LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Merge pull request #3665 from EricLuehrsen/unbound_1_6_0 

unbound: update to 1.6.0
lilik-openwrt-22.03
Hannu Nyman 8 years ago
committed by GitHub
parent
84b163ac77 82c2368177
commit
e265556e51
6 changed files with 96 additions and 16 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -3
      net/unbound/Makefile
  2. +20
    -4
      net/unbound/files/README.md
  3. +1
    -1
      net/unbound/files/unbound.ntpd
  4. +66
    -5
      net/unbound/files/unbound.sh
  5. +4
    -1
      net/unbound/files/unbound.uci
  6. +2
    -2
      net/unbound/patches/001-conf.patch

+ 3
- 3
net/unbound/Makefile View File

@ -8,8 +8,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
PKG_VERSION:=1.5.10
PKG_RELEASE:=6
PKG_VERSION:=1.6.0
PKG_RELEASE:=2
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@hotmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unbound.net/downloads
PKG_MD5SUM:=0a3a236811f1ab5c1dc31974fa74e047
PKG_MD5SUM:=78409eccf7260d260b6463f85e59c66b
PKG_BUILD_DEPENDS:=libexpat
PKG_BUILD_PARALLEL:=1


+ 20
- 4
net/unbound/files/README.md View File

@ -79,8 +79,12 @@ Finally, `root.key` maintenance for DNSKEY RFC5011 would be hard on flash. Unbou
"drill -x 192.168.10.201 ~ NODATA" (insted of james-laptop.lan)
option edns_size '1280'
Extended DNS is necessary for DNSSEC. However, it can run into MTU
issues. Use this size in bytes to manage drop outs.
Bytes. Extended DNS is necessary for DNSSEC. However, it can run
into MTU issues. Use this size in bytes to manage drop outs.
option hide_binddata '1'
Boolean. If enabled version.server, version.bind, id.server, and
hostname.bind queries are refused.
option listen_port '53'
Port. Incoming. Where Unbound will listen for queries.
@ -93,9 +97,21 @@ Finally, `root.key` maintenance for DNSKEY RFC5011 would be hard on flash. Unbou
Boolean. Skip all this UCI nonsense. Manually edit the
configuration. Make changes to /etc/unbound/unbound.conf.
option protocol 'mixed'
Unbound can limit its protocol: "ip4_only" for ISP behind the time,
"ip6_only" for testing, "ip6_prefer" for ISP with good IP6 support,
or default-all "mixed." This affects the protocol used to
communicate. The DNS responses always include hosts respective IP4
and IP6 data.
option query_minimize '0'
Boolean. Enable a minor privacy option. Query only one name piece
at a time. Don't let each server know the next recursion.
Boolean. Enable a minor privacy option. Don't let each server know
the next recursion. Query one piece at a time.
option query_min_strict '0'
Boolean. Query minimize is best effort and will fall back to normal
when it must. This option prevents the fall back, but less than
standard name servers will fail to resolve their domains.
option rebind_localhost '0'
Boolean. Prevent loopback "127.0.0.0/8" or "::1/128" responses.


+ 1
- 1
net/unbound/files/unbound.ntpd View File

@ -18,7 +18,7 @@
##############################################################################
if [ "$ACTION" = stratum -a ! -f "$UNBOUND_TIMEFILE" ] \
&& /etc/init.d/dnsmasq enabled ; then
&& /etc/init.d/unbound enabled ; then
#
echo "ntpd: $( date )" > $UNBOUND_TIMEFILE
/etc/init.d/unbound restart


