[unbound/f15] * Thu Feb 02 2012 Paul Wouters <pwouters at redhat.com> - 1.4.16-1 - Upgraded to 1.4.16, which was rele
Paul Wouters
pwouters at fedoraproject.org
Thu Feb 2 15:48:47 UTC 2012
commit c0254b5bd67814e82fc3a55e268b031876f8541d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 2 10:39:49 2012 -0500
* Thu Feb 02 2012 Paul Wouters <pwouters at redhat.com> - 1.4.16-1
- Upgraded to 1.4.16, which was relesed due to the soname
- Updated unbound.conf to show how to configure listening on tls443
.gitignore | 1 +
sources | 1 +
unbound.conf | 16 +++++++++++++---
unbound.spec | 6 +++++-
4 files changed, 20 insertions(+), 4 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 0fb2191..5ff77f1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ unbound-1.4.5.tar.gz
/unbound-1.4.12.tar.gz
/unbound-1.4.13.tar.gz
/unbound-1.4.14.tar.gz
+/unbound-1.4.16.tar.gz
diff --git a/sources b/sources
index fc8e3ae..798bd91 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,3 @@
7e3b27dee2b97640dd2e1783253317ab unbound-1.4.13.tar.gz
cd69fdaaa6af01ea0b6fbc59802f74ba unbound-1.4.14.tar.gz
+5158d03d2ab0a8e60925c7a9b9903631 unbound-1.4.16.tar.gz
diff --git a/unbound.conf b/unbound.conf
index 99bc8d6..86af420 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -40,12 +40,20 @@ server:
# interface: 192.0.2.153
# interface: 192.0.2.154
# interface: 2001:DB8::5
+ #
+ # for dns over tls and raw dns over port 80
+ # interface: 0.0.0.0 at 443
+ # interface: ::0 at 443
+ # interface: 0.0.0.0 at 80
+ # interface: ::0 at 80
# enable this feature to copy the source address of queries to reply.
# Socket options are not supported on all platforms. experimental.
+ # interface-automatic: yes
+ #
# NOTE: Enable this option when specifying interface 0.0.0.0 or ::0
# NOTE: Disabled per Fedora policy not to listen to * on default install
- # interface-automatic: yes
+ # NOTE: If deploying on non-default port, eg 80/443, this needs to be disabled
interface-automatic: no
# port to answer queries from
@@ -146,6 +154,8 @@ server:
# do-ip6: yes
# Enable UDP, "yes" or "no".
+ # NOTE: if setting up an unbound on tls443 for public use, you might want to
+ # disable UDP to avoid being used in DNS amplification attacks.
# do-udp: yes
# Enable TCP, "yes" or "no".
@@ -448,8 +458,8 @@ server:
# service clients over SSL (on the TCP sockets), with plain DNS inside
# the SSL stream. Give the certificate to use and private key.
# default is "" (disabled). requires restart to take effect.
- # ssl-service-key: "path/to/privatekeyfile.key"
- # ssl-service-pem: "path/to/publiccertfile.pem"
+ # ssl-service-key: "/etc/unbound/unbound_server.key"
+ # ssl-service-pem: "/etc/unbound/unbound_server.pem"
# ssl-port: 443
# request upstream over SSL (with plain DNS inside the SSL stream).
diff --git a/unbound.spec b/unbound.spec
index 5093004..a99ea87 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -8,7 +8,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound
-Version: 1.4.14
+Version: 1.4.16
Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/unbound/
@@ -200,6 +200,10 @@ fi
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Feb 02 2012 Paul Wouters <pwouters at redhat.com> - 1.4.16-1
+- Upgraded to 1.4.16, which was relesed due to the soname
+- Updated unbound.conf to show how to configure listening on tls443
+
* Mon Dec 19 2011 Paul Wouters <paul at cypherpunks.ca> - 1.4.14-1
- Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
- SSL-wrapped query support for dnssec-trigger
More information about the scm-commits
mailing list