dnsmasq: correct sense & usage of dnsseccheckunsigned

dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci
option was rendered ineffectual: we checked unsigned zones no matter the
setting.

Disabling the checking of unsigned zones is now achieve with the
"--dnssec-check-unsigned=no" dnsmasq option.

Update init script to pass required option in the disabled case.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

2 files changed, 3 insertions, 2 deletions

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index a1b51896a9..c57a837e9e 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=dnsmasq
 PKG_UPSTREAM_VERSION:=2.80
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=14
+PKG_RELEASE:=15
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 1054f7a12a..94a069f1ac 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -966,7 +966,8 @@ dnsmasq_start()
 				[ -f "$TIMEVALIDFILE" ] || xappend "--dnssec-no-timecheck"
 			}
 		}
-		append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned"
+		config_get_bool dnsseccheckunsigned "$cfg" dnsseccheckunsigned 1
+		[ "$dnsseccheckunsigned" -eq 0 ] && xappend "--dnssec-check-unsigned=no"
 	}
 
 	config_get addmac "$cfg" addmac 0