unbound: Add option for marking domains as private (#29)

resolvconf.conf.5.in

@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd May 23, 2023
+.Dd Aug 02, 2024
 .Dt RESOLVCONF.CONF 5
 .Os
 .Sh NAME
@@ -328,6 +328,8 @@ forward-zones-file=/etc/pdns/recursor-zones.conf
 This file tells unbound about specific and global name servers.
 .It Sy unbound_insecure
 When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC.
+.It Sy unbound_private
+When set to YES, unbound marks the domains as private, allowing it and its subdomains to contain private addresses.
 .It Sy unbound_forward_zone_options
 Options appended to each forward zone.
 Each option should be separated by an embedded new line.

unbound.in

@@ -27,6 +27,7 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 unbound_insecure=
+unbound_private=
 
 [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
 . "@SYSCONFDIR@/resolvconf.conf" || exit 1
@@ -42,12 +43,25 @@ newconf="# Generated by resolvconf$NL"
 for d in $DOMAINS; do
 	dn="${d%%:*}"
 	ns="${d#*:}"
+	create_unbound_insecure=false
+	create_unbound_private=false
 	case "$unbound_insecure" in
 	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
-		newconf="$newconf${NL}server:$NL"
-		newconf="$newconf	domain-insecure: \"$dn\"$NL"
-		;;
+		create_unbound_insecure=true ;;
+	esac
+	case "$unbound_private" in
+	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+		create_unbound_private=true ;;
 	esac
+	if $create_unbound_insecure || $create_unbound_private; then
+		newconf="$newconf${NL}server:$NL"
+		if $create_unbound_insecure; then
+			newconf="$newconf	domain-insecure: \"$dn\"$NL"
+		fi
+		if $create_unbound_private; then
+			newconf="$newconf	private-domain: \"$dn\"$NL"
+		fi
+	fi
 	newconf="$newconf${NL}forward-zone:$NL	name: \"$dn\"$NL"
 	if [ -n "$unbound_forward_zone_options" ]; then
 		newconf="$newconf	$unbound_forward_zone_options${NL}"