diff --git a/net/unbound/Makefile b/net/unbound/Makefile index b3e966c22..070f852ca 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.6.7 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index e0a1e5254..7e0043a2a 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -60,6 +60,8 @@ UNBOUND_TXT_DOMAIN=lan UNBOUND_TXT_FWD_ZONE="" UNBOUND_TXT_HOSTNAME=thisrouter +UNBOUND_LIST_INSECURE="" + ############################################################################## # keep track of local-domain: assignments during inserted resource records @@ -394,7 +396,7 @@ create_access_control() { ############################################################################## create_domain_insecure() { - echo " domain-insecure: \"$1\"" >> $UNBOUND_CONFFILE + UNBOUND_LIST_INSECURE="$UNBOUND_LIST_INSECURE $1" } ############################################################################## @@ -568,8 +570,7 @@ unbound_control() { ############################################################################## unbound_conf() { - local cfg="$1" - local rt_mem rt_conn modulestring + local rt_mem rt_conn modulestring domain # Make fresh conf file echo > $UNBOUND_CONFFILE @@ -862,9 +863,15 @@ unbound_conf() { fi - # Except and accept domains as insecure (DNSSEC); work around broken domains - config_list_foreach "$cfg" "domain_insecure" create_domain_insecure - echo >> $UNBOUND_CONFFILE + if [ -n "$UNBOUND_LIST_INSECURE" ] ; then + for domain in $UNBOUND_LIST_INSECURE ; do + # Except and accept domains without (DNSSEC); work around broken domains + echo " domain-insecure: \"$domain\"" >> $UNBOUND_CONFFILE + done + + + echo >> $UNBOUND_CONFFILE + fi } ############################################################################## @@ -1043,6 +1050,8 @@ unbound_uci() { config_get UNBOUND_TTL_MIN "$cfg" ttl_min 120 config_get UNBOUND_TXT_DOMAIN "$cfg" domain lan + config_list_foreach "$cfg" "domain_insecure" create_domain_insecure + UNBOUND_LIST_DOMAINS="nowhere $UNBOUND_TXT_DOMAIN" if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then @@ -1163,6 +1172,7 @@ unbound_start() { unbound_access unbound_adblock + if [ "$UNBOUND_D_DHCP_LINK" = "dnsmasq" ] ; then dnsmasq_link else