* Tue Aug 27 2019 Paul Wouters <pwouters@redhat.com> - 1.9.3-1
- Updated to 1.9.3 - Resolves: rhbz#1672578 unbound-1.9.2 is available - Resolves: rhbz#1694831 [/usr/lib/tmpfiles.d/unbound.conf:1] Line references path below legacy directory /var/run/ - Resolves: rhbz# 1667387 [abrt] unbound: memmove(): unbound killed by SIGABRT
This commit is contained in:
parent
3031aeaab5
commit
5bfdf89e03
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (unbound-1.8.3.tar.gz) = 545486ccce288a6ef1937d82653a43a11dbd3aec7b8d0036e7fd107e537cdfc935def9db9178c2eb418d6f4b0849a242a0be1dea966f3e9e0145aa7266e483ad
|
||||
SHA512 (unbound-1.9.3.tar.gz) = 21e14dc1577adbe502a262d7fbe9aae0cd389cd9c0b822246beadf00f0ee875e268eeb3ce820433cbb01495d6b182c334b34b63b1bc33b08589a230810ccfe90
|
||||
|
@ -1 +1 @@
|
||||
D /var/run/unbound 0755 unbound unbound -
|
||||
D /run/unbound 0755 unbound unbound -
|
||||
|
70
unbound.conf
70
unbound.conf
@ -121,6 +121,7 @@ server:
|
||||
# so-sndbuf: 0
|
||||
|
||||
# use SO_REUSEPORT to distribute queries over threads.
|
||||
# at extreme load it could be better to turn it off to distribute even.
|
||||
so-reuseport: yes
|
||||
|
||||
# use IP_TRANSPARENT so the interface: addresses can be non-local
|
||||
@ -134,7 +135,7 @@ server:
|
||||
# ip-freebind: no
|
||||
|
||||
# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
|
||||
# is set with msg-buffer-size). 1472 can solve fragmentation (timeouts).
|
||||
# is set with msg-buffer-size). 1472 can solve fragmentation (timeouts)
|
||||
# edns-buffer-size: 4096
|
||||
|
||||
# Maximum UDP response size (not applied to TCP response).
|
||||
@ -143,6 +144,9 @@ server:
|
||||
# Helps mitigating DDOS
|
||||
max-udp-size: 3072
|
||||
|
||||
# max memory to use for stream(tcp and tls) waiting result buffers.
|
||||
# stream-wait-size: 4m
|
||||
|
||||
# buffer size for handling DNS data. No messages larger than this
|
||||
# size can be sent or received, by UDP or TCP. In bytes.
|
||||
# msg-buffer-size: 65552
|
||||
@ -346,6 +350,10 @@ server:
|
||||
# timetoresolve, fromcache and responsesize.
|
||||
# log-replies: no
|
||||
|
||||
# log with tag 'query' and 'reply' instead of 'info' for
|
||||
# filtering log-queries and log-replies from the log.
|
||||
# log-tag-queryreply: no
|
||||
|
||||
# log the local-zone actions, like local-zone type inform is enabled
|
||||
# also for the other local zone types.
|
||||
# log-local-actions: no
|
||||
@ -492,6 +500,9 @@ server:
