X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Funbound%2Fmanifests%2Finit.pp;h=bb9e4d82bf3d6c43dabb6dfbe584625c3a5bd673;hb=ee7d91317ec6efd38f8a281c096c68c48425b64b;hp=88267d152cb629af29155dacbb9e26ed1692f1fd;hpb=2d15b9008f311fe6443ee665f2fa6ef92b038487;p=mirror%2Fdsa-puppet.git

diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index 88267d152..bb9e4d82b 100644
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -7,9 +7,9 @@
 #   include unbound
 #
 class unbound {
-
 	$is_recursor   = getfromhash($site::nodeinfo, 'misc', 'resolver-recursive')
 	$client_ranges = hiera('allow_dns_query')
+	$firewall_blocks_dns = hiera('firewall_blocks_dns', false)
 	$empty_client_range = empty($client_ranges)
 	$ns            = hiera('nameservers')
 
@@ -54,7 +54,7 @@ class unbound {
 		notify  => Service['unbound']
 	}
 	file { '/var/lib/unbound/29.172.in-addr.arpa.key':
-		ensure  => present,
+		ensure  => $firewall_blocks_dns ? { true  => 'absent', default => 'present' },
 		replace => false,
 		owner   => unbound,
 		group   => unbound,