diff --git a/scripts/pi-hole/php/savesettings.php b/scripts/pi-hole/php/savesettings.php index 050165ec..d9aadbce 100644 --- a/scripts/pi-hole/php/savesettings.php +++ b/scripts/pi-hole/php/savesettings.php @@ -112,11 +112,21 @@ function validDomain($domain_name) // Check if domain-needed is requested if(isset($_POST["DNSbogusPriv"])) { - $extra .= "bogus-priv"; + $extra .= "bogus-priv "; } else { - $extra .= "no-bogus-priv"; + $extra .= "no-bogus-priv "; + } + + // Check if DNSSEC is requested + if(isset($_POST["DNSSEC"])) + { + $extra .= "dnssec"; + } + else + { + $extra .= "no-dnssec"; } // If there has been no error we can save the new DNS server IPs diff --git a/settings.php b/settings.php index 7983e107..770beb8c 100644 --- a/settings.php +++ b/settings.php @@ -411,6 +411,19 @@ } else { $DNSbogusPriv = true; } + + if(isset($setupVars["DNSSEC"])){ + if($setupVars["DNSSEC"]) + { + $DNSSEC = true; + } + else + { + $DNSSEC = false; + } + } else { + $DNSSEC = false; + } ?>
@@ -459,6 +472,10 @@

Note that enabling these two options may increase your privacy slightly, but may also prevent you from being able to access local hostnames if the Pi-Hole is not used as DHCP server

+
+
+
+

Validate DNS replies and cache DNSSEC data. When forwarding DNS queries, Pi-hole requests the DNSSEC records needed to validate the replies. Use Google or Norton DNS servers when activating DNSSEC. Note that the size of your log might increase significantly when enabling DNSSEC. A DNSSEC resolver test can be found here.