webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-22 00:42:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

unbound: Mark domains as insecure from DNS forwarding

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2019-03-05 16:58:29 +00:00
parent 025d8e6318
commit 1ececb67a1
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/initscripts/system/unbound
View File

@@ -197,8 +197,8 @@ write_forward_conf() {
local insecure_zones="${INSECURE_ZONES}"
local enabled zone server servers remark
while IFS="," read -r enabled zone servers remark; do
local enabled zone server servers remark disable_dnssec rest
while IFS="," read -r enabled zone servers remark disable_dnssec rest; do
# Line must be enabled.
[ "${enabled}" = "on" ] || continue
@@ -208,6 +208,11 @@ write_forward_conf() {
*.local)
insecure_zones="${insecure_zones} ${zone}"
;;
*)
if [ "${disable_dnssec}" = "on" ]; then
insecure_zones="${insecure_zones} ${zone}"
fi
;;
esac
# Reverse-lookup zones must be stubs