* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
- Resolves rhbz#1589807 unbound-1.7.2 is available - Add patch to fix stub/forward zone not returning ServFail when TTL expires - Enabled the new root-key-sentinel option
This commit is contained in:
parent
749ca6b65b
commit
e9cb729533
1
.gitignore
vendored
1
.gitignore
vendored
@ -47,3 +47,4 @@ unbound-1.4.5.tar.gz
|
|||||||
/unbound-1.6.8.tar.gz
|
/unbound-1.6.8.tar.gz
|
||||||
/unbound-1.7.0.tar.gz
|
/unbound-1.7.0.tar.gz
|
||||||
/unbound-1.7.1.tar.gz
|
/unbound-1.7.1.tar.gz
|
||||||
|
/unbound-1.7.2.tar.gz
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (unbound-1.7.1.tar.gz) = 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255
|
SHA512 (unbound-1.7.2.tar.gz) = a5b0794b15d72a89bd6090f6febca3199e8c66f779c5da7f07dfbacc17bd62f340a3392b9086d39f28f7ab5942aba24810347fbf0e1ea22c5641d2b00fb29387
|
||||||
|
30
unbound.conf
30
unbound.conf
@ -246,7 +246,8 @@ server:
|
|||||||
# to this server. Specify classless netblocks with /size and action.
|
# to this server. Specify classless netblocks with /size and action.
|
||||||
# By default everything is refused, except for localhost.
|
# By default everything is refused, except for localhost.
|
||||||
# Choose deny (drop message), refuse (polite error reply),
|
# Choose deny (drop message), refuse (polite error reply),
|
||||||
# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
|
# allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
|
||||||
|
# allow_snoop (recursive and nonrecursive ok)
|
||||||
# deny_non_local (drop queries unless can be answered from local-data)
|
# deny_non_local (drop queries unless can be answered from local-data)
|
||||||
# refuse_non_local (like deny_non_local but polite error reply).
|
# refuse_non_local (like deny_non_local but polite error reply).
|
||||||
# access-control: 0.0.0.0/0 refuse
|
# access-control: 0.0.0.0/0 refuse
|
||||||
@ -483,6 +484,9 @@ server:
|
|||||||
# trust anchor signaling sends a RFC8145 key tag query after priming.
|
# trust anchor signaling sends a RFC8145 key tag query after priming.
|
||||||
trust-anchor-signaling: yes
|
trust-anchor-signaling: yes
|
||||||
|
|
||||||
|
# Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel)
|
||||||
|
root-key-sentinel: yes
|
||||||
|
|
||||||
# File with DLV trusted keys. Same format as trust-anchor-file.
|
# File with DLV trusted keys. Same format as trust-anchor-file.
|
||||||
# There can be only one DLV configured, it is trusted from root down.
|
# There can be only one DLV configured, it is trusted from root down.
|
||||||
# DLV is going to be decommissioned. Please do not use it any more.
|
# DLV is going to be decommissioned. Please do not use it any more.
|
||||||
@ -658,7 +662,7 @@ server:
|
|||||||
# o inform acts like transparent, but logs client IP address
|
# o inform acts like transparent, but logs client IP address
|
||||||
# o inform_deny drops queries and logs client IP address
|
# o inform_deny drops queries and logs client IP address
|
||||||
# o always_transparent, always_refuse, always_nxdomain, resolve in
|
# o always_transparent, always_refuse, always_nxdomain, resolve in
|
||||||
# that way but ignore local data for that name.
|
# that way but ignore local data for that name
|
||||||
# o noview breaks out of that view towards global local-zones.
|
# o noview breaks out of that view towards global local-zones.
|
||||||
#
|
#
|
||||||
# defaults are localhost address, reverse for 127.0.0.1 and ::1
|
# defaults are localhost address, reverse for 127.0.0.1 and ::1
|
||||||
@ -705,6 +709,15 @@ server:
