Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove option that has now been merged into infra-host-ttl. | Warren Baker | 2014-12-24 | 1 | -2/+0 |
| | |||||
* | Where binding Unbound to *:53, set "interface-automatic: yes" so replies are ↵ | Chris Buechler | 2014-12-13 | 1 | -0/+1 |
| | | | | sourced from the correct IP. Ideally this should always work this way, but setting this causes Unbound to bind to *:53, which shouldn't happen where specific interfaces are chosen. Ticket #4111 | ||||
* | Don't include link-locals as unbound interface candidates | Jean Cyr | 2014-12-04 | 1 | -1/+1 |
| | | | | Unbound does not presently support link-local interfaces. | ||||
* | Link local interfaces don't have subnet.. don't create access-control statement | Jean Cyr | 2014-12-03 | 1 | -5/+7 |
| | | | | | | Selecting link local interface for unbound causes invalid access-control statement in unbound config since link local address doesn't have subnet. | ||||
* | If get_interface_ip(v6) is passed an IP, return the IP. | Chris Buechler | 2014-12-02 | 1 | -6/+11 |
| | | | | | | Properly set up interface binding for v6 link local IPs. Ticket #4021 except had to comment out the fix for now because of #4062 to avoid config breakage. | ||||
* | Fix bracketing of if statement in unbound | Phil Davis | 2014-11-29 | 1 | -2/+2 |
| | | | | | | Stops message: Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/unbound.inc on line 607 The problem was introduced when lines 607-608 were added without adding these brackets. IMHO programming standards should include ALWAYS using brackets for "if" and other similar statements. That way this sort of code addition accident does not happen. But I guess there are others who have different opinions. | ||||
* | Skip v6 WANs in Unbound access-control. Ticket #4023 | Chris Buechler | 2014-11-28 | 1 | -1/+3 |
| | |||||
* | fix v6 access-control in Unbound, Ticket #4023 | Chris Buechler | 2014-11-28 | 1 | -1/+2 |
| | |||||
* | Fix input validation for DNS resolver when localhost is enabled in ↵ | Chris Buechler | 2014-11-28 | 1 | -7/+12 |
| | | | | resolv.conf and "all" chosen in Network Interfaces. While here, set something other than '' when all is chosen. | ||||
* | Add option to disable auto-added access-control entries for users who want ↵ | Chris Buechler | 2014-11-27 | 1 | -38/+40 |
| | | | | to manually manage ACLs. Ticket #4023 | ||||
* | Fix Unbound host_entries.conf warnings on console during boot | Phil Davis | 2014-11-27 | 1 | -7/+20 |
| | | | | | system_hosts_generate() tried to make /var/unbound/host_entries.conf at various times in the boot sequence before the main Unbound start code was called. But these early calls to unbound-related things did not have any check to see if /var/unbound was created yet. I pulled out the code to create /var/unbound into a separate routine, create_unbound_chroot_path, then call that before any of the file_put_contents. That gets rid of the console error messages during boot, and also will correct any future issue with the sequence of calls to any of these routines. | ||||
* | include 169.254./16 in unbound's DNS rebinding protection | Chris Buechler | 2014-11-26 | 1 | -0/+1 |
| | |||||
* | include Unbound access-control entries for local IPv6 networks reachable via ↵ | Chris Buechler | 2014-11-26 | 1 | -0/+11 |
| | | | | static route. Ticket #4023 | ||||
* | Skip interface subnets for IPv4 here, this is best handled via the NAT ↵ | Chris Buechler | 2014-11-25 | 1 | -3/+2 |
| | | | | networks list. Ticket #4023 | ||||
* | Use the subnets automatic outbound NAT uses for tonatsubnets for Unbound's ↵ | Chris Buechler | 2014-11-25 | 1 | -0/+11 |
| | | | | access-control config, as this is a good source of what networks are internal. Ticket #4023 | ||||
* | d DHCPLeases starting before Unbound/DNSMasq and returning a pid not found ↵ | Warren Baker | 2014-11-21 | 1 | -0/+3 |
| | | | | message. Add missing reload feature | ||||
* | Revert "Revert "Use unbound from ports, it should fix #4020"" | Renato Botelho | 2014-11-18 | 1 | -6/+6 |
| | | | | This reverts commit cd7b929ac0ee324b96baabcd216cf303be937db7. | ||||
* | Revert "Use unbound from ports, it should fix #4020" | Renato Botelho | 2014-11-18 | 1 | -6/+6 |
| | | | | This reverts commit f13df0e3f1bf45d8dab01805f757e623165c044f. | ||||
* | Use unbound from ports, it should fix #4020 | Renato Botelho | 2014-11-18 | 1 | -6/+6 |
| | |||||
* | check for IPs here also to avoid invalid config entries. change my last fix ↵ | Chris Buechler | 2014-11-17 | 1 | -4/+4 |
| | | | | to v4/v6-specific | ||||
* | Verify IP address before putting into unbound config. some "Array" entries ↵ | Chris Buechler | 2014-11-17 | 1 | -2/+2 |
| | | | | were ending up there. | ||||
* | 192.254.0.0/16 isn't private, remove | Chris Buechler | 2014-11-17 | 1 | -1/+0 |
