From 3bde9d279cdeb1afb96c0050a7ef5d5f2f6ac487 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Fri, 27 Jan 2012 11:46:03 -0500 Subject: [PATCH] * Fri Jan 27 2012 Paul Wouters - 1.4.15-1 - Upgraded to 1.4.15 - Updated unbound.conf to show how to configure listening on tls443 --- .gitignore | 1 + sources | 3 +-- unbound.conf | 16 +++++++++++++--- unbound.spec | 19 +++++++++++-------- 4 files changed, 26 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index c2cafd9..78580af 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ unbound-1.4.5.tar.gz /unbound-1.4.12.tar.gz /unbound-1.4.13.tar.gz /unbound-1.4.14.tar.gz +/unbound-1.4.15.tar.gz diff --git a/sources b/sources index fc8e3ae..2a74d37 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -7e3b27dee2b97640dd2e1783253317ab unbound-1.4.13.tar.gz -cd69fdaaa6af01ea0b6fbc59802f74ba unbound-1.4.14.tar.gz +99173a6548e0e2ec9bfac7a5d025f79e unbound-1.4.15.tar.gz diff --git a/unbound.conf b/unbound.conf index 99bc8d6..86af420 100644 --- a/unbound.conf +++ b/unbound.conf @@ -40,12 +40,20 @@ server: # interface: 192.0.2.153 # interface: 192.0.2.154 # interface: 2001:DB8::5 + # + # for dns over tls and raw dns over port 80 + # interface: 0.0.0.0@443 + # interface: ::0@443 + # interface: 0.0.0.0@80 + # interface: ::0@80 # enable this feature to copy the source address of queries to reply. # Socket options are not supported on all platforms. experimental. + # interface-automatic: yes + # # NOTE: Enable this option when specifying interface 0.0.0.0 or ::0 # NOTE: Disabled per Fedora policy not to listen to * on default install - # interface-automatic: yes + # NOTE: If deploying on non-default port, eg 80/443, this needs to be disabled interface-automatic: no # port to answer queries from @@ -146,6 +154,8 @@ server: # do-ip6: yes # Enable UDP, "yes" or "no". + # NOTE: if setting up an unbound on tls443 for public use, you might want to + # disable UDP to avoid being used in DNS amplification attacks. # do-udp: yes # Enable TCP, "yes" or "no". @@ -448,8 +458,8 @@ server: # service clients over SSL (on the TCP sockets), with plain DNS inside # the SSL stream. Give the certificate to use and private key. # default is "" (disabled). requires restart to take effect. - # ssl-service-key: "path/to/privatekeyfile.key" - # ssl-service-pem: "path/to/publiccertfile.pem" + # ssl-service-key: "/etc/unbound/unbound_server.key" + # ssl-service-pem: "/etc/unbound/unbound_server.pem" # ssl-port: 443 # request upstream over SSL (with plain DNS inside the SSL stream). diff --git a/unbound.spec b/unbound.spec index d2f790a..c82b836 100644 --- a/unbound.spec +++ b/unbound.spec @@ -1,4 +1,3 @@ -# not ready yet %{?!with_python: %global with_python 1} %if %{with_python} @@ -8,8 +7,8 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound -Version: 1.4.14 -Release: 2%{?dist} +Version: 1.4.15 +Release: 1%{?dist} License: BSD Url: http://www.nlnetlabs.nl/unbound/ Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz @@ -191,11 +190,11 @@ sed -i "s:/etc/pki/dnssec-keys[/]*dlv:/etc/unbound:" %{_sysconfdir}/unbound/unbo %preun if [ $1 -eq 0 ]; then - # Package removal, not upgrade - /bin/systemctl --no-reload disable unbound.service > /dev/null 2>&1 || : - /bin/systemctl stop unbound.service > /dev/null 2>&1 || : - /bin/systemctl --no-reload disable unbound-keygen.service > /dev/null 2>&1 || : - /bin/systemctl stop unbound-keygen.service > /dev/null 2>&1 || : + # Package removal, not upgrade + /bin/systemctl --no-reload disable unbound.service > /dev/null 2>&1 || : + /bin/systemctl stop unbound.service > /dev/null 2>&1 || : + /bin/systemctl --no-reload disable unbound-keygen.service > /dev/null 2>&1 || : + /bin/systemctl stop unbound-keygen.service > /dev/null 2>&1 || : fi %postun @@ -220,6 +219,10 @@ fi /bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || : %changelog +* Fri Jan 27 2012 Paul Wouters - 1.4.15-1 +- Upgraded to 1.4.15 +- Updated unbound.conf to show how to configure listening on tls443 + * Sat Jan 14 2012 Fedora Release Engineering - 1.4.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild