From af73a9b9a476087e16b591a8ba5d42ca57b1543d Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Sat, 13 Jun 2020 15:06:20 -0400 Subject: [PATCH] unbound: make option interface_auto default on Unbound has a quirk and may reply on a different device address. When Unbound answers with from-address different than it received queries on, it may cause trouble for select VPN and firewall configurations. Ensure Unbound replies with the same address by changing this default. Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 2 +- net/unbound/files/README.md | 2 +- net/unbound/files/unbound.sh | 4 ++-- net/unbound/files/unbound.uci | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 0afb0e1c8..fff82d1d1 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.10.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md index 52378d5c5..ec06de5a0 100644 --- a/net/unbound/files/README.md +++ b/net/unbound/files/README.md @@ -261,7 +261,7 @@ config unbound Boolean. If enabled version.server, version.bind, id.server, and hostname.bind queries are refused. - option interface_auto '0' + option interface_auto '1' Boolean. If enabled DNS replies will have the same source address as the request was sent to. diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index 5cc959b7f..a57d81d4e 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -36,7 +36,7 @@ UB_B_NTP_BOOT=1 UB_B_QUERY_MIN=0 UB_B_QRY_MINST=0 UB_B_AUTH_ROOT=0 -UB_B_IF_AUTO=0 +UB_B_IF_AUTO=1 UB_D_CONTROL=0 UB_D_DOMAIN_TYPE=static @@ -1214,7 +1214,7 @@ unbound_uci() { config_get_bool UB_B_LOCL_BLCK "$cfg" rebind_localhost 0 config_get_bool UB_B_DNSSEC "$cfg" validator 0 config_get_bool UB_B_NTP_BOOT "$cfg" validator_ntp 1 - config_get_bool UB_B_IF_AUTO "$cfg" interface_auto 0 + config_get_bool UB_B_IF_AUTO "$cfg" interface_auto 1 config_get UB_IP_DNS64 "$cfg" dns64_prefix "64:ff9b::/96" diff --git a/net/unbound/files/unbound.uci b/net/unbound/files/unbound.uci index b75381f96..12809b95d 100644 --- a/net/unbound/files/unbound.uci +++ b/net/unbound/files/unbound.uci @@ -11,6 +11,7 @@ config unbound option edns_size '1280' option extended_stats '0' option hide_binddata '1' + option interface_auto '1' option listen_port '53' option localservice '1' option manual_conf '0' @@ -28,7 +29,6 @@ config unbound option validator '0' option validator_ntp '1' option verbosity '1' - option interface_auto '0' list trigger_interface 'lan' list trigger_interface 'wan' #list domain_insecure 'ntp.example.com'