From a32fd634ceb2e2227fb5e4104b5c9f1cfa5263d0 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 7 Jan 2020 16:02:14 +0000
Subject: [PATCH] unbound: Do not update the forwarders when we are running in
 TLS mode

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/unbound | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 6290127b8a..e1de95f995 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -302,9 +302,13 @@ resolve() {
 }
 
 update_forwarders() {
-	# DO nothing when we do not use the ISP name servers
+	# Do nothing when we do not use the ISP name servers
 	[ "${USE_ISP_NAMESERVERS}" != "on" ] && return 0
 
+	# We cannot update anything when using TLS
+	# Unbound will then try to connect to the servers using UDP on port 853
+	[ "${PROTO}" = "TLS" ] && return 0
+
 	# Update unbound about the new servers
 	local nameservers=( $(read_name_servers) )
 	if [ -n "${nameservers[*]}" ]; then
-- 
2.39.5