From 99cadb743af795134733ce2e229e53c3c0e7359b Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu, 30 Jan 2020 13:07:01 +0100
Subject: [PATCH] ids-functions.pl: Fall back to $EXTERNAL_NET for DNS servers

When no DNS servers are configured (aka recursor mode), the
DNS servers that unbound will try to contact can be anywhere.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 config/cfgroot/ids-functions.pl | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 186c39ac78..af8a927e0b 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -718,10 +718,7 @@ sub generate_dns_servers_file() {
 	if (@nameservers) {
 		$line = join(",", @nameservers);
 	} else {
-		# The responsible DNS servers on red are directly used, and because we are not able
-		# to specify each single DNS server address here, we currently have to thread each
-		# address which is not part of the HOME_NET as possible DNS server.
-		$line = "!\$HOME_NET";
+		$line = "\$EXTERNAL_NET";
 	}
 
 	# Open file to store the used DNS server addresses.
-- 
2.39.5