LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11667 Commits
1 Branch
46 MiB
Tree: 9ae2c2d229
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9ae2c2d229'
${ noResults }
openwrt-packages-dist/net/unbound/patches/100-example-conf-in.patch

81 lines
2.7 KiB
Raw Normal View History

unbound: log openssl-1.0.2 lacks TLS host verification ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do host cert verification. DNS over TLS connects, but hosts are unverified. A patch for log err is added with a noitce in README.md. (see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658) Also, squash some minor robustness and TLS usability fixes. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
unbound: update to 1.7.3 Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
6 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: update to 1.6.4 Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years ago
unbound: update to 1.7.3 Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
6 years ago
Unbound: Incorporate hotplug/iface and root.key in tmpfs -Patch for /etc/unbound/unbound.conf --All work done in /var/lib/unbound/ --chroot or jail to /var/lib/unbound/ -Init script points to /usr/lib/unbound.sh -Makefile to install new scripts in the package Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Incorporate hotplug/iface and root.key in tmpfs -Patch for /etc/unbound/unbound.conf --All work done in /var/lib/unbound/ --chroot or jail to /var/lib/unbound/ -Init script points to /usr/lib/unbound.sh -Makefile to install new scripts in the package Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: Update to 1.6.1 with 2017 trust anchor Unbound 1.6.1 has a few bug fixes for resource leaks, configuration robustness, compile environment interaction, and maintaining the trust anchor. The 2017 trust anchor (DS) is built into unbound and unbound-anchor. File /etc/unbound/root.key holds 2010/2017 DS record until 2018 https://www.icann.org/resources/pages/ksk-rollover https://www.iana.org/domains/root Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Incorporate hotplug/iface and root.key in tmpfs -Patch for /etc/unbound/unbound.conf --All work done in /var/lib/unbound/ --chroot or jail to /var/lib/unbound/ -Init script points to /usr/lib/unbound.sh -Makefile to install new scripts in the package Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Incorporate hotplug/iface and root.key in tmpfs -Patch for /etc/unbound/unbound.conf --All work done in /var/lib/unbound/ --chroot or jail to /var/lib/unbound/ -Init script points to /usr/lib/unbound.sh -Makefile to install new scripts in the package Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Incorporate hotplug/iface and root.key in tmpfs -Patch for /etc/unbound/unbound.conf --All work done in /var/lib/unbound/ --chroot or jail to /var/lib/unbound/ -Init script points to /usr/lib/unbound.sh -Makefile to install new scripts in the package Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
unbound: update to 1.7.3 Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
6 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
 
  1. Index: doc/example.conf.in

  2. ===================================================================

  3. --- a/doc/example.conf.in

  4. +++ b/doc/example.conf.in

  5. @@ -15,6 +15,76 @@ server:

  6.  	# verbosity number, 0 is least verbose. 1 is default.
  7.  	verbosity: 1
  8. 

  9. +	############################################################################

  10. +	# MEMORY CONTROL EXAMPLE

  11. +	# In the example config settings below memory usage is reduced. Some ser-

  12. +	# vice levels are lower, notable very large data and a high TCP load are

  13. +	# no longer supported ... are exceptional for the DNS.

  14. +	# (http://unbound.net/documentation/unbound.conf.html)

  15. +	############################################################################

  16. +

  17. +	# Self jail Unbound with user "unbound" to /var/lib/unbound

  18. +	# The script /etc/init.d/unbound will setup the location

  19. +	username: "unbound"

  20. +	directory: "/var/lib/unbound"

  21. +	chroot: "/var/lib/unbound"

  22. +

  23. +	# The pid file is created before privleges drop so no concern

  24. +	pidfile: "/var/run/unbound.pid"

  25. +

  26. +	# no threads and no memory slabs for threads

  27. +	num-threads: 1

  28. +	msg-cache-slabs: 1

  29. +	rrset-cache-slabs: 1

  30. +	infra-cache-slabs: 1

  31. +	key-cache-slabs: 1

  32. +

  33. +	# don't be picky about interfaces but consider your firewall

  34. +	interface: 0.0.0.0

  35. +	interface: ::0

  36. +	access-control: 0.0.0.0/0 allow

  37. +	access-control: ::0/0 allow

  38. +

  39. +	# this limits TCP service but uses less buffers

  40. +	outgoing-num-tcp: 1

  41. +	incoming-num-tcp: 1

  42. +

  43. +	# use somewhat higher port numbers versus possible NAT issue

  44. +	outgoing-port-permit: "10240-65335"

  45. +

  46. +	# uses less memory but less performance

  47. +	outgoing-range: 60

  48. +	num-queries-per-thread: 30

  49. +

  50. +	# exclude large responses

  51. +	msg-buffer-size: 8192

  52. +

  53. +	# tiny memory cache

  54. +	infra-cache-numhosts: 200

  55. +	msg-cache-size: 100k

  56. +	rrset-cache-size: 100k

  57. +	key-cache-size: 100k

  58. +	neg-cache-size: 10k

  59. +

  60. +	# gentle on recursion

  61. +	target-fetch-policy: "2 1 0 0 0 0"

  62. +	harden-large-queries: yes

  63. +	harden-short-bufsize: yes

  64. +

  65. +	# DNSSEC enable by removing comments on "module-config:" and "auto-trust-

  66. +	# -anchor-file:" The init script will copy root key to /var/lib/unbound.

  67. +	# See package documentation for crontab entry to copy RFC5011 results back.

  68. +	#module-config: "validator iterator"

  69. +	#auto-trust-anchor-file: "/var/lib/unbound/root.key"

  70. +

  71. +	# DNSSEC needs real time to validate signatures. If your device does not

  72. +	# have power off clock (reboot), then you may need this work around.

  73. +	#domain-insecure: "pool.ntp.org"

  74. +

  75. +	############################################################################

  76. +	# Resume Stock example.conf.in

  77. +	############################################################################

  78. +

  79.  	# print statistics to the log (for every thread) every N seconds.
  80.  	# Set to "" or 0 to disable. Default is disabled.
  81.  	# statistics-interval: 0