From efceef0f563436aa863996b6914114904259afcb Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Thu, 4 Dec 2008 02:17:03 +0000
Subject: [PATCH] DNSSEC fixes

---
 bind8/conf_trusted.cgi  | 3 +++
 bind8/lang/en           | 3 ++-
 bind8/save_trusted.cgi  | 1 +
 bind8/setup_trusted.cgi | 3 +++
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/bind8/conf_trusted.cgi b/bind8/conf_trusted.cgi
index b7d9c94e6..17c49bf61 100644
--- a/bind8/conf_trusted.cgi
+++ b/bind8/conf_trusted.cgi
@@ -33,6 +33,9 @@ print &ui_table_start($text{'trusted_header'}, undef, 2);
 print &choice_input($text{'trusted_dnssec'}, 'dnssec-enable', $mems,
 		    $text{'yes'}, 'yes', $text{'no'}, 'no',
 		    $text{'default'}, undef);
+print &choice_input($text{'trusted_validation'}, 'dnssec-validation', $mems,
+		    $text{'yes'}, 'yes', $text{'no'}, 'no',
+		    $text{'default'}, undef);
 
 # Trusted DLVs
 @dtable = ( );
diff --git a/bind8/lang/en b/bind8/lang/en
index 4dd0bc2f5..afb7f8b57 100644
--- a/bind8/lang/en
+++ b/bind8/lang/en
@@ -1046,7 +1046,8 @@ resign_err=Failed to re-sign zone
 trusted_title=DNSSEC Verification
 trusted_ecannot=You are not allowed to configure DNSSEC verification
 trusted_header=Options for DNSSEC verification of other zones
-trusted_dnssec=DNSSEC verification enabled?
+trusted_dnssec=DNSSEC queries enabled?
+trusted_validation=DNSSEC response validation enabled?
 trusted_dlvs=Additional trust anchors
 trusted_anchor=Anchor zone
 trusted_dlv=Real zone
diff --git a/bind8/save_trusted.cgi b/bind8/save_trusted.cgi
index b217d46c1..f97d03fa7 100644
--- a/bind8/save_trusted.cgi
+++ b/bind8/save_trusted.cgi
@@ -13,6 +13,7 @@ $options = &find("options", $conf);
 
 # DNSSEC enabled
 &save_choice("dnssec-enable", $options, 1);
+&save_choice("dnssec-validation", $options, 1);
 
 # Save DLV zones
 @dlvs = ( );
diff --git a/bind8/setup_trusted.cgi b/bind8/setup_trusted.cgi
index 0ef7b454e..02d0695f0 100644
--- a/bind8/setup_trusted.cgi
+++ b/bind8/setup_trusted.cgi
@@ -15,6 +15,9 @@ $options = &find("options", $conf);
 &save_directive($options, "dnssec-enable",
 		[ { 'name' => 'dnssec-enable',
 		    'values' => [ 'yes' ] } ], 1);
+&save_directive($options, "dnssec-validation",
+		[ { 'name' => 'dnssec-validation',
+		    'values' => [ 'yes' ] } ], 1);
 
 # Lookaside
 &save_directive($options, "dnssec-lookaside",