eximconf: use a more idiomatic way of "resetting" a variable

[mirror/dsa-puppet.git] / modules / unbound / templates / unbound.conf.erb

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 9276675..4206f81 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -43,17 +43,22 @@ server:
        # auto-trust-anchor-file: ""
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+<% if not @firewall_blocks_dns %>
        auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
+<% end -%>
 
        prefetch: yes
        prefetch-key: yes
 
+
+<% if not @firewall_blocks_dns %>
 local-zone: "29.172.in-addr.arpa" nodefault
 forward-zone:
        name: "29.172.in-addr.arpa"
        forward-host: geo1.debian.org
        forward-host: geo2.debian.org
        forward-host: geo3.debian.org
+<% end -%>
 
 # recursive: <%= @is_recursor ? "y" : "n" %>
 <% if not @is_recursor -%>