From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 9 Oct 2018 18:07:04 +0000 (+0200)
Subject: Do not put our 29.172.in-addr.arpa zone into unbound configs behind fascist firewalls, 3
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f367a8ac9aedb04b08015529a445b1869a46ccb5;p=mirror%2Fdsa-puppet.git

Do not put our 29.172.in-addr.arpa zone into unbound configs behind fascist firewalls, 3
---

diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index 79f172a52..0d24653fd 100644
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -57,7 +57,7 @@ class unbound {
 	}
 	file { '/var/lib/unbound/29.172.in-addr.arpa.key':
 		ensure  => $firewall_blocks_dns ? { true  => 'absent', default => 'present' },
-		replace => false,
+		replace => $firewall_blocks_dns ? { true  => true, default => false },
 		owner   => unbound,
 		group   => unbound,
 		mode    => '0644',