rpms/unbound
7
0
Fork 0
Code Issues Pull Requests Releases Activity
272 Commits 7 Branches 35 Tags 1.1 MiB
26cbcabb59
Commit Graph

40 Commits

Author SHA1 Message Date
Petr Menšík
3d0bac0df2 Improve config formatting 2018-02-21 11:41:24 +01:00
Paul Wouters
594dd4101a - Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics 2017-10-02 16:52:53 -04:00
Paul Wouters
115c5666a2 * Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1 
- Resolves: rhbz#1483572 unbound-1.6.6 is available
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
 2017-09-22 12:47:01 -04:00
Paul Wouters
bd329fe8e7 - update unbound.conf to 1.6.14 feature set 
Allow ipsecmod to be enabled via libreswan unbound-control command
 2017-06-22 11:17:37 -04:00
Paul Wouters
a57c3b8b64 * Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1 
- Update to 1.6.2 (rhbz#1425649)
- Updated unbound.conf with new options
 2017-04-26 21:46:09 -04:00
Paul Wouters
be41633bf0 * Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1 
- Updated to 1.5.10 (better TCP handling, bugfixes)
- Install pkgconfig file in -devel package
- Updated unbound.conf
 2016-09-27 19:26:26 -04:00
Paul Wouters
a147b9358d - Fix upper port range to 60999 because that's what selinux allows 2016-07-07 19:22:06 +03:00
Paul Wouters
8e51532c90 * Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1 
- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)
 2016-03-02 12:35:36 -05:00
Tomas Hozza
ee4b516864 Merged some lines from the latest upstream configuration version 
Especially the port for remote control is now 8953

