| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
This prevents a forwarding server named like ::1@5453 from being added
to unbound.conf as a forward-host instead of the correct forward-addr.
forward-host requires the name to be resolved, which is impossible in
the absence of another nameserver. Thus, forwarding-only configurations
referencing only the IPv6 loopback address with a port number were
broken.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
|
| |
|
|
|
|
|
|
|
| |
DNS flag day 2020, software should reflect the minimum EDNS 1232 bytes.
Added iface_wan and iface_lan to control internal DNS assignemnts and
to control what is local service ACL. Interface wild cards are not
explicitly set so that they can be customized in extended conf.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- prevent rapid overlap in DHCP script updates
- check and allow localhost forwards with specific applications
- add option for rate limiting inbound queries
- change UCI list to table format with Unbound conf references
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
| |
Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete.
POSIX allows few arguments to test, so long expressions are not
portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do
host cert verification. DNS over TLS connects, but hosts are unverified. A
patch for log err is added with a noitce in README.md.
(see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658)
Also, squash some minor robustness and TLS usability fixes.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With growing interest, DNS over TLS can be setup in Unbounds foward-zone:
clause. A broader UCI solution is added to support forward-, stub-, and
auth- zone clauses in a new 'zone' section. This implentation required
reworking scripts, because they did not scale. 'forward_domain' and
'prefetch_root' options are removed, and superceded by 'zone' section.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When UCI local zone is private and static, Unbound covered private
addresses with defaults. Optional delegated global IP6 prefix
protection lacked a static zone, but it was prevented from appearing
in global DNS responses. Domain names router-as-TLD, "lan." and
"local." were static, but they lacked default SOA or NS such as
Unbound had assinged to private addresses. Clean up these local
zones UCI evaluation and block global DNS inclusion.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
|
|
-dnsmasq really provides nice local DHCP-DNS records
-Unbound host records would be clumsy to update
-Unbound can be configured to forward to dnsmasq
-iptools provided to facilitate PTR records
-flexible ipv6 colon notation is a bit complex
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|