added dnssec_enabled to domain; added form to dnssec template to enable or disable; added conditions to sidebar and dnssec template

src/registrar/forms/__init__.py

@@ -5,6 +5,7 @@ from .domain import (
     DomainSecurityEmailForm,
     DomainOrgNameAddressForm,
     ContactForm,
+    DomainDnssecForm,
     DomainDsdataFormset,
     DomainDsdataForm,
 )

src/registrar/forms/domain.py

@@ -141,6 +141,11 @@ class DomainOrgNameAddressForm(forms.ModelForm):
         self.fields["zipcode"].widget.attrs.pop("maxlength", None)
 
 
+class DomainDnssecForm(forms.Form):
+
+    """Form for enabling and disabling dnssec"""
+
+
 class DomainDsdataForm(forms.Form):
 
     """Form for adding or editing a security email to a domain."""

src/registrar/migrations/0033_domain_dnssec_enabled.py

@@ -0,0 +1,19 @@
+# Generated by Django 4.2.1 on 2023-10-03 06:36
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("registrar", "0032_alter_transitiondomain_status"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="domain",
+            name="dnssec_enabled",
+            field=models.BooleanField(
+                default=False, help_text="Boolean indicating if dnssec is enabled"
+            ),
+        ),
+    ]

src/registrar/models/domain.py

@@ -707,6 +707,11 @@ class Domain(TimeStampedModel, DomainHelper):
         help_text="Very basic info about the lifecycle of this domain object",
     )
 
+    dnssec_enabled = models.BooleanField(
+        default=False,
+        help_text="Boolean indicating if dnssec is enabled",
+    )
+
     # ForeignKey on UserDomainRole creates a "permissions" member for
     # all of the user-roles that are in place for this domain
 

src/registrar/templates/domain_dnssec.html

@@ -9,4 +9,42 @@
 
   <p>DNSSEC, or DNS Security Extensions, is additional security layer to protect your website. Enabling DNSSEC ensures that when someone visits your website, they can be certain that it's connecting to the correct server, preventing potential hijacking or tampering with your domain's records. <a href="https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en">Read more about DNSSEC and why it is important.</a></p>
 
+  <form class="usa-form usa-form--extra-large" method="post">
+    {% csrf_token %}
+    {% if not domain.dnssec_enabled %}
+    <div class="usa-alert usa-alert--info usa-alert--slim margin-bottom-3">
+      <div class="usa-alert__body">
+      It is strongly recommended that you do not enable this unless you fully understand DNSSEC and know how to set it up properly. If you make a mistake, it could cause your domain name to stop working.
+      </div>
+    </div>
+    <button
+        type="submit"
+        class="usa-button"
+        name="enable_dnssec"
+    >Enable DNSSEC</button>
+    {% elif domain.dnssecdata is None %}
+    <h2> Add DS Records </h2>
+    <p>In order to enable DNSSEC and add Delegation Signer (DS) records, you must first configure it with your DNS hosting service. Your configuration will determine whether you need to add DS Data or Key Data. Contact your DNS hosting provider if you are unsure which record type to add.</p>
+    <p>
+      <a href="{% url 'domain-dns-dnssec-dsdata' pk=domain.id %}" class="usa-button usa-button--outline">Add DS Data</a>
+      <a href="{% url 'domain-dns-dnssec-dsdata' pk=domain.id %}" class="usa-button usa-button--outline">Add DS Data</a>
+      <button
+        type="submit"
+        class="usa-button"
+        name="disable_dnssec"
+    >Cancel</button>
+    </p>
+    {% else %}
+    <div class="usa-alert usa-alert--info usa-alert--slim margin-bottom-3">
+      <div class="usa-alert__body">
+      In order to fully disable DNSSEC on your domain, you will need to work with your DNS provider to remove your DNSSEC-related records from your zone.
+      </div>
+    </div>
+    <button
+        type="submit"
+        class="usa-button"
+        name="disable_dnssec"
+    >Disable DNSSEC</button>
+    {% endif %}
+  </form>
 {% endblock %}  {# domain_content #}

src/registrar/templates/domain_sidebar.html

@@ -43,6 +43,7 @@
             >
                 DNSSEC
             </a>
+            {% if domain.dnssec_enabled %}
             <ul class="usa-sidenav__sublist">
               <li class="usa-sidenav__item">
                 {% url 'domain-dns-dnssec-dsdata' pk=domain.id as url %}
@@ -62,6 +63,7 @@
                 </a>
               </li>
             </ul>
+            {% endif %}
           </li>
         </ul>
       </li>

src/registrar/views/domain.py

@@ -28,6 +28,7 @@ from ..forms import (
     DomainAddUserForm,
     DomainSecurityEmailForm,
     NameserverFormset,
+    DomainDnssecForm,
     DomainDsdataFormset,
     DomainDsdataForm,
 )
@@ -229,11 +230,32 @@ class DomainSubdomainsView(DomainPermissionView):
     template_name = "domain_subdomains.html"
 
 
-class DomainDNSSECView(DomainPermissionView):
+class DomainDNSSECView(DomainPermissionView, FormMixin):
 
     """Domain DNSSEC editing view."""
 
     template_name = "domain_dnssec.html"
+    form_class = DomainDnssecForm
+
+    def get_success_url(self):
+        """Redirect to the DNSSEC page for the domain."""
+        return reverse("domain-dns-dnssec", kwargs={"pk": self.domain.pk})
+
+    def post(self, request, *args, **kwargs):
+        """Form submission posts to this view.
+        """
+        self.domain = self.get_object()
+        form = self.get_form()
+        if form.is_valid():
+            if 'enable_dnssec' in request.POST:
+                self.domain.dnssec_enabled = True
+                self.domain.save()
+            elif 'disable_dnssec' in request.POST:
+                self.domain.dnssecdata = {}
+                self.domain.dnssec_enabled = False
+                self.domain.save()
+        
+        return self.form_valid(form)
 
 
 class DomainDsdataView(DomainPermissionView, FormMixin):