unbound: Fix for DNS forwarding of .local zones

[ipfire-2.x.git] / src / initscripts / init.d / unbound

diff --git a/src/initscripts/init.d/unbound b/src/initscripts/init.d/unbound
index 4e424775edf1f221b354f790c5139de9f2a071e1..a7952fc1cc706d20b77c34b1c7defe34462075ae 100644 (file)
--- a/src/initscripts/init.d/unbound
+++ b/src/initscripts/init.d/unbound
@@ -168,16 +168,34 @@ write_forward_conf() {
        (
                config_header
 
+               local insecure_zones
+
                local enabled zone server remark
                while IFS="," read -r enabled zone server remark; do
                        # Line must be enabled.
                        [ "${enabled}" = "on" ] || continue
 
+                       # Zones that end with .local are commonly used for internal
+                       # zones and therefore not signed
+                       case "${zone}" in
+                               *.local)
+                                       insecure_zones="${insecure_zones} ${zone}"
+                                       ;;
+                       esac
+
                        echo "forward-zone:"
                        echo "  name: ${zone}"
                        echo "  forward-addr: ${server}"
                        echo
                done < /var/ipfire/dnsforward/config
+
+               if [ -n "${insecure_zones}" ]; then
+                       echo "server:"
+
+                       for zone in ${insecure_zones}; do
+                               echo "  domain-insecure: ${zone}"
+                       done
+               fi
        ) > /etc/unbound/forward.conf
 }