From 50005ad1d4da8a95dac1518d40e02344de58944f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 7 Jan 2020 12:55:35 +0000
Subject: [PATCH] unbound: Write upstream name servers to forward.conf

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/unbound | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 89b1f7afd1..93db3e1dfc 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -248,6 +248,30 @@ write_forward_conf() {
 				echo "	domain-insecure: ${zone}"
 			done
 		fi
+
+		echo "forward-zone:"
+		echo "	name: \".\""
+
+		# Force using TLS only
+		if [ "${FORCE_TLS}" = "on" ]; then
+			echo "	forward-tls-upstream: yes"
+		fi
+
+		# Add upstream name servers
+		local id address tls_hostname enabled remark
+		while IFS="," read -r id address tls_hostname enabled remark; do
+			# Skip disabled servers
+			[ "${enabled}" != "enabled" ] && continue
+
+			# Set DNS server
+			if [ "${PROTO}" = "TLS" ]; then
+				if [ -n "${tls_hostname}" ]; then
+					echo "	forward-addr: ${address}@853#${tls_hostname}"
+				fi
+			else
+				echo "	forward-addr: ${address}"
+			fi
+		done < /var/ipfire/dns/servers
 	) > /etc/unbound/forward.conf
 }
 
-- 
2.39.5