unbound: allow generic options to be appended to forward zones

Fixes #10
NetworkConfiguration · Apr 13, 2023 · e521eed · e521eed
1 parent 24d2882
commit e521eed
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/resolvconf.conf.5.in b/resolvconf.conf.5.in
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd October 1, 2020
+.Dd April 13, 2023
 .Dt RESOLVCONF.CONF 5
 .Os
 .Sh NAME
@@ -322,6 +322,9 @@ forward-zones-file=/etc/pdns/recursor-zones.conf
 This file tells unbound about specific and global name servers.
 .It Sy unbound_insecure
 When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC.
+.It Sy unbound_forward_zone_options
+Options appended to each forward zone.
+Each option should be separated by an embedded new line.
 .Pp
 Example resolvconf.conf for unbound:
 .Bd -compact -literal -offset indent

diff --git a/unbound.in b/unbound.in
@@ -49,6 +49,9 @@ for d in $DOMAINS; do
 		;;
 	esac
 	newconf="$newconf${NL}forward-zone:$NL	name: \"$dn\"$NL"
+	if [ -n "$unbound_forward_zone_options" ]; then
+		newconf="$newconf	$unbound_forward_zone_options${NL}"
+	fi
 	while [ -n "$ns" ]; do
 		newconf="$newconf	forward-addr: ${ns%%,*}$NL"
 		[ "$ns" = "${ns#*,}" ] && break
@@ -58,6 +61,9 @@ done
 
 if [ -n "$NAMESERVERS" ]; then
 	newconf="$newconf${NL}forward-zone:$NL	name: \".\"$NL"
+	if [ -n "$unbound_forward_zone_options" ]; then
+		newconf="$newconf	$unbound_forward_zone_options${NL}"
+	fi
 	for n in $NAMESERVERS; do
 		newconf="$newconf	forward-addr: $n$NL"
 	done