[unbound/el6] * Sat Feb 04 2012 Paul Wouters <pwouters at redhat.com> - 1.4.16-1 - Upgraded to 1.4.16, which was rele

Paul Wouters pwouters at fedoraproject.org
Sun Feb 5 03:56:54 UTC 2012 

commit 148a595338c5e172146526c9c62d5f904da0520a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Feb 4 22:57:02 2012 -0500

    * Sat Feb 04 2012 Paul Wouters <pwouters at redhat.com> - 1.4.16-1
    - Upgraded to 1.4.16, which was relesed due to the soname bug in 1.4.15
    - Updated unbound.conf to show how to configure listening on tls443
    - Fixes some NSEC3 related DNSSEC validation errors

 .gitignore   |    1 +
 sources      |    1 +
 unbound.conf |   16 +++++++++++++---
 unbound.spec |    5 +++++
 4 files changed, 20 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b8b6f89..24680fa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ unbound-1.4.3.tar.gz
 unbound-1.4.4.tar.gz
 /unbound-1.4.13.tar.gz
 /unbound-1.4.14.tar.gz
+/unbound-1.4.16.tar.gz
diff --git a/sources b/sources
index fc8e3ae..798bd91 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,3 @@
 7e3b27dee2b97640dd2e1783253317ab  unbound-1.4.13.tar.gz
 cd69fdaaa6af01ea0b6fbc59802f74ba  unbound-1.4.14.tar.gz
+5158d03d2ab0a8e60925c7a9b9903631  unbound-1.4.16.tar.gz
diff --git a/unbound.conf b/unbound.conf
index 99bc8d6..86af420 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -40,12 +40,20 @@ server:
 	# interface: 192.0.2.153
 	# interface: 192.0.2.154
 	# interface: 2001:DB8::5
+	#
+	# for dns over tls and raw dns over port 80 
+	# interface: 0.0.0.0 at 443
+	# interface: ::0 at 443
+	# interface: 0.0.0.0 at 80
+	# interface: ::0 at 80
 	
 	# enable this feature to copy the source address of queries to reply.
 	# Socket options are not supported on all platforms. experimental. 
+	# interface-automatic: yes
+	#
 	# NOTE: Enable this option when specifying interface 0.0.0.0 or ::0 
 	# NOTE: Disabled per Fedora policy not to listen to * on default install
-	# interface-automatic: yes
+	# NOTE: If deploying on non-default port, eg 80/443, this needs to be disabled
 	interface-automatic: no
 
 	# port to answer queries from
@@ -146,6 +154,8 @@ server:
 	# do-ip6: yes
 
 	# Enable UDP, "yes" or "no".
+	# NOTE: if setting up an unbound on tls443 for public use, you might want to
+	# disable UDP to avoid being used in DNS amplification attacks.
 	# do-udp: yes
 
 	# Enable TCP, "yes" or "no".
@@ -448,8 +458,8 @@ server:
 	# service clients over SSL (on the TCP sockets), with plain DNS inside
 	# the SSL stream.  Give the certificate to use and private key.
 	# default is "" (disabled).  requires restart to take effect.
-	# ssl-service-key: "path/to/privatekeyfile.key"
-	# ssl-service-pem: "path/to/publiccertfile.pem"
+	# ssl-service-key: "/etc/unbound/unbound_server.key"
+	# ssl-service-pem: "/etc/unbound/unbound_server.pem"
 	# ssl-port: 443
 
 	# request upstream over SSL (with plain DNS inside the SSL stream).
diff --git a/unbound.spec b/unbound.spec
index c22cf59..1418be8 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -196,6 +196,11 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Sat Feb 04 2012 Paul Wouters <pwouters at redhat.com> - 1.4.16-1
+- Upgraded to 1.4.16, which was relesed due to the soname bug in 1.4.15
+- Updated unbound.conf to show how to configure listening on tls443
+- Fixes some NSEC3 related DNSSEC validation errors
+
 * Mon Dec 19 2011 Paul Wouters <paul at cypherpunks.ca> - 1.4.14-1
 - Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
 - SSL-wrapped query support for dnssec-trigger

More information about the scm-commits mailing list