unbound_insecure can disable DNSSEC for all domains processed.
[openresolv] / unbound.in
index 633c7f0dffc1f3feb8d929fbfbac7a026a6024f6..be70a9d89c8996f2ebd1521a0fe0ccb43c6691b6 100644 (file)
@@ -26,6 +26,8 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+unbound_insecure=
+
 [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
 . "@SYSCONFDIR@/resolvconf.conf" || exit 1
 [ -z "$unbound_conf" ] && exit 0
@@ -41,6 +43,9 @@ newconf="# Generated by resolvconf$NL"
 for d in $DOMAINS; do
        dn="${d%%:*}"
        ns="${d#*:}"
+       if [ -n "$unbound_insecure" ]; then
+               newconf="$newconf${NL}domain-insecure: \"$dn\""
+       fi
        newconf="$newconf${NL}forward-zone:$NL  name: \"$dn\"$NL"
        while [ -n "$ns" ]; do
                newconf="$newconf       forward-addr: ${ns%%,*}$NL"