From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 9 Jan 2014 12:46:35 +0000 (+0100)
Subject: Forward 29.172.in-addr.arpa to ns[1234] even if we are not recursive and would usuall... 
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=c41c1433b9dd0394c6b186d93d4c9ce92555f9f4;p=mirror%2Fdsa-puppet.git

Forward 29.172.in-addr.arpa to ns[1234] even if we are not recursive and would usually use a forwarder upstream
---

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 4f0160303..e885ec955 100644
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -45,6 +45,14 @@ server:
 	auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
 	auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
 
+local-zone: "29.172.in-addr.arpa" nodefault
+forward-zone:
+	name: "29.172.in-addr.arpa"
+	forward-host: ns1.debian.org
+	forward-host: ns2.debian.org
+	forward-host: ns3.debian.org
+	forward-host: ns4.debian.com
+
 # recursive: <%= @is_recursor ? "y" : "n" %>
 <% if not @is_recursor -%>
 forward-zone:
@@ -57,15 +65,4 @@ forward-zone:
 	# previously, forward-first was not implemented for the root zone.
 	forward-first: yes
 <% end -%>
-
-# XXX : we probably ought to forward 172.29 reverse queries to our nameserver
-# if our forwarders are not ours.
-<% else -%>
-local-zone: "29.172.in-addr.arpa" nodefault
-forward-zone:
-	name: "29.172.in-addr.arpa"
-	forward-host: ns1.debian.org
-	forward-host: ns2.debian.org
-	forward-host: ns3.debian.org
-	forward-host: ns4.debian.com
 <% end -%>