diff --git a/net/unbound/Makefile b/net/unbound/Makefile index a58e585b8..32ef5d7c4 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.4.17 +PKG_VERSION:=1.4.21 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_MD5SUM:=812d49064a78c92765970a1364736da7 +PKG_MD5SUM:=0aa8db06ea784bf7879060bd1f6551c8 PKG_BUILD_DEPENDS:=libexpat PKG_BUILD_PARALLEL:=1 diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch index 4ada6e060..ff2d0b732 100644 --- a/net/unbound/patches/001-conf.patch +++ b/net/unbound/patches/001-conf.patch @@ -17,7 +17,7 @@ # permit unbound to use this port number or port range for # making outgoing queries, using an outgoing interface. -@@ -71,9 +74,11 @@ server: +@@ -73,9 +76,11 @@ server: # number of outgoing simultaneous tcp buffers to hold per thread. # outgoing-num-tcp: 10 @@ -29,7 +29,7 @@ # buffer size for UDP port 53 incoming (SO_RCVBUF socket option). # 0 is system default. Use 4m to catch query spikes for busy servers. -@@ -90,18 +95,22 @@ server: +@@ -96,18 +101,22 @@ server: # buffer size for handling DNS data. No messages larger than this # size can be sent or received, by UDP or TCP. In bytes. # msg-buffer-size: 65552 @@ -52,7 +52,7 @@ # if very busy, 50% queries run to completion, 50% get timeout in msec # jostle-timeout: 200 -@@ -109,11 +118,13 @@ server: +@@ -115,11 +124,13 @@ server: # the amount of memory to use for the RRset cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # rrset-cache-size: 4m @@ -66,7 +66,7 @@ # the time to live (TTL) value lower bound, in seconds. Default 0. # If more than an hour could easily give trouble due to stale data. -@@ -131,9 +142,11 @@ server: +@@ -137,9 +148,11 @@ server: # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # infra-cache-slabs: 4 @@ -78,7 +78,7 @@ # Enable IPv4, "yes" or "no". # do-ip4: yes -@@ -164,6 +177,8 @@ server: +@@ -170,6 +183,8 @@ server: # access-control: ::0/0 refuse # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow @@ -87,7 +87,7 @@ # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, -@@ -194,6 +209,7 @@ server: +@@ -200,6 +215,7 @@ server: # and the given username is assumed. Default is user "unbound". # If you give "" no privileges are dropped. # username: "@UNBOUND_USERNAME@" @@ -95,7 +95,7 @@ # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory -@@ -216,10 +232,12 @@ server: +@@ -222,10 +238,12 @@ server: # the pid file. Can be an absolute path outside of chroot/work dir. # pidfile: "@UNBOUND_PIDFILE@" @@ -108,7 +108,7 @@ # enable to not answer id.server and hostname.bind queries. # hide-identity: no -@@ -242,12 +260,15 @@ server: +@@ -248,12 +266,15 @@ server: # positive value: fetch that many targets opportunistically. # Enclose the list of numbers between quotes (""). # target-fetch-policy: "3 2 1 0 0" @@ -124,7 +124,7 @@ # Harden against out of zone rrsets, to avoid spoofing attempts. # harden-glue: yes -@@ -328,7 +349,7 @@ server: +@@ -334,7 +355,7 @@ server: # you start unbound (i.e. in the system boot scripts). And enable: # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). @@ -133,7 +133,7 @@ # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. -@@ -414,15 +435,18 @@ server: +@@ -420,15 +441,18 @@ server: # the amount of memory to use for the key cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m @@ -150,5 +150,5 @@ # neg-cache-size: 1m + neg-cache-size: 10k - # a number of locally served zones can be configured. - # local-zone: + # By default, for a number of zones a small default 'nothing here' + # reply is built-in. Query traffic is thus blocked. If you