cloudron-support: add option to disable dnssec

scripts/cloudron-support

@@ -14,10 +14,12 @@ readonly HELP_MESSAGE="
  Cloudron Support and Diagnostics Tool
 
  Options:
+   --disable-dnssec          Disable DNSSEC
    --enable-remote-access    Enable SSH Remote Access for the Cloudron support team
    --send-diagnostics        Collects server diagnostics and uploads it to ${PASTEBIN}
    --troubleshoot            Dashboard down? Run tests to identify the potential problem
    --owner-login             Login as owner
+   --use-external-dns        Forwards all DNS requests to Google (8.8.8.8) and Cloudflare (1.1.1.1) DNS servers
    --help                    Show this message
 "
 
@@ -203,6 +205,19 @@ EOF
     systemctl restart unbound
 }
 
+function disable_dnssec() {
+    local -r $conf_file="/etc/unbound/unbound.conf.d/disable-dnssec.conf"
+
+    echo "Disabling DNSSEC. To reenable it, please delete $conf and 'systemctl restart unbound'"
+
+    cat > $conf_file <<EOF
+server:
+  val-permissive-mode: yes
+EOF
+
+    systemctl restart unbound
+}
+
 function troubleshoot() {
     # note: disk space test has already been run globally
     check_nginx
@@ -235,7 +250,7 @@ function check_disk_space() {
 
 check_disk_space
 
-args=$(getopt -o "" -l "admin-login,enable-ssh,enable-remote-access,help,owner-login,send-diagnostics,use-external-dns,troubleshoot" -n "$0" -- "$@")
+args=$(getopt -o "" -l "admin-login,disable-dnssec,enable-ssh,enable-remote-access,help,owner-login,send-diagnostics,use-external-dns,troubleshoot" -n "$0" -- "$@")
 eval set -- "${args}"
 
 while true; do
@@ -250,6 +265,7 @@ while true; do
     --owner-login) owner_login; exit 0;;
     --send-diagnostics) send_diagnostics; exit 0;;
     --troubleshoot) troubleshoot; exit 0;;
+    --no-dnssec) disable_dnssec; exit 0;;
     --use-external-dns) use_external_dns; exit 0;;
     --help) break;;
     --) break;;