Merge remote-tracking branch 'ms/next-dns-ng' into next

2026-04-27 11:13:24 +02:00 · 2020-01-13 21:42:49 +00:00
parent 23dc6e0b23 7be4822f3d
commit 61cc563558
45 changed files with 1688 additions and 1117 deletions
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ b/config/unbound/unbound-dhcp-leases-bridge
@@ -28,6 +28,7 @@ import logging.handlers
 import os
 import re
 import signal
+import stat
 import subprocess
 import tempfile

@@ -528,6 +529,9 @@ class UnboundConfigWriter(object):
 				for rr in l.rrset:
 					f.write("local-data: \"%s\"\n" % " ".join(rr))

+			# Make file readable for everyone
+			os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
+
 		os.rename(filename, self.path)

 	def _control(self, *args):
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -61,6 +61,13 @@ server:
 	harden-algo-downgrade: no
 	use-caps-for-id: yes
 	aggressive-nsec: yes
+	qname-minimisation: yes
+
+	# TLS
+	tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
+
+	# EDNS Buffer Size (#12240)
+	edns-buffer-size: 1232

 	# Harden against DNS cache poisoning
 	unwanted-reply-threshold: 1000000
@@ -78,6 +85,9 @@ server:
 	# Include DHCP leases
 	include: "/etc/unbound/dhcp-leases.conf"

+	# Include hosts
+	include: "/etc/unbound/hosts.conf"
+
 	# Include any forward zones
 	include: "/etc/unbound/forward.conf"