From: Michael Tremer Date: Fri, 4 Nov 2016 17:00:24 +0000 (+0000) Subject: unbound: Allow recursion from everywhere X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3ddad158cd5fd4a311812bdcd52a46cbb9ca4866;p=people%2Fms%2Fipfire-2.x.git unbound: Allow recursion from everywhere Users use the IPFire DNS service from VPNs and other routed networks. Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/core/107/update.sh b/config/rootfiles/core/107/update.sh index b8987b05c3..dd6b33e2f0 100644 --- a/config/rootfiles/core/107/update.sh +++ b/config/rootfiles/core/107/update.sh @@ -138,6 +138,7 @@ esac tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / # Remove some old files +rm -f /etc/unbound/interfaces.conf # update linker config ldconfig diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index 5193dd9312..a6cdc4d948 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -62,21 +62,15 @@ server: use-caps-for-id: no # Listen on all interfaces + interface-automatic: no interface: 0.0.0.0 - # Deny access from everywhere - access-control: 0.0.0.0/0 refuse - - # Allow access from localhost - access-control: 127.0.0.0/8 allow + # Allow access from everywhere + access-control: 0.0.0.0/0 allow # Bootstrap root servers root-hints: "/etc/unbound/root.hints" - # IPFire interface configuration - include: "/etc/unbound/interfaces.conf" - interface-automatic: no - # Include DHCP leases include: "/etc/unbound/dhcp-leases.conf" diff --git a/src/initscripts/init.d/unbound b/src/initscripts/init.d/unbound index a7952fc1cc..68c15aa40c 100644 --- a/src/initscripts/init.d/unbound +++ b/src/initscripts/init.d/unbound @@ -147,23 +147,6 @@ update_hosts() { done < /var/ipfire/main/hosts } -write_interfaces_conf() { - ( - config_header - - # 1.1.1.1 is reserved for unused green - if [ -n "${GREEN_ADDRESS}" -a "${GREEN_ADDRESS}" != "1.1.1.1" ]; then - echo "# allow access from GREEN" - echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow" - fi - - if [ -n "${BLUE_ADDRESS}" ]; then - echo "# allow access from BLUE" - echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow" - fi - ) > /etc/unbound/interfaces.conf -} - write_forward_conf() { ( config_header @@ -351,7 +334,6 @@ case "$1" in # Update configuration files write_tuning_conf - write_interfaces_conf write_forward_conf boot_mesg "Starting Unbound DNS Proxy..."