summaryrefslogtreecommitdiffstats
path: root/etc/inc/unbound.inc
Commit message (Collapse)AuthorAgeFilesLines
* Remove option that has now been merged into infra-host-ttl.Warren Baker2014-12-241-2/+0
|
* Where binding Unbound to *:53, set "interface-automatic: yes" so replies are ↵Chris Buechler2014-12-131-0/+1
| | | | sourced from the correct IP. Ideally this should always work this way, but setting this causes Unbound to bind to *:53, which shouldn't happen where specific interfaces are chosen. Ticket #4111
* Don't include link-locals as unbound interface candidatesJean Cyr2014-12-041-1/+1
| | | | Unbound does not presently support link-local interfaces.
* Link local interfaces don't have subnet.. don't create access-control statementJean Cyr2014-12-031-5/+7
| | | | | | Selecting link local interface for unbound causes invalid access-control statement in unbound config since link local address doesn't have subnet.
* If get_interface_ip(v6) is passed an IP, return the IP.Chris Buechler2014-12-021-6/+11
| | | | | | Properly set up interface binding for v6 link local IPs. Ticket #4021 except had to comment out the fix for now because of #4062 to avoid config breakage.
* Fix bracketing of if statement in unboundPhil Davis2014-11-291-2/+2
| | | | | | Stops message: Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/unbound.inc on line 607 The problem was introduced when lines 607-608 were added without adding these brackets. IMHO programming standards should include ALWAYS using brackets for "if" and other similar statements. That way this sort of code addition accident does not happen. But I guess there are others who have different opinions.
* Skip v6 WANs in Unbound access-control. Ticket #4023Chris Buechler2014-11-281-1/+3
|
* fix v6 access-control in Unbound, Ticket #4023Chris Buechler2014-11-281-1/+2
|
* Fix input validation for DNS resolver when localhost is enabled in ↵Chris Buechler2014-11-281-7/+12
| | | | resolv.conf and "all" chosen in Network Interfaces. While here, set something other than '' when all is chosen.
* Add option to disable auto-added access-control entries for users who want ↵Chris Buechler2014-11-271-38/+40
| | | | to manually manage ACLs. Ticket #4023
* Fix Unbound host_entries.conf warnings on console during bootPhil Davis2014-11-271-7/+20
| | | | | system_hosts_generate() tried to make /var/unbound/host_entries.conf at various times in the boot sequence before the main Unbound start code was called. But these early calls to unbound-related things did not have any check to see if /var/unbound was created yet. I pulled out the code to create /var/unbound into a separate routine, create_unbound_chroot_path, then call that before any of the file_put_contents. That gets rid of the console error messages during boot, and also will correct any future issue with the sequence of calls to any of these routines.
* include 169.254./16 in unbound's DNS rebinding protectionChris Buechler2014-11-261-0/+1
|
* include Unbound access-control entries for local IPv6 networks reachable via ↵Chris Buechler2014-11-261-0/+11
| | | | static route. Ticket #4023
* Skip interface subnets for IPv4 here, this is best handled via the NAT ↵Chris Buechler2014-11-251-3/+2
| | | | networks list. Ticket #4023
* Use the subnets automatic outbound NAT uses for tonatsubnets for Unbound's ↵Chris Buechler2014-11-251-0/+11
| | | | access-control config, as this is a good source of what networks are internal. Ticket #4023
* d DHCPLeases starting before Unbound/DNSMasq and returning a pid not found ↵Warren Baker2014-11-211-0/+3
| | | | message. Add missing reload feature
* Revert "Revert "Use unbound from ports, it should fix #4020""Renato Botelho2014-11-181-6/+6
| | | | This reverts commit cd7b929ac0ee324b96baabcd216cf303be937db7.
* Revert "Use unbound from ports, it should fix #4020"Renato Botelho2014-11-181-6/+6
| | | | This reverts commit f13df0e3f1bf45d8dab01805f757e623165c044f.
* Use unbound from ports, it should fix #4020Renato Botelho2014-11-181-6/+6
|
* check for IPs here also to avoid invalid config entries. change my last fix ↵Chris Buechler2014-11-171-4/+4
| | | | to v4/v6-specific
* Verify IP address before putting into unbound config. some "Array" entries ↵Chris Buechler2014-11-171-2/+2
| | | | were ending up there.
