use correct test

author Stephen Gran <steve@lobefin.net>

Sun, 14 Apr 2013 16:09:16 +0000 (17:09 +0100)

committer Stephen Gran <steve@lobefin.net>

Sun, 14 Apr 2013 16:09:16 +0000 (17:09 +0100)
author Stephen Gran <steve@lobefin.net>
Sun, 14 Apr 2013 16:09:16 +0000 (17:09 +0100)
committer Stephen Gran <steve@lobefin.net>
Sun, 14 Apr 2013 16:09:16 +0000 (17:09 +0100)
diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp

index 5261009..587b19b 100644 (file)
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -10,6 +10,7 @@ class unbound {
  
         $is_recursor   = getfromhash($site::nodeinfo, 'misc', 'resolver-recursive')
         $client_ranges = getfromhash($site::nodeinfo, 'hoster', 'allow_dns_query')
+       $dodgy_ns      = getfromhash($site::nodeinfo, 'hoster', 'nameservers_break_dnssec')
         $ns            = hiera('nameservers')
  
         package { 'unbound':
diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb

index 5dad163..0546980 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -44,7 +44,7 @@ server:
         auto-trust-anchor-file: "/var/lib/unbound/root.key"
         auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
  
-<% if not @is_recursor and not @client_ranges -%>
+<% if not @is_recursor and not @dodgy_ns -%>
  forward-zone:
         name: "."
  <% @ns.to_a.flatten.each do |nms| -%>
author	Stephen Gran <steve@lobefin.net>
	Sun, 14 Apr 2013 16:09:16 +0000 (17:09 +0100)
committer	Stephen Gran <steve@lobefin.net>
	Sun, 14 Apr 2013 16:09:16 +0000 (17:09 +0100)
modules/unbound/manifests/init.pp		patch \| blob \| history
modules/unbound/templates/unbound.conf.erb		patch \| blob \| history