LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6292 Commits
1 Branch
46 MiB
Tree: dc88e921cc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dc88e921cc'
${ noResults }
openwrt-packages-dist/net/unbound/patches/001-conf.patch

94 lines
3.0 KiB
Raw Normal View History

Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
10 years ago
Unbound: Group patch work for example.conf.in -Remove interlaced configuration changes --Less sensitive to upstream example.conf changes --Easier to read patch-of-patch work for maintenance -Use MEMORY CONTROL EXAMPLE from http://unbound.net/ --Review and rework with respect to previous pacakge --Effectively the same configuration as previous package -Disable DNSSEC by default due to real-time chicken-n-egg --Many OpenWrt target devices have no power-off clock (reboot) --User choice of work around should be conscious --Initial install should not fail reboot with DNSSEC default -Add some defaults explicitly to prevent surprises Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
 
  1. diff --git a/doc/example.conf.in b/doc/example.conf.in

  2. index c520c88..af92a87 100644

  3. --- a/doc/example.conf.in

  4. +++ b/doc/example.conf.in

  5. @@ -1,20 +1,81 @@

  6. -#

  7. -# Example configuration file.

  8. -#

  9. -# See unbound.conf(5) man page, version 1.5.10.

  10. -#

  11. -# this is a comment.

  12. +##############################################################################

  13. +# MEMORY CONTROL EXAMPLE

  14. +# In the example config settings below memory usage is reduced. Some ser-

  15. +# vice levels are lower, notable very large data and a high TCP load are

  16. +# no longer supported ... are exceptional for the DNS.

  17. +# (http://unbound.net/documentation/unbound.conf.html)

  18. +##############################################################################

  19.  
  20.  #Use this to include other text into the file.
  21.  #include: "otherfile.conf"
  22.  
  23.  # The server clause sets the main parameters.
  24.  server:
  25. -	# whitespace is not necessary, but looks cleaner.

  26.  
  27. -	# verbosity number, 0 is least verbose. 1 is default.

  28. +	# verbosity 1 is default

  29.  	verbosity: 1
  30.  
  31. +	# prevent any upstream core surprises (OpenWrt assumptions)

  32. +	username: "unbound"

  33. +	pidfile: "/var/run/unbound.pid"

  34. +	directory: "/etc/unbound"

  35. +	chroot: ""

  36. +

  37. +	# no threads and no memory slabs for threads

  38. +	num-threads: 1

  39. +	msg-cache-slabs: 1

  40. +	rrset-cache-slabs: 1

  41. +	infra-cache-slabs: 1

  42. +	key-cache-slabs: 1

  43. +

  44. +	# don't be picky about interfaces but consider your firewall

  45. +	interface: 0.0.0.0

  46. +	interface: ::0

  47. +	access-control: 0.0.0.0/0 allow

  48. +	access-control: ::0/0 allow

  49. +

  50. +	# this limits TCP service but uses less buffers

  51. +	outgoing-num-tcp: 1 

  52. +	incoming-num-tcp: 1

  53. +

  54. +	# use somewhat higher port numbers versus possible NAT issue

  55. +	outgoing-port-permit: "10240-65335"

  56. +

  57. +	# uses less memory, but less performance

  58. +	outgoing-range: 60

  59. +	num-queries-per-thread: 30

  60. +

  61. +	# exclude large responses

  62. +	msg-buffer-size: 8192

  63. +

  64. +	# tiny memory cache

  65. +	infra-cache-numhosts: 200

  66. +	msg-cache-size: 100k

  67. +	rrset-cache-size: 100k

  68. +	key-cache-size: 100k

  69. +	neg-cache-size: 10k

  70. +

  71. +	# gentle on recursion

  72. +	target-fetch-policy: "2 1 0 0 0 0"

  73. +	harden-large-queries: yes

  74. +	harden-short-bufsize: yes

  75. +

  76. +	# Enable a trust anchor and modules "validator iterator." However, Unbound

  77. +	# RFC5011 "auto-trust-anchor-" activity can be busy and harmful to flash ROM.

  78. +	# "/etc/unbound" (directory & files) needs chown for write access. Else, use 

  79. +	# plain "trust-anchor-" to treat the key file as static.

  80. +	#module-config: "validator iterator"

  81. +	#auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"

  82. +	#trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"

  83. +

  84. +	# DNSSEC needs real time to validate signatures. If your device does not

  85. +	# have power off clock (reboot), then you may need this work around.

  86. +	#domain-insecure: "pool.ntp.org"

  87. +

  88. +##############################################################################

  89. +# Resume Stock example.conf.in

  90. +##############################################################################

  91. +

  92.  	# print statistics to the log (for every thread) every N seconds.
  93.  	# Set to "" or 0 to disable. Default is disabled.
  94.  	# statistics-interval: 0