[unbound] * Thu Sep 19 2013 Paul Wouters <pwouters at redhat.com> - 1.4.21-1 - Updated to 1.4.21, - Enabled new m
Paul Wouters
pwouters at fedoraproject.org
Thu Sep 19 14:21:51 UTC 2013
commit 90b7fa1c7edc2417aa95728c8587e546a27e7294
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 19 10:21:30 2013 -0400
* Thu Sep 19 2013 Paul Wouters <pwouters at redhat.com> - 1.4.21-1
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patched merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
.gitignore | 1 +
sources | 2 +-
unbound.conf | 11 ++++++++++-
unbound.spec | 17 +++++++++--------
4 files changed, 21 insertions(+), 10 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index c388427..5009aba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,4 @@ unbound-1.4.5.tar.gz
/unbound-1.4.18.tar.gz
/unbound-1.4.19.tar.gz
/unbound-1.4.20.tar.gz
+/unbound-1.4.21.tar.gz
diff --git a/sources b/sources
index 9435d03..e084414 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1f2d0b490fd7928a708a326beda21948 unbound-1.4.20.tar.gz
+0aa8db06ea784bf7879060bd1f6551c8 unbound-1.4.21.tar.gz
diff --git a/unbound.conf b/unbound.conf
index d00f21e..ce36ad1 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -20,7 +20,7 @@ server:
# enable cumulative statistics, without clearing them after printing.
# Needed for munin plugin
- statistics-cumulative: no
+ statistics-cumulative: yes
# enable extended statistics (query types, answer codes, status)
# printed from unbound-control. default off, because of speed.
@@ -72,6 +72,7 @@ server:
# permit unbound to use this port number or port range for
# making outgoing queries, using an outgoing interface.
+ # Only ephemeral ports are allowed by SElinux
outgoing-port-permit: 32768-65535
# deny unbound the use this of port number or port range for
@@ -99,6 +100,11 @@ server:
# is set with msg-buffer-size). 1480 can solve fragmentation (timeouts).
# edns-buffer-size: 4096
+ # Maximum UDP response size (not applied to TCP response).
+ # Suggested values are 512 to 4096. Default is 4096. 65536 disables it.
+ # 3072 causes +dnssec any isc.org queries to need TC=1. Helps mitigating DDOS
+ max-udp-size: 3072
+
# buffer size for handling DNS data. No messages larger than this
# size can be sent or received, by UDP or TCP. In bytes.
# msg-buffer-size: 65552
@@ -226,6 +232,9 @@ server:
# print UTC timestamp in ascii to logfile, default is epoch in seconds.
log-time-ascii: yes
+ # print one line with time, IP, name, type, class for every query.
+ # log-queries: no
+
# the pid file. Can be an absolute path outside of chroot/work dir.
pidfile: "/var/run/unbound/unbound.pid"
diff --git a/unbound.spec b/unbound.spec
index 1c240e2..e614e48 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -10,8 +10,8 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound
-Version: 1.4.20
-Release: 19%{?dist}
+Version: 1.4.21
+Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/unbound/
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -32,9 +32,6 @@ Source13: root.anchor
Source14: unbound.sysconfig
Source15: unbound.cron
Source16: unbound-munin.README
-Patch1: unbound-1.4.20-roundrobin.patch
-Patch2: unbound-1.4.20-streamtcp-manpage.patch
-Patch3: unbound-1.4.20-coverity_scan.patch
Group: System Environment/Daemons
BuildRequires: flex, openssl-devel , ldns-devel >= 1.6.13
@@ -108,9 +105,6 @@ Python modules and extensions for unbound
%prep
%setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
%build
export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@@ -283,6 +277,13 @@ exit 0
/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
%changelog
+* Thu Sep 19 2013 Paul Wouters <pwouters at redhat.com> - 1.4.21-1
+- Updated to 1.4.21,
+- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
+- Removed patched merged in by upstream
+- Enable statistics-cumulative for munin-plugin
+- Updated unbound.conf
+
* Mon Aug 26 2013 Tomas Hozza <thozza at redhat.com> - 1.4.20-19
- Fix errors found by static analysis of source
More information about the scm-commits
mailing list