unbound: Mark domains as insecure from DNS forwarding
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 5 Mar 2019 16:58:29 +0000 (16:58 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 5 Mar 2019 16:58:29 +0000 (16:58 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/initscripts/system/unbound

index 2ef994e..af9bcef 100644 (file)
@@ -197,8 +197,8 @@ write_forward_conf() {
 
                local insecure_zones="${INSECURE_ZONES}"
 
-               local enabled zone server servers remark
-               while IFS="," read -r enabled zone servers remark; do
+               local enabled zone server servers remark disable_dnssec rest
+               while IFS="," read -r enabled zone servers remark disable_dnssec rest; do
                        # Line must be enabled.
                        [ "${enabled}" = "on" ] || continue
 
@@ -208,6 +208,11 @@ write_forward_conf() {
                                *.local)
                                        insecure_zones="${insecure_zones} ${zone}"
                                        ;;
+                               *)
+                                       if [ "${disable_dnssec}" = "on" ]; then
+                                               insecure_zones="${insecure_zones} ${zone}"
+                                       fi
+                                       ;;
                        esac
 
                        # Reverse-lookup zones must be stubs