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2016-01-21 12:34:47 +01:00
Paul Wouters
ec26998079 * Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1 
- Update to 1.5.7
- Enable query minimalization for enhanced DNS query privacy
- Enable nxdomain hardening to assist with query minimalization and SBLs
- Updated default unbound.conf for new features from upstream.
 2015-12-11 10:06:07 -05:00
Paul Wouters
cd4af25f21 fix commented address range in unbound.conf 
(I am not doing a build for this - it will go out whenever we do a new build)
 2015-09-23 11:24:27 -04:00
Tomas Hozza
c5473f18c9 Revert "Use low maximum negative cache TTL (5 sec) (#1229596)" 
This reverts commit d8ef6e9f01.
 2015-06-16 21:50:42 +02:00
Tomas Hozza
d8ef6e9f01 Use low maximum negative cache TTL (5 sec) (#1229596) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-06-15 19:35:41 +02:00
Tomas Hozza
9727819990 Add new options from upstream example.conf to default unbound.conf (commented out) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-06-15 19:32:20 +02:00
Tomas Hozza
6b19dd7ea5 Removed usage of DLV from the default configuration (#1223363) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-05-26 13:02:06 +02:00
Paul Wouters
24ebb22384 unbound.conf: also add outgoing-port-avoid: 0-32767 to ensure we 
don't hit the SElinux restrictions of ephemeral ports
 2013-09-19 10:25:20 -04:00
Paul Wouters
90b7fa1c7e * Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1 
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patched merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
 2013-09-19 10:21:30 -04:00
Paul Wouters
cfcdefa766 * Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-16 
- Change unbound.conf to only use ephemeral ports (32768-65535)
 2013-08-12 11:55:20 -04:00
Paul Wouters
3f230f2522 * fixup unbound.conf and the service file to use root.key, not root.anchor 2013-05-28 18:06:00 -04:00
Paul Wouters
259a0ee4dc +* Tue May 21 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-9 
- Use /var/lib/unbound/root.anchor (more consistent with other distros)
- Enable round-robin (with noths() patch)
- Enable minimal responses
 2013-05-24 16:42:52 -04:00
Paul Wouters
79e69dc533 * move/rename root key to /var/lib/unbound/root.key 2013-04-08 11:04:39 -04:00
Paul Wouters
90deaa6495 * add unbound-anchor support and more flexible config directories 2012-11-03 17:12:29 -04:00
Paul Wouters
6f8d333aae * Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-4 
- Patch to allow wildcards in include: statements
- Add directories /etc/unbound/keys.d,conf.d,local.d with
  example entries
 2012-09-26 12:38:51 -04:00
Paul Wouters
186df7a017 * update unbound.conf with the new options 2012-05-24 14:01:15 -04:00
Paul Wouters
6920848c7e * Mon Feb 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2 
- Don't ghost the directory (rhbz#788805)
- Patch for unbound to support unbound-control forward_zone
  (needed for openswan in XAUTH mode)
 2012-02-27 21:03:44 -05:00
Paul Wouters
3bde9d279c * Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1 
- Upgraded to 1.4.15
- Updated unbound.conf to show how to configure listening on tls443
 2012-01-27 12:08:41 -05:00
Paul Wouters
9af263621b * Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1 
- Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
- SSL-wrapped query support for dnssec-trigger
- EDNS handling changes
- Removed integrated EDNS patches
- Disabled use-caps-for-id, GoDaddy domains now break on it
- Enabled new harden-below-nxdomain
 2011-12-19 10:29:22 -05:00
Paul Wouters
4c0de488f0 * Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1 
- Updated to 1.4.8
- Enable root key for DNSSEC
- Fix unbound-munin to use proper file (could cause excessive logging)
- Build unbound-python per default
- Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl
 2011-01-25 20:56:16 -05:00
Paul Wouters
67d14129ba Revert "Disable IPv6 per default, as it causes strong ipv4 degradation on machines" 
This reverts commit ba73b71d51.
 2010-10-26 11:18:45 -04:00
Paul Wouters
ba73b71d51 Disable IPv6 per default, as it causes strong ipv4 degradation on machines 
with no or bad IPv6. Added comments in unbound.conf pointing to discussion
and test sites.
 2010-10-26 10:32:35 -04:00
Paul Wouters
243e7f46b8 - Updated to 1.4.2 
- Updated unbound.conf with new options
- Enabled pre-fetching DNSKEY records (DNSSEC speedup)
- Enabled re-fetching popular records before they expire
- Enabled logging of DNSSEC validation errors
 2010-03-09 15:48:42 +00:00
Paul Wouters
4a09e96e47 - Removed dependancy for dnssec-conf 
- Added ISC DLV key (formerly in dnssec-conf)
- Fixup old DLV locations in unbound.conf file via %post
 2010-02-23 20:32:08 +00:00
Paul Wouters
24585b987f merge spec file 2009-01-14 14:57:11 +00:00
Paul Wouters
09de94e566 bump version, fix .cvsignore. Fix cvs anomalies. 2008-12-02 02:13:31 +00:00
Paul Wouters
cc034d96e7 Remove XXX marker 2008-11-19 23:39:05 +00:00
Paul Wouters
12d3cd563e - Remove the chroot, obsoleted by SElinux 
- Add additional munin plugin links supported by unbound plugin
- Move configuration directory from /var/lib/unbound to /etc/unbound
- Modified unbound.init and unbound.conf to account for chroot changes
- Updated unbound.conf with new available options
- Enabled dns-0x20 protection per default
 2008-11-19 23:11:51 +00:00
Adam Tkac
39b47dbaf1 - unbound-1.1.0-log_open.patch 
- make sure log is opened before chroot call
- tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219
- removed /dev/log and /var/run/unbound and /etc/resolv.conf from chroot,
    not needed
- don't mount files in chroot, it causes problems during updates
- fixed typo in default config file
- removed old 1.0.2 version from sources
 2008-11-19 15:39:16 +00:00
Paul Wouters
2f4a25bc7c new remote control options. Key/certs enerated on first startup 2008-11-15 06:37:26 +00:00
Paul Wouters
c41f9f1f37 Fix statistics settings in unbound.conf files for unbound-munin 2008-11-15 05:46:07 +00:00
Paul Wouters
05f86a0fef initial srpm import of unbound 2008-10-31 22:29:15 +00:00