From ef6f85600d565c670809fec30dcd96d36c6ded12 Mon Sep 17 00:00:00 2001
From: caskd <caskd@420blaze.it>
Date: Mon, 9 Mar 2020 19:38:27 +0100
Subject: [PATCH] Add range separation and stop first updates

---
 build/unbound.conf | 4 ++++
 dns.yml            | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/build/unbound.conf b/build/unbound.conf
index 3c2eb3d..9b71b4c 100644
--- a/build/unbound.conf
+++ b/build/unbound.conf
@@ -2,6 +2,10 @@ include: "/etc/unbound/redxen-dns.conf"
 server:
 	directory: "/etc/unbound"
 	username: unbound
+	access-control: 0.0.0.0/0 deny_non_local
+	access-control: 127.0.0.0/24 allow
+	access-control: 172.17.12.0/24 allow
+	access-control: 172.18.0.0/16 allow
 	interface: 0.0.0.0
 	interface: ::0
 	access-control: 0.0.0.0/0 allow
diff --git a/dns.yml b/dns.yml
index 684b2a7..03770f9 100644
--- a/dns.yml
+++ b/dns.yml
@@ -27,7 +27,7 @@ services:
       update_config:
         parallelism: 2
         delay: 5s
-        order: start-first
+        order: stop-first
         failure_action: rollback
     logging: *json-log
     volumes: