- Resolves rhbz#1860887 unbound-1.13.1 is available
- Fixup unbound.conf
This commit is contained in:
Paul Wouters
parent
4bc5d30582
commit
809b23a9f1
1
.gitignore
vendored
1
.gitignore
vendored
@ -63,3 +63,4 @@ unbound-1.4.5.tar.gz
|
||||
/unbound-1.12.0.tar.gz.asc
|
||||
/unbound-1.13.0.tar.gz
|
||||
/unbound-1.13.0.tar.gz.asc
|
||||
/unbound-1.13.1.tar.gz
|
||||
|
||||
3
sources
3
sources
@ -1,2 +1 @@
|
||||
SHA512 (unbound-1.13.0.tar.gz) = d4f3c5a7df5d46f8b1ee32b61e68bdc0d63030820d236ecc51bc3ac356d15248acb9a5e0b6009e1936b03b751e8dd05a071a95ab239fdbbbb308442a59642ad5
|
||||
SHA512 (unbound-1.13.0.tar.gz.asc) = 924396fe8c92945386cedcfd5a52ec65b892b3dac20f2b6bf7dd99f7e263f5e3a11ce1f8f6ccc8107529c3be81d6b61d14e66bdda2d3e5c8bc8a8462b93c7d84
|
||||
SHA512 (unbound-1.13.1.tar.gz) = f4d26dca28dbcc33a5e65a55147fa01077c331292e88b6a87798cb6c3d4edb0515015d131fd893c92b74d22d9998a640f0adce404e6192d61ebe69a6a599287c
|
||||
|
||||
54
unbound.conf
54
unbound.conf
@ -328,7 +328,7 @@ server:
|
||||
# The pid file can be absolute and outside of the chroot, it is
|
||||
# written just prior to performing the chroot and dropping permissions.
|
||||
#
|
||||
# Additionally, unbound may need to access /dev/random (for entropy).
|
||||
# Additionally, unbound may need to access /dev/urandom (for entropy).
|
||||
# How to do this is specific to your OS.
|
||||
#
|
||||
# If you give "" no chroot is performed. The path must not end in a /.
|
||||
@ -393,6 +393,9 @@ server:
|
||||
# enable to not answer version.server and version.bind queries.
|
||||
# hide-version: no
|
||||
|
||||
# NSID identity (hex string, or "ascii_somestring"). default disabled.
|
||||
# nsid: "aabbccdd"
|
||||
|
||||
# enable to not answer trustanchor.unbound queries.
|
||||
# hide-trustanchor: no
|
||||
|
||||
@ -413,7 +416,7 @@ server:
|
||||
# target-fetch-policy: "3 2 1 0 0"
|
||||
|
||||
# Harden against very small EDNS buffer sizes.
|
||||
# harden-short-bufsize: no
|
||||
# harden-short-bufsize: yes
|
||||
|
||||
# Harden against unseemly large queries.
|
||||
# harden-large-queries: no
|
||||
@ -624,6 +627,13 @@ server:
|
||||
# A recommended value is 1800.
|
||||
# serve-expired-client-timeout: 0
|
||||
|
||||
# Return the original TTL as received from the upstream name server rather
|
||||
# than the decrementing TTL as stored in the cache. Enabling this feature
|
||||
# does not impact cache expiry, it only changes the TTL unbound embeds in
|
||||
# responses to queries. Note that enabling this feature implicitly disables
|
||||
# enforcement of the configured minimum and maximum TTL.
|
||||
# serve-original-ttl: no
|
||||
|
||||
# Have the validator log failed validations for your diagnosis.
|
||||
# 0: off. 1: A line per failed user query. 2: With reason and bad IP.
|
||||
val-log-level: 1
|
||||
@ -733,8 +743,10 @@ server:
