webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 17:32:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,059 Commits 2 Branches 1 Tag
afd0cd232fa0d545ebdb70a114f044cde7b99985
Commit Graph

24 Commits

Author SHA1 Message Date
Arne Fitzenreiter
40c81f6929 unbound: update dns hints and keys 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-17 14:25:42 +02:00
Michael Tremer
c2adb460d6 Revert "unbound: Deactivate qname-minimization & harden-below-nxdomain" 
This reverts commit 86e9d04bfb.

This seems to be working with unbound 1.6.0 so that this can be
re-enabled for better privacy.

http://lists.ipfire.org/pipermail/development/2016-December/002807.html
 2016-12-16 11:59:59 +00:00
Michael Tremer
86e9d04bfb unbound: Deactivate qname-minimization & harden-below-nxdomain 
This causes trouble when you try to resolve a record like
a.b.blah.com where b.blah.com responds with NXDOMAIN. unbound
won't try to resolve a.b.blah.com because it is assumed that
everything longer than b.blah.com does not exist which is
probably not good usability.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-25 17:45:39 +00:00
Michael Tremer
d4af85f252 unbound: Send out replies from where they came in 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-04 18:23:25 +00:00
Michael Tremer
3ddad158cd unbound: Allow recursion from everywhere 
Users use the IPFire DNS service from VPNs and other
routed networks.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-04 17:08:13 +00:00
Michael Tremer
8b1eb795ac unbound-dhcp-bridge: Make leases unique by IP address 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:32:05 +01:00
Michael Tremer
3ec5ba501e unbound-dhcp-bridge: Only update cache when lease was added/removed 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 19:17:44 +02:00
Michael Tremer
c7b83f9bed unbound-dhcp-bridge: Rewrite update algorithm 
Before the bridge tries reading any existing leases from unbound
but this makes it difficult to destinguish between what is a DHCP lease,
static host entry or anything else.

This patch will change the bridge back to just remember what has been
added to the cache already which makes it easier to keep track.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 19:08:22 +02:00
Michael Tremer
5d4f3a42ce unbound-dhcp-bridge: Skip processing leases with empty hostname 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 19:06:27 +02:00
Michael Tremer
7354d2947a unbound-dhcp-bridge: Reading in static hosts 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 19:05:11 +02:00
Michael Tremer
1b4d5ad9af unbound: Move "listen on all" to main configuration file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-12 22:37:26 +01:00
Michael Tremer
86c9deb2ea unbound: Public static leases in DNS, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-11 19:14:33 +02:00
Michael Tremer
998e880b61 unbound: Skip invalid hostnames 
If there are any invalid hostnames in the DHCP leases
table, we just skip them and do not create and RRs for
them.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 20:11:57 +01:00
Michael Tremer
e22bcd38d6 unbound: Correctly format PTR records 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-06 10:42:49 +01:00
Michael Tremer
d20ef9d703 unbound+DHCP: Make sure to only remove old leases and not static hosts 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-14 16:35:41 +01:00
Michael Tremer
74a5ab67fe unbound+DHCP: Read correct DHCP domain name for lease 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-14 16:29:53 +01:00
Michael Tremer
b8dd42b9a6 unbound+DHCP: Read existing leases from unbound 
This allows us to restart unbound and all DHCP leases
will be re-imported even if the unbound-dhcp-leases-bridge is
not restarted.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-14 15:54:36 +01:00
Michael Tremer
077ea717e0 unbound+DHCP: Set TTL for local leases to 1m 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-12 21:14:44 +01:00
Michael Tremer
b658a451fb unbound: Automatically scale configuration to system 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-08 19:46:43 +01:00
Michael Tremer
b8f5eda86b unbound: Rewrite configuration and initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-08-06 19:20:27 +01:00
Michael Tremer
0fbd7c3c81 Import Unbound DHCP Lease Bridge 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-08-06 16:48:39 +01:00
Michael Tremer
cb21683968 unbound: Ship ICANN's certificates for trust anchor validation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-08-06 15:24:00 +01:00
Michael Tremer
76f5c54236 unbound: Install trust anchor in /var/lib/unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-08-06 15:12:01 +01:00
Marcel Lorenz
d0e5f71f77 New package: unbound 1.5.9 
Unbound is a validating, recursive, and caching DNS resolver.

https://www.unbound.net

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-08-05 13:29:09 +01:00