projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Do not put our 29.172.in-addr.arpa zone into unbound configs behind fascist firewalls, 4
[mirror/dsa-puppet.git] / modules / unbound / templates / unbound.conf.erb
diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index e33b519..4206f81 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -43,7 +43,9 @@ server:
        # auto-trust-anchor-file: ""
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+<% if not @firewall_blocks_dns %>
        auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
+<% end -%>
 
        prefetch: yes
        prefetch-key: yes
Unnamed repository; edit this file 'description' to name the repository.