This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via a6dcc5bb77760d887f1bee7271590b78437b85f4 (commit) from f95b8b9f7b094b1f3e7f37b000dc26a9ac7a6104 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a6dcc5bb77760d887f1bee7271590b78437b85f4 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 2 15:42:40 2016 +0000
unbound: Fix for DNS forwarding of .local zones
These are traditionally used for Windows domains and should not be used for that. However if they are used like this, DNSSEC validation cannot be used.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/107/filelists/files | 1 + src/initscripts/init.d/unbound | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+)
Difference in files: diff --git a/config/rootfiles/core/107/filelists/files b/config/rootfiles/core/107/filelists/files index b03a86e..1dc0a35 100644 --- a/config/rootfiles/core/107/filelists/files +++ b/config/rootfiles/core/107/filelists/files @@ -1,5 +1,6 @@ etc/system-release etc/issue +etc/rc.d/init.d/unbound srv/web/ipfire/cgi-bin/logs.cgi/log.dat srv/web/ipfire/cgi-bin/traffic.cgi var/ipfire/langs diff --git a/src/initscripts/init.d/unbound b/src/initscripts/init.d/unbound index 4e42477..a7952fc 100644 --- a/src/initscripts/init.d/unbound +++ b/src/initscripts/init.d/unbound @@ -168,16 +168,34 @@ write_forward_conf() { ( config_header
+ local insecure_zones + local enabled zone server remark while IFS="," read -r enabled zone server remark; do # Line must be enabled. [ "${enabled}" = "on" ] || continue
+ # Zones that end with .local are commonly used for internal + # zones and therefore not signed + case "${zone}" in + *.local) + insecure_zones="${insecure_zones} ${zone}" + ;; + esac + echo "forward-zone:" echo " name: ${zone}" echo " forward-addr: ${server}" echo done < /var/ipfire/dnsforward/config + + if [ -n "${insecure_zones}" ]; then + echo "server:" + + for zone in ${insecure_zones}; do + echo " domain-insecure: ${zone}" + done + fi ) > /etc/unbound/forward.conf }
hooks/post-receive -- IPFire 2.x development tree