X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Funbound%2Ftemplates%2Funbound.conf.erb;h=4f0160303bf8dcc044786b9083b1f843f7e0be42;hb=757a3f72fd630ed38e2f5da4c16825ba6d41cce3;hp=4da955ffd25a4e68659167f7e1e570be6a119410;hpb=e05673fceab5b68e33fb5ed4661ede6217fb919e;p=mirror%2Fdsa-puppet.git

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 4da955ffd..4f0160303 100644
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -6,7 +6,7 @@
 server:
 	verbosity: 1
 
-<% if @is_recursor && not @client_ranges.empty? -%>
+<% if (@is_recursor and (not @client_ranges.empty?)) -%>
 	interface: 0.0.0.0
 	interface: ::0
 
@@ -43,6 +43,7 @@ server:
 	# auto-trust-anchor-file: ""
 	auto-trust-anchor-file: "/var/lib/unbound/root.key"
 	auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+	auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
 
 # recursive: <%= @is_recursor ? "y" : "n" %>
 <% if not @is_recursor -%>
@@ -51,7 +52,20 @@ forward-zone:
 <% @ns.to_a.flatten.each do |nms| -%>
 	forward-addr: <%= nms %>
 <% end -%>
+<% if @lsbmajdistrelease >= '7' -%>
+	# This will actually only work starting with unbound 1.4.18 (wheezy has 1.4.17)
+	# previously, forward-first was not implemented for the root zone.
+	forward-first: yes
 <% end -%>
-<% if hostname == "zappa" -%>
-edns-buffer-size: 512
+
+# XXX : we probably ought to forward 172.29 reverse queries to our nameserver
+# if our forwarders are not ours.
+<% else -%>
+local-zone: "29.172.in-addr.arpa" nodefault
+forward-zone:
+	name: "29.172.in-addr.arpa"
+	forward-host: ns1.debian.org
+	forward-host: ns2.debian.org
+	forward-host: ns3.debian.org
+	forward-host: ns4.debian.com
 <% end -%>