mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-22 00:42:59 +02:00
unbound: Convert forward zones to stub zones
It was incorrect to use forward zones here, because that assumes that unbound is talking a recursive resolver here. The feature is however designed to be talking to an authoritative server. Fixes: #12230 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
@@ -220,35 +220,24 @@ write_forward_conf() {
|
||||
;;
|
||||
esac
|
||||
|
||||
# Reverse-lookup zones must be stubs
|
||||
echo "stub-zone:"
|
||||
echo " name: ${zone}"
|
||||
for server in ${servers//|/ }; do
|
||||
if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo " stub-addr: ${server}"
|
||||
else
|
||||
echo " stub-host: ${server}"
|
||||
fi
|
||||
done
|
||||
echo
|
||||
|
||||
# Make all reverse lookup zones transparent
|
||||
case "${zone}" in
|
||||
*.in-addr.arpa)
|
||||
echo "stub-zone:"
|
||||
echo " name: ${zone}"
|
||||
for server in ${servers//|/ }; do
|
||||
if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo " stub-addr: ${server}"
|
||||
else
|
||||
echo " stub-host: ${server}"
|
||||
fi
|
||||
done
|
||||
echo
|
||||
echo "server:"
|
||||
echo " local-zone: \"${zone}\" transparent"
|
||||
echo
|
||||
;;
|
||||
*)
|
||||
echo "forward-zone:"
|
||||
echo " name: ${zone}"
|
||||
for server in ${servers//|/ }; do
|
||||
if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo " forward-addr: ${server}"
|
||||
else
|
||||
echo " forward-host: ${server}"
|
||||
fi
|
||||
done
|
||||
echo
|
||||
;;
|
||||
esac
|
||||
done < /var/ipfire/dnsforward/config
|
||||
|
||||
|
||||
Reference in New Issue
Block a user