diff --git a/config/rootfiles/core/128/filelists/files b/config/rootfiles/core/128/filelists/files index 1998a08c0..9a34f756b 100644 --- a/config/rootfiles/core/128/filelists/files +++ b/config/rootfiles/core/128/filelists/files @@ -5,8 +5,10 @@ var/ipfire/langs etc/rc.d/helper/aws-setup etc/rc.d/init.d/aws etc/rc.d/init.d/firewall +etc/rc.d/init.d/unbound etc/ssl/openssl.cnf etc/sysctl.conf +etc/unbound/unbound.conf srv/web/ipfire/cgi-bin/proxy.cgi usr/local/bin/xt_geoip_update var/ipfire/ovpn/openssl/ovpn.cnf diff --git a/config/rootfiles/core/128/update.sh b/config/rootfiles/core/128/update.sh index dc185ed70..99c036d60 100644 --- a/config/rootfiles/core/128/update.sh +++ b/config/rootfiles/core/128/update.sh @@ -62,6 +62,7 @@ if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then fi /etc/init.d/sshd restart /etc/init.d/apache restart +/etc/init.d/unbound restart # This update needs a reboot... touch /var/run/need_reboot diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index 2cc5bab8a..e20c3330d 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -83,12 +83,8 @@ server: remote-control: control-enable: yes - control-use-cert: yes + control-use-cert: no control-interface: 127.0.0.1 - server-key-file: "/etc/unbound/unbound_server.key" - server-cert-file: "/etc/unbound/unbound_server.pem" - control-key-file: "/etc/unbound/unbound_control.key" - control-cert-file: "/etc/unbound/unbound_control.pem" # Import any local configurations include: "/etc/unbound/local.d/*.conf" diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 08007f50a..2ef994e96 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -507,11 +507,6 @@ case "$1" in eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) - # Create control keys at first run - if [ ! -r "/etc/unbound/unbound_control.key" ]; then - unbound-control-setup -d /etc/unbound &>/dev/null - fi - # Update configuration files write_tuning_conf write_forward_conf