X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Funbound%2Ftemplates%2Funbound.conf.erb;h=2caa955017f23173fe9e513bd0fba3057175710d;hb=41cda7b2ada814d3d8c9d0b32ce34029a95f2da1;hp=4f0160303bf8dcc044786b9083b1f843f7e0be42;hpb=ebb4ff839f4767e2c8ccec0cd0334109f042cd07;p=mirror%2Fdsa-puppet.git

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 4f0160303..2caa95501 100644
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -45,6 +45,16 @@ server:
 	auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
 	auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
 
+	prefetch: yes
+	prefetch-key: yes
+
+local-zone: "29.172.in-addr.arpa" nodefault
+forward-zone:
+	name: "29.172.in-addr.arpa"
+	forward-host: geo1.debian.org
+	forward-host: geo2.debian.org
+	forward-host: geo3.debian.org
+
 # recursive: <%= @is_recursor ? "y" : "n" %>
 <% if not @is_recursor -%>
 forward-zone:
@@ -52,20 +62,7 @@ forward-zone:
 <% @ns.to_a.flatten.each do |nms| -%>
 	forward-addr: <%= nms %>
 <% end -%>
-<% if @lsbmajdistrelease >= '7' -%>
 	# This will actually only work starting with unbound 1.4.18 (wheezy has 1.4.17)
 	# previously, forward-first was not implemented for the root zone.
 	forward-first: yes
 <% end -%>
-
-# XXX : we probably ought to forward 172.29 reverse queries to our nameserver
-# if our forwarders are not ours.
-<% else -%>
-local-zone: "29.172.in-addr.arpa" nodefault
-forward-zone:
-	name: "29.172.in-addr.arpa"
-	forward-host: ns1.debian.org
-	forward-host: ns2.debian.org
-	forward-host: ns3.debian.org
-	forward-host: ns4.debian.com
-<% end -%>