|
|||||||
# Default is no. Can be turned on and off with unbound-control.
|
# Default is no. Can be turned on and off with unbound-control.
|
||||||
# tls-upstream: no
|
# tls-upstream: no
|
||||||
|
|
||||||
|
# Certificates used to authenticate connections made upstream.
|
||||||
|
# tls-cert-bundle: ""
|
||||||
|
|
||||||
|
# Add system certs to the cert bundle, from the Windows Cert Store
|
||||||
|
# tls-win-cert: no
|
||||||
|
|
||||||
|
# Also serve tls on these port numbers (eg. 443, ...), by listing
|
||||||
|
# tls-additional-ports: portno for each of the port numbers.
|
||||||
|
|
||||||
# DNS64 prefix. Must be specified when DNS64 is use.
|
# DNS64 prefix. Must be specified when DNS64 is use.
|
||||||
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
|
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
|
||||||
# dns64-prefix: 64:ff9b::0/96
|
# dns64-prefix: 64:ff9b::0/96
|
||||||
@ -722,6 +735,12 @@ server:
|
|||||||
# 0 blocks when ratelimited, otherwise let 1/xth traffic through
|
# 0 blocks when ratelimited, otherwise let 1/xth traffic through
|
||||||
# ratelimit-factor: 10
|
# ratelimit-factor: 10
|
||||||
|
|
||||||
|
# what is considered a low rtt (ping time for upstream server), in msec
|
||||||
|
# low-rtt: 45
|
||||||
|
# select low rtt this many times out of 1000. 0 means the fast server
|
||||||
|
# select is disabled. prefetches are not sped up.
|
||||||
|
# low-rtt-permil: 0
|
||||||
|
|
||||||
# override the ratelimit for a specific domain name.
|
# override the ratelimit for a specific domain name.
|
||||||
# give this setting multiple times to have multiple overrides.
|
# give this setting multiple times to have multiple overrides.
|
||||||
# ratelimit-for-domain: example.com 1000
|
# ratelimit-for-domain: example.com 1000
|
||||||
@ -929,3 +948,10 @@ auth-zone:
|
|||||||
# backend: "testframe"
|
# backend: "testframe"
|
||||||
# # secret seed string to calculate hashed keys
|
# # secret seed string to calculate hashed keys
|
||||||
# secret-seed: "default"
|
# secret-seed: "default"
|
||||||
|
# # For "redis" backend:
|
||||||
|
# # redis server's IP address or host name
|
||||||
|
# redis-server-host: 127.0.0.1
|
||||||
|
# # redis server's TCP port
|
||||||
|
# redis-server-port: 6379
|
||||||
|
# # timeout (in ms) for communication with the redis server
|
||||||
|
# redis-timeout: 100
|
||||||
|
11
unbound.spec
11
unbound.spec
@ -33,7 +33,7 @@
|
|||||||
|
|
||||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||||
Name: unbound
|
Name: unbound
|
||||||
Version: 1.7.1
|
Version: 1.7.2
|
||||||
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Url: https://www.unbound.net/
|
Url: https://www.unbound.net/
|
||||||
@ -55,6 +55,8 @@ Source15: unbound-anchor.timer
|
|||||||
Source16: unbound-munin.README
|
Source16: unbound-munin.README
|
||||||
Source17: unbound-anchor.service
|
Source17: unbound-anchor.service
|
||||||
|
|
||||||
|
Patch1: unbound-1.7.2-stub-fwd-ttl.patch
|
||||||
|
|
||||||
BuildRequires: gcc, make
|
BuildRequires: gcc, make
|
||||||
BuildRequires: flex, openssl-devel
|
BuildRequires: flex, openssl-devel
|
||||||
BuildRequires: libevent-devel expat-devel
|
BuildRequires: libevent-devel expat-devel
|
||||||
@ -158,6 +160,8 @@ Python 3 modules and extensions for unbound
|
|||||||
%setup -qcn %{pkgname}
|
%setup -qcn %{pkgname}
|
||||||
|
|
||||||
pushd %{pkgname}
|
pushd %{pkgname}
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
# only for snapshots
|
# only for snapshots
|
||||||
# autoreconf -iv
|
# autoreconf -iv
|
||||||
|
|
||||||
@ -424,6 +428,11 @@ popd
|
|||||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
|
||||||
|
- Resolves rhbz#1589807 unbound-1.7.2 is available
|
||||||
|
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
|
||||||
|
- Enabled the new root-key-sentinel option
|
||||||
|
|
||||||
* Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
|
* Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
|
||||||
- Update to 1.7.1 (#1574495)
|
- Update to 1.7.1 (#1574495)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user