unbound: Do not update the forwarders when we are running in TLS mode

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 6290127b8aba0be834f670380763b3230cd65dbe..e1de95f99510e3dac589aab45853a646c49abcf4 100644 (file)
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -302,9 +302,13 @@ resolve() {
 }
 
 update_forwarders() {
-       # DO nothing when we do not use the ISP name servers
+       # Do nothing when we do not use the ISP name servers
        [ "${USE_ISP_NAMESERVERS}" != "on" ] && return 0
 
+       # We cannot update anything when using TLS
+       # Unbound will then try to connect to the servers using UDP on port 853
+       [ "${PROTO}" = "TLS" ] && return 0
+
        # Update unbound about the new servers
        local nameservers=( $(read_name_servers) )
        if [ -n "${nameservers[*]}" ]; then