mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-02-01 14:02:24 +01:00
27627cb2d9
The dns-root-hints dependency has been introduced in [1]. Strictly speaking dns-root-hints is not necessary as unbound provides builtin root hints. This change switches to using the builtin root hints by default, thereby avoiding installation of a cron and a dependency on gnupg. If desired, users can still manually install and configure dns-root-hints with unbound. See #11324 for further information on this topic. [1]: https://github.com/alpinelinux/aports/pull/5950
47 lines
1.9 KiB
Diff
47 lines
1.9 KiB
Diff
diff -upr unbound-1.13.0.orig/doc/example.conf.in unbound-1.13.0/doc/example.conf.in
|
|
--- unbound-1.13.0.orig/doc/example.conf.in 2020-12-21 09:58:04.154390497 +0100
|
|
+++ unbound-1.13.0/doc/example.conf.in 2020-12-21 09:58:53.094583255 +0100
|
|
@@ -355,9 +355,6 @@ server:
|
|
# print log lines that say why queries return SERVFAIL to clients.
|
|
# log-servfail: no
|
|
|
|
- # the pid file. Can be an absolute path outside of chroot/work dir.
|
|
- # pidfile: "@UNBOUND_PIDFILE@"
|
|
-
|
|
# file to read root hints from.
|
|
# get one from https://www.internic.net/domain/named.cache
|
|
# root-hints: ""
|
|
@@ -507,7 +504,7 @@ server:
|
|
# you start unbound (i.e. in the system boot scripts). And enable:
|
|
# Please note usage of unbound-anchor root anchor is at your own risk
|
|
# and under the terms of our LICENSE (see that file in the source).
|
|
- # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
|
|
+ # auto-trust-anchor-file: ""
|
|
|
|
# trust anchor signaling sends a RFC8145 key tag query after priming.
|
|
# trust-anchor-signaling: yes
|
|
@@ -519,7 +516,7 @@ server:
|
|
# with several entries, one file per entry.
|
|
# Zone file format, with DS and DNSKEY entries.
|
|
# Note this gets out of date, use auto-trust-anchor-file please.
|
|
- # trust-anchor-file: ""
|
|
+ trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
|
|
|
|
# Trusted key for validation. DS or DNSKEY. specify the RR on a
|
|
# single line, surrounded by "". TTL is ignored. class is IN default.
|
|
@@ -900,12 +897,13 @@ dynlib:
|
|
remote-control:
|
|
# Enable remote control with unbound-control(8) here.
|
|
# set up the keys and certificates with unbound-control-setup.
|
|
- # control-enable: no
|
|
+ control-enable: yes
|
|
|
|
# what interfaces are listened to for remote control.
|
|
# give 0.0.0.0 and ::0 to listen to all interfaces.
|
|
# set to an absolute path to use a unix local name pipe, certificates
|
|
# are not used for that, so key and cert files need not be present.
|
|
+ control-interface: /run/unbound.control.sock
|
|
# control-interface: 127.0.0.1
|
|
# control-interface: ::1
|
|
|