unbound: Fix DNS forwarder test

The previous version aborted when the validation test suceeded, but this is not always sufficient in case a provider filters any DNSKEY, DS or RRSIG records. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-26 10:52:57 +02:00 · 2016-12-01 17:13:07 +00:00
parent cd812106b1
commit 2aa15dee66
3 changed files with 11 additions and 5 deletions
--- a/src/initscripts/init.d/unbound
+++ b/src/initscripts/init.d/unbound
@@ -259,9 +259,6 @@ test_name_server() {
 	# Exit when the server is not reachable
 	ns_is_online ${ns} || return 1

-	# Return 0 if validating
-	ns_is_validating ${ns} && return 0
-
 	local errors
 	for rr in DNSKEY DS RRSIG; do
 		if ! ns_forwards_${rr} ${ns}; then
@@ -274,8 +271,13 @@ test_name_server() {
 		return 3
 	fi

-	# Is DNSSEC-aware
-	return 2
+	if ns_is_validating ${ns}; then
+		# Return 0 if validating
+		return 0
+	else
+		# Is DNSSEC-aware
+		return 2
+	fi
 }

 # Sends an A query to the nameserver w/o DNSSEC