From f560df8e347ddfef3345517fd3c3cc2fbb7b40f5 Mon Sep 17 00:00:00 2001 From: Warren Baker Date: Tue, 27 Aug 2013 14:20:33 +0200 Subject: Make sure reverse entries are correctly added so that DNS Rebinding does not block reverse DNS records --- config/unbound/unbound.inc | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'config/unbound') diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index e53168eb..e9528881 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -1,6 +1,6 @@ $ips) { - if($pvt == true) { - $domain_entries .= "private-domain: \"$domain\"\n"; - $domain_entries .= "domain-insecure: \"$domain\"\n"; + if ($pvt == true) { + if (strpos($domain, "in-addr.arpa") !== false) + $domain_entries .= "local-zone: \"$domain\" nodefault\n"; + else + $domain_entries .= "private-domain: \"$domain\"\n"; + if (isset($config['installedpackages']['unbound']['config'][0]['dnssec_status'])) + $domain_entries .= "domain-insecure: \"$domain\"\n"; } else { $domain_entries .= "stub-zone:\n"; $domain_entries .= "\tname: \"$domain\"\n"; - foreach($ips as $ip) { + foreach($ips as $ip) $domain_entries .= "\tstub-addr: $ip\n"; - } $domain_entries .= "\tstub-prime: no\n"; } } -- cgit v1.2.3