* adblock-fast can generate the compatible adb_list-file, but it's
only pulled if net/adblock installed, this patch also pulls in the
adb_list file if net/adblock-fast is installed.
* also bump PKG_RELEASE
Signed-off-by: Stan Grishin <stangri@melmac.ca>
that way, procd does not needlessly restart unbound on triggers when
everything remains the same - changes in non-default included
configuration files will not be registered, however
Signed-off-by: Jan Klos <jan@klos.xyz>
The function `create_host_record_from_host` fails if the `dns` option
is not set in the host entry.
This sets a default to the `dns` variable in order to fix this error.
Fixes: #22691
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
The "Extra DNS" option allows to create records from the DHCP
"Hostnames" configuration entries.
This allows to create such records from the DHCP "Static leases"
configuration entries too.
Fixes: #22593
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
This prevents a forwarding server named like ::1@5453 from being added
to unbound.conf as a forward-host instead of the correct forward-addr.
forward-host requires the name to be resolved, which is impossible in
the absence of another nameserver. Thus, forwarding-only configurations
referencing only the IPv6 loopback address with a port number were
broken.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Currently there is a problem with log spam when ipv6 network
is dropped. Fix this by backporting a patch to silence these errors
when verbose logging is not enabled.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
DNS flag day 2020, software should reflect the minimum EDNS 1232 bytes.
Added iface_wan and iface_lan to control internal DNS assignemnts and
to control what is local service ACL. Interface wild cards are not
explicitly set so that they can be customized in extended conf.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
- prevent rapid overlap in DHCP script updates
- check and allow localhost forwards with specific applications
- add option for rate limiting inbound queries
- change UCI list to table format with Unbound conf references
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
The two unique packages "Unbound light" and "Unbound heavy"
were not working well due to the fact that Unbound is mostly
its library. Tools and helpers would crash. Instead a reasonable
default Unbound is built. Also up select options like python
are added. libevent and libpthreads are options to down select.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Unbound has a quirk and may reply on a different device address.
When Unbound answers with from-address different than it
received queries on, it may cause trouble for select VPN and
firewall configurations. Ensure Unbound replies with the same
address by changing this default.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
This exposes the interface-auto option to UCI.
By default, interface-auto is disabled.
This leads to the DNS reply possibly originating from
a different address then the request was sent to.
Devices with a packet filter might not receive the reply in this case.
Enabling interface-auto ensures the reply is sent with the
source-address the request was sent to.
Signed-off-by: David Bauer <mail@david-bauer.net>
This patch enables ipset support in the unbound-daemon-heavy variant. See [1] for
instructions on how to use it.
Also fix a minor typo in the libunbound-light description.
[1] https://github.com/NLnetLabs/unbound/pull/28
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Stan Grishin