Import unblock-lan-zones feature backported from upstream svn trunk.

This is a partial fix for reverse lookups in RFC 1918 networks.  With
this option enabled, unbound no longer ignores these queries; however,
it will still reject the answer it gets from the forwarder, because
the RFC 1918 reverse zones are signed.

Submitted by:	"W.C.A. Wijngaards" <wouter@nlnetlabs.nl>

1 files changed, 10 insertions, 0 deletions

diff --git a/contrib/unbound/services/localzone.c b/contrib/unbound/services/localzone.c
index ac889799..a1688e1 100644
--- a/contrib/unbound/services/localzone.c
+++ b/contrib/unbound/services/localzone.c
@@ -594,6 +594,8 @@ lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
 
 	/* this list of zones is from RFC 6303 */
 
+	/* block localhost level zones, first, later the LAN zones */
+
 	/* localhost. zone */
 	if(!lz_exists(zones, "localhost.") &&
 		!lz_nodefault(cfg, "localhost.")) {
@@ -650,6 +652,14 @@ lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
 		}
 		lock_rw_unlock(&z->lock);
 	}
+
+	/* if unblock lan-zones, then do not add the zones below.
+	 * we do add the zones above, about 127.0.0.1, because localhost is
+	 * not on the lan. */
+	if(cfg->unblock_lan_zones)
+		return 1;
+
+	/* block LAN level zones */
 	if (	!add_as112_default(zones, cfg, "10.in-addr.arpa.") ||
 		!add_as112_default(zones, cfg, "16.172.in-addr.arpa.") ||
 		!add_as112_default(zones, cfg, "17.172.in-addr.arpa.") ||