aboutsummaryrefslogtreecommitdiff
path: root/net/unbound/files/iptools.sh
Commit message (Collapse)AuthorAge
* unbound: improve startup and dhcp script robustnessEric Luehrsen2020-07-12
| | | | | | | | | - prevent rapid overlap in DHCP script updates - check and allow localhost forwards with specific applications - add option for rate limiting inbound queries - change UCI list to table format with Unbound conf references Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* unbound: replace obsolete test expressionsEric Luehrsen2019-05-28
| | | | | | | | Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete. POSIX allows few arguments to test, so long expressions are not portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* unbound: log openssl-1.0.2 lacks TLS host verificationEric Luehrsen2018-08-10
| | | | | | | | | | | ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do host cert verification. DNS over TLS connects, but hosts are unverified. A patch for log err is added with a noitce in README.md. (see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658) Also, squash some minor robustness and TLS usability fixes. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* unbound: add UCI for forward stub and auth zone clausesEric Luehrsen2018-07-29
| | | | | | | | | | With growing interest, DNS over TLS can be setup in Unbounds foward-zone: clause. A broader UCI solution is added to support forward-, stub-, and auth- zone clauses in a new 'zone' section. This implentation required reworking scripts, because they did not scale. 'forward_domain' and 'prefetch_root' options are removed, and superceded by 'zone' section. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* unbound: improve local zone evaluation in UCIEric Luehrsen2018-06-12
| | | | | | | | | | | | When UCI local zone is private and static, Unbound covered private addresses with defaults. Optional delegated global IP6 prefix protection lacked a static zone, but it was prevented from appearing in global DNS responses. Domain names router-as-TLD, "lan." and "local." were static, but they lacked default SOA or NS such as Unbound had assinged to private addresses. Clean up these local zones UCI evaluation and block global DNS inclusion. Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* Unbound: Add files to enable forward link to dnsmasqEric Luehrsen2016-11-29
-dnsmasq really provides nice local DHCP-DNS records -Unbound host records would be clumsy to update -Unbound can be configured to forward to dnsmasq -iptools provided to facilitate PTR records -flexible ipv6 colon notation is a bit complex Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Powered by cgit, Themed by Ted Yin.