diff --git a/unbound-1.17.0.tar.gz b/unbound-1.17.1.tar.gz similarity index 48% rename from unbound-1.17.0.tar.gz rename to unbound-1.17.1.tar.gz index ad6338a51c55252534a6f313cca177d1e95845cf..c98fca989ffdc2c9293d36dd67e9e971b179437a 100644 Binary files a/unbound-1.17.0.tar.gz and b/unbound-1.17.1.tar.gz differ diff --git a/unbound.conf b/unbound.conf index 2b6dc599523af76f4b7e70b935e3bd9e735ced62..54c4d7b2533416aeef78a77140f16eb8081704f3 100644 --- a/unbound.conf +++ b/unbound.conf @@ -41,6 +41,11 @@ server: # Needs to be enabled for munin plugin extended-statistics: yes + # Inhibits selected extended statistics (qtype, qclass, qopcode, rcode, + # rpz-actions) from printing if their value is 0. + # Default on. + # statistics-inhibit-zero: yes + # number of threads to create. 1 disables threading. num-threads: 4 @@ -152,7 +157,7 @@ server: # ip-dscp: 0 # EDNS reassembly buffer to advertise to UDP peers (the actual buffer - # is set with msg-buffer-size). 1472 can solve fragmentation (timeouts) + # is set with msg-buffer-size). # edns-buffer-size: 1232 # Maximum UDP response size (not applied to TCP response). @@ -193,6 +198,15 @@ server: # a throwaway response (also timeouts) is received. # outbound-msg-retry: 5 + # Hard limit on the number of outgoing queries Unbound will make while + # resolving a name, making sure large NS sets do not loop. + # It resets on query restarts (e.g., CNAME) and referrals. + # max-sent-count: 32 + + # Hard limit on the number of times Unbound is allowed to restart a + # query upon encountering a CNAME record. + # max-query-restarts: 11 + # msec for waiting for an unknown server to reply. Increase if you # are behind a slow satellite link, to eg. 1128. # unknown-server-time-limit: 376 @@ -238,7 +252,8 @@ server: # the maximum number of hosts that are cached (roundtrip, EDNS, lame). # infra-cache-numhosts: 10000 - # define a number of tags here, use with local-zone, access-control. + # define a number of tags here, use with local-zone, access-control, + # interface-*. # repeat the define-tag statement to add additional tags. # define-tag: "tag1 tag2 tag3" @@ -281,7 +296,9 @@ server: # Timeout for EDNS TCP keepalive, in msec. # edns-tcp-keepalive-timeout: 120000 - # Fedora note: do not activate this - can cause a crash + # Fedora note: do not activate this - not compiled in because + # it causes frequent unbound crashes. Also, socket activation + # is bad when you have things like dnsmasq also running with libvirt. # Use systemd socket activation for UDP, TCP, and control sockets. # use-systemd: no @@ -297,9 +314,7 @@ server: # allow_snoop (recursive and nonrecursive ok) # deny_non_local (drop queries unless can be answered from local-data) # refuse_non_local (like deny_non_local but polite error reply). - # access-control: 0.0.0.0/0 refuse # access-control: 127.0.0.0/8 allow - # access-control: ::0/0 refuse # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow @@ -595,6 +610,8 @@ server: # most modules have to be listed at the beginning of the line, # except cachedb(just before iterator), and python (at the beginning, # or, just before the iterator). + # For redis cachedb use: + # "ipsecmod validator cachedb iterator" module-config: "ipsecmod validator iterator" # File with trusted keys, kept uptodate using RFC5011 probes, @@ -602,7 +619,8 @@ server: # Use several entries, one per domain name, to track multiple zones. # # If you want to perform DNSSEC validation, run unbound-anchor before - # you start Unbound (i.e. in the system boot scripts). And enable: + # you start Unbound (i.e. in the system boot scripts). + # And then enable the auto-trust-anchor-file config item. # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). # auto-trust-anchor-file: "/var/lib/unbound/root.key" diff --git a/unbound.spec b/unbound.spec index a78c3332dad5f49ba349b4ddcee4dcd6b0707418..e2ebea355a071524e601fb3e216df2e6e7580734 100644 --- a/unbound.spec +++ b/unbound.spec @@ -1,8 +1,8 @@ %{!?delete_la: %global delete_la find $RPM_BUILD_ROOT -type f -name "*.la" -delete} Name: unbound -Version: 1.17.0 -Release: 2 +Version: 1.17.1 +Release: 1 Summary: Unbound is a validating, recursive, caching DNS resolver License: BSD-3-Clause Url: https://nlnetlabs.nl/projects/unbound/about/ @@ -90,7 +90,7 @@ popd --enable-linux-ip-local-port-range pushd %{name}-%{version} -%configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} \%{configure_args} +%configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} --disable-sha1 %{configure_args} %make_build %make_build streamtcp popd @@ -234,6 +234,12 @@ popd %{_mandir}/man* %changelog +* Tue Mar 07 2023 gaihuiying - 1.17.1-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update to 1.17.1 + * Fri Mar 03 2023 gaihuiying - 1.17.0-2 - Type:bugfix - CVE:NA