From e9162c06ea32f67e0c159e9c226b4e8a1d719122 Mon Sep 17 00:00:00 2001
From: Blackyfff <freifunk@freifunk-herpf.de>
Date: Mon, 25 Jan 2021 20:32:57 +0100
Subject: [PATCH] adding private-domain to unbound config

When having unbound configured to also be a resolver for public internet, it's common to use rebind protection (keyword private-address). But using rebind protection upstream also breaks resolution of icvpn hostnames with IPs in private address range.
Adding private-domain reallows those domains to contain private addresses.

Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>
---
 mkdns | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mkdns b/mkdns
index 9318c43..b6412c9 100755
--- a/mkdns
+++ b/mkdns
@@ -72,6 +72,7 @@ class UnboundForwardFormatter(object):
             self.buffer.append('\n\t# %s' % community)
             for zone in zone_type['forward'].keys():
                 self.buffer.append('\tdomain-insecure: "%s"' % zone)
+                self.buffer.append('\tprivate-domain: "%s"' % zone)
             for zone in zone_type['reverse'].keys():
                 self.buffer.append('\tdomain-insecure: "%s"' % zone)
                 self.buffer.append('\tlocal-zone: "%s" nodefault' % zone)