From 74f235ac4accaaf0d939b23783948e41933ae7ea Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 23 Apr 2020 08:28:08 +0200
Subject: [PATCH] Unbound: prevent wilcard domains for this machines primary
 domain (since you can't forward all and be responsible for a part). mentioned
 here https://github.com/opnsense/core/issues/4049

---
 src/www/services_unbound_host_edit.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/www/services_unbound_host_edit.php b/src/www/services_unbound_host_edit.php
index e1777e2d1..ace03c052 100644
--- a/src/www/services_unbound_host_edit.php
+++ b/src/www/services_unbound_host_edit.php
@@ -83,6 +83,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         $input_errors[] = gettext("A valid domain must be specified.");
     }
 
+    if (!empty($pconfig['domain']) && $pconfig['domain'] == $config['system']['domain'] && $pconfig['host'] == '*') {
+        $input_errors[] = sprintf(
+            gettext("A wildcard domain override is not supported for this machines domain '%s'."),
+            $config['system']['domain']
+        );
+    }
+
     switch ($pconfig['rr']) {
         case 'A': /* also: AAAA */
             $reqdfields = explode(" ", "ip");