Revert "Improve config formatting"

This reverts commit 3d0bac0df2.

Uncomment again commented out value and bump version.

Comment by Paul Wouters:
The value of 3072 was tailored to cause a failure for ANY requries to isc.org,
which are used a lot by attackers. Now with 4096,
it will fit and the query can be abused again to
cause amplification with that popular dns query.
This commit is contained in:
Petr Menšík 2018-02-22 10:58:45 +01:00
parent ba13eb790b
commit 1b9764fb5a
2 changed files with 5 additions and 2 deletions

View File

@ -141,7 +141,7 @@ server:
# Suggested values are 512 to 4096. Default is 4096. 65536 disables it.
# 3072 causes +dnssec any isc.org queries to need TC=1.
# Helps mitigating DDOS
# max-udp-size: 3072
max-udp-size: 3072
# buffer size for handling DNS data. No messages larger than this
# size can be sent or received, by UDP or TCP. In bytes.

View File

@ -21,7 +21,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound
Version: 1.6.8
Release: 5%{?extra_version:.%{extra_version}}%{?dist}
Release: 6%{?extra_version:.%{extra_version}}%{?dist}
License: BSD
Url: https://www.unbound.net/
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
@ -435,6 +435,9 @@ popd
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%changelog
* Thu Feb 22 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-6
- Uncomment again original max-upd-size
* Wed Feb 21 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-5
- Use default RPM build flags and configure parameters (#1539097)