Bug #15572
open
Disabling DNSSEC should also disable Harden DNSSEC Data
0%
Description
Tested on 24.03
After disabling DNSSEC when I tried to change DNS Resolver Advanced Settings (change logging level) I got this error
The following input errors were detected:
Harden DNSSEC Data option can only be enabled if DNSSEC support is enabled.
but it's nowhere mentioned that I had to disable it.
So I think Note should be adding for DNSSEC like 'If you would like to disable DDNSEC, don't forget to uncheck Harden DNSSEC Data' or Harden DNSSEC Data should be disabled automatically when DNSSEC is unchecked.
Updated by Jim Pingle 6 months ago
- Tracker changed from Todo to Bug
- Project changed from pfSense Plus to pfSense
- Category changed from DNS Resolver to DNS Resolver
- Target version set to 2.8.0
- Plus Target Version set to 24.03
Updated by Chris Collins 11 days ago
I have a different view, and I actually patched my local install to reflect this.
In Unbound if you enable features that depend on another feature, it is usually not fatal, and its not fatal for this feature, instead it simply wont do anything if the dependent option is not enabled.
Since it might be desirable for someone to disable DNSSEC without also disabling DNSSEC specific options (meaning they can toggle DNSSEC on off without losing all DNSSEC specific configuration), I think its better to remove the input error that prevents applying the config and instead add warnings for options that depend on DNSSEC.
So e.g. in bold at end of description text for Harden DNSSEC Data, add "This requires DNSSEC support to be enabled, otherwise will be ignored". The text could even be hidden automatically when DNSSEC is enabled to reduce confusion.