From 07b18f13c3dc4595d3025cdf22dbbad6ad0bad63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 13 Oct 2020 18:24:11 +0200
Subject: [PATCH] Enable DNS over HTTPS

---
 unbound.conf | 32 ++++++++++++++++++++++++++++++++
 unbound.spec |  2 +-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/unbound.conf b/unbound.conf
index a05f8d1..6820b18 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -803,6 +803,38 @@ server:
 	# Also serve tls on these port numbers (eg. 443, ...), by listing
 	# tls-additional-port: portno for each of the port numbers.
 
+	# HTTP endpoint to provide DNS-over-HTTPS service on.
+	# http-endpoint: "/dns-query"
+
+	# HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use.
+	# http-max-streams: 100
+
+	# Maximum number of bytes used for all HTTP/2 query buffers.
+	# http-query-buffer-size: 4m
+
+	# Maximum number of bytes used for all HTTP/2 response buffers.
+	# http-response-buffer-size: 4m
+
+	# Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS
+	# service.
+	# http-nodelay: yes
+
+	# HTTP endpoint to provide DNS-over-HTTPS service on.
+	# http-endpoint: "/dns-query"
+
+	# HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use.
+	# http-max-streams: 100
+
+	# Maximum number of bytes used for all HTTP/2 query buffers.
+	# http-query-buffer-size: 4m
+
+	# Maximum number of bytes used for all HTTP/2 response buffers.
+	# http-response-buffer-size: 4m
+
+	# Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS
+	# service.
+	# http-nodelay: yes
+
 	# DNS64 prefix. Must be specified when DNS64 is use.
 	# Enable dns64 in module-config.  Used to synthesize IPv6 from IPv4.
 	# dns64-prefix: 64:ff9b::0/96
diff --git a/unbound.spec b/unbound.spec
index ca53228..5d4ac1e 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -3,7 +3,7 @@
 %{?!with_munin:       %global with_munin       1}
 %bcond_with    dnstap
 %bcond_with    systemd
-%bcond_with    doh
+%bcond_without doh
 
 %global _hardened_build 1