How to change setting for DNSSEC other than in Foris? PROBLEM SOLVED

Using Foris one can enable/disable DNSSEC for Turris Omnia. Is there a way to do this in LuCI too, or is there a config file that I can change?

Thanks for the information.

Maybe I should install dnsmasque-full, I will give that a try.

dnsmasque-full does indeed offer a setting for dnssec under network/dhcp and dns/advanced settings

Problem solved

You can change it in the config file /etc/config/resolver. There is no LuCI specific applet for that.

1 Like

Thank you, Ondrej_Caletka, for this information.

I found out that the following lines in resolver control enable/disable Forwarding and DNSSEC:

  • option forward_upstream ‘0’ / ‘1’ for disable / enable forwarding
  • option ignore_root_key ‘1’ / ‘0’ for disable / enable dnssec

Furthermore it means that TurrisOmnia ignores any setting with respect to dnssec in dhcp in the section config dnsmasq, that I was able to make in LuCI after I installed dnsmasque-full.

This information just for the record, when others may stumble upon it.

1 Like

The logic here is the other way around, ie. ignore_root_key '1' means DNSSEC validation is disabled and vice versa.

1 Like

OK, thanks for the correction. I have edited it.