From 2aa15dee660214bfe4f402ff7c34c28b9bb068bc Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Dec 2016 17:13:07 +0000 Subject: [PATCH] unbound: Fix DNS forwarder test The previous version aborted when the validation test suceeded, but this is not always sufficient in case a provider filters any DNSKEY, DS or RRSIG records. Signed-off-by: Michael Tremer --- config/rootfiles/core/108/filelists/files | 1 + config/rootfiles/core/108/update.sh | 3 +++ src/initscripts/init.d/unbound | 12 +++++++----- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/core/108/filelists/files b/config/rootfiles/core/108/filelists/files index 7ef09c48b8..6cce4ead17 100644 --- a/config/rootfiles/core/108/filelists/files +++ b/config/rootfiles/core/108/filelists/files @@ -1,5 +1,6 @@ etc/system-release etc/issue +etc/rc.d/init.d/unbound etc/syslog.conf etc/unbound/unbound.conf srv/web/ipfire/cgi-bin/fwhosts.cgi diff --git a/config/rootfiles/core/108/update.sh b/config/rootfiles/core/108/update.sh index 3874a6e707..ba4a6690e0 100644 --- a/config/rootfiles/core/108/update.sh +++ b/config/rootfiles/core/108/update.sh @@ -43,6 +43,9 @@ ldconfig # Update Language cache #/usr/local/bin/update-lang-cache +# Reload unbound upstream name servers +/etc/init.d/unbound update-forwarders + # Start services /etc/init.d/sysklogd restart if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then diff --git a/src/initscripts/init.d/unbound b/src/initscripts/init.d/unbound index 1ecbf229ea..6c7be6cfda 100644 --- a/src/initscripts/init.d/unbound +++ b/src/initscripts/init.d/unbound @@ -259,9 +259,6 @@ test_name_server() { # Exit when the server is not reachable ns_is_online ${ns} || return 1 - # Return 0 if validating - ns_is_validating ${ns} && return 0 - local errors for rr in DNSKEY DS RRSIG; do if ! ns_forwards_${rr} ${ns}; then @@ -274,8 +271,13 @@ test_name_server() { return 3 fi - # Is DNSSEC-aware - return 2 + if ns_is_validating ${ns}; then + # Return 0 if validating + return 0 + else + # Is DNSSEC-aware + return 2 + fi } # Sends an A query to the nameserver w/o DNSSEC -- 2.39.5