resign_err=Failed to re-sign zone
 trusted_title=DNSSEC Verification
 trusted_ecannot=You are not allowed to configure DNSSEC verification
 trusted_header=Options for DNSSEC verification of other zones
-trusted_dnssec=DNSSEC verification enabled?
+trusted_dnssec=DNSSEC queries enabled?
+trusted_validation=DNSSEC response validation enabled?
 trusted_dlvs=Additional trust anchors
 trusted_anchor=Anchor zone
 trusted_dlv=Real zone

bind8/save_trusted.cgi

@@ -13,6 +13,7 @@ $options = &find("options", $conf);
 
 # DNSSEC enabled
 &save_choice("dnssec-enable", $options, 1);
+&save_choice("dnssec-validation", $options, 1);
 
 # Save DLV zones
 @dlvs = ( );

bind8/setup_trusted.cgi

@@ -15,6 +15,9 @@ $options = &find("options", $conf);
 &save_directive($options, "dnssec-enable",
 		[ { 'name' => 'dnssec-enable',
 		    'values' => [ 'yes' ] } ], 1);
+&save_directive($options, "dnssec-validation",
+		[ { 'name' => 'dnssec-validation',
+		    'values' => [ 'yes' ] } ], 1);
 
 # Lookaside
 &save_directive($options, "dnssec-lookaside",