From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 7 Jan 2020 16:02:14 +0000 (+0000)
Subject: unbound: Do not update the forwarders when we are running in TLS mode
X-Git-Tag: v2.25-core141~70^2~38
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=a32fd634ceb2e2227fb5e4104b5c9f1cfa5263d0

unbound: Do not update the forwarders when we are running in TLS mode

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 6290127b8a..e1de95f995 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -302,9 +302,13 @@ resolve() {
 }
 
 update_forwarders() {
-	# DO nothing when we do not use the ISP name servers
+	# Do nothing when we do not use the ISP name servers
 	[ "${USE_ISP_NAMESERVERS}" != "on" ] && return 0
 
+	# We cannot update anything when using TLS
+	# Unbound will then try to connect to the servers using UDP on port 853
+	[ "${PROTO}" = "TLS" ] && return 0
+
 	# Update unbound about the new servers
 	local nameservers=( $(read_name_servers) )
 	if [ -n "${nameservers[*]}" ]; then