Commit Graph

28 Commits

Author SHA1 Message Date
Tomas Hozza
d8ef6e9f01 Use low maximum negative cache TTL (5 sec) (#1229596)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-15 19:35:41 +02:00
Tomas Hozza
9727819990 Add new options from upstream example.conf to default unbound.conf (commented out)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-15 19:32:20 +02:00
Tomas Hozza
6b19dd7ea5 Removed usage of DLV from the default configuration (#1223363)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-26 13:02:06 +02:00
Paul Wouters
24ebb22384 unbound.conf: also add outgoing-port-avoid: 0-32767 to ensure we
don't hit the SElinux restrictions of ephemeral ports
2013-09-19 10:25:20 -04:00
Paul Wouters
90b7fa1c7e * Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patched merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
2013-09-19 10:21:30 -04:00
Paul Wouters
cfcdefa766 * Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-16
- Change unbound.conf to only use ephemeral ports (32768-65535)
2013-08-12 11:55:20 -04:00
Paul Wouters
3f230f2522 * fixup unbound.conf and the service file to use root.key, not root.anchor 2013-05-28 18:06:00 -04:00
Paul Wouters
259a0ee4dc +* Tue May 21 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-9
- Use /var/lib/unbound/root.anchor (more consistent with other distros)
- Enable round-robin (with noths() patch)
- Enable minimal responses
2013-05-24 16:42:52 -04:00
Paul Wouters
79e69dc533 * move/rename root key to /var/lib/unbound/root.key 2013-04-08 11:04:39 -04:00
Paul Wouters
90deaa6495 * add unbound-anchor support and more flexible config directories 2012-11-03 17:12:29 -04:00
Paul Wouters
6f8d333aae * Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-4
- Patch to allow wildcards in include: statements
- Add directories /etc/unbound/keys.d,conf.d,local.d with
  example entries
2012-09-26 12:38:51 -04:00
Paul Wouters
186df7a017 * update unbound.conf with the new options 2012-05-24 14:01:15 -04:00
Paul Wouters
6920848c7e * Mon Feb 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2
- Don't ghost the directory (rhbz#788805)
- Patch for unbound to support unbound-control forward_zone
  (needed for openswan in XAUTH mode)
2012-02-27 21:03:44 -05:00
Paul Wouters
3bde9d279c * Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1
- Upgraded to 1.4.15
- Updated unbound.conf to show how to configure listening on tls443
2012-01-27 12:08:41 -05:00
Paul Wouters
9af263621b * Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1
- Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
- SSL-wrapped query support for dnssec-trigger
- EDNS handling changes
- Removed integrated EDNS patches
- Disabled use-caps-for-id, GoDaddy domains now break on it
- Enabled new harden-below-nxdomain
2011-12-19 10:29:22 -05:00
Paul Wouters
4c0de488f0 * Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1
- Updated to 1.4.8
- Enable root key for DNSSEC
- Fix unbound-munin to use proper file (could cause excessive logging)
- Build unbound-python per default
- Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl
2011-01-25 20:56:16 -05:00
Paul Wouters
67d14129ba Revert "Disable IPv6 per default, as it causes strong ipv4 degradation on machines"
This reverts commit ba73b71d51.
2010-10-26 11:18:45 -04:00
Paul Wouters
ba73b71d51 Disable IPv6 per default, as it causes strong ipv4 degradation on machines
with no or bad IPv6. Added comments in unbound.conf pointing to discussion
and test sites.
2010-10-26 10:32:35 -04:00
Paul Wouters
243e7f46b8 - Updated to 1.4.2
- Updated unbound.conf with new options
- Enabled pre-fetching DNSKEY records (DNSSEC speedup)
- Enabled re-fetching popular records before they expire
- Enabled logging of DNSSEC validation errors
2010-03-09 15:48:42 +00:00
Paul Wouters
4a09e96e47 - Removed dependancy for dnssec-conf
- Added ISC DLV key (formerly in dnssec-conf)
- Fixup old DLV locations in unbound.conf file via %post
2010-02-23 20:32:08 +00:00
Paul Wouters
24585b987f merge spec file 2009-01-14 14:57:11 +00:00
Paul Wouters
09de94e566 bump version, fix .cvsignore. Fix cvs anomalies. 2008-12-02 02:13:31 +00:00
Paul Wouters
cc034d96e7 Remove XXX marker 2008-11-19 23:39:05 +00:00
Paul Wouters
12d3cd563e - Remove the chroot, obsoleted by SElinux
- Add additional munin plugin links supported by unbound plugin
- Move configuration directory from /var/lib/unbound to /etc/unbound
- Modified unbound.init and unbound.conf to account for chroot changes
- Updated unbound.conf with new available options
- Enabled dns-0x20 protection per default
2008-11-19 23:11:51 +00:00
Adam Tkac
39b47dbaf1 - unbound-1.1.0-log_open.patch
- make sure log is opened before chroot call
- tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219
- removed /dev/log and /var/run/unbound and /etc/resolv.conf from chroot,
    not needed
- don't mount files in chroot, it causes problems during updates
- fixed typo in default config file
- removed old 1.0.2 version from sources
2008-11-19 15:39:16 +00:00
Paul Wouters
2f4a25bc7c new remote control options. Key/certs enerated on first startup 2008-11-15 06:37:26 +00:00
Paul Wouters
c41f9f1f37 Fix statistics settings in unbound.conf files for unbound-munin 2008-11-15 05:46:07 +00:00
Paul Wouters
05f86a0fef initial srpm import of unbound 2008-10-31 22:29:15 +00:00