openwrt-packages-dist

46 MiB

Author	SHA1	Message	Date
Eric Luehrsen	a4f23e52bf	unbound: improve maintenance of trust anchor Unbound UCI tries to protect embedded flash from excess use. Unbound RFC5011 KSK tracking can rewrite root.key every few minutes to an hour. It also writes and destroys files in the same directory during the process. Recommended UCI delays for copying busy work in /var/ back to /etc/ may be too conservative. These are all changed from 28 to 9 days. The RFC5011 KSK results were also destroyed by an init.d restart, even if /var/ is mounted on persistent storage like USB drive. /var/lib/unbound/root.key is now preserved during this process, unless a newer key is installed in /etc/ manually or package update. Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>	8 years ago
Eric Luehrsen	de1198d54d	unbound: expand UCI to cover some popular dnsmasq features Unbound+DHCP (server of your choice) should be able to replicate a lot of what dnsmasq provides. With this change set Unbound still works with dnsmasq, but also it can work with a plain DHCP server. Features have been added within the UCI itself to act like dnsmasq. - alone: name each interface relative to router hostname - alone: prevent upstream leakage of your domain and '.local' - dnsmasq: use dnsmasq UCI to configure forwarding clauses - dhcp: work with odhcpd as example of companion DHCP-DNS - dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records - all: enable encrypted remote unbound-control using splice conf - all: allow user spliced conf-files for hybrid UCI and manual conf -- 'unbound_srv.conf' will be spliced into the 'server:' clause -- 'unbound_ext.conf' will add clauses to the end, example 'forward:' README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and unbound-with-odhcpd have better/added UCI starters. HOW TO for including unbound_srv.conf and unbound_ext.conf are added. Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6, dhcp_link, domain, and domain_type Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>	8 years ago
Eric Luehrsen	82c2368177	unbound: UCI updates to take advantage of 1.6.0 - UCI to take advantage of "qname-minimisation-strict:" - UCI to block chaos reponses bind, server, and version - UCI to limit or prefer recrusion over IP4 or IP6 Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>	8 years ago
Eric Luehrsen	c0a630001b	unbound: bugfix for UCI script typos - UCI option dnsmasq_gate_name typo in few locations - NTP hotplug to check /etc/init.d/unbound not ..dnsmasq Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>	8 years ago
Eric Luehrsen	c189596a4a	Unbound: added UCI support for DNS64 Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com> Signed-off-by: Dan Luedte <mail@danrl.com>	8 years ago
Eric Luehrsen	2202548ff0	Unbound: Add UCI primer files -README.md to describe the UCI in detail -unbound.uci to get you started Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>	8 years ago

6 Commits (658ffbb3fd9488ccaea3042e4e64f16b6be318ad)