From ab4ef40f2bfb4bd5de22c1d6ef5213c60602b329 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue, 21 Jan 2020 17:13:06 +0100
Subject: [PATCH] unbound: Use recursor mode if no nameservers are configured

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 src/initscripts/system/unbound | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 7df50e9d46..3322c15b5f 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -162,19 +162,29 @@ write_forward_conf() {
 			done
 		fi
 
-		echo "forward-zone:"
-		echo "	name: \".\""
+		# Read name servers.
+		nameservers=$(read_name_servers)
 
-		# Force using TLS only
-		if [ "${PROTO}" = "TLS" ]; then
-			echo "	forward-tls-upstream: yes"
+		# Only write forward zones if any nameservers are configured.
+		#
+		# Otherwise fall-back into recursor mode.
+		if [ -n "${nameservers}" ]; then
+
+			echo "forward-zone:"
+			echo "	name: \".\""
+
+			# Force using TLS only
+			if [ "${PROTO}" = "TLS" ]; then
+				echo "	forward-tls-upstream: yes"
+			fi
+
+			# Add upstream name servers
+			local ns
+			for ns in ${nameservers}; do
+				echo "	forward-addr: ${ns}"
+			done
 		fi
 
-		# Add upstream name servers
-		local ns
-		for ns in $(read_name_servers); do
-			echo "	forward-addr: ${ns}"
-		done
 	) > /etc/unbound/forward.conf
 }
 
-- 
2.39.2