|
||||
# o inform acts like transparent, but logs client IP address
|
||||
# o inform_deny drops queries and logs client IP address
|
||||
# o inform_redirect redirects queries and logs client IP address
|
||||
# o always_transparent, always_refuse, always_nxdomain, resolve in
|
||||
# that way but ignore local data for that name
|
||||
# o always_transparent, always_refuse, always_nxdomain, always_nodata,
|
||||
# always_deny resolve in that way but ignore local data for
|
||||
# that name
|
||||
# o always_null returns 0.0.0.0 or ::0 for any name in the zone.
|
||||
# o noview breaks out of that view towards global local-zones.
|
||||
#
|
||||
# defaults are localhost address, reverse for 127.0.0.1 and ::1
|
||||
@ -784,6 +796,12 @@ server:
|
||||
# cipher setting for TLSv1.3
|
||||
# tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
|
||||
|
||||
# Pad responses to padded queries received over TLS
|
||||
# pad-responses: yes
|
||||
|
||||
# Padded responses will be padded to the closest multiple of this size.
|
||||
# pad-responses-block-size: 468
|
||||
|
||||
# Use the SNI extension for TLS connections. Default is yes.
|
||||
# Changing the value requires a reload.
|
||||
# tls-use-sni: yes
|
||||
@ -806,6 +824,12 @@ server:
|
||||
# Add system certs to the cert bundle, from the Windows Cert Store
|
||||
# tls-win-cert: no
|
||||
|
||||
# Pad queries over TLS upstreams
|
||||
# pad-queries: yes
|
||||
|
||||
# Padded queries will be padded to the closest multiple of this size.
|
||||
# pad-queries-block-size: 128
|
||||
|
||||
# Also serve tls on these port numbers (eg. 443, ...), by listing
|
||||
# tls-additional-port: portno for each of the port numbers.
|
||||
|
||||
@ -825,22 +849,6 @@ server:
|
||||
# service.
|
||||
# http-nodelay: yes
|
||||
|
||||
# HTTP endpoint to provide DNS-over-HTTPS service on.
|
||||
# http-endpoint: "/dns-query"
|
||||
|
||||
# HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use.
|
||||
# http-max-streams: 100
|
||||
|
||||
# Maximum number of bytes used for all HTTP/2 query buffers.
|
||||
# http-query-buffer-size: 4m
|
||||
|
||||
# Maximum number of bytes used for all HTTP/2 response buffers.
|
||||
# http-response-buffer-size: 4m
|
||||
|
||||
# Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS
|
||||
# service.
|
||||
# http-nodelay: yes
|
||||
|
||||
# Disable TLS for DNS-over-HTTP downstream service.
|
||||
# http-notls-downstream: no
|
||||
|
||||
@ -1115,7 +1123,7 @@ auth-zone:
|
||||
|
||||
# IPSet
|
||||
# Add specify domain into set via ipset.
|
||||
# Note: To enable ipset unbound needs run as root user.
|
||||
# Note: To enable ipset unbound needs to run as root user.
|
||||
# ipset:
|
||||
# # set name for ip v4 addresses
|
||||
# name-v4: "list-v4"
|
||||
@ -1130,7 +1138,7 @@ auth-zone:
|
||||
# dnstap-enable: no
|
||||
# # if set to yes frame streams will be used in bidirectional mode
|
||||
# dnstap-bidirectional: yes
|
||||
# dnstap-socket-path: ""
|
||||
# dnstap-socket-path: "/etc/unbound/dnstap.sock"
|
||||
# # if "" use the unix socket in dnstap-socket-path, otherwise,
|
||||
# # set it to "IPaddress[@port]" of the destination.
|
||||
# dnstap-ip: ""
|
||||
@ -1166,7 +1174,7 @@ auth-zone:
|
||||
# rpz:
|
||||
# name: "rpz.example.com"
|
||||
# zonefile: "rpz.example.com"
|
||||
# master: 192.0.2.0
|
||||
# primary: 192.0.2.0
|
||||
# allow-notify: 192.0.2.0/32
|
||||
# url: http://www.example.com/rpz.example.org.zone
|
||||
# rpz-action-override: cname
|
||||
|
||||
@ -36,8 +36,8 @@
|
||||
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.13.0
|
||||
Release: 2%{?extra_version:.%{extra_version}}%{?dist}
|
||||
Version: 1.13.1
|
||||
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
||||
License: BSD
|
||||
Url: https://nlnetlabs.nl/projects/unbound/
|
||||
Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
|
||||
@ -458,6 +458,10 @@ popd
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
|
||||
%changelog
|
||||
* Wed Feb 10 2021 Paul Wouters <pwouters@redhat.com> - 1.13.1-1
|
||||
- Resolves rhbz#1860887 unbound-1.13.1 is available
|
||||
- Fixup unbound.conf
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user