cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

unbound: clean up interface interpretation in UCI

Browse Source 
DNS flag day 2020, software should reflect the minimum EDNS 1232 bytes.
Added iface_wan and iface_lan to control internal DNS assignemnts and
to control what is local service ACL. Interface wild cards are not
explicitly set so that they can be customized in extended conf.

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
This commit is contained in:
Eric Luehrsen
2020-10-26 23:09:18 -04:00
parent 2680dc239a
commit 658c27ea97
10 changed files with 193 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/unbound/files/unbound.uci
+31 -6
View File
@@ -1,4 +1,4 @@
config unbound
config unbound 'ub_main'
option add_extra_dns '0'
option add_local_fqdn '1'
option add_wan_fqdn '0'
@@ -8,7 +8,7 @@ config unbound
option dns64_prefix '64:ff9b::/96'
option domain 'lan'
option domain_type 'static'
option edns_size '1280'
option edns_size '1232'
option extended_stats '0'
option hide_binddata '1'
option interface_auto '1'
@@ -30,11 +30,12 @@ config unbound
option validator '0'
option validator_ntp '1'
option verbosity '1'
list trigger_interface 'lan'
list trigger_interface 'wan'
list iface_trig 'lan'
list iface_trig 'wan'
list iface_wan 'wan'
#list domain_insecure 'ntp.example.com'
config zone
config zone 'auth_icann'
# cache the root zone all at once to speed up recursion
option enabled '0'
option fallback '1'
@@ -47,7 +48,7 @@ config zone
list zone_name 'in-addr.arpa.'
list zone_name 'ip6.arpa.'
config zone
config zone 'fwd_isp'
# forward ISP account management to DHCP announced DNS servers
option enabled '0'
option fallback '1'
@@ -56,3 +57,27 @@ config zone
list zone_name 'isp-bill.example.com.'
list zone_name 'isp-mail.example.net.'
config zone 'fwd_google'
option enabled '0'
option fallback '1'
option tls_index 'dns.google'
option tls_upstream '1'
option zone_type 'forward_zone'
list server '8.8.4.4'
list server '8.8.8.8'
list server '2001:4860:4860::8844'
list server '2001:4860:4860::8888'
list zone_name '.'
config zone 'fwd_cloudflare'
option enabled '0'
option fallback '1'
option tls_index 'cloudflare-dns.com'
option tls_upstream '1'
option zone_type 'forward_zone'
list server '1.1.1.1'
list server '1.0.0.1'
list server '2606:4700:4700::1111'
list server '2606:4700:4700::1001'
list zone_name '.'