From 0647a3a2330a4e3928402486f380451a34968a03 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Thu, 12 Sep 2024 17:12:01 +0200
Subject: [PATCH] unbound: prefer ip4 on ubuntu 24 and above

ip6 queries seems to be blocked by spamhaus
---
 CHANGES                                |  1 +
 setup/start.sh                         | 11 ++++++++++-
 setup/start/unbound/prefer-ip4.conf    |  6 ++++++
 setup/start/{ => unbound}/unbound.conf |  0
 4 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 setup/start/unbound/prefer-ip4.conf
 rename setup/start/{ => unbound}/unbound.conf (100%)

diff --git a/CHANGES b/CHANGES
index 971fd55a5..24721e3ec 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2845,4 +2845,5 @@
 * logs: rework the syslog parser
 * docker: use system dns for app containers
 * logs: show error message in UI when log rotated
+* unbound: prefer ip4 for dns queries (only on ubuntu 24 and above)
 
diff --git a/setup/start.sh b/setup/start.sh
index 5a59dcc54..0271faf71 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -22,6 +22,11 @@ readonly MAIL_DATA_DIR="${HOME_DIR}/boxdata/mail"
 readonly script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 readonly ubuntu_version=$(lsb_release -rs)
 
+vergte() {
+    greater_version=$(echo -e "$1\n$2" | sort -rV | head -n1)
+    [[ "$1" == "${greater_version}" ]] && return 0 || return 1
+}
+
 cp -f "${script_dir}/../scripts/cloudron-support" /usr/bin/cloudron-support
 cp -f "${script_dir}/../scripts/cloudron-translation-update" /usr/bin/cloudron-translation-update
 rm -f /usr/bin/cloudron-logs # legacy script
@@ -109,7 +114,11 @@ systemctl restart systemd-journald
 usermod -a -G adm ${USER}
 
 log "Setting up unbound"
-cp -f "${script_dir}/start/unbound.conf" /etc/unbound/unbound.conf.d/cloudron-network.conf
+cp -f "${script_dir}/start/unbound/unbound.conf" /etc/unbound/unbound.conf.d/cloudron-network.conf
+unbound_version=$(unbound -V | sed -n 's/^Version \([0-9.]*\)/\1/p')
+if vergte "${unbound_version}" "1.19.2"; then
+    cp "${script_dir}/start/unbound/prefer-ip4.conf" /etc/unbound/unbound.conf.d/cloudron-prefer-ip4.conf
+fi
 rm -f /etc/unbound/unbound.conf.d/remote-control.conf # on ubuntu 24
 # update the root anchor after a out-of-disk-space situation (see #269)
 # it returns 1 even on fail, it's not clear - https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound-anchor.html#exit-code
diff --git a/setup/start/unbound/prefer-ip4.conf b/setup/start/unbound/prefer-ip4.conf
new file mode 100644
index 000000000..5607b80dd
--- /dev/null
+++ b/setup/start/unbound/prefer-ip4.conf
@@ -0,0 +1,6 @@
+# Prefer IPv4 outbound queries. Spamhaus often reject queries from IPv6 addresses
+# This setting is in a separate file since it only works from Ubuntu 24 , unbound 1.19.2
+
+server:
+    prefer-ip4: yes
+
diff --git a/setup/start/unbound.conf b/setup/start/unbound/unbound.conf
similarity index 100%
rename from setup/start/unbound.conf
rename to setup/start/unbound/unbound.conf