Configure unbound forwarders unless we are recursive

[dsa-puppet.git] / modules / unbound / templates / unbound.conf.erb

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 35610496c77cfaf5bf87429d22b2cc0177fca52a..ebda9f80b1de8ddaba5a83ac681d0f7eac5a1a9c 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -54,7 +54,17 @@ server:
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
 
-#forward-zone:
-#      name: "."
-#      forward-addr: 192.0.2.1
-#      forward-addr: 192.0.2.199
+<%=
+       out = []
+       unless results['misc']['resolver-recursive']
+               forwarders = nodeinfo['hoster']['nameservers']
+               forwarders ||= []
+
+               out << 'forward-zone:'
+               out << '        name: "."'
+               forwarders.each do |ns|
+                       out << "        forward-addr: #{ns}"
+               end
+       end
+       out.join("\n")
+%>