Petr Menšík
3d0bac0df2
Improve config formatting
2018-02-21 11:41:24 +01:00
Paul Wouters
594dd4101a
- Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics
2017-10-02 16:52:53 -04:00
Paul Wouters
115c5666a2
* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
...
- Resolves: rhbz#1483572 unbound-1.6.6 is available
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
2017-09-22 12:47:01 -04:00
Paul Wouters
bd329fe8e7
- update unbound.conf to 1.6.14 feature set
...
Allow ipsecmod to be enabled via libreswan unbound-control command
2017-06-22 11:17:37 -04:00
Paul Wouters
a57c3b8b64
* Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1
...
- Update to 1.6.2 (rhbz#1425649)
- Updated unbound.conf with new options
2017-04-26 21:46:09 -04:00
Paul Wouters
be41633bf0
* Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1
...
- Updated to 1.5.10 (better TCP handling, bugfixes)
- Install pkgconfig file in -devel package
- Updated unbound.conf
2016-09-27 19:26:26 -04:00
Paul Wouters
a147b9358d
- Fix upper port range to 60999 because that's what selinux allows
2016-07-07 19:22:06 +03:00
Paul Wouters
8e51532c90
* Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1
...
- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)
2016-03-02 12:35:36 -05:00
Tomas Hozza
ee4b516864
Merged some lines from the latest upstream configuration version
...
Especially the port for remote control is now 8953
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-21 12:34:47 +01:00
Paul Wouters
ec26998079
* Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1
...
- Update to 1.5.7
- Enable query minimalization for enhanced DNS query privacy
- Enable nxdomain hardening to assist with query minimalization and SBLs
- Updated default unbound.conf for new features from upstream.
2015-12-11 10:06:07 -05:00
Paul Wouters
cd4af25f21
fix commented address range in unbound.conf
...
(I am not doing a build for this - it will go out whenever we do a new build)
2015-09-23 11:24:27 -04:00
Tomas Hozza
c5473f18c9
Revert "Use low maximum negative cache TTL (5 sec) ( #1229596 )"
...
This reverts commit d8ef6e9f01
.
2015-06-16 21:50:42 +02:00
Tomas Hozza
d8ef6e9f01
Use low maximum negative cache TTL (5 sec) ( #1229596 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-15 19:35:41 +02:00
Tomas Hozza
9727819990
Add new options from upstream example.conf to default unbound.conf (commented out)
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-15 19:32:20 +02:00
Tomas Hozza
6b19dd7ea5
Removed usage of DLV from the default configuration ( #1223363 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-26 13:02:06 +02:00
Paul Wouters
24ebb22384
unbound.conf: also add outgoing-port-avoid: 0-32767 to ensure we
...
don't hit the SElinux restrictions of ephemeral ports
2013-09-19 10:25:20 -04:00
Paul Wouters
90b7fa1c7e
* Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1
...
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patched merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
2013-09-19 10:21:30 -04:00
Paul Wouters
cfcdefa766
* Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-16
...
- Change unbound.conf to only use ephemeral ports (32768-65535)
2013-08-12 11:55:20 -04:00
Paul Wouters
3f230f2522
* fixup unbound.conf and the service file to use root.key, not root.anchor
2013-05-28 18:06:00 -04:00
Paul Wouters
259a0ee4dc
+* Tue May 21 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-9
...
- Use /var/lib/unbound/root.anchor (more consistent with other distros)
- Enable round-robin (with noths() patch)
- Enable minimal responses
2013-05-24 16:42:52 -04:00
Paul Wouters
79e69dc533
* move/rename root key to /var/lib/unbound/root.key
2013-04-08 11:04:39 -04:00
Paul Wouters
90deaa6495
* add unbound-anchor support and more flexible config directories
2012-11-03 17:12:29 -04:00
Paul Wouters
6f8d333aae
* Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-4
...