+ 66
- 5
net/unbound/files/unbound.sh View File

@ -25,6 +25,7 @@ UNBOUND_B_DNSMASQ=0
UNBOUND_B_DNSSEC=0
UNBOUND_B_DNS64=0
UNBOUND_B_GATE_NAME=0
UNBOUND_B_HIDE_BIND=1
UNBOUND_B_LOCL_BLCK=0
UNBOUND_B_LOCL_NAME=0
UNBOUND_B_LOCL_SERV=1
@ -32,11 +33,13 @@ UNBOUND_B_MAN_CONF=0
UNBOUND_B_NTP_BOOT=1
UNBOUND_B_PRIV_BLCK=1
UNBOUND_B_QUERY_MIN=0
UNBOUND_B_QRY_MINST=0
UNBOUND_IP_DNS64="64:ff9b::/96"
UNBOUND_D_RESOURCE=small
UNBOUND_D_RECURSION=passive
UNBOUND_D_PROTOCOL=mixed
UNBOUND_TXT_FWD_ZONE=""
UNBOUND_TTL_MIN=120
@ -207,6 +210,38 @@ unbound_conf() {
} >> $UNBOUND_CONFFILE
case "$UNBOUND_D_PROTOCOL" in
ip4_only)
{
echo " do-ip4: yes"
echo " do-ip6: no"
} >> $UNBOUND_CONFFILE
;;
ip6_only)
{
echo " do-ip4: no"
echo " do-ip6: yes"
} >> $UNBOUND_CONFFILE
;;
ip6_prefer)
{
echo " do-ip4: yes"
echo " do-ip6: yes"
echo " prefer-ip6: yes"
} >> $UNBOUND_CONFFILE
;;
*)
{
echo " do-ip4: yes"
echo " do-ip6: yes"
} >> $UNBOUND_CONFFILE
;;
esac
{
# protocol level tuning
echo " edns-buffer-size: $UNBOUND_N_EDNS_SIZE"
@ -324,7 +359,14 @@ unbound_conf() {
} >> $UNBOUND_CONFFILE
if [ "$UNBOUND_B_QUERY_MIN" -gt 0 ] ; then
if [ "$UNBOUND_B_QRY_MINST" -gt 0 -a "$UNBOUND_B_QUERY_MIN" -gt 0 ] ; then
{
# Some query privacy but "strict" will break some name servers
echo " qname-minimisation: yes"
echo " qname-minimisation-strict: yes"
} >> $UNBOUND_CONFFILE
elif [ "$UNBOUND_B_QUERY_MIN" -gt 0 ] ; then
# Minor improvement on query privacy
echo " qname-minimisation: yes" >> $UNBOUND_CONFFILE
@ -370,10 +412,23 @@ unbound_conf() {
} >> $UNBOUND_CONFFILE
if [ "$UNBOUND_B_HIDE_BIND" -gt 0 ] ; then
{
# Block server id and version DNS TXT records
echo " hide-identity: yes"
echo " hide-version: yes"
echo
} >> $UNBOUND_CONFFILE
fi
if [ "$UNBOUND_B_PRIV_BLCK" -gt 0 ] ; then
{
# Remove DNS reponses from upstream with private IP
# Remove _upstream_ or global reponses with private addresses.
# Unbounds own "local zone" and "forward zone" may still use these.
# RFC1918, RFC3927, RFC4291, RFC6598, RFC6890
echo " private-address: 10.0.0.0/8"
echo " private-address: 100.64.0.0/10"
echo " private-address: 169.254.0.0/16"
echo " private-address: 172.16.0.0/12"
echo " private-address: 192.168.0.0/16"
@ -439,14 +494,16 @@ unbound_uci() {
####################
# UCI @ unbound #
####################
config_get_bool UNBOUND_B_DNS64 "$cfg" dns64 0
config_get_bool UNBOUND_B_GATE_NAME "$cfg" dnsmsaq_gate_name 0
config_get_bool UNBOUND_B_GATE_NAME "$cfg" dnsmasq_gate_name 0
config_get_bool UNBOUND_B_DNSMASQ "$cfg" dnsmasq_link_dns 0
config_get_bool UNBOUND_B_HIDE_BIND "$cfg" hide_binddata 1
config_get_bool UNBOUND_B_LOCL_NAME "$cfg" dnsmasq_only_local 0
config_get_bool UNBOUND_B_LOCL_SERV "$cfg" localservice 1
config_get_bool UNBOUND_B_MAN_CONF "$cfg" manual_conf 0
config_get_bool UNBOUND_B_QUERY_MIN "$cfg" query_minimize 0
config_get_bool UNBOUND_B_QRY_MINST "$cfg" query_min_strict 0
config_get_bool UNBOUND_B_PRIV_BLCK "$cfg" rebind_protection 1
config_get_bool UNBOUND_B_LOCL_BLCK "$cfg" rebind_localhost 0
config_get_bool UNBOUND_B_CONTROL "$cfg" unbound_control 0
@ -454,11 +511,15 @@ unbound_uci() {
config_get_bool UNBOUND_B_NTP_BOOT "$cfg" validator_ntp 1
config_get UNBOUND_IP_DNS64 "$cfg" dns64_prefix "64:ff9b::/96"
config_get UNBOUND_N_EDNS_SIZE "$cfg" edns_size 1280
config_get UNBOUND_N_RX_PORT "$cfg" listen_port 53
config_get UNBOUND_N_ROOT_AGE "$cfg" root_age 7
config_get UNBOUND_D_PROTOCOL "$cfg" protocol mixed
config_get UNBOUND_D_RECURSION "$cfg" recursion passive
config_get UNBOUND_D_RESOURCE "$cfg" resource small
config_get UNBOUND_N_ROOT_AGE "$cfg" root_age 7
config_get UNBOUND_TTL_MIN "$cfg" ttl_min 120


+ 4
- 1
net/unbound/files/unbound.uci View File

@ -1,14 +1,17 @@
config unbound
option dns64 '0'
option dns64_prefix '64:ff9b::/96'
option dnsmsaq_gate_name '0'
option dnsmasq_gate_name '0'
option dnsmasq_link_dns '0'
option dnsmasq_only_local '0'
option edns_size '1280'
option hide_binddata '1'
option listen_port '53'
option localservice '1'
option manual_conf '0'
option protocol 'mixed'
option query_minimize '0'
option query_min_strict '0'
option rebind_localhost '0'
option rebind_protection '1'
option recursion 'passive'


+ 2
- 2
net/unbound/patches/001-conf.patch View File

@ -1,12 +1,12 @@
diff --git a/doc/example.conf.in b/doc/example.conf.in
index c520c88..98a148a 100644
index 55bbc32..14452fa 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -1,20 +1,82 @@
-#
-# Example configuration file.
-#
-# See unbound.conf(5) man page, version 1.5.10.
-# See unbound.conf(5) man page, version 1.6.0.
-#
-# this is a comment.
+##############################################################################


Write Preview
Loading…
Cancel
Save