Do not put our 29.172.in-addr.arpa zone into unbound configs behind fascist firewalls, 4

author Peter Palfrader <peter@palfrader.org>

Tue, 9 Oct 2018 18:21:21 +0000 (20:21 +0200)

committer Peter Palfrader <peter@palfrader.org>

Tue, 9 Oct 2018 18:21:21 +0000 (20:21 +0200)
author Peter Palfrader <peter@palfrader.org>
Tue, 9 Oct 2018 18:21:21 +0000 (20:21 +0200)
committer Peter Palfrader <peter@palfrader.org>
Tue, 9 Oct 2018 18:21:21 +0000 (20:21 +0200)
diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb

index e33b519..4206f81 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -43,7 +43,9 @@ server:
         # auto-trust-anchor-file: ""
         auto-trust-anchor-file: "/var/lib/unbound/root.key"
         auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+<% if not @firewall_blocks_dns %>
         auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
+<% end -%>
  
         prefetch: yes
         prefetch-key: yes
author	Peter Palfrader <peter@palfrader.org>
	Tue, 9 Oct 2018 18:21:21 +0000 (20:21 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Tue, 9 Oct 2018 18:21:21 +0000 (20:21 +0200)