From 1b6b8d97aac8a8056a4ef5c9d571a1947551e17f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 6 Apr 2020 15:10:25 +0000
Subject: [PATCH] unbound: Set domains with local data into type transparent
 mode

Records which are from the same domain than the IPFire hostname
might not be returned by unbound. This change explicitely instructs
unbound to check local data before checking the global DNS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 src/initscripts/system/unbound | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 1cf26ec0e5..35477ae281 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -72,8 +72,18 @@ write_hosts_conf() {
 			echo "local-data: \"${address} ${LOCAL_TTL} IN PTR ${HOSTNAME}\""
 		done
 
-		# Add all hosts
 		local enabled address hostname domainname generateptr
+
+		# Find all unique domain names
+		while IFS="," read -r enabled address hostname domainname generateptr; do
+			[ "${enabled}" = "on" ] || continue
+
+			echo "${domainname}"
+		done < /var/ipfire/main/hosts | sort -u | while read -r domainname; do
+			echo "local-zone: ${domainname} typetransparent"
+		done
+
+		# Add all hosts
 		while IFS="," read -r enabled address hostname domainname generateptr; do
 			[ "${enabled}" = "on" ] || continue
 
-- 
2.39.5