From patchwork Tue Jan 21 16:13:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 2713 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 482D9568sTz3xY8 for ; Tue, 21 Jan 2020 16:13:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 482D942b4dz24D; Tue, 21 Jan 2020 16:13:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1579623192; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=iXUqQuhC2Q+V11GkqfjzfhbOf0xlyvZS2F8cieFi/ok=; b=a2m1USQeo/KyYCwHEKJrh6/5OPiQE3tPgbmweiTXaNhhOfXNk7CFEfXZUzw6UYuD6qSS8i 2BV83rPU+2yNm4BQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1579623192; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=iXUqQuhC2Q+V11GkqfjzfhbOf0xlyvZS2F8cieFi/ok=; b=g7VA8fitTWvA33MaCqR0NHF4Xd2reuALJhPrCYrGeSqMIjVNBOUx8AAhlRi3/peyQFPvkp +jiaphwx0j33NOwVp4zymgfdTv09KfEIlZOI9Shcjxb7qN7HZzjf1GkY+lugAqul9YdNNY tWof4lHFxvWTBHvX73E3Mi+GW9S6oRmNKO9BBLRqi7ubCqSUyTZXFwY1J/cdw3aDMtcTFQ pvbwbXfG3I8O2zq+D4QNKXGlQexV827TMy6aH/pG5eEHaX8OdiXB55EXONqf+ovUIM8bHA 7tijkmLWQhw3d89b1sb27AGil5uNoxuuIdSJnwcdRlZXEi/5uo36KaxZ9OKf5g== Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 482D9411BJz2xn4; Tue, 21 Jan 2020 16:13:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 482D921qdMz2xhb for ; Tue, 21 Jan 2020 16:13:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 482D914TDtz2GJ; Tue, 21 Jan 2020 16:13:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1579623189; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=iXUqQuhC2Q+V11GkqfjzfhbOf0xlyvZS2F8cieFi/ok=; b=7WS4EaMLCC+GiAQPFk/vLsXMT1ZgVu4uMQKA1tI3RBIvSCoCRUPc3OJXrt50+mH71UNafJ jDrjSXwtc96+a4Cw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1579623189; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=iXUqQuhC2Q+V11GkqfjzfhbOf0xlyvZS2F8cieFi/ok=; b=KIzEzOUEa75if6ayajblZ7+SsGdwaM+nulcI8d0uYN+jQFzU/Coq/9cpPHoT75v8BzVxVG goaOjY38T0zdoD7RdQm9rHTjD2JKwKweNn/DrYkABZ1VcqYshqpLR3+xNHNleyL9vBiDdn zPVRJaazynT+hZt5f0sFeONBvIzFgtWkOKjy0BAQLn/Kl32ZWdJYPZkA38z19JajCL69iW rP1yHremRLtRJgxWxo5rKlUZm5iYDDc4DcE8GWEzW38BSvS4lbdcVUgOWrOv8BIbC8cDbi GMXtnEFu+0yyQBxasbmutj9D2CzqxF7L1HCESjojYlbAl6WfENzlxK/4bn8WKg== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] unbound: Use recursor mode if no nameservers are configured Date: Tue, 21 Jan 2020 17:13:06 +0100 Message-Id: <20200121161306.5246-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=stevee smtp.mailfrom=stefan.schantl@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Stefan Schantl --- src/initscripts/system/unbound | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 7df50e9d4..3322c15b5 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -162,19 +162,29 @@ write_forward_conf() { done fi - echo "forward-zone:" - echo " name: \".\"" + # Read name servers. + nameservers=$(read_name_servers) - # Force using TLS only - if [ "${PROTO}" = "TLS" ]; then - echo " forward-tls-upstream: yes" + # Only write forward zones if any nameservers are configured. + # + # Otherwise fall-back into recursor mode. + if [ -n "${nameservers}" ]; then + + echo "forward-zone:" + echo " name: \".\"" + + # Force using TLS only + if [ "${PROTO}" = "TLS" ]; then + echo " forward-tls-upstream: yes" + fi + + # Add upstream name servers + local ns + for ns in ${nameservers}; do + echo " forward-addr: ${ns}" + done fi - # Add upstream name servers - local ns - for ns in $(read_name_servers); do - echo " forward-addr: ${ns}" - done ) > /etc/unbound/forward.conf }