Revert "Improve config formatting"

This reverts commit 3d0bac0df2. Uncomment again commented out value and bump version. Comment by Paul Wouters: The value of 3072 was tailored to cause a failure for ANY requries to isc.org, which are used a lot by attackers. Now with 4096, it will fit and the query can be abused again to cause amplification with that popular dns query.
2018-02-22 10:58:45 +01:00 · 2018-02-22 10:58:45 +01:00 · 1b9764fb5a
commit 1b9764fb5a
parent ba13eb790b
2 changed files with 5 additions and 2 deletions
--- a/unbound.conf
+++ b/unbound.conf
@ -141,7 +141,7 @@ server:
 	# Suggested values are 512 to 4096. Default is 4096. 65536 disables it.
 	# 3072 causes +dnssec any isc.org queries to need TC=1.
 	# Helps mitigating DDOS
-	# max-udp-size: 3072
+	max-udp-size: 3072

 	# buffer size for handling DNS data. No messages larger than this
 	# size can be sent or received, by UDP or TCP. In bytes.
--- a/unbound.spec
+++ b/unbound.spec
@ -21,7 +21,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.6.8
-Release: 5%{?extra_version:.%{extra_version}}%{?dist}
+Release: 6%{?extra_version:.%{extra_version}}%{?dist}
 License: BSD
 Url: https://www.unbound.net/
 Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
@ -435,6 +435,9 @@ popd
 %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key

 %changelog
+* Thu Feb 22 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-6
+- Uncomment again original max-upd-size
+
 * Wed Feb 21 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-5
 - Use default RPM build flags and configure parameters (#1539097)