From patchwork Mon Apr  6 15:10:25 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Tremer <michael.tremer@ipfire.org>
X-Patchwork-Id: 2913
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 48wv9q2wgjz3wdp
	for <patchwork@web04.haj.ipfire.org>; Mon,  6 Apr 2020 15:10:39 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 48wv9n4XZbzJj;
	Mon,  6 Apr 2020 15:10:37 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 48wv9n2X15z2yZY;
	Mon,  6 Apr 2020 15:10:37 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48wv9l1Kdsz2y5S
 for <development@lists.ipfire.org>; Mon,  6 Apr 2020 15:10:35 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 48wv9k5j0tzJj;
 Mon,  6 Apr 2020 15:10:34 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1586185834;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=6WlfMeiAx2bpQEtLqzOlZP8ekwpFWBx72gF3mxymeC0=;
 b=skURMpMQMK1KWq9DXH6FbLTxGAysoYaGvPFgYA20FLKWcm5kt3xbvU64BAj1FltG0Wgy0a
 e6SofL8yOvzzW1DQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1586185834;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=6WlfMeiAx2bpQEtLqzOlZP8ekwpFWBx72gF3mxymeC0=;
 b=jkcD7GFnAacXSs8E5OJAyndl5BJXHqXpGcQtJBQohbrYiq2Q3FW74SblbCdmO4lDw000V7
 E0XDK1j4gk2h4FeglSnD5R18WASAV2DCHNYJakiJQlND8YOqhDIcIQ4r2swltUxVu5FL6X
 2NM7omJL/5bVqOnRCPTo9Z6hGpURjzGk8lNusb7iIo/969bqcPVhfomzpAjgQmTyQTcT+A
 l7QadlERW7kfyBkdrU5HErydOdllp6x5uprAoY+hGOdPmINSrLJN774FA8ZZxRj45oFw7n
 hUgo+J1RmFPlE9kssMlySnvVJfwS8lW38Y1JaDPbK5lAb2hJMqoMIj5E009udg==
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] unbound: Set domains with local data into type transparent
 mode
Date: Mon,  6 Apr 2020 15:10:25 +0000
Message-Id: <20200406151025.18320-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Records which are from the same domain than the IPFire hostname
might not be returned by unbound. This change explicitely instructs
unbound to check local data before checking the global DNS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/unbound | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 1cf26ec0e..35477ae28 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -72,8 +72,18 @@ write_hosts_conf() {
 			echo "local-data: \"${address} ${LOCAL_TTL} IN PTR ${HOSTNAME}\""
 		done
 
-		# Add all hosts
 		local enabled address hostname domainname generateptr
+
+		# Find all unique domain names
+		while IFS="," read -r enabled address hostname domainname generateptr; do
+			[ "${enabled}" = "on" ] || continue
+
+			echo "${domainname}"
+		done < /var/ipfire/main/hosts | sort -u | while read -r domainname; do
+			echo "local-zone: ${domainname} typetransparent"
+		done
+
+		# Add all hosts
 		while IFS="," read -r enabled address hostname domainname generateptr; do
 			[ "${enabled}" = "on" ] || continue