unbound: Allow list of INSECURE_ZONES being set in sysconfig

A list of DNS zones can be given for which DNSSEC validation
will be disabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/initscripts/init.d/unbound b/src/initscripts/init.d/unbound
index 68c15aa40c2f16a35bce0c43fcd80c1497633b36..01a560d4044ebc2fd4914c0e43287fe5d50854d5 100644 (file)
--- a/src/initscripts/init.d/unbound
+++ b/src/initscripts/init.d/unbound
@@ -12,6 +12,7 @@ TEST_DOMAIN="ipfire.org"
 # This domain will never validate
 TEST_DOMAIN_FAIL="dnssec-failed.org"
 
 # This domain will never validate
 TEST_DOMAIN_FAIL="dnssec-failed.org"
 

+INSECURE_ZONES=

 USE_FORWARDERS=1
 
 # Cache any local zones for 60 seconds
 USE_FORWARDERS=1
 
 # Cache any local zones for 60 seconds


@@ -151,7 +152,7 @@ write_forward_conf() {
        (
                config_header
 
        (
                config_header
 

-               local insecure_zones
+               local insecure_zones="${INSECURE_ZONES}"

 
                local enabled zone server remark
                while IFS="," read -r enabled zone server remark; do
 
                local enabled zone server remark
                while IFS="," read -r enabled zone server remark; do