From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] unbound: Use recursor mode if no nameservers are configured
Date: Tue, 21 Jan 2020 17:13:06 +0100
Message-ID: <20200121161306.5246-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0218682213016093304=="
List-Id: <development.lists.ipfire.org>

--===============0218682213016093304==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 src/initscripts/system/unbound | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 7df50e9d4..3322c15b5 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -162,19 +162,29 @@ write_forward_conf() {
 			done
 		fi
 
-		echo "forward-zone:"
-		echo "	name: \".\""
+		# Read name servers.
+		nameservers=$(read_name_servers)
 
-		# Force using TLS only
-		if [ "${PROTO}" = "TLS" ]; then
-			echo "	forward-tls-upstream: yes"
+		# Only write forward zones if any nameservers are configured.
+		#
+		# Otherwise fall-back into recursor mode.
+		if [ -n "${nameservers}" ]; then
+
+			echo "forward-zone:"
+			echo "	name: \".\""
+
+			# Force using TLS only
+			if [ "${PROTO}" = "TLS" ]; then
+				echo "	forward-tls-upstream: yes"
+			fi
+
+			# Add upstream name servers
+			local ns
+			for ns in ${nameservers}; do
+				echo "	forward-addr: ${ns}"
+			done
 		fi
 
-		# Add upstream name servers
-		local ns
-		for ns in $(read_name_servers); do
-			echo "	forward-addr: ${ns}"
-		done
 	) > /etc/unbound/forward.conf
 }
 
-- 
2.25.0.rc0


--===============0218682213016093304==--