* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
- Resolves: rhbz#1483572 unbound-1.6.6 is available - Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
This commit is contained in:
parent
8906a869c6
commit
115c5666a2
1
.gitignore
vendored
1
.gitignore
vendored
@ -42,3 +42,4 @@ unbound-1.4.5.tar.gz
|
|||||||
/unbound-1.6.3.tar.gz
|
/unbound-1.6.3.tar.gz
|
||||||
/unbound-1.6.4rc2.tar.gz
|
/unbound-1.6.4rc2.tar.gz
|
||||||
/unbound-1.6.4.tar.gz
|
/unbound-1.6.4.tar.gz
|
||||||
|
/unbound-1.6.6.tar.gz
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (unbound-1.6.4.tar.gz) = 1abf50552c97b304884f07372f9fb05f9f30354647cf5299192deac81fa28a41d89d84ee092baef644a6069d0f545d36e7e814c9b8f83f21a7a53572d9a91907
|
SHA512 (unbound-1.6.6.tar.gz) = 910fd0956b8828d3db0511a85bf6ab6c4c3982f17c70ccb7123d1de1650d24c2906bc29ac4ea83fd7d95d8af29e2cbc88df666f365e51296f552292ef9753016
|
||||||
|
52
unbound.conf
52
unbound.conf
@ -134,7 +134,7 @@ server:
|
|||||||
# ip-freebind: no
|
# ip-freebind: no
|
||||||
|
|
||||||
# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
|
# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
|
||||||
# is set with msg-buffer-size). 1480 can solve fragmentation (timeouts).
|
# is set with msg-buffer-size). 1472 can solve fragmentation (timeouts).
|
||||||
# edns-buffer-size: 4096
|
# edns-buffer-size: 4096
|
||||||
|
|
||||||
# Maximum UDP response size (not applied to TCP response).
|
# Maximum UDP response size (not applied to TCP response).
|
||||||
@ -587,6 +587,8 @@ server:
|
|||||||
# local-zone: "127.in-addr.arpa." nodefault
|
# local-zone: "127.in-addr.arpa." nodefault
|
||||||
# local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
|
# local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
|
||||||
# local-zone: "onion." nodefault
|
# local-zone: "onion." nodefault
|
||||||
|
# local-zone: "test." nodefault
|
||||||
|
# local-zone: "invalid." nodefault
|
||||||
# local-zone: "10.in-addr.arpa." nodefault
|
# local-zone: "10.in-addr.arpa." nodefault
|
||||||
# local-zone: "16.172.in-addr.arpa." nodefault
|
# local-zone: "16.172.in-addr.arpa." nodefault
|
||||||
# local-zone: "17.172.in-addr.arpa." nodefault
|
# local-zone: "17.172.in-addr.arpa." nodefault
|
||||||
@ -641,7 +643,7 @@ server:
|
|||||||
# o redirect serves the zone data for any subdomain in the zone.
|
# o redirect serves the zone data for any subdomain in the zone.
|
||||||
# o nodefault can be used to normally resolve AS112 zones.
|
# o nodefault can be used to normally resolve AS112 zones.
|
||||||
# o typetransparent resolves normally for other types and other names
|
# o typetransparent resolves normally for other types and other names
|
||||||
# o inform resolves normally, but logs client IP address
|
# o inform acts like transparent, but logs client IP address
|
||||||
# o inform_deny drops queries and logs client IP address
|
# o inform_deny drops queries and logs client IP address
|
||||||
# o always_transparent, always_refuse, always_nxdomain, resolve in
|
# o always_transparent, always_refuse, always_nxdomain, resolve in
|
||||||
# that way but ignore local data for that name.
|
# that way but ignore local data for that name.
|
||||||
@ -727,13 +729,35 @@ server:
