variable assignment does not clone string...

[dsa-puppet.git] / modules / unbound / templates / unbound.conf.erb

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 0546980c995788b0702554993c78ddb335fdfabe..8e06b7df09a2baaeb1adb2d2008785440e0b3f10 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -6,7 +6,7 @@
 server:
        verbosity: 1
 
-<% if @is_recursor && @client_ranges -%>
+<% if (@is_recursor and (not @client_ranges.empty?)) -%>
        interface: 0.0.0.0
        interface: ::0
 
@@ -43,14 +43,25 @@ server:
        # auto-trust-anchor-file: ""
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+       auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
 
-<% if not @is_recursor and not @dodgy_ns -%>
+local-zone: "29.172.in-addr.arpa" nodefault
+forward-zone:
+       name: "29.172.in-addr.arpa"
+       forward-host: geo1.debian.org
+       forward-host: geo2.debian.org
+       forward-host: geo3.debian.org
+
+# recursive: <%= @is_recursor ? "y" : "n" %>
+<% if not @is_recursor -%>
 forward-zone:
        name: "."
 <% @ns.to_a.flatten.each do |nms| -%>
        forward-addr: <%= nms %>
 <% end -%>
+<% if @lsbmajdistrelease >= '7' -%>
+       # This will actually only work starting with unbound 1.4.18 (wheezy has 1.4.17)
+       # previously, forward-first was not implemented for the root zone.
+       forward-first: yes
 <% end -%>
-<% if hostname == "zappa" -%>
-edns-buffer-size: 512
 <% end -%>