|
||||
|
||||
# module configuration of the server. A string with identifiers
|
||||
# separated by spaces. Syntax: "[dns64] [validator] iterator"
|
||||
# most modules have to be listed at the beginning of the line,
|
||||
# except cachedb(just before iterator), and python (at the beginning,
|
||||
# or, just before the iterator).
|
||||
module-config: "ipsecmod validator iterator"
|
||||
|
||||
# File with trusted keys, kept uptodate using RFC5011 probes,
|
||||
@ -671,6 +682,9 @@ server:
|
||||
# local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
|
||||
# And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
|
||||
|
||||
# Add example.com into ipset
|
||||
# local-zone: "example.com" ipset
|
||||
|
||||
# If unbound is running service for the local host then it is useful
|
||||
# to perform lan-wide lookups to the upstream, and unblock the
|
||||
# long list of local-zones above. If this unbound is a dns server
|
||||
@ -694,6 +708,7 @@ server:
|
||||
# o typetransparent resolves normally for other types and other names
|
||||
# o inform acts like transparent, but logs client IP address
|
||||
# o inform_deny drops queries and logs client IP address
|
||||
# o inform_redirect redirects queries and logs client IP address
|
||||
# o always_transparent, always_refuse, always_nxdomain, resolve in
|
||||
# that way but ignore local data for that name
|
||||
# o noview breaks out of that view towards global local-zones.
|
||||
@ -737,7 +752,20 @@ server:
|
||||
# tls-service-key: "/etc/unbound/unbound_server.key"
|
||||
# tls-service-pem: "/etc/unbound/unbound_server.pem"
|
||||
# tls-port: 853
|
||||
#
|
||||
|
||||
# cipher setting for TLSv1.2
|
||||
# tls-ciphers: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256"
|
||||
# cipher setting for TLSv1.3
|
||||
# tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
|
||||
|
||||
# Add the secret file for TLS Session Ticket.
|
||||
# Secret file must be 80 bytes of random data.
|
||||
# First key use to encrypt and decrypt TLS session tickets.
|
||||
# Other keys use to decrypt only.
|
||||
# requires restart to take effect.
|
||||
# tls-session-ticket-keys: "path/to/secret_file1"
|
||||
# tls-session-ticket-keys: "path/to/secret_file2"
|
||||
|
||||
# request upstream over TLS (with plain DNS inside the TLS stream).
|
||||
# Default is no. Can be turned on and off with unbound-control.
|
||||
# tls-upstream: no
|
||||
@ -833,6 +861,8 @@ server:
|
||||
# Python config section. To enable:
|
||||
# o use --with-pythonmodule to configure before compiling.
|
||||
# o list python in the module-config string (above) to enable.
|
||||
# It can be at the start, it gets validated results, or just before
|
||||
# the iterator and process before DNSSEC validation.
|
||||
# o and give a python-script to run.
|
||||
python:
|
||||
# Script file to load
|
||||
@ -913,6 +943,7 @@ include: /etc/unbound/conf.d/*.conf
|
||||
# forward-addr: 192.0.2.73@5355 # forward to port 5355.
|
||||
# forward-first: no
|
||||
# forward-tls-upstream: no
|
||||
# forward-no-cache: no
|
||||
# forward-zone:
|
||||
# name: "example.org"
|
||||
# forward-host: fwd.example.com
|
||||
@ -935,12 +966,22 @@ auth-zone:
|
||||
for-downstream: no
|
||||
for-upstream: yes
|
||||
fallback-enabled: yes
|
||||
master: b.root-servers.net
|
||||
master: c.root-servers.net
|
||||
master: e.root-servers.net
|
||||
master: f.root-servers.net
|
||||
master: g.root-servers.net
|
||||
master: k.root-servers.net
|
||||
master: 199.9.14.201 # b.root-servers.net
|
||||
master: 192.33.4.12 # c.root-servers.net
|
||||
master: 199.7.91.13 # d.root-servers.net
|
||||
master: 192.5.5.241 # f.root-servers.net
|
||||
master: 192.112.36.4 # g.root-servers.net
|
||||
master: 193.0.14.129 # k.root-servers.net
|
||||
master: 192.0.47.132 # xfr.cjr.dns.icann.org
|
||||
master: 192.0.32.132 # xfr.lax.dns.icann.org
|
||||
master: 2001:500:200::b # b.root-servers.net
|
||||
master: 2001:500:2::c # c.root-servers.net
|
||||
master: 2001:500:2d::d # d.root-servers.net
|
||||
master: 2001:500:2f::f # f.root-servers.net
|
||||
master: 2001:500:12::d0d # g.root-servers.net
|
||||
master: 2001:7fd::1 # k.root-servers.net
|
||||
master: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org
|
||||
master: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org
|
||||
# auth-zone:
|
||||
# name: "example.org"
|
||||
# for-downstream: yes
|
||||
@ -991,7 +1032,7 @@ auth-zone:
