* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
- Resolves: rhbz#1483572 unbound-1.6.6 is available - Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
This commit is contained in:
parent
8906a869c6
commit
115c5666a2
1
.gitignore
vendored
1
.gitignore
vendored
@ -42,3 +42,4 @@ unbound-1.4.5.tar.gz
|
||||
/unbound-1.6.3.tar.gz
|
||||
/unbound-1.6.4rc2.tar.gz
|
||||
/unbound-1.6.4.tar.gz
|
||||
/unbound-1.6.6.tar.gz
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (unbound-1.6.4.tar.gz) = 1abf50552c97b304884f07372f9fb05f9f30354647cf5299192deac81fa28a41d89d84ee092baef644a6069d0f545d36e7e814c9b8f83f21a7a53572d9a91907
|
||||
SHA512 (unbound-1.6.6.tar.gz) = 910fd0956b8828d3db0511a85bf6ab6c4c3982f17c70ccb7123d1de1650d24c2906bc29ac4ea83fd7d95d8af29e2cbc88df666f365e51296f552292ef9753016
|
||||
|
54
unbound.conf
54
unbound.conf
@ -134,7 +134,7 @@ server:
|
||||
# ip-freebind: no
|
||||
|
||||
# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
|
||||
# is set with msg-buffer-size). 1480 can solve fragmentation (timeouts).
|
||||
# is set with msg-buffer-size). 1472 can solve fragmentation (timeouts).
|
||||
# edns-buffer-size: 4096
|
||||
|
||||
# Maximum UDP response size (not applied to TCP response).
|
||||
@ -587,6 +587,8 @@ server:
|
||||
# local-zone: "127.in-addr.arpa." nodefault
|
||||
# local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
|
||||
# local-zone: "onion." nodefault
|
||||
# local-zone: "test." nodefault
|
||||
# local-zone: "invalid." nodefault
|
||||
# local-zone: "10.in-addr.arpa." nodefault
|
||||
# local-zone: "16.172.in-addr.arpa." nodefault
|
||||
# local-zone: "17.172.in-addr.arpa." nodefault
|
||||
@ -641,7 +643,7 @@ server:
|
||||
# o redirect serves the zone data for any subdomain in the zone.
|
||||
# o nodefault can be used to normally resolve AS112 zones.
|
||||
# o typetransparent resolves normally for other types and other names
|
||||
# o inform resolves normally, but logs client IP address
|
||||
# o inform acts like transparent, but logs client IP address
|
||||
# o inform_deny drops queries and logs client IP address
|
||||
# o always_transparent, always_refuse, always_nxdomain, resolve in
|
||||
# that way but ignore local data for that name.
|
||||
@ -727,13 +729,35 @@ server:
