unbound: Fix DNS forwarder test

The previous version aborted when the validation test
suceeded, but this is not always sufficient in case a
provider filters any DNSKEY, DS or RRSIG records.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/core/108/filelists/files

@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
+etc/rc.d/init.d/unbound
 etc/syslog.conf
 etc/unbound/unbound.conf
 srv/web/ipfire/cgi-bin/fwhosts.cgi

config/rootfiles/core/108/update.sh

@@ -43,6 +43,9 @@ ldconfig
 # Update Language cache
 #/usr/local/bin/update-lang-cache
 
+# Reload unbound upstream name servers
+/etc/init.d/unbound update-forwarders
+
 # Start services
 /etc/init.d/sysklogd restart
 if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then

src/initscripts/init.d/unbound

@@ -259,9 +259,6 @@ test_name_server() {
 	# Exit when the server is not reachable
 	ns_is_online ${ns} || return 1
 
-	# Return 0 if validating
-	ns_is_validating ${ns} && return 0
-
 	local errors
 	for rr in DNSKEY DS RRSIG; do
 		if ! ns_forwards_${rr} ${ns}; then
@@ -274,8 +271,13 @@ test_name_server() {
 		return 3
 	fi
 
-	# Is DNSSEC-aware
-	return 2
+	if ns_is_validating ${ns}; then
+		# Return 0 if validating
+		return 0
+	else
+		# Is DNSSEC-aware
+		return 2
+	fi
 }
 
 # Sends an A query to the nameserver w/o DNSSEC