[2/2] unbound: Mark domains as insecure from DNS forwarding
Commit Message
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
src/initscripts/system/unbound | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
@@ -197,8 +197,8 @@ write_forward_conf() {
local insecure_zones="${INSECURE_ZONES}"
- local enabled zone server servers remark
- while IFS="," read -r enabled zone servers remark; do
+ local enabled zone server servers remark disable_dnssec rest
+ while IFS="," read -r enabled zone servers remark disable_dnssec rest; do
# Line must be enabled.
[ "${enabled}" = "on" ] || continue
@@ -208,6 +208,11 @@ write_forward_conf() {
*.local)
insecure_zones="${insecure_zones} ${zone}"
;;
+ *)
+ if [ "${disable_dnssec}" = "on" ]; then
+ insecure_zones="${insecure_zones} ${zone}"
+ fi
+ ;;
esac
# Reverse-lookup zones must be stubs