| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
| |
This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Unbound 1.6.1 has a few bug fixes for resource leaks,
configuration robustness, compile environment interaction,
and maintaining the trust anchor. The 2017 trust anchor
(DS) is built into unbound and unbound-anchor.
File /etc/unbound/root.key holds 2010/2017 DS record until 2018
https://www.icann.org/resources/pages/ksk-rollover
https://www.iana.org/domains/root
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- future opportunity: added "views:" clause
-- consider won't need UCI for security instances
-- consider access lists, forwards, views, and tags
-- consider query denial for DNS amplification defense
- future opportunity: thrifted "local-zone:" memory bloat
-- consider adblock package to feed thru unbound-control
-- consider access lists, forwards, views, and tags
-- consider offering LuCI parental controls or other
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
-Patch for /etc/unbound/unbound.conf
--All work done in /var/lib/unbound/
--chroot or jail to /var/lib/unbound/
-Init script points to /usr/lib/unbound.sh
-Makefile to install new scripts in the package
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-Remove interlaced configuration changes
--Less sensitive to upstream example.conf changes
--Easier to read patch-of-patch work for maintenance
-Use MEMORY CONTROL EXAMPLE from http://unbound.net/
--Review and rework with respect to previous pacakge
--Effectively the same configuration as previous package
-Disable DNSSEC by default due to real-time chicken-n-egg
--Many OpenWrt target devices have no power-off clock (reboot)
--User choice of work around should be conscious
--Initial install should not fail reboot with DNSSEC default
-Add some defaults explicitly to prevent surprises
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
| |
* Fix upstream whitespace change in the patch.
* Minor cleanup to the header.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|
|
| |
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
|
| |
|
|
|
|
|
| |
Until now unbound was always running as root by default. A DNS resolver can
easily run under a non-privileged user.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
|
| |
The custom list of DNS root servers provided with the package is not necessary.
Unbound ships with a built-in list.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
Bump unbound to version 1.5.7 released on December 10, 2015.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
unbound 1.5.3 was released on March 10, 2015.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
| |
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
|
|
|
This is an import of the net/unbound package from Subversion
revision 40658 (May 2, 2014). The only change is the addition of
PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile.
Unbound 1.4.22 is the current upstream release.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|