| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Signed-off-by: Dan Luedte <mail@danrl.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- History: prior to package 1.5.10-3 /var/lib/unbound was not used
- History: prior to package 1.5.10-4 no UCI scripts were provided
- Problem: UCI 'option manual_conf 1' only copied unbound.conf and root.key
- Problem: power users that had complex file nests cannot use this
- Fix: README.md includes instructions for /var/lib/unbound jail
- Fix: unbound.sh copies ALL of /etc/unbound for 'option manual_conf 1'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
| |
-unbound.sh implements the majority of requirements in README.md
-rootzone.sh reloads a small subset for alternate trigger maintenance
-unbound.init sets procd triggers on Unbound and dnsmasq (dhcp) UCI
-two part commit squashed with Makefile included
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
-dnsmasq really provides nice local DHCP-DNS records
-Unbound host records would be clumsy to update
-Unbound can be configured to forward to dnsmasq
-iptools provided to facilitate PTR records
-flexible ipv6 colon notation is a bit complex
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
| |
-README.md to describe the UCI in detail
-unbound.uci to get you started
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
-DNSSEC needs time, time needs ntp, or power off RTC
-Many consumer routers are cost thrifted without RTC
-Conf "val-override-date: -1" disables time inside DNSSEC
-Need restart as option is not dynamically switchable
-hotplug/ntp is used to set file /var/lib/unbound/unbound.time
-UCI will add or remove option depending on flag-like-file
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
-Patch for /etc/unbound/unbound.conf
--All work done in /var/lib/unbound/
--chroot or jail to /var/lib/unbound/
-Init script points to /usr/lib/unbound.sh
-Makefile to install new scripts in the package
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
-Unbound RFC 5011 is busy and writes frequently
-RFC 5011 creates working files in same directory
-DNSSEC root.key managed in /var/lib/unbound
-Protect against flash ROM wear out in /etc/unbound
-Scripts will copy back every 7 days instead
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
| |
-Rebind to new interfaces cleanly
-Detach from old interfaces cleanly
-Some conf options do not reload dynamically
-Unbound grows some and this will shrink it
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-Remove interlaced configuration changes
--Less sensitive to upstream example.conf changes
--Easier to read patch-of-patch work for maintenance
-Use MEMORY CONTROL EXAMPLE from http://unbound.net/
--Review and rework with respect to previous pacakge
--Effectively the same configuration as previous package
-Disable DNSSEC by default due to real-time chicken-n-egg
--Many OpenWrt target devices have no power-off clock (reboot)
--User choice of work around should be conscious
--Initial install should not fail reboot with DNSSEC default
-Add some defaults explicitly to prevent surprises
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
| |
* Fix upstream whitespace change in the patch.
* Minor cleanup to the header.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|
|
| |
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
|
| |
|
|
|
|
|
| |
Eric has offered to take over maintainership for the net/unbound
package.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
| |
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
|
| |
|
|
|
|
|
| |
Until now unbound was always running as root by default. A DNS resolver can
easily run under a non-privileged user.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
| |
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
Bump unbound to version 1.5.9 released on June 9, 2016.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
|
| |
The commands aliased by $(INSTALL_BIN) and $(INSTALL_DATA) set good
permissions, unlike a raw file copy.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
|
| |
The custom list of DNS root servers provided with the package is not necessary.
Unbound ships with a built-in list.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
Bump unbound to version 1.5.8 released on March 2, 2016.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
Bump unbound to version 1.5.7 released on December 10, 2015.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
Bump unbound to version 1.5.6 released on October 20, 2015.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
Bump unbound to version 1.5.5 released on October 6, 2015.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
| |
Bumped to latest upstream release - 1.5.4
Signed-off by Stijn Segers <francesco.borromini@inventati.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch enables support for validating ECDSA signatures, which
are being deployed more and more in DNSSEC.
Proper validating can be tested by observing the AD flag in following
query (courtesy of Olafur Gudmundsson, CloudFlare):
$ dig ds-4.alg-14-nsec.dnssec-test.org
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
|
| |
|
|
|
|
| |
unbound 1.5.3 was released on March 10, 2015.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
| |
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
|
| |
|
|
| |
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
|
|
|
This is an import of the net/unbound package from Subversion
revision 40658 (May 2, 2014). The only change is the addition of
PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile.
Unbound 1.4.22 is the current upstream release.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|