From 99fb6ad8ce001d7efc7f77cfbe535653f581560f Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Thu, 12 Jan 2017 16:02:09 +0100
Subject: [PATCH 1/2] Add DNSSEC to web UI

---
 scripts/pi-hole/php/savesettings.php | 15 +++++++++++++--
 settings.php                         | 17 +++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/scripts/pi-hole/php/savesettings.php b/scripts/pi-hole/php/savesettings.php
index 050165ecd..763d23227 100644
--- a/scripts/pi-hole/php/savesettings.php
+++ b/scripts/pi-hole/php/savesettings.php
@@ -112,11 +112,21 @@ function validDomain($domain_name)
 				// Check if domain-needed is requested
 				if(isset($_POST["DNSbogusPriv"]))
 				{
-					$extra .= "bogus-priv";
+					$extra .= "bogus-priv ";
 				}
 				else
 				{
-					$extra .= "no-bogus-priv";
+					$extra .= "no-bogus-priv ";
+				}
+
+				// Check if DNSSEC is requested
+				if(isset($_POST["DNSSEC"]))
+				{
+					$extra .= "dnssec";
+				}
+				else
+				{
+					$extra .= "no-dnssec";
 				}
 
 				// If there has been no error we can save the new DNS server IPs
@@ -124,6 +134,7 @@ function validDomain($domain_name)
 				{
 					exec("sudo pihole -a setdns ".$primaryIP." ".$secondaryIP." ".$extra);
 					$success .= "The DNS settings have been updated";
+					$success = "sudo pihole -a setdns ".$primaryIP." ".$secondaryIP." ".$extra;
 				}
 				else
 				{
diff --git a/settings.php b/settings.php
index 7983e1072..770beb8c2 100644
--- a/settings.php
+++ b/settings.php
@@ -411,6 +411,19 @@ function convertseconds($argument) {
 	} else {
 		$DNSbogusPriv = true;
 	}
+
+	if(isset($setupVars["DNSSEC"])){
+		if($setupVars["DNSSEC"])
+		{
+			$DNSSEC = true;
+		}
+		else
+		{
+			$DNSSEC = false;
+		}
+	} else {
+		$DNSSEC = false;
+	}
 ?>
 		<div class="box box-warning">
 			<div class="box-header with-border">
@@ -459,6 +472,10 @@ function convertseconds($argument) {
 								<div class="checkbox"><label><input type="checkbox" name="DNSbogusPriv" <?php if($DNSbogusPriv){ ?>checked<?php } ?> title="bogus-priv"> never forward reverse lookups for private IP ranges</label></div>
 							</div>
 							<p>Note that enabling these two options may increase your privacy slightly, but may also prevent you from being able to access local hostnames if the Pi-Hole is not used as DHCP server</p>
+							<div class="form-group">
+								<div class="checkbox"><label><input type="checkbox" name="DNSSEC" <?php if($DNSSEC){ ?>checked<?php } ?>> Use DNSSEC</label></div>
+							</div>
+							<p>Validate DNS replies and cache DNSSEC data. When forwarding DNS queries, Pi-hole requests the DNSSEC records needed to  validate the replies. Use Google or Norton DNS servers when activating DNSSEC. Note that the size of your log might increase significantly when enabling DNSSEC. A DNSSEC resolver test can be found <a href="http://dnssec.vs.uni-due.de/" target="_blank">here</a>.</p>
 						</div>
 					</div>
 				</div>

From 225c2791fe2f6af4da9f9b0a2bbe2d7d02feeeaa Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Thu, 12 Jan 2017 16:30:18 +0100
Subject: [PATCH 2/2] Remove debug statement

---
 scripts/pi-hole/php/savesettings.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scripts/pi-hole/php/savesettings.php b/scripts/pi-hole/php/savesettings.php
index 763d23227..d9aadbce4 100644
--- a/scripts/pi-hole/php/savesettings.php
+++ b/scripts/pi-hole/php/savesettings.php
@@ -134,7 +134,6 @@ function validDomain($domain_name)
 				{
 					exec("sudo pihole -a setdns ".$primaryIP." ".$secondaryIP." ".$extra);
 					$success .= "The DNS settings have been updated";
-					$success = "sudo pihole -a setdns ".$primaryIP." ".$secondaryIP." ".$extra;
 				}
 				else
 				{