cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 07:28:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

unbound: UCI updates to take advantage of 1.6.0

Browse Source 
- UCI to take advantage of "qname-minimisation-strict:"
- UCI to block chaos reponses bind, server, and version
- UCI to limit or prefer recrusion over IP4 or IP6

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This commit is contained in:
Eric Luehrsen
2016-12-18 22:38:03 -05:00
parent c0a630001b
commit 82c2368177
4 changed files with 89 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/unbound/files/README.md
+20 -4
View File
@@ -79,8 +79,12 @@ Finally, `root.key` maintenance for DNSKEY RFC5011 would be hard on flash. Unbou
"drill -x 192.168.10.201 ~ NODATA" (insted of james-laptop.lan)
option edns_size '1280'
Extended DNS is necessary for DNSSEC. However, it can run into MTU
issues. Use this size in bytes to manage drop outs.
Bytes. Extended DNS is necessary for DNSSEC. However, it can run
into MTU issues. Use this size in bytes to manage drop outs.
option hide_binddata '1'
Boolean. If enabled version.server, version.bind, id.server, and
hostname.bind queries are refused.
option listen_port '53'
Port. Incoming. Where Unbound will listen for queries.
@@ -93,9 +97,21 @@ Finally, `root.key` maintenance for DNSKEY RFC5011 would be hard on flash. Unbou
Boolean. Skip all this UCI nonsense. Manually edit the
configuration. Make changes to /etc/unbound/unbound.conf.
option protocol 'mixed'
Unbound can limit its protocol: "ip4_only" for ISP behind the time,
"ip6_only" for testing, "ip6_prefer" for ISP with good IP6 support,
or default-all "mixed." This affects the protocol used to
communicate. The DNS responses always include hosts respective IP4
and IP6 data.
option query_minimize '0'
Boolean. Enable a minor privacy option. Query only one name piece
at a time. Don't let each server know the next recursion.
Boolean. Enable a minor privacy option. Don't let each server know
the next recursion. Query one piece at a time.
option query_min_strict '0'
Boolean. Query minimize is best effort and will fall back to normal
when it must. This option prevents the fall back, but less than
standard name servers will fail to resolve their domains.
option rebind_localhost '0'
Boolean. Prevent loopback "127.0.0.0/8" or "::1/128" responses.