unbound: improve local zone evaluation in UCI

When UCI local zone is private and static, Unbound covered private addresses with defaults. Optional delegated global IP6 prefix protection lacked a static zone, but it was prevented from appearing in global DNS responses. Domain names router-as-TLD, "lan." and "local." were static, but they lacked default SOA or NS such as Unbound had assinged to private addresses. Clean up these local zones UCI evaluation and block global DNS inclusion. Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2025-12-26 11:16:31 +04:00 · 2018-06-10 15:20:24 -04:00
parent d6e7f64a3d
commit a7fd69233d
5 changed files with 190 additions and 78 deletions
--- a/net/unbound/files/iptools.sh
+++ b/net/unbound/files/iptools.sh
@@ -138,3 +138,25 @@ private_subnet() {

 ##############################################################################

+domain_ptr_any() {
+  local subnet=$1
+  local arpa validip4 validip6
+
+  validip4=$( valid_subnet4 $subnet )
+  validip6=$( valid_subnet6 $subnet )
+
+
+  if [ "$validip4" = "ok" ] ; then
+    arpa=$( domain_ptr_ip4 "$subnet" )
+  elif [ "$validip6" = "ok" ] ; then
+    arpa=$( domain_ptr_ip6 "$subnet" )
+  fi
+
+
+  if [ -n "$arpa" ] ; then
+    echo $arpa
+  fi
+}
+
+##############################################################################
+