* 192.254.0.0/16 isn't private, removeChris Buechler2014-11-171-1/+0
|
* Merge pull request #1340 from phil-davis/patch-5Renato Botelho2014-11-171-6/+14
|\
| * Improve test in unbound_add_domain_overridesPhil Davis2014-11-171-1/+1
| | | | | | Actually the test condition happened to work OK! But this change makes it easier to understand what is really intended.
| * Handle reverse-lookup zones for unboundPhil Davis2014-11-161-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default unbound returns nothing for private reverse lookups. Here is some information about that from https://www.unbound.net/documentation/unbound.conf.html -------- The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved IP addresses for which the servers on the internet cannot pro- vide correct answers. They are configured by default to give nxdomain (no reverse information) answers. The defaults can be turned off by specifying your own local-zone of that name, or using the 'nodefault' type. Below is a list of the default zone contents. -------- Just specifying 'nodefault' did not work. I found other threads where people used this in unbound.conf -------- local-zone: "49.10.in-addr.arpa" typetransparent -------- Note that it works specifying the domain override with or without a final "." So the code here checks for the special cases of ".in-addr.arpa" and ".in-addr.arpa." at the end of a domain override name. With this code my domain override entries for private reverse lookups work.
* | Unbound improvements and fixes, ticket #4011:Renato Botelho2014-11-171-102/+29
|/ | | | | | | - Create dhcpleases_entries.conf, feed by dhcpleases - Do not read lines created by dhcpleases from /etc/hosts to populate host_entries.conf - Simplify logic for host_entries.conf creation
* fix Unbound Advanced optionsChris Buechler2014-11-151-1/+2
|
* Implement advanced settings in unbound.confPhil Davis2014-11-131-22/+27
| | | | The settings are made in the Advanced tab in the GUI and are stored in the config. Now actually implement them in unbound.conf
* Do not require the default sysctl items to be set on the config.xml but ↵Ermal2014-11-101-8/+10
| | | | rather extract the definitions from the sysctl tree. Also to reduce config.xml size
* Fix indentRenato Botelho2014-11-031-517/+517
|
* Indent here as wellWarren Baker2014-11-031-7/+7
|
* Support IPV6 in unbound.confJean Cyr2014-09-241-0/+12
| | | | IPv6 addresses are not included in unbound config and access list
* outgoing ip incorrectly set in unbound.confJean Cyr2014-09-241-1/+1
| | | | | DNS resolver outgoing IP interface IP address is incorrectly set to the last inbound interface IP address... fix it.
* Convert almost all /sbin/sysctl calls to php functionsRenato Botelho2014-07-071-1/+1
|
* Add -n for 2 remaining sysctl calls, also replace backtick by execRenato Botelho2014-06-191-2/+2
|
* If Unbound is been used then make sure to reload when ↵Warren Baker2014-04-281-0/+13
| | | | system_hosts_generate() is called
* Add space between configile and switchWarren Baker2014-04-281-1/+1
|
* Make sure to actually configure the outgoing query interfaces if selected.Warren Baker2014-04-251-0/+13
|
* Add localhost as always allowed and ensure to include the access listsWarren Baker2014-03-291-1/+5
|
* Write out the access list correctlyWarren Baker2014-03-291-7/+11
|
* Configure acls for local networks and ensure listening interfaces are ↵Warren Baker2014-03-291-7/+32
| | | | correctly set
* Add missing new lineWarren Baker2014-03-291-1/+1
|
* Correct referenceWarren Baker2014-03-291-2/+0
|
* Ensure TXT support on host descriptions actually worksWarren Baker2014-03-291-1/+1
|
* Fix file name for domain overrides and ensure trust anchor is referencing ↵Warren Baker2014-03-211-2/+2
| | | | the correct file.
* Use the correct xml tag to check againstWarren Baker2014-03-211-1/+1
|
* Only display config title if option is enabledWarren Baker2014-03-201-3/+2
|
* Rather put forwarding for DNS servers into the configuration fileWarren Baker2014-03-201-29/+33
|
* Ensure if port is configured it is then usedWarren Baker2014-03-201-2/+3
|
* standardize on https://www.pfsense.orgChris Buechler2014-03-141-1/+1
|
OpenPOWER on IntegriCloud