summaryrefslogtreecommitdiffstats
path: root/contrib/unbound/util/config_file.h
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2015-12-04 13:26:12 +0000
committerdes <des@FreeBSD.org>2015-12-04 13:26:12 +0000
commit72c7e45913048bf7a7a9f4f898363ea802ba3ab7 (patch)
tree658b312c2da2a4079aee851908bd5b4bd805ab2b /contrib/unbound/util/config_file.h
parentfc230dcf447eb45f054aa940c35313f825b926df (diff)
downloadFreeBSD-src-72c7e45913048bf7a7a9f4f898363ea802ba3ab7.zip
FreeBSD-src-72c7e45913048bf7a7a9f4f898363ea802ba3ab7.tar.gz
MFH (r287917, r287918, r289063): upgrade to latest Unbound
MFH (r283301, r289592, r291582): rc script improvements MFH (r287880): respect manually configured forwarders when using DHCP MFH (r289321): deconfuse man page PR: 184047 203580 204931
Diffstat (limited to 'contrib/unbound/util/config_file.h')
-rw-r--r--contrib/unbound/util/config_file.h25
1 files changed, 25 insertions, 0 deletions
diff --git a/contrib/unbound/util/config_file.h b/contrib/unbound/util/config_file.h
index ca512d7..99b15e0 100644
--- a/contrib/unbound/util/config_file.h
+++ b/contrib/unbound/util/config_file.h
@@ -136,6 +136,8 @@ struct config_file {
size_t so_sndbuf;
/** SO_REUSEPORT requested on port 53 sockets */
int so_reuseport;
+ /** IP_TRANSPARENT socket option requested on port 53 sockets */
+ int ip_transparent;
/** number of interfaces to open. If 0 default all interfaces. */
int num_ifs;
@@ -173,8 +175,12 @@ struct config_file {
int harden_below_nxdomain;
/** harden the referral path, query for NS,A,AAAA and validate */
int harden_referral_path;
+ /** harden against algorithm downgrade */
+ int harden_algo_downgrade;
/** use 0x20 bits in query as random ID bits */
int use_caps_bits_for_id;
+ /** 0x20 whitelist, domains that do not use capsforid */
+ struct config_strlist* caps_whitelist;
/** strip away these private addrs from answers, no DNS Rebinding */
struct config_strlist* private_address;
/** allow domain (and subdomains) to use private address space */
@@ -185,6 +191,8 @@ struct config_file {
int max_ttl;
/** the number of seconds minimum TTL used for RRsets and messages */
int min_ttl;
+ /** the number of seconds maximal negative TTL for SOA in auth */
+ int max_negative_ttl;
/** if prefetching of messages should be performed. */
int prefetch;
/** if prefetching of DNSKEYs should be performed. */
@@ -261,6 +269,8 @@ struct config_file {
unsigned int del_holddown;
/** autotrust keep_missing time, in seconds. 0 is forever. */
unsigned int keep_missing;
+ /** permit small holddown values, allowing 5011 rollover very fast */
+ int permit_small_holddown;
/** size of the key cache */
size_t key_cache_size;
@@ -341,12 +351,27 @@ struct config_file {
int dnstap_log_forwarder_query_messages;
/** true to log dnstap FORWARDER_RESPONSE message events */
int dnstap_log_forwarder_response_messages;
+
+ /** ratelimit 0 is off, otherwise qps (unless overridden) */
+ int ratelimit;
+ /** number of slabs for ratelimit cache */
+ size_t ratelimit_slabs;
+ /** memory size in bytes for ratelimit cache */
+ size_t ratelimit_size;
+ /** ratelimits for domain (exact match) */
+ struct config_str2list* ratelimit_for_domain;
+ /** ratelimits below domain */
+ struct config_str2list* ratelimit_below_domain;
+ /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
+ int ratelimit_factor;
};
/** from cfg username, after daemonise setup performed */
extern uid_t cfg_uid;
/** from cfg username, after daemonise setup performed */
extern gid_t cfg_gid;
+/** debug and enable small timeouts */
+extern int autr_permit_small_holddown;
/**
* Stub config options
OpenPOWER on IntegriCloud