| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unbound+DHCP (server of your choice) should be able to replicate
a lot of what dnsmasq provides. With this change set Unbound
still works with dnsmasq, but also it can work with a plain
DHCP server. Features have been added within the UCI itself
to act like dnsmasq.
- alone: name each interface relative to router hostname
- alone: prevent upstream leakage of your domain and '.local'
- dnsmasq: use dnsmasq UCI to configure forwarding clauses
- dhcp: work with odhcpd as example of companion DHCP-DNS
- dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records
- all: enable encrypted remote unbound-control using splice conf
- all: allow user spliced conf-files for hybrid UCI and manual conf
-- 'unbound_srv.conf' will be spliced into the 'server:' clause
-- 'unbound_ext.conf' will add clauses to the end, example 'forward:'
README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and
unbound-with-odhcpd have better/added UCI starters. HOW TO for
including unbound_srv.conf and unbound_ext.conf are added.
Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6,
dhcp_link, domain, and domain_type
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is bare minimum change in 'unbound.sh' and
'dnsmasq.sh' to migrate the UCI option set for
more flexibility. The boolean(s) to link to
dnsmasq are being changed to a state to include
odhcpd. It is executable but a small step for
clear change management.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The UCI for Unbound already links to dnsmasq, but what
if with Unbound, we want to configure a plain dhcp server.
Most servers can call a script for lease events. That
script can then formulate DNS records and load them
with unbound-control (dependency).
The files added here work with OpenWRT/LEDE odhcpd, such
that it can be run alone. They can be used as examples
for any dhcp server. 'odhcpd.sh' is to be called by
odhcpd when a lease event occurs. 'odhcpd.awk' is called
internal to the shell script. The awk script handles
any tricky reformating that may be required.
/etc/config/dhcp
config odhcpd 'odhcpd'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
| |
If Unbound was disabled and at later time enabled, then it
would operate in DNSSEC less-secure mode. When NTP hotplug
was called, the timestamp file was not updated. This was
found testing Unbound vs other tools (bind, dnsmasq).
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
| |
- UCI to take advantage of "qname-minimisation-strict:"
- UCI to block chaos reponses bind, server, and version
- UCI to limit or prefer recrusion over IP4 or IP6
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
| |
- UCI option dnsmasq_gate_name typo in few locations
- NTP hotplug to check /etc/init.d/unbound not ..dnsmasq
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Signed-off-by: Dan Luedte <mail@danrl.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- History: prior to package 1.5.10-3 /var/lib/unbound was not used
- History: prior to package 1.5.10-4 no UCI scripts were provided
- Problem: UCI 'option manual_conf 1' only copied unbound.conf and root.key
- Problem: power users that had complex file nests cannot use this
- Fix: README.md includes instructions for /var/lib/unbound jail
- Fix: unbound.sh copies ALL of /etc/unbound for 'option manual_conf 1'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
| |
-unbound.sh implements the majority of requirements in README.md
-rootzone.sh reloads a small subset for alternate trigger maintenance
-unbound.init sets procd triggers on Unbound and dnsmasq (dhcp) UCI
-two part commit squashed with Makefile included
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
-dnsmasq really provides nice local DHCP-DNS records
-Unbound host records would be clumsy to update
-Unbound can be configured to forward to dnsmasq
-iptools provided to facilitate PTR records
-flexible ipv6 colon notation is a bit complex
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
| |
-README.md to describe the UCI in detail
-unbound.uci to get you started
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
-DNSSEC needs time, time needs ntp, or power off RTC
-Many consumer routers are cost thrifted without RTC
-Conf "val-override-date: -1" disables time inside DNSSEC
-Need restart as option is not dynamically switchable
-hotplug/ntp is used to set file /var/lib/unbound/unbound.time
-UCI will add or remove option depending on flag-like-file
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
-Patch for /etc/unbound/unbound.conf
--All work done in /var/lib/unbound/
--chroot or jail to /var/lib/unbound/
-Init script points to /usr/lib/unbound.sh
-Makefile to install new scripts in the package
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
-Unbound RFC 5011 is busy and writes frequently
-RFC 5011 creates working files in same directory
-DNSSEC root.key managed in /var/lib/unbound
-Protect against flash ROM wear out in /etc/unbound
-Scripts will copy back every 7 days instead
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
| |
-Rebind to new interfaces cleanly
-Detach from old interfaces cleanly
-Some conf options do not reload dynamically
-Unbound grows some and this will shrink it
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
| |
Until now unbound was always running as root by default. A DNS resolver can
easily run under a non-privileged user.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
| |
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
|
| |
The custom list of DNS root servers provided with the package is not necessary.
Unbound ships with a built-in list.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
| |
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
|
|
|
This is an import of the net/unbound package from Subversion
revision 40658 (May 2, 2014). The only change is the addition of
PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile.
Unbound 1.4.22 is the current upstream release.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|