+* Tue May 21 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-9
- Use /var/lib/unbound/root.anchor (more consistent with other distros) - Enable round-robin (with noths() patch) - Enable minimal responses
This commit is contained in:
Paul Wouters
parent
463a11e746
commit
259a0ee4dc
@ -323,11 +323,11 @@ server:
|
|||||||
prefetch-key: yes
|
prefetch-key: yes
|
||||||
|
|
||||||
# if yes, Unbound rotates RRSet order in response.
|
# if yes, Unbound rotates RRSet order in response.
|
||||||
# rrset-roundrobin: no
|
rrset-roundrobin: yes
|
||||||
|
|
||||||
# if yes, Unbound doesn't insert authority/additional sections
|
# if yes, Unbound doesn't insert authority/additional sections
|
||||||
# into response messages when those sections are not required.
|
# into response messages when those sections are not required.
|
||||||
# minimal-responses: no
|
minimal-responses: yes
|
||||||
|
|
||||||
# module configuration of the server. A string with identifiers
|
# module configuration of the server. A string with identifiers
|
||||||
# separated by spaces. "iterator" or "validator iterator"
|
# separated by spaces. "iterator" or "validator iterator"
|
||||||
@ -362,7 +362,7 @@ server:
|
|||||||
#
|
#
|
||||||
# trusted-keys-file: /etc/unbound/rootkey.bind
|
# trusted-keys-file: /etc/unbound/rootkey.bind
|
||||||
trusted-keys-file: /etc/unbound/keys.d/*.key
|
trusted-keys-file: /etc/unbound/keys.d/*.key
|
||||||
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
auto-trust-anchor-file: "/var/lib/unbound/root.anchor"
|
||||||
|
|
||||||
# Ignore chain of trust. Domain is treated as insecure.
|
# Ignore chain of trust. Domain is treated as insecure.
|
||||||
# domain-insecure: "example.com"
|
# domain-insecure: "example.com"
|
||||||
|
|||||||
@ -1,3 +1,3 @@
|
|||||||
# Look to see if the DNSSEC Root key got rolled, if so check trust and update
|
# Look to see if the DNSSEC Root key got rolled, if so check trust and update
|
||||||
|
|
||||||
10 3 1 * * unbound /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
|
10 3 1 * * unbound /usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem
|
||||||
|
|||||||
@ -9,7 +9,7 @@ Wants=nss-lookup.target
|
|||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
EnvironmentFile=-/etc/sysconfig/unbound
|
EnvironmentFile=-/etc/sysconfig/unbound
|
||||||
ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
|
ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem
|
||||||
ExecStartPre=/usr/sbin/unbound-checkconf
|
ExecStartPre=/usr/sbin/unbound-checkconf
|
||||||
ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS
|
ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS
|
||||||
|
|
||||||
|
|||||||
18
unbound.spec
18
unbound.spec
@ -11,7 +11,7 @@
|
|||||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||||
Name: unbound
|
Name: unbound
|
||||||
Version: 1.4.20
|
Version: 1.4.20
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Url: http://www.nlnetlabs.nl/unbound/
|
Url: http://www.nlnetlabs.nl/unbound/
|
||||||
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
|
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
|
||||||
@ -118,7 +118,7 @@ export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie"
|
|||||||
--with-pythonmodule --with-pyunbound \
|
--with-pythonmodule --with-pyunbound \
|
||||||
%endif
|
%endif
|
||||||
--enable-sha2 --disable-gost --disable-ecdsa \
|
--enable-sha2 --disable-gost --disable-ecdsa \
|
||||||
--with-rootkey-file=%{_sharedstatedir}/unbound/root.key
|
--with-rootkey-file=%{_sharedstatedir}/unbound/root.anchor
|
||||||
|
|
||||||
%{__make} %{?_smp_mflags}
|
%{__make} %{?_smp_mflags}
|
||||||
%{__make} %{?_smp_mflags} streamtcp
|
%{__make} %{?_smp_mflags} streamtcp
|
||||||
@ -155,7 +155,7 @@ install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/tmpfiles.d/unbound.conf
|
|||||||
# install root and DLV key - we keep a copy of the root key in old location,
|
# install root and DLV key - we keep a copy of the root key in old location,
|
||||||
# in case user has changed the configuration and we wouldn't update it there
|
# in case user has changed the configuration and we wouldn't update it there
|
||||||
install -m 0644 %{SOURCE5} %{SOURCE6} %{SOURCE13} %{buildroot}%{_sysconfdir}/unbound/
|
install -m 0644 %{SOURCE5} %{SOURCE6} %{SOURCE13} %{buildroot}%{_sysconfdir}/unbound/
|
||||||
install -m 0644 %{SOURCE13} %{buildroot}%{_sharedstatedir}/unbound/root.key
|
install -m 0644 %{SOURCE13} %{buildroot}%{_sharedstatedir}/unbound/
|
||||||
|
|
||||||
# remove static library from install (fedora packaging guidelines)
|
# remove static library from install (fedora packaging guidelines)
|
||||||
rm %{buildroot}%{_libdir}/*.la
|
rm %{buildroot}%{_libdir}/*.la
|
||||||
@ -232,11 +232,10 @@ echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control
|
|||||||
%{_sysconfdir}/%{name}/icannbundle.pem
|
%{_sysconfdir}/%{name}/icannbundle.pem
|
||||||
%attr(0644,root,root) %{_sysconfdir}/cron.d/unbound-anchor
|
%attr(0644,root,root) %{_sysconfdir}/cron.d/unbound-anchor
|
||||||
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
|
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
|
||||||
%attr(0644,unbound,unbound) %config(noreplace) %{_sharedstatedir}/%{name}/root.key
|
%attr(0644,unbound,unbound) %config(noreplace) %{_sharedstatedir}/%{name}/root.anchor
|
||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
|
|
||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
|
||||||
# just left for backwards compat with user changed unbound.conf files - format is different!
|
# just left for backwards compat with user changed unbound.conf files - format is different!
|
||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.anchor
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
|
||||||
%doc doc/README doc/LICENSE
|
%doc doc/README doc/LICENSE
|
||||||
|
|
||||||
%pre libs
|
%pre libs
|
||||||
@ -253,7 +252,7 @@ exit 0
|
|||||||
|
|
||||||
%post libs
|
%post libs
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
%{_sbindir}/runuser --command="%{_sbindir}/unbound-anchor -a %{_sharedstatedir}/unbound/root.key -c %{_sysconfdir}/unbound/icannbundle.pem" --shell /bin/sh unbound ||:
|
%{_sbindir}/runuser --command="%{_sbindir}/unbound-anchor -a %{_sharedstatedir}/unbound/root.anchor -c %{_sysconfdir}/unbound/icannbundle.pem" --shell /bin/sh unbound ||:
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%systemd_preun unbound.service
|
%systemd_preun unbound.service
|
||||||
@ -279,6 +278,11 @@ exit 0
|
|||||||
/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
|
/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 21 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-9
|
||||||
|
- Use /var/lib/unbound/root.anchor (more consistent with other distros)
|
||||||
|
- Enable round-robin (with noths() patch)
|
||||||
|
- Enable minimal responses
|
||||||
|
|
||||||
* Mon Apr 22 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-8
|
* Mon Apr 22 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-8
|
||||||
- Refix
|
- Refix
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user