|
||||
# 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
|
||||
# ip-ratelimit-factor: 10
|
||||
|
||||
# IPsec module for Opportunistic IPsec
|
||||
# Libreswan will enable this via unbound-control
|
||||
#ipsecmod-enabled:yes
|
||||
#ipsecmod-hook:/usr/libexec/ipsec/unbound-hook.py
|
||||
#ipsecmod-ignore-bogus:no
|
||||
#ipsecmod-max-ttl:3600
|
||||
#ipsecmod-whitelist:libreswan.org
|
||||
# Specific options for ipsecmod. unbound needs to be configured with
|
||||
# --enable-ipsecmod for these to take effect.
|
||||
#
|
||||
# Enable or disable ipsecmod (it still needs to be defined in
|
||||
# module-config above). Can be used when ipsecmod needs to be
|
||||
# enabled/disabled via remote-control(below).
|
||||
# Fedora: module will be enabled on-demand by libreswan
|
||||
ipsecmod-enabled: no
|
||||
|
||||
# Path to executable external hook. It must be defined when ipsecmod is
|
||||
# listed in module-config (above).
|
||||
# ipsecmod-hook: "./my_executable"
|
||||
ipsecmod-hook:/usr/libexec/ipsec/unbound-hook.py
|
||||
|
||||
# When enabled unbound will reply with SERVFAIL if the return value of
|
||||
# the ipsecmod-hook is not 0.
|
||||
# ipsecmod-strict: no
|
||||
#
|
||||
# Maximum time to live (TTL) for cached A/AAAA records with IPSECKEY.
|
||||
# ipsecmod-max-ttl: 3600
|
||||
#
|
||||
# Reply with A/AAAA even if the relevant IPSECKEY is bogus. Mainly used for
|
||||
# testing.
|
||||
# ipsecmod-ignore-bogus: no
|
||||
#
|
||||
# Domains for which ipsecmod will be triggered. If not defined (default)
|
||||
# all domains are treated as being whitelisted.
|
||||
# ipsecmod-whitelist: "libreswan.org"
|
||||
# ipsecmod-whitelist: "nlnetlabs.nl"
|
||||
|
||||
# Python config section. To enable:
|
||||
# o use --with-pythonmodule to configure before compiling.
|
||||
@ -790,6 +814,7 @@ include: /etc/unbound/conf.d/*.conf
|
||||
# stub-addr: 192.0.2.68
|
||||
# stub-prime: no
|
||||
# stub-first: no
|
||||
# stub-ssl-upstream: no
|
||||
# stub-zone:
|
||||
# name: "example.org"
|
||||
# stub-host: ns.example.com.
|
||||
@ -809,6 +834,7 @@ include: /etc/unbound/conf.d/*.conf
|
||||
# forward-addr: 192.0.2.68
|
||||
# forward-addr: 192.0.2.73@5355 # forward to port 5355.
|
||||
# forward-first: no
|
||||
# forward-ssl-upstream: no
|
||||
# forward-zone:
|
||||
# name: "example.org"
|
||||
# forward-host: fwd.example.com
|
||||
@ -856,3 +882,13 @@ include: /etc/unbound/conf.d/*.conf
|
||||
# dnscrypt-secret-key: /path/unbound-conf/keys2/1.key
|
||||
# dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert
|
||||
# dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert
|
||||
|
||||
# CacheDB
|
||||
# Enable external backend DB as auxiliary cache. Specify the backend name
|
||||
# (default is "testframe", which has no use other than for debugging and
|
||||
# testing) and backend-specific options. The 'cachedb' module must be
|
||||
# included in module-config.
|
||||
# cachedb:
|
||||
# backend: "testframe"
|
||||
# # secret seed string to calculate hashed keys
|
||||
# secret-seed: "default"
|
||||
|
13
unbound.spec
13
unbound.spec
@ -20,8 +20,8 @@
|
||||
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.6.4
|
||||
Release: 4%{?extra_version:.%{extra_version}}%{?dist}
|
||||
Version: 1.6.6
|
||||
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
||||
License: BSD
|
||||
Url: https://www.unbound.net/
|
||||
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
|
||||
@ -43,8 +43,6 @@ Source15: unbound-anchor.timer
|
||||
Source16: unbound-munin.README
|
||||
Source17: unbound-anchor.service
|
||||
|
||||
Patch1: unbound-1.6.4-ipsechook-check.patch
|
||||
|
||||
Group: System Environment/Daemons
|
||||
BuildRequires: flex, openssl-devel
|
||||
BuildRequires: libevent-devel expat-devel
|
||||
@ -137,9 +135,6 @@ Python 3 modules and extensions for unbound
|
||||
%prep
|
||||
%{?extra_version:%global pkgname %{name}-%{version}%{extra_version}}%{!?extra_version:%global pkgname %{name}-%{version}}
|
||||
%setup -qcn %{pkgname}
|
||||
pushd %{pkgname}
|
||||
%patch1 -p1
|
||||
popd
|
||||
|
||||
%if 0%{with_python}
|
||||
mv %{pkgname} %{pkgname}_python2
|
||||
@ -444,6 +439,10 @@ popd
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
|
||||
%changelog
|
||||
* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
|
||||
- Resolves: rhbz#1483572 unbound-1.6.6 is available
|
||||
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
|
||||
|
||||
* Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4
|
||||
- Rebuilt with KSK2017 added to root.key and root.anchor
|
||||
- Remove noreplace for root key files. We can only improve these files over local copies
|
||||
|
Loading…
Reference in New Issue
Block a user