| | |||||
* | Merge pull request #1340 from phil-davis/patch-5 | Renato Botelho | 2014-11-17 | 1 | -6/+14 |
|\ | |||||
| * | Improve test in unbound_add_domain_overrides | Phil Davis | 2014-11-17 | 1 | -1/+1 |
| | | | | | | Actually the test condition happened to work OK! But this change makes it easier to understand what is really intended. | ||||
| * | Handle reverse-lookup zones for unbound | Phil Davis | 2014-11-16 | 1 | -6/+14 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default unbound returns nothing for private reverse lookups. Here is some information about that from https://www.unbound.net/documentation/unbound.conf.html -------- The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved IP addresses for which the servers on the internet cannot pro- vide correct answers. They are configured by default to give nxdomain (no reverse information) answers. The defaults can be turned off by specifying your own local-zone of that name, or using the 'nodefault' type. Below is a list of the default zone contents. -------- Just specifying 'nodefault' did not work. I found other threads where people used this in unbound.conf -------- local-zone: "49.10.in-addr.arpa" typetransparent -------- Note that it works specifying the domain override with or without a final "." So the code here checks for the special cases of ".in-addr.arpa" and ".in-addr.arpa." at the end of a domain override name. With this code my domain override entries for private reverse lookups work. | ||||
* | | Unbound improvements and fixes, ticket #4011: | Renato Botelho | 2014-11-17 | 1 | -102/+29 |
|/ | | | | | | | - Create dhcpleases_entries.conf, feed by dhcpleases - Do not read lines created by dhcpleases from /etc/hosts to populate host_entries.conf - Simplify logic for host_entries.conf creation | ||||
* | fix Unbound Advanced options | Chris Buechler | 2014-11-15 | 1 | -1/+2 |
| | |||||
* | Implement advanced settings in unbound.conf | Phil Davis | 2014-11-13 | 1 | -22/+27 |
| | | | | The settings are made in the Advanced tab in the GUI and are stored in the config. Now actually implement them in unbound.conf | ||||
* | Do not require the default sysctl items to be set on the config.xml but ↵ | Ermal | 2014-11-10 | 1 | -8/+10 |
| | | | | rather extract the definitions from the sysctl tree. Also to reduce config.xml size | ||||
* | Fix indent | Renato Botelho | 2014-11-03 | 1 | -517/+517 |
| | |||||
* | Indent here as well | Warren Baker | 2014-11-03 | 1 | -7/+7 |
| | |||||
* | Support IPV6 in unbound.conf | Jean Cyr | 2014-09-24 | 1 | -0/+12 |
| | | | | IPv6 addresses are not included in unbound config and access list | ||||
* | outgoing ip incorrectly set in unbound.conf | Jean Cyr | 2014-09-24 | 1 | -1/+1 |
| | | | | | DNS resolver outgoing IP interface IP address is incorrectly set to the last inbound interface IP address... fix it. | ||||
* | Convert almost all /sbin/sysctl calls to php functions | Renato Botelho | 2014-07-07 | 1 | -1/+1 |
| | |||||
* | Add -n for 2 remaining sysctl calls, also replace backtick by exec | Renato Botelho | 2014-06-19 | 1 | -2/+2 |
| | |||||
* | If Unbound is been used then make sure to reload when ↵ | Warren Baker | 2014-04-28 | 1 | -0/+13 |
| | | | | system_hosts_generate() is called | ||||
* | Add space between configile and switch | Warren Baker | 2014-04-28 | 1 | -1/+1 |
| | |||||
* | Make sure to actually configure the outgoing query interfaces if selected. | Warren Baker | 2014-04-25 | 1 | -0/+13 |
| | |||||
* | Add localhost as always allowed and ensure to include the access lists | Warren Baker | 2014-03-29 | 1 | -1/+5 |
| | |||||
* | Write out the access list correctly | Warren Baker | 2014-03-29 | 1 | -7/+11 |
| | |||||
* | Configure acls for local networks and ensure listening interfaces are ↵ | Warren Baker | 2014-03-29 | 1 | -7/+32 |
| | | | | correctly set | ||||
* | Add missing new line | Warren Baker | 2014-03-29 | 1 | -1/+1 |
| | |||||
* | Correct reference | Warren Baker | 2014-03-29 | 1 | -2/+0 |
| | |||||
* | Ensure TXT support on host descriptions actually works | Warren Baker | 2014-03-29 | 1 | -1/+1 |
| | |||||
* | Fix file name for domain overrides and ensure trust anchor is referencing ↵ | Warren Baker | 2014-03-21 | 1 | -2/+2 |
| | | | | the correct file. | ||||
* | Use the correct xml tag to check against | Warren Baker | 2014-03-21 | 1 | -1/+1 |
| | |||||
* | Only display config title if option is enabled | Warren Baker | 2014-03-20 | 1 | -3/+2 |
| | |||||
* | Rather put forwarding for DNS servers into the configuration file | Warren Baker | 2014-03-20 | 1 | -29/+33 |
| | |||||
* | Ensure if port is configured it is then used | Warren Baker | 2014-03-20 | 1 | -2/+3 |
| | |||||
* | standardize on https://www.pfsense.org | Chris Buechler | 2014-03-14 | 1 | -1/+1 |
| |