* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
- Resolves rhbz#1589807 unbound-1.7.2 is available - Add patch to fix stub/forward zone not returning ServFail when TTL expires - Enabled the new root-key-sentinel option
This commit is contained in:
Paul Wouters
parent
749ca6b65b
commit
e9cb729533
1
.gitignore
vendored
1
.gitignore
vendored
@ -47,3 +47,4 @@ unbound-1.4.5.tar.gz
|
||||
/unbound-1.6.8.tar.gz
|
||||
/unbound-1.7.0.tar.gz
|
||||
/unbound-1.7.1.tar.gz
|
||||
/unbound-1.7.2.tar.gz
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (unbound-1.7.1.tar.gz) = 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255
|
||||
SHA512 (unbound-1.7.2.tar.gz) = a5b0794b15d72a89bd6090f6febca3199e8c66f779c5da7f07dfbacc17bd62f340a3392b9086d39f28f7ab5942aba24810347fbf0e1ea22c5641d2b00fb29387
|
||||
|
||||
30
unbound.conf
30
unbound.conf
@ -246,7 +246,8 @@ server:
|
||||
# to this server. Specify classless netblocks with /size and action.
|
||||
# By default everything is refused, except for localhost.
|
||||
# Choose deny (drop message), refuse (polite error reply),
|
||||
# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
|
||||
# allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
|
||||
# allow_snoop (recursive and nonrecursive ok)
|
||||
# deny_non_local (drop queries unless can be answered from local-data)
|
||||
# refuse_non_local (like deny_non_local but polite error reply).
|
||||
# access-control: 0.0.0.0/0 refuse
|
||||
@ -483,6 +484,9 @@ server:
|
||||
# trust anchor signaling sends a RFC8145 key tag query after priming.
|
||||
trust-anchor-signaling: yes
|
||||
|
||||
# Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel)
|
||||
root-key-sentinel: yes
|
||||
|
||||
# File with DLV trusted keys. Same format as trust-anchor-file.
|
||||
# There can be only one DLV configured, it is trusted from root down.
|
||||
# DLV is going to be decommissioned. Please do not use it any more.
|
||||
@ -658,7 +662,7 @@ server:
|
||||
# o inform acts like transparent, but logs client IP address
|
||||
# o inform_deny drops queries and logs client IP address
|
||||
# o always_transparent, always_refuse, always_nxdomain, resolve in
|
||||
# that way but ignore local data for that name.
|
||||
# that way but ignore local data for that name
|
||||
# o noview breaks out of that view towards global local-zones.
|
||||
#
|
||||
# defaults are localhost address, reverse for 127.0.0.1 and ::1
|
||||
@ -705,6 +709,15 @@ server:
|
||||
# Default is no. Can be turned on and off with unbound-control.
|
||||
# tls-upstream: no
|
||||
|
||||
# Certificates used to authenticate connections made upstream.
|
||||
# tls-cert-bundle: ""
|
||||
|
||||
# Add system certs to the cert bundle, from the Windows Cert Store
|
||||
# tls-win-cert: no
|
||||
|
||||
# Also serve tls on these port numbers (eg. 443, ...), by listing
|
||||
# tls-additional-ports: portno for each of the port numbers.
|
||||
|
||||
# DNS64 prefix. Must be specified when DNS64 is use.
|
||||
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
|
||||
# dns64-prefix: 64:ff9b::0/96
|
||||
@ -722,6 +735,12 @@ server:
|
||||
# 0 blocks when ratelimited, otherwise let 1/xth traffic through
|
||||
# ratelimit-factor: 10
|
||||
|
||||
# what is considered a low rtt (ping time for upstream server), in msec
|
||||
# low-rtt: 45
|
||||
# select low rtt this many times out of 1000. 0 means the fast server
|
||||
# select is disabled. prefetches are not sped up.
|
||||
# low-rtt-permil: 0
|
||||
|
||||
# override the ratelimit for a specific domain name.
|
||||
# give this setting multiple times to have multiple overrides.
|
||||
# ratelimit-for-domain: example.com 1000
|
||||
@ -929,3 +948,10 @@ auth-zone:
|
||||
# backend: "testframe"
|
||||
# # secret seed string to calculate hashed keys
|
||||
# secret-seed: "default"
|
||||
# # For "redis" backend:
|
||||
# # redis server's IP address or host name
|
||||
# redis-server-host: 127.0.0.1
|
||||
# # redis server's TCP port
|
||||
# redis-server-port: 6379
|
||||
# # timeout (in ms) for communication with the redis server
|
||||
# redis-timeout: 100
|
||||
|
||||
11
unbound.spec
11
unbound.spec
@ -33,7 +33,7 @@
|
||||
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.7.1
|
||||
Version: 1.7.2
|
||||
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
||||
License: BSD
|
||||
Url: https://www.unbound.net/
|
||||
@ -55,6 +55,8 @@ Source15: unbound-anchor.timer
|
||||
Source16: unbound-munin.README
|
||||
Source17: unbound-anchor.service
|
||||
|
||||
Patch1: unbound-1.7.2-stub-fwd-ttl.patch
|
||||
|
||||
BuildRequires: gcc, make
|
||||
BuildRequires: flex, openssl-devel
|
||||
BuildRequires: libevent-devel expat-devel
|
||||
@ -158,6 +160,8 @@ Python 3 modules and extensions for unbound
|
||||
%setup -qcn %{pkgname}
|
||||
|
||||
pushd %{pkgname}
|
||||
%patch1 -p1
|
||||
|
||||
# only for snapshots
|
||||
# autoreconf -iv
|
||||
|
||||
@ -424,6 +428,11 @@ popd
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
|
||||
%changelog
|
||||
* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
|
||||
- Resolves rhbz#1589807 unbound-1.7.2 is available
|
||||
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
|
||||
- Enabled the new root-key-sentinel option
|
||||
|
||||
* Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
|
||||
- Update to 1.7.1 (#1574495)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user