unbound: Allow list of INSECURE_ZONES being set in sysconfig

A list of DNS zones can be given for which DNSSEC validation will be disabled. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-10 19:15:54 +02:00 · 2016-11-04 17:43:05 +00:00
parent 3ddad158cd
commit 7ebc0a16e2
1 changed files with 2 additions and 1 deletions
--- a/src/initscripts/init.d/unbound
+++ b/src/initscripts/init.d/unbound
@@ -12,6 +12,7 @@ TEST_DOMAIN="ipfire.org"
 # This domain will never validate
 TEST_DOMAIN_FAIL="dnssec-failed.org"

+INSECURE_ZONES=
 USE_FORWARDERS=1

 # Cache any local zones for 60 seconds
@@ -151,7 +152,7 @@ write_forward_conf() {
 	(
 		config_header

-		local insecure_zones
+		local insecure_zones="${INSECURE_ZONES}"

 		local enabled zone server remark
 		while IFS="," read -r enabled zone server remark; do