Do not put our 29.172.in-addr.arpa zone into unbound configs behind fascist firewalls, 2

author Peter Palfrader <peter@palfrader.org>

Tue, 9 Oct 2018 18:02:34 +0000 (20:02 +0200)

committer Peter Palfrader <peter@palfrader.org>

Tue, 9 Oct 2018 18:02:34 +0000 (20:02 +0200)
author Peter Palfrader <peter@palfrader.org>
Tue, 9 Oct 2018 18:02:34 +0000 (20:02 +0200)
committer Peter Palfrader <peter@palfrader.org>
Tue, 9 Oct 2018 18:02:34 +0000 (20:02 +0200)
diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp

index bb9e4d8..79f172a 100644 (file)
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -7,6 +7,8 @@
  #   include unbound
  #
  class unbound {
+       include stdlib
+
         $is_recursor   = getfromhash($site::nodeinfo, 'misc', 'resolver-recursive')
         $client_ranges = hiera('allow_dns_query')
         $firewall_blocks_dns = hiera('firewall_blocks_dns', false)
diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb

index 7ffc35f..e33b519 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -49,7 +49,7 @@ server:
         prefetch-key: yes
  
  
-<% if not hiera('firewall_blocks_dns', false) %>
+<% if not @firewall_blocks_dns %>
  local-zone: "29.172.in-addr.arpa" nodefault
  forward-zone:
         name: "29.172.in-addr.arpa"
author	Peter Palfrader <peter@palfrader.org>
	Tue, 9 Oct 2018 18:02:34 +0000 (20:02 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Tue, 9 Oct 2018 18:02:34 +0000 (20:02 +0200)
modules/unbound/manifests/init.pp		patch \| blob \| history
modules/unbound/templates/unbound.conf.erb		patch \| blob \| history