From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 4 Nov 2016 17:43:05 +0000 (+0000)
Subject: unbound: Allow list of INSECURE_ZONES being set in sysconfig
X-Git-Tag: v2.19-core108~20^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ebc0a16e23b438fb79e981be0fda612cf17fdcb;p=ipfire-2.x.git

unbound: Allow list of INSECURE_ZONES being set in sysconfig

A list of DNS zones can be given for which DNSSEC validation
will be disabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/initscripts/init.d/unbound b/src/initscripts/init.d/unbound
index 68c15aa40c..01a560d404 100644
--- a/src/initscripts/init.d/unbound
+++ b/src/initscripts/init.d/unbound
@@ -12,6 +12,7 @@ TEST_DOMAIN="ipfire.org"
 # This domain will never validate
 TEST_DOMAIN_FAIL="dnssec-failed.org"
 
+INSECURE_ZONES=
 USE_FORWARDERS=1
 
 # Cache any local zones for 60 seconds
@@ -151,7 +152,7 @@ write_forward_conf() {
 	(
 		config_header
 
-		local insecure_zones
+		local insecure_zones="${INSECURE_ZONES}"
 
 		local enabled zone server remark
 		while IFS="," read -r enabled zone server remark; do