X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Funbound%2Ftemplates%2Funbound.conf.erb;h=4206f81b2ae3a089c3b869547c29255b47c7ddc0;hb=714e58e4a33a61cb351c5352534a63e8ec6e7b7a;hp=7ffc35fd796fd398f29a61d3a8719fdb9138085a;hpb=ee7d91317ec6efd38f8a281c096c68c48425b64b;p=mirror%2Fdsa-puppet.git

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 7ffc35fd7..4206f81b2 100644
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -43,13 +43,15 @@ server:
 	# auto-trust-anchor-file: ""
 	auto-trust-anchor-file: "/var/lib/unbound/root.key"
 	auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+<% if not @firewall_blocks_dns %>
 	auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
+<% end -%>
 
 	prefetch: yes
 	prefetch-key: yes
 
 
-<% if not hiera('firewall_blocks_dns', false) %>
+<% if not @firewall_blocks_dns %>
 local-zone: "29.172.in-addr.arpa" nodefault
 forward-zone:
 	name: "29.172.in-addr.arpa"