diff --git a/unbound-fedora-config.patch b/unbound-fedora-config.patch index a249d2c..009cb07 100644 --- a/unbound-fedora-config.patch +++ b/unbound-fedora-config.patch @@ -1,4 +1,4 @@ -From ecfc3a96a0d38cc31fb871d98789467434c7afda Mon Sep 17 00:00:00 2001 +From 77710cef1d7001fc52b7f19b0b9e305fd355f07e Mon Sep 17 00:00:00 2001 From: Petr Mensik Date: Fri, 10 Nov 2023 12:58:31 +0100 Subject: [PATCH] Customize unbound.conf for Fedora defaults @@ -7,13 +7,13 @@ Set some Fedora/RHEL specific changes to example configuration file. By patching upstream provided config file we would not need to manually update external copy in source RPM. --- - unbound-1.19.0/doc/example.conf.in | 205 ++++++++++++++++++----------- - 1 file changed, 131 insertions(+), 74 deletions(-) + unbound-1.19.1/doc/example.conf.in | 200 ++++++++++++++++++----------- + 1 file changed, 127 insertions(+), 73 deletions(-) -diff --git a/unbound-1.19.0/doc/example.conf.in b/unbound-1.19.0/doc/example.conf.in -index fe0dde6..b79a322 100644 ---- a/unbound-1.19.0/doc/example.conf.in -+++ b/unbound-1.19.0/doc/example.conf.in +diff --git a/unbound-1.19.1/doc/example.conf.in b/unbound-1.19.1/doc/example.conf.in +index fcfb1da..a61b530 100644 +--- a/unbound-1.19.1/doc/example.conf.in ++++ b/unbound-1.19.1/doc/example.conf.in @@ -17,11 +17,12 @@ server: # whitespace is not necessary, but looks cleaner. @@ -400,7 +400,7 @@ index fe0dde6..b79a322 100644 # Dynamic library config section. To enable: # o use --with-dynlibmodule to configure before compiling. -@@ -1067,13 +1104,18 @@ python: +@@ -1067,13 +1104,14 @@ python: # the module-config then you need one dynlib-file per instance. dynlib: # Script file to load @@ -414,19 +414,19 @@ index fe0dde6..b79a322 100644 - # control-enable: no + # Note: required for unbound-munin package + control-enable: yes -+ -+ # Set to no and use an absolute path as control-interface to use -+ # a unix local named pipe for unbound-control. -+ # control-use-cert: yes # what interfaces are listened to for remote control. # give 0.0.0.0 and ::0 to listen to all interfaces. -@@ -1087,19 +1129,22 @@ remote-control: +@@ -1081,6 +1119,7 @@ remote-control: + # are not used for that, so key and cert files need not be present. + # control-interface: 127.0.0.1 + # control-interface: ::1 ++ control-interface: "/run/unbound/control" - # for localhost, you can disable use of TLS by setting this to "no" - # For local sockets this option is ignored, and TLS is not used. -- # control-use-cert: "yes" -+ control-use-cert: "no" + # port number for remote control operations. + # control-port: 8953 +@@ -1090,16 +1129,19 @@ remote-control: + # control-use-cert: "yes" # Unbound server key file. - # server-key-file: "@UNBOUND_RUN_DIR@/unbound_server.key" @@ -449,7 +449,7 @@ index fe0dde6..b79a322 100644 # Stub zones. # Create entries like below, to make all queries for 'example.com' and -@@ -1121,6 +1166,10 @@ remote-control: +@@ -1121,6 +1163,10 @@ remote-control: # name: "example.org" # stub-host: ns.example.com. @@ -460,7 +460,7 @@ index fe0dde6..b79a322 100644 # Forward zones # Create entries like below, to make all queries for 'example.com' and # 'example.org' go to the given list of servers. These servers have to handle -@@ -1138,6 +1187,10 @@ remote-control: +@@ -1138,6 +1184,10 @@ remote-control: # forward-zone: # name: "example.org" # forward-host: fwd.example.com @@ -471,7 +471,7 @@ index fe0dde6..b79a322 100644 # Authority zones # The data for these zones is kept locally, from a file or downloaded. -@@ -1145,30 +1198,31 @@ remote-control: +@@ -1145,30 +1195,31 @@ remote-control: # upstream (which saves a lookup to the upstream). The first example # has a copy of the root for local usage. The second serves example.org # authoritatively. zonefile: reads from file (and writes to it if you also @@ -527,7 +527,7 @@ index fe0dde6..b79a322 100644 # auth-zone: # name: "example.org" # for-downstream: yes -@@ -1194,6 +1248,9 @@ remote-control: +@@ -1194,6 +1245,9 @@ remote-control: # name: "anotherview" # local-zone: "example.com" refuse @@ -537,7 +537,7 @@ index fe0dde6..b79a322 100644 # DNSCrypt # To enable, use --enable-dnscrypt to configure before compiling. # Caveats: -@@ -1266,7 +1323,7 @@ remote-control: +@@ -1266,7 +1320,7 @@ remote-control: # dnstap-enable: no # # if set to yes frame streams will be used in bidirectional mode # dnstap-bidirectional: yes @@ -547,5 +547,5 @@ index fe0dde6..b79a322 100644 # # set it to "IPaddress[@port]" of the destination. # dnstap-ip: "" -- -2.41.0 +2.43.0