|
||||
# Enable external backend DB as auxiliary cache. Specify the backend name
|
||||
# (default is "testframe", which has no use other than for debugging and
|
||||
# testing) and backend-specific options. The 'cachedb' module must be
|
||||
# included in module-config.
|
||||
# included in module-config, just before the iterator module.
|
||||
# cachedb:
|
||||
# backend: "testframe"
|
||||
# # secret seed string to calculate hashed keys
|
||||
@ -1004,3 +1045,14 @@ auth-zone:
|
||||
# redis-server-port: 6379
|
||||
# # timeout (in ms) for communication with the redis server
|
||||
# redis-timeout: 100
|
||||
|
||||
# IPSet
|
||||
# Add specify domain into set via ipset.
|
||||
# Note: To enable ipset needs run unbound as root user.
|
||||
# ipset:
|
||||
# # set name for ip v4 addresses
|
||||
# name-v4: "list-v4"
|
||||
# # set name for ip v6 addresses
|
||||
# name-v6: "list-v6"
|
||||
#
|
||||
|
||||
|
16
unbound.spec
16
unbound.spec
@ -33,8 +33,8 @@
|
||||
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.8.3
|
||||
Release: 8%{?extra_version:.%{extra_version}}%{?dist}
|
||||
Version: 1.9.3
|
||||
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
||||
License: BSD
|
||||
Url: https://www.unbound.net/
|
||||
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
|
||||
@ -55,8 +55,6 @@ Source15: unbound-anchor.timer
|
||||
Source16: unbound-munin.README
|
||||
Source17: unbound-anchor.service
|
||||
|
||||
Patch1: unbound-1.8.3-dns64-again.patch
|
||||
|
||||
BuildRequires: gcc, make
|
||||
BuildRequires: flex, openssl-devel
|
||||
BuildRequires: libevent-devel expat-devel
|
||||
@ -149,7 +147,7 @@ Python 3 modules and extensions for unbound
|
||||
%setup -qcn %{pkgname}
|
||||
|
||||
pushd %{pkgname}
|
||||
%patch1
|
||||
# patches go here
|
||||
|
||||
# only for snapshots
|
||||
# autoreconf -iv
|
||||
@ -173,7 +171,7 @@ cp -a %{dir_primary} %{dir_secondary}
|
||||
--enable-relro-now --enable-pie \\\
|
||||
--enable-subnet --enable-ipsecmod \\\
|
||||
--with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\
|
||||
--with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\
|
||||
--with-pidfile=%{_rundir}/%{name}/%{name}.pid \\\
|
||||
--enable-sha2 --disable-gost --enable-ecdsa \\\
|
||||
--with-rootkey-file=%{_sharedstatedir}/unbound/root.key
|
||||
|
||||
@ -410,6 +408,12 @@ popd
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
|
||||
%changelog
|
||||
* Tue Aug 27 2019 Paul Wouters <pwouters@redhat.com> - 1.9.3-1
|
||||
- Updated to 1.9.3
|
||||
- Resolves: rhbz#1672578 unbound-1.9.2 is available
|
||||
- Resolves: rhbz#1694831 [/usr/lib/tmpfiles.d/unbound.conf:1] Line references path below legacy directory /var/run/
|
||||
- Resolves: rhbz# 1667387 [abrt] unbound: memmove(): unbound killed by SIGABRT
|
||||
|
||||
* Thu Aug 22 2019 Miro Hrončok <mhroncok@redhat.com> - 1.8.3-8
|
||||
- Subpackage python2-unbound has been removed
|
||||
See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
|
||||
|
Loading…
Reference in New Issue
Block a user