|
|||||||
# 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
|
# 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
|
||||||
# ip-ratelimit-factor: 10
|
# ip-ratelimit-factor: 10
|
||||||
|
|
||||||
# IPsec module for Opportunistic IPsec
|
# Specific options for ipsecmod. unbound needs to be configured with
|
||||||
# Libreswan will enable this via unbound-control
|
# --enable-ipsecmod for these to take effect.
|
||||||
#ipsecmod-enabled:yes
|
#
|
||||||
#ipsecmod-hook:/usr/libexec/ipsec/unbound-hook.py
|
# Enable or disable ipsecmod (it still needs to be defined in
|
||||||
#ipsecmod-ignore-bogus:no
|
# module-config above). Can be used when ipsecmod needs to be
|
||||||
|
# enabled/disabled via remote-control(below).
|
||||||
|
# Fedora: module will be enabled on-demand by libreswan
|
||||||
|
ipsecmod-enabled: no
|
||||||
|
|
||||||
|
# Path to executable external hook. It must be defined when ipsecmod is
|
||||||
|
# listed in module-config (above).
|
||||||
|
# ipsecmod-hook: "./my_executable"
|
||||||
|
ipsecmod-hook:/usr/libexec/ipsec/unbound-hook.py
|
||||||
|
|
||||||
|
# When enabled unbound will reply with SERVFAIL if the return value of
|
||||||
|
# the ipsecmod-hook is not 0.
|
||||||
|
# ipsecmod-strict: no
|
||||||
|
#
|
||||||
|
# Maximum time to live (TTL) for cached A/AAAA records with IPSECKEY.
|
||||||
# ipsecmod-max-ttl: 3600
|
# ipsecmod-max-ttl: 3600
|
||||||
#ipsecmod-whitelist:libreswan.org
|
#
|
||||||
|
# Reply with A/AAAA even if the relevant IPSECKEY is bogus. Mainly used for
|
||||||
|
# testing.
|
||||||
|
# ipsecmod-ignore-bogus: no
|
||||||
|
#
|
||||||
|
# Domains for which ipsecmod will be triggered. If not defined (default)
|
||||||
|
# all domains are treated as being whitelisted.
|
||||||
|
# ipsecmod-whitelist: "libreswan.org"
|
||||||
|
# ipsecmod-whitelist: "nlnetlabs.nl"
|
||||||
|
|
||||||
# Python config section. To enable:
|
# Python config section. To enable:
|
||||||
# o use --with-pythonmodule to configure before compiling.
|
# o use --with-pythonmodule to configure before compiling.
|
||||||
@ -790,6 +814,7 @@ include: /etc/unbound/conf.d/*.conf
|
|||||||
# stub-addr: 192.0.2.68
|
# stub-addr: 192.0.2.68
|
||||||
# stub-prime: no
|
# stub-prime: no
|
||||||
# stub-first: no
|
# stub-first: no
|
||||||
|
# stub-ssl-upstream: no
|
||||||
# stub-zone:
|
# stub-zone:
|
||||||
# name: "example.org"
|
# name: "example.org"
|
||||||
# stub-host: ns.example.com.
|
# stub-host: ns.example.com.
|
||||||
@ -809,6 +834,7 @@ include: /etc/unbound/conf.d/*.conf
|
|||||||
# forward-addr: 192.0.2.68
|
# forward-addr: 192.0.2.68
|
||||||
# forward-addr: 192.0.2.73@5355 # forward to port 5355.
|
# forward-addr: 192.0.2.73@5355 # forward to port 5355.
|
||||||
# forward-first: no
|
# forward-first: no
|
||||||
|
# forward-ssl-upstream: no
|
||||||
# forward-zone:
|
# forward-zone:
|
||||||
# name: "example.org"
|
# name: "example.org"
|
||||||
# forward-host: fwd.example.com
|
# forward-host: fwd.example.com
|
||||||
@ -856,3 +882,13 @@ include: /etc/unbound/conf.d/*.conf
|
|||||||
# dnscrypt-secret-key: /path/unbound-conf/keys2/1.key
|
# dnscrypt-secret-key: /path/unbound-conf/keys2/1.key
|
||||||
# dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert
|
# dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert
|
||||||
# dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert
|
# dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert
|
||||||
|
|
||||||
|
# CacheDB
|
||||||
|
# Enable external backend DB as auxiliary cache. Specify the backend name
|
||||||
|
# (default is "testframe", which has no use other than for debugging and
|
||||||
|
# testing) and backend-specific options. The 'cachedb' module must be
|
||||||
|
# included in module-config.
|
||||||
|
# cachedb:
|
||||||
|
# backend: "testframe"
|
||||||
|
# # secret seed string to calculate hashed keys
|
||||||
|
# secret-seed: "default"
|
||||||
|
13
unbound.spec
13
unbound.spec
@ -20,8 +20,8 @@
|
|||||||
|
|
||||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||||
Name: unbound
|
Name: unbound
|
||||||
Version: 1.6.4
|
Version: 1.6.6
|
||||||
Release: 4%{?extra_version:.%{extra_version}}%{?dist}
|
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Url: https://www.unbound.net/
|
Url: https://www.unbound.net/
|
||||||
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
|
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
|
||||||
@ -43,8 +43,6 @@ Source15: unbound-anchor.timer
|
|||||||
Source16: unbound-munin.README
|
Source16: unbound-munin.README
|
||||||
Source17: unbound-anchor.service
|
Source17: unbound-anchor.service
|
||||||
|
|
||||||
Patch1: unbound-1.6.4-ipsechook-check.patch
|
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
BuildRequires: flex, openssl-devel
|
BuildRequires: flex, openssl-devel
|
||||||
BuildRequires: libevent-devel expat-devel
|
BuildRequires: libevent-devel expat-devel
|
||||||
@ -137,9 +135,6 @@ Python 3 modules and extensions for unbound
|
|||||||
%prep
|
%prep
|
||||||
%{?extra_version:%global pkgname %{name}-%{version}%{extra_version}}%{!?extra_version:%global pkgname %{name}-%{version}}
|
%{?extra_version:%global pkgname %{name}-%{version}%{extra_version}}%{!?extra_version:%global pkgname %{name}-%{version}}
|
||||||
%setup -qcn %{pkgname}
|
%setup -qcn %{pkgname}
|
||||||
pushd %{pkgname}
|
|
||||||
%patch1 -p1
|
|
||||||
popd
|
|
||||||
|
|
||||||
%if 0%{with_python}
|
%if 0%{with_python}
|
||||||
mv %{pkgname} %{pkgname}_python2
|
mv %{pkgname} %{pkgname}_python2
|
||||||
@ -444,6 +439,10 @@ popd
|
|||||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
|
||||||
|
- Resolves: rhbz#1483572 unbound-1.6.6 is available
|
||||||
|
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
|
||||||
|
|
||||||
* Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4
|
* Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4
|
||||||
- Rebuilt with KSK2017 added to root.key and root.anchor
|
- Rebuilt with KSK2017 added to root.key and root.anchor
|
||||||
- Remove noreplace for root key files. We can only improve these files over local copies
|
- Remove noreplace for root key files. We can only improve these files over local copies
|
||||||
|
Loading…
Reference in New Issue
Block a user