* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1

- Resolves rhbz#1589807 unbound-1.7.2 is available
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
- Enabled the new root-key-sentinel option
This commit is contained in:
Paul Wouters 2018-06-11 16:49:15 -04:00
parent 749ca6b65b
commit e9cb729533
4 changed files with 40 additions and 4 deletions

1
.gitignore vendored
View File

@ -47,3 +47,4 @@ unbound-1.4.5.tar.gz
/unbound-1.6.8.tar.gz /unbound-1.6.8.tar.gz
/unbound-1.7.0.tar.gz /unbound-1.7.0.tar.gz
/unbound-1.7.1.tar.gz /unbound-1.7.1.tar.gz
/unbound-1.7.2.tar.gz

View File

@ -1 +1 @@
SHA512 (unbound-1.7.1.tar.gz) = 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255 SHA512 (unbound-1.7.2.tar.gz) = a5b0794b15d72a89bd6090f6febca3199e8c66f779c5da7f07dfbacc17bd62f340a3392b9086d39f28f7ab5942aba24810347fbf0e1ea22c5641d2b00fb29387

View File

@ -246,7 +246,8 @@ server:
# to this server. Specify classless netblocks with /size and action. # to this server. Specify classless netblocks with /size and action.
# By default everything is refused, except for localhost. # By default everything is refused, except for localhost.
# Choose deny (drop message), refuse (polite error reply), # Choose deny (drop message), refuse (polite error reply),
# allow (recursive ok), allow_snoop (recursive and nonrecursive ok) # allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
# allow_snoop (recursive and nonrecursive ok)
# deny_non_local (drop queries unless can be answered from local-data) # deny_non_local (drop queries unless can be answered from local-data)
# refuse_non_local (like deny_non_local but polite error reply). # refuse_non_local (like deny_non_local but polite error reply).
# access-control: 0.0.0.0/0 refuse # access-control: 0.0.0.0/0 refuse
@ -483,6 +484,9 @@ server:
# trust anchor signaling sends a RFC8145 key tag query after priming. # trust anchor signaling sends a RFC8145 key tag query after priming.
trust-anchor-signaling: yes trust-anchor-signaling: yes
# Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel)
root-key-sentinel: yes
# File with DLV trusted keys. Same format as trust-anchor-file. # File with DLV trusted keys. Same format as trust-anchor-file.
# There can be only one DLV configured, it is trusted from root down. # There can be only one DLV configured, it is trusted from root down.
# DLV is going to be decommissioned. Please do not use it any more. # DLV is going to be decommissioned. Please do not use it any more.
@ -658,7 +662,7 @@ server:
# o inform acts like transparent, but logs client IP address # o inform acts like transparent, but logs client IP address
# o inform_deny drops queries and logs client IP address # o inform_deny drops queries and logs client IP address
# o always_transparent, always_refuse, always_nxdomain, resolve in # o always_transparent, always_refuse, always_nxdomain, resolve in
# that way but ignore local data for that name. # that way but ignore local data for that name
# o noview breaks out of that view towards global local-zones. # o noview breaks out of that view towards global local-zones.
# #
# defaults are localhost address, reverse for 127.0.0.1 and ::1 # defaults are localhost address, reverse for 127.0.0.1 and ::1
@ -705,6 +709,15 @@ server:
# Default is no. Can be turned on and off with unbound-control. # Default is no. Can be turned on and off with unbound-control.
# tls-upstream: no # tls-upstream: no
# Certificates used to authenticate connections made upstream.
# tls-cert-bundle: ""
# Add system certs to the cert bundle, from the Windows Cert Store
# tls-win-cert: no
# Also serve tls on these port numbers (eg. 443, ...), by listing
# tls-additional-ports: portno for each of the port numbers.
# DNS64 prefix. Must be specified when DNS64 is use. # DNS64 prefix. Must be specified when DNS64 is use.
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
# dns64-prefix: 64:ff9b::0/96 # dns64-prefix: 64:ff9b::0/96
@ -722,6 +735,12 @@ server:
# 0 blocks when ratelimited, otherwise let 1/xth traffic through # 0 blocks when ratelimited, otherwise let 1/xth traffic through
# ratelimit-factor: 10 # ratelimit-factor: 10
# what is considered a low rtt (ping time for upstream server), in msec
# low-rtt: 45
# select low rtt this many times out of 1000. 0 means the fast server
# select is disabled. prefetches are not sped up.
# low-rtt-permil: 0
# override the ratelimit for a specific domain name. # override the ratelimit for a specific domain name.
# give this setting multiple times to have multiple overrides. # give this setting multiple times to have multiple overrides.
# ratelimit-for-domain: example.com 1000 # ratelimit-for-domain: example.com 1000
@ -929,3 +948,10 @@ auth-zone:
# backend: "testframe" # backend: "testframe"
# # secret seed string to calculate hashed keys # # secret seed string to calculate hashed keys
# secret-seed: "default" # secret-seed: "default"
# # For "redis" backend:
# # redis server's IP address or host name
# redis-server-host: 127.0.0.1
# # redis server's TCP port
# redis-server-port: 6379
# # timeout (in ms) for communication with the redis server
# redis-timeout: 100

View File

@ -33,7 +33,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound Name: unbound
Version: 1.7.1 Version: 1.7.2
Release: 1%{?extra_version:.%{extra_version}}%{?dist} Release: 1%{?extra_version:.%{extra_version}}%{?dist}
License: BSD License: BSD
Url: https://www.unbound.net/ Url: https://www.unbound.net/
@ -55,6 +55,8 @@ Source15: unbound-anchor.timer
Source16: unbound-munin.README Source16: unbound-munin.README
Source17: unbound-anchor.service Source17: unbound-anchor.service
Patch1: unbound-1.7.2-stub-fwd-ttl.patch
BuildRequires: gcc, make BuildRequires: gcc, make
BuildRequires: flex, openssl-devel BuildRequires: flex, openssl-devel
BuildRequires: libevent-devel expat-devel BuildRequires: libevent-devel expat-devel
@ -158,6 +160,8 @@ Python 3 modules and extensions for unbound
%setup -qcn %{pkgname} %setup -qcn %{pkgname}
pushd %{pkgname} pushd %{pkgname}
%patch1 -p1
# only for snapshots # only for snapshots
# autoreconf -iv # autoreconf -iv
@ -424,6 +428,11 @@ popd
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%changelog %changelog
* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
- Resolves rhbz#1589807 unbound-1.7.2 is available
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
- Enabled the new root-key-sentinel option
* Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1 * Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
- Update to 1.7.1 (#1574495) - Update to 1.7.1 (#1574495)