- Patch to allow wildcards in include: statements
- Add directories /etc/unbound/keys.d,conf.d,local.d with
example entries
2012-09-26 12:38:51 -04:00
Paul Wouters
186df7a017
* update unbound.conf with the new options
2012-05-24 14:01:15 -04:00
Paul Wouters
6920848c7e
* Mon Feb 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2
...
- Don't ghost the directory (rhbz#788805)
- Patch for unbound to support unbound-control forward_zone
(needed for openswan in XAUTH mode)
2012-02-27 21:03:44 -05:00
Paul Wouters
3bde9d279c
* Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1
...
- Upgraded to 1.4.15
- Updated unbound.conf to show how to configure listening on tls443
2012-01-27 12:08:41 -05:00
Paul Wouters
9af263621b
* Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1
...
- Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
- SSL-wrapped query support for dnssec-trigger
- EDNS handling changes
- Removed integrated EDNS patches
- Disabled use-caps-for-id, GoDaddy domains now break on it
- Enabled new harden-below-nxdomain
2011-12-19 10:29:22 -05:00
Paul Wouters
4c0de488f0
* Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1
...
- Updated to 1.4.8
- Enable root key for DNSSEC
- Fix unbound-munin to use proper file (could cause excessive logging)
- Build unbound-python per default
- Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl
2011-01-25 20:56:16 -05:00
Paul Wouters
67d14129ba
Revert "Disable IPv6 per default, as it causes strong ipv4 degradation on machines"
...
This reverts commit ba73b71d51
.
2010-10-26 11:18:45 -04:00
Paul Wouters
ba73b71d51
Disable IPv6 per default, as it causes strong ipv4 degradation on machines
...
with no or bad IPv6. Added comments in unbound.conf pointing to discussion
and test sites.
2010-10-26 10:32:35 -04:00
Paul Wouters
243e7f46b8
- Updated to 1.4.2
...
- Updated unbound.conf with new options
- Enabled pre-fetching DNSKEY records (DNSSEC speedup)
- Enabled re-fetching popular records before they expire
- Enabled logging of DNSSEC validation errors
2010-03-09 15:48:42 +00:00
Paul Wouters
4a09e96e47
- Removed dependancy for dnssec-conf
...
- Added ISC DLV key (formerly in dnssec-conf)
- Fixup old DLV locations in unbound.conf file via %post
2010-02-23 20:32:08 +00:00
Paul Wouters
24585b987f
merge spec file
2009-01-14 14:57:11 +00:00
Paul Wouters
09de94e566
bump version, fix .cvsignore. Fix cvs anomalies.
2008-12-02 02:13:31 +00:00
Paul Wouters
cc034d96e7
Remove XXX marker
2008-11-19 23:39:05 +00:00
Paul Wouters
12d3cd563e
- Remove the chroot, obsoleted by SElinux
...
- Add additional munin plugin links supported by unbound plugin
- Move configuration directory from /var/lib/unbound to /etc/unbound
- Modified unbound.init and unbound.conf to account for chroot changes
- Updated unbound.conf with new available options
- Enabled dns-0x20 protection per default
2008-11-19 23:11:51 +00:00
Adam Tkac
39b47dbaf1
- unbound-1.1.0-log_open.patch
...
- make sure log is opened before chroot call
- tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219
- removed /dev/log and /var/run/unbound and /etc/resolv.conf from chroot,
not needed
- don't mount files in chroot, it causes problems during updates
- fixed typo in default config file
- removed old 1.0.2 version from sources
2008-11-19 15:39:16 +00:00
Paul Wouters
2f4a25bc7c
new remote control options. Key/certs enerated on first startup
2008-11-15 06:37:26 +00:00
Paul Wouters
c41f9f1f37
Fix statistics settings in unbound.conf files for unbound-munin
2008-11-15 05:46:07 +00:00
Paul Wouters
05f86a0fef
initial srpm import of unbound
2008-10-31 22:29:15 +00:00