From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 9 Oct 2018 18:02:34 +0000 (+0200)
Subject: Do not put our 29.172.in-addr.arpa zone into unbound configs behind fascist firewalls, 2
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=0a314c11202f57279204f9f0f8e3367126a5f984;p=mirror%2Fdsa-puppet.git

Do not put our 29.172.in-addr.arpa zone into unbound configs behind fascist firewalls, 2
---

diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index bb9e4d82b..79f172a52 100644
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -7,6 +7,8 @@
 #   include unbound
 #
 class unbound {
+	include stdlib
+
 	$is_recursor   = getfromhash($site::nodeinfo, 'misc', 'resolver-recursive')
 	$client_ranges = hiera('allow_dns_query')
 	$firewall_blocks_dns = hiera('firewall_blocks_dns', false)
diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 7ffc35fd7..e33b519c5 100644
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -49,7 +49,7 @@ server:
 	prefetch-key: yes
 
 
-<% if not hiera('firewall_blocks_dns', false) %>
+<% if not @firewall_blocks_dns %>
 local-zone: "29.172.in-addr.arpa" nodefault
 forward-zone:
 	name: "29.172.in-addr.arpa"