cc9a5c9d7b
Place distribution defaults into file provided in /usr/share/unbound. Include that file from default configuration before conf.d/*.conf is included, to ensure similar order is kept. Rely on remote-control to be configured by conf.d/remote-control.conf only. Moved parts from orinal unbound.conf to single file together. Resolves: RHEL-77780
27 lines
953 B
Plaintext
27 lines
953 B
Plaintext
# Remote control config section update.
|
|
# Previous defaults allowed any process to change settings, CVE-2023-1488
|
|
# This file can be used also by: unbound-control -c <path>
|
|
remote-control:
|
|
# Enable remote control with unbound-control(8) here.
|
|
# set up the keys and certificates with unbound-control-setup.
|
|
control-enable: yes
|
|
|
|
# set to an absolute path to use a unix local name pipe, certificates
|
|
# are not used for that, so key and cert files need not be present.
|
|
control-interface: "/run/unbound/control"
|
|
|
|
# For local sockets this option is ignored, and TLS is not used.
|
|
control-use-cert: "yes"
|
|
|
|
# Unbound server key file.
|
|
server-key-file: "/etc/unbound/unbound_server.key"
|
|
|
|
# Unbound server certificate file.
|
|
server-cert-file: "/etc/unbound/unbound_server.pem"
|
|
|
|
# unbound-control key file.
|
|
control-key-file: "/etc/unbound/unbound_control.key"
|
|
|
|
# unbound-control certificate file.
|
|
control-cert-file: "/etc/unbound/unbound_control.pem"
|