X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Funbound%2Ftemplates%2Funbound.conf.erb;h=e885ec95533159097f1dd3e8d243e41fa1200bb7;hb=de168787833dddc604663b6ee79e7abdaf158737;hp=e8e8b581bb4560f408855ccb6fe1e24d3d029fad;hpb=8dd7b4e63c9b1a28a93d6850a29cc25c69e27531;p=mirror%2Fdsa-puppet.git

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index e8e8b581b..e885ec955 100644
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -43,17 +43,8 @@ server:
 	# auto-trust-anchor-file: ""
 	auto-trust-anchor-file: "/var/lib/unbound/root.key"
 	auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+	auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
 
-# recursive: <%= @is_recursor ? "y" : "n" %>
-<% if not @is_recursor -%>
-forward-zone:
-	name: "."
-<% @ns.to_a.flatten.each do |nms| -%>
-	forward-addr: <%= nms %>
-<% end -%>
-# XXX : we probably ought to forward 172.29 reverse queries to our nameserver
-# if our forwarders are not ours.
-<% else -%>
 local-zone: "29.172.in-addr.arpa" nodefault
 forward-zone:
 	name: "29.172.in-addr.arpa"
@@ -61,7 +52,17 @@ forward-zone:
 	forward-host: ns2.debian.org
 	forward-host: ns3.debian.org
 	forward-host: ns4.debian.com
+
+# recursive: <%= @is_recursor ? "y" : "n" %>
+<% if not @is_recursor -%>
+forward-zone:
+	name: "."
+<% @ns.to_a.flatten.each do |nms| -%>
+	forward-addr: <%= nms %>
+<% end -%>
+<% if @lsbmajdistrelease >= '7' -%>
+	# This will actually only work starting with unbound 1.4.18 (wheezy has 1.4.17)
+	# previously, forward-first was not implemented for the root zone.
+	forward-first: yes
 <% end -%>
-<% if hostname == "zappa" -%>
-edns-buffer-size: 512
 <% end -%>