unbound: update to 1.8.0

- adjust a few UCI translations to coordinate with upstream defaults
- remove OpenSSL < 1.1.0 API log error patch which is included upstream

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>

2 files changed, 26 insertions, 19 deletions

diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md
index 812d9a607..6576b2c85 100644
--- a/net/unbound/files/README.md
+++ b/net/unbound/files/README.md
@@ -273,8 +273,9 @@ config unbound
 
   option protocol 'mixed'
     Unbound can limit its protocol used for recursive queries.
-    ip4_only - limit issues if you do not have native IPv6
+    ip4_only - old fashioned IPv4 upstream and downstream
     ip6_only - test environment only; could cauase problems
+    ip6_local - upstream IPv4 only and local network IPv4 and IPv6
     ip6_prefer - both IPv4 and IPv6 but try IPv6 first
     mixed - both IPv4 and IPv6
     default - Unbound built-in defaults
diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index 061331220..68b3c92b4 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -619,7 +619,6 @@ unbound_conf() {
         echo "  port: $UB_N_RX_PORT"
         echo "  outgoing-port-permit: 10240-65535"
         echo "  interface: 0.0.0.0"
-        echo "  interface: ::0"
         echo "  outgoing-interface: 0.0.0.0"
         echo "  do-ip4: yes"
         echo "  do-ip6: no"
@@ -632,7 +631,6 @@ unbound_conf() {
         echo "  edns-buffer-size: $UB_N_EDNS_SIZE"
         echo "  port: $UB_N_RX_PORT"
         echo "  outgoing-port-permit: 10240-65535"
-        echo "  interface: 0.0.0.0"
         echo "  interface: ::0"
         echo "  outgoing-interface: ::0"
         echo "  do-ip4: no"
@@ -641,6 +639,20 @@ unbound_conf() {
       } >> $UB_CORE_CONF
       ;;
 
+   ip6_local)
+      {
+        echo "  edns-buffer-size: $UB_N_EDNS_SIZE"
+        echo "  port: $UB_N_RX_PORT"
+        echo "  outgoing-port-permit: 10240-65535"
+        echo "  interface: 0.0.0.0"
+        echo "  interface: ::0"
+        echo "  outgoing-interface: 0.0.0.0"
+        echo "  do-ip4: yes"
+        echo "  do-ip6: yes"
+        echo
+      } >> $UB_CORE_CONF
+      ;;
+
     ip6_prefer)
       {
         echo "  edns-buffer-size: $UB_N_EDNS_SIZE"
@@ -692,27 +704,15 @@ unbound_conf() {
   esac
 
 
-  {
-    # Other harding and options for an embedded router
-    echo "  harden-short-bufsize: yes"
-    echo "  harden-large-queries: yes"
-    echo "  harden-glue: yes"
-    echo "  harden-below-nxdomain: no"
-    echo "  harden-referral-path: no"
-    echo "  use-caps-for-id: no"
-    echo
-  } >> $UB_CORE_CONF
-
-
   case "$UB_D_RESOURCE" in
     # Tiny - Unbound's recommended cheap hardware config
     tiny)   rt_mem=1  ; rt_conn=2  ; rt_buff=1 ;;
     # Small - Half RRCACHE and open ports
     small)  rt_mem=8  ; rt_conn=10 ; rt_buff=2 ;;
     # Medium - Nearly default but with some added balancintg
-    medium) rt_mem=16 ; rt_conn=20 ; rt_buff=4 ;;
+    medium) rt_mem=16 ; rt_conn=15 ; rt_buff=4 ;;
     # Large - Double medium
-    large)  rt_mem=32 ; rt_conn=40 ; rt_buff=4 ;;
+    large)  rt_mem=32 ; rt_conn=20 ; rt_buff=4 ;;
     # Whatever unbound does
     *) rt_mem=0 ; rt_conn=0 ;;
   esac
@@ -720,10 +720,16 @@ unbound_conf() {
 
   if [ "$rt_mem" -gt 0 ] ; then
     {
+      # Other harding and options for an embedded router
+      echo "  harden-short-bufsize: yes"
+      echo "  harden-large-queries: yes"
+      echo "  harden-glue: yes"
+      echo "  use-caps-for-id: no"
+      echo
       # Set memory sizing parameters
       echo "  msg-buffer-size: $(($rt_buff*8192))"
-      echo "  outgoing-range: $(($rt_conn*64))"
-      echo "  num-queries-per-thread: $(($rt_conn*32))"
+      echo "  outgoing-range: $(($rt_conn*32))"
+      echo "  num-queries-per-thread: $(($rt_conn*16))"
       echo "  outgoing-num-tcp: $(($rt_conn))"
       echo "  incoming-num-tcp: $(($rt_conn))"
       echo "  rrset-cache-size: $(($rt_mem*256))k"