Do not put our 29.172.in-addr.arpa zone into unbound configs behind fascist firewalls, 3

[mirror/dsa-puppet.git] / modules / unbound / manifests / init.pp

diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index 79f172a..0d24653 100644 (file)
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -57,7 +57,7 @@ class unbound {
        }
        file { '/var/lib/unbound/29.172.in-addr.arpa.key':
                ensure  => $firewall_blocks_dns ? { true  => 'absent', default => 'present' },
-               replace => false,
+               replace => $firewall_blocks_dns ? { true  => true, default => false },
                owner   => unbound,
                group   => unbound,
                mode    => '0644',