| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Jan Klos <jan@klos.xyz>
|
| |
|
|
|
|
| |
Closes openwrt/luci#6993
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jan Klos <jan@klos.xyz>
|
| |
|
|
|
|
|
|
| |
that way, procd does not needlessly restart unbound on triggers when
everything remains the same - changes in non-default included
configuration files will not be registered, however
Signed-off-by: Jan Klos <jan@klos.xyz>
|
| |
|
|
|
|
|
| |
so that procd can decide whether to restart unbound based on config
file changes
Signed-off-by: Jan Klos <jan@klos.xyz>
|
| |
|
|
|
|
|
|
| |
Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
|
| |
|
|
|
|
|
|
|
|
| |
The function `create_host_record_from_host` fails if the `dns` option
is not set in the host entry.
This sets a default to the `dns` variable in order to fix this error.
Fixes: #22691
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The "Extra DNS" option allows to create records from the DHCP
"Hostnames" configuration entries.
This allows to create such records from the DHCP "Static leases"
configuration entries too.
Fixes: #22593
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Refs: https://github.com/NLnetLabs/unbound/issues/812
https://github.com/NLnetLabs/unbound/issues/846
This is a backport of: https://github.com/NLnetLabs/unbound/commit/d7e7761
and can be removed with the next release/update of the Unbound package
Signed-off-by: Ted Hess <thess@kitschensync.net>
|
| |
|
|
|
|
|
| |
- Refreshed one patch
- Removed deprecated AUTORELEASE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This prevents a forwarding server named like ::1@5453 from being added
to unbound.conf as a forward-host instead of the correct forward-addr.
forward-host requires the name to be resolved, which is impossible in
the absence of another nameserver. Thus, forwarding-only configurations
referencing only the IPv6 loopback address with a port number were
broken.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Rob Ekl <ekl.rob@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Changelog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-3
- Fixes: CVE-2022-3204
Refreshed one patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Maintainer: @EricLuehrsen
Compile tested: x86/64
Run tested: x86/64
Description: Update to 1.16.2, fix CVE-2022-30698 and CVE-2022-30699.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
|
| |
|
|
|
|
|
|
|
| |
Maintainer: @EricLuehrsen
Compile tested: realtek/rtl838x, x86/64
Run tested: realtek/rtl838x, x86/64
Description: Update to 1.16.1
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
|
| |
|
|
| |
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
| |
|
|
|
|
| |
Refresh patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
| |
Currently there is a problem with log spam when ipv6 network
is dropped. Fix this by backporting a patch to silence these errors
when verbose logging is not enabled.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
| |
Override places that call uname to detect target features
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |\
| |
| | |
unbound: add cache-max-negative-ttl config option
|
| | |
| |
| |
| | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |/
|
|
|
|
| |
I left the old version in, in case users have configs that already correct for this error.
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
DNS flag day 2020, software should reflect the minimum EDNS 1232 bytes.
Added iface_wan and iface_lan to control internal DNS assignemnts and
to control what is local service ACL. Interface wild cards are not
explicitly set so that they can be customized in extended conf.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- prevent rapid overlap in DHCP script updates
- check and allow localhost forwards with specific applications
- add option for rate limiting inbound queries
- change UCI list to table format with Unbound conf references
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The two unique packages "Unbound light" and "Unbound heavy"
were not working well due to the fact that Unbound is mostly
its library. Tools and helpers would crash. Instead a reasonable
default Unbound is built. Also up select options like python
are added. libevent and libpthreads are options to down select.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Unbound has a quirk and may reply on a different device address.
When Unbound answers with from-address different than it
received queries on, it may cause trouble for select VPN and
firewall configurations. Ensure Unbound replies with the same
address by changing this default.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |\
| |
| | |
unbound: suggest matched domain option for dnsmasq link
|
| | |
| |
| |
| | |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |/
|
|
|
|
| |
Fixes commit da76aeb24c1b ("unbound: expose interface-auto to UCI")
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This exposes the interface-auto option to UCI.
By default, interface-auto is disabled.
This leads to the DNS reply possibly originating from
a different address then the request was sent to.
Devices with a packet filter might not receive the reply in this case.
Enabling interface-auto ensures the reply is sent with the
source-address the request was sent to.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
| |
Fixes:
CVE-2020-12662
CVE-2020-12663
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch enables ipset support in the unbound-daemon-heavy variant. See [1] for
instructions on how to use it.
Also fix a minor typo in the libunbound-light description.
[1] https://github.com/NLnetLabs/unbound/pull/28
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
| |
|
|
| |
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|