From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 5/5] resolv.conf: Add "trust-ad" option
Date: Wed, 05 Feb 2020 11:45:47 +0000
Message-ID: <20200205114547.16047-5-michael.tremer@ipfire.org>
In-Reply-To: <20200205114547.16047-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5918320564309622588=="
List-Id: <development.lists.ipfire.org>

--===============5918320564309622588==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Since we are running unbound locally which always runs DNSSEC
validation, we can simply trust it and pass the ad flag on to
applications which make use of it.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/initscripts/system/localnet | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/initscripts/system/localnet b/src/initscripts/system/localnet
index a16b32e46..0d01bd300 100644
--- a/src/initscripts/system/localnet
+++ b/src/initscripts/system/localnet
@@ -19,6 +19,7 @@ write_resolv_conf() {
 	(
 		[ -n "${DOMAINNAME}" ] && echo "search ${DOMAINNAME}"
 		echo "nameserver 127.0.0.1"
+		echo "options trust-ad"
 	) > /etc/resolv.conf
 }
 
-- 
2.20.1


--===============5918320564309622588==--