diff --git a/unbound.conf b/unbound.conf index e51fe0f..28998c1 100644 --- a/unbound.conf +++ b/unbound.conf @@ -256,7 +256,7 @@ server: # infrastructure data. Validates the replies (if possible). # Default off, because the lookups burden the server. Experimental # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. - # harden-referral-path: no + harden-referral-path: yes # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. @@ -283,7 +283,7 @@ server: # threshold, a warning is printed and a defensive action is taken, # the cache is cleared to flush potential poison out of it. # A suggested value is 10000000, the default is 0 (turned off). - # unwanted-reply-threshold: 0 + unwanted-reply-threshold: 10000000 # Do not query the following addresses. No DNS queries are sent there. # List one address per entry. List classless netblocks with /size, @@ -301,7 +301,7 @@ server: # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. # Download https://secure.isc.org/ops/dlv/dlv.isc.org.key - # dlv-anchor-file: "/etc/pki/dnssec-dlv/dlv.isc.org.key" + # dlv-anchor-file: "/etc/pki/dnssec-keys/dlv.isc.org.key" # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. @@ -333,7 +333,7 @@ server: # unsecure data. Useful to shield the users of this validator from # potential bogus data in the additional section. All unsigned data # in the additional section is removed from secure messages. - # val-clean-additional: yes + val-clean-additional: yes # Turn permissive mode on to permit bogus messages. Thus, messages # for which security checks failed will be returned to clients, diff --git a/unbound.spec b/unbound.spec index aa1624d..ea7353b 100644 --- a/unbound.spec +++ b/unbound.spec @@ -1,7 +1,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound -Version: 1.1.1 -Release: 7%{?dist} +Version: 1.2.0 +Release: 1%{?dist} License: BSD Url: http://www.nlnetlabs.nl/unbound/ Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz @@ -19,7 +19,6 @@ Requires(preun): initscripts Requires(postun): initscripts Requires: ldns >= 1.4.0 Requires(pre): shadow-utils -Requires: selinux-policy >= 3.5.13-33 # Is this obsolete? #Provides: caching-nameserver @@ -38,7 +37,7 @@ as a server, but are linked into an application) are easily possible. Summary: Plugin for the munin / munin-node monitoring package Group: System Environment/Daemons Requires: munin-node -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{version}-%{release}, bc %description munin Plugin for the munin / munin-node monitoring package @@ -46,7 +45,7 @@ Plugin for the munin / munin-node monitoring package %package devel Summary: Development package that includes the unbound header files Group: Development/Libraries -Requires: %{name}-libs = %{version}-%{release}, openssl-devel, ldns-devel +Requires: %{name}-libs = %{version}-%{release}, openssl-devel >= 0.9.8g-12, ldns-devel Requires: libevent-devel %description devel @@ -57,6 +56,7 @@ Summary: Libraries used by the unbound server and client applications Group: Applications/System Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig +Requires: openssl >= 0.9.8g-12 %description libs Contains libraries used by the unbound server and client applications @@ -149,6 +149,16 @@ fi %postun libs -p /sbin/ldconfig %changelog +* Wed Jan 14 2009 Paul Wouters - 1.1.1-7 - Modified scandir patch to silently fail when wildcard matches nothing - Patch to allow unbound-checkconf to find empty wildcard matches