diff mbox series

[2/2] unbound: Mark domains as insecure from DNS forwarding

Message ID 20190305165909.25087-2-michael.tremer@ipfire.org
State Accepted
Commit 1ececb67a1f83dd931e31d66893893ce542d0814
Headers
Series [1/2] DNS Forwarding: Add UI to Allow to disable DNSSEC for azone |

Commit Message

Michael Tremer March 6, 2019, 3:59 a.m. UTC 
  Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/unbound | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 2ef994e96..af9bcef73 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -197,8 +197,8 @@  write_forward_conf() {
 
 		local insecure_zones="${INSECURE_ZONES}"
 
-		local enabled zone server servers remark
-		while IFS="," read -r enabled zone servers remark; do
+		local enabled zone server servers remark disable_dnssec rest
+		while IFS="," read -r enabled zone servers remark disable_dnssec rest; do
 			# Line must be enabled.
 			[ "${enabled}" = "on" ] || continue
 
@@ -208,6 +208,11 @@  write_forward_conf() {
 				*.local)
 					insecure_zones="${insecure_zones} ${zone}"
 					;;
+				*)
+					if [ "${disable_dnssec}" = "on" ]; then
+						insecure_zones="${insecure_zones} ${zone}"
+					fi
+					;;
 			esac
 
 			# Reverse-lookup zones must be stubs