authenticating DNS-over-TLS connections. It can be used instead
of the tls-cert-bundle option, or with it to add certificates.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
that uses a Redis server as the storage. This implementation
depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
And unbound should be built with both --enable-cachedb and
--with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
should exist). Patch from Jinmei Tatuya (Infoblox).
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
also recognized and means the same. Also for tls-port,
tls-service-key, tls-service-pem, stub-tls-upstream and
forward-tls-upstream.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4444 be551aaa-1e26-0410-a405-d3ace91eadb9
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
from Manu Bretelle.
This option allows handling multiple cert/key pairs while only
distributing some of them.
In order to reliably match a client magic with a given key without
strong assumption as to how those were generated, we need both key and
cert. Likewise, in order to know which ES version should be used.
On the other hand, when rotating a cert, it can be desirable to only
serve the new cert but still be able to handle clients that are still
using the old certs's public key.
The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
publish the cert as part of the DNS's provider_name's TXT answer.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
config.sub(2016-09-05).
- annotate case statement fallthrough for gcc 7.1.1.
- flex output from flex 2.6.1.
- snprintf of thread number does not warn about truncated string.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4278 be551aaa-1e26-0410-a405-d3ace91eadb9
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9
of TXT RRs with a string like "example.com. 2345 1234" with
the trust anchors and their keytags.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
DS records. NSEC3 is not disabled.
- fake-sha1 test option; print warning if used. To make unit tests.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4043 be551aaa-1e26-0410-a405-d3ace91eadb9
- unbound-control stats_shm command prints stats using shared memory,
which uses less cpu.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4020 be551aaa-1e26-0410-a405-d3ace91eadb9
information that DNS queries and response code and response size,
patch from Larissa Feng.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
you enable use-systemd: yes in unbound.conf.
Also there are contrib/unbound.socket and contrib/unbound.service:
systemd files for unbound, install them in /usr/lib/systemd/system.
Contributed by Sami Kerola and Pavel Odintsov.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9