From 209827ab9db312de972c9c9b9e7b1c0f92948320 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 12 Nov 2019 12:43:28 +0000
Subject: [PATCH] unbound: Convert forward zones to stub zones

It was incorrect to use forward zones here, because that
assumes that unbound is talking a recursive resolver here.

The feature is however designed to be talking to an authoritative
server.

Fixes: #12230
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/unbound | 35 ++++++++++++----------------------
 1 file changed, 12 insertions(+), 23 deletions(-)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 89914480eb..e1f8b230aa 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -242,35 +242,24 @@ write_forward_conf() {
 					;;
 			esac
 
-			# Reverse-lookup zones must be stubs
+			echo "stub-zone:"
+			echo "	name: ${zone}"
+			for server in ${servers//|/ }; do
+				if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+					echo "	stub-addr: ${server}"
+				else
+					echo "	stub-host: ${server}"
+				fi
+			done
+			echo
+
+			# Make all reverse lookup zones transparent
 			case "${zone}" in
 				*.in-addr.arpa)
-					echo "stub-zone:"
-					echo "	name: ${zone}"
-					for server in ${servers//|/ }; do
-						if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-							echo "	stub-addr: ${server}"
-						else
-							echo "	stub-host: ${server}"
-						fi
-					done
-					echo
 					echo "server:"
 					echo "	local-zone: \"${zone}\" transparent"
 					echo
 					;;
-				*)
-					echo "forward-zone:"
-					echo "	name: ${zone}"
-					for server in ${servers//|/ }; do
-						if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-							echo "	forward-addr: ${server}"
-						else
-							echo "	forward-host: ${server}"
-						fi
-					done
-					echo
-					;;
 			esac
 		done < /var/ipfire/dnsforward/config
 
-- 
2.39.5