From ba19244b8408be02d0cf9a6d7581a4aed94641f9 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Thu, 4 Jun 2020 01:13:46 -0400 Subject: [PATCH 1/3] unbound: suggest matched domain option for dnsmasq link Signed-off-by: Eric Luehrsen --- net/unbound/files/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md index fd971bc07..52378d5c5 100644 --- a/net/unbound/files/README.md +++ b/net/unbound/files/README.md @@ -65,6 +65,8 @@ In this case, Unbound serves your local network directly for all purposes. It wi **/etc/config/unbound**: ``` config unbound + # likely you want to match domain option between Unbound and dnsmasq + option domain 'yourdomain' option dhcp_link 'dnsmasq' option listen_port '53' ... From 950646f6c0721241d27e84aa9c9b1d0bf7d1c263 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Thu, 4 Jun 2020 15:53:52 +0200 Subject: [PATCH 2/3] unbound: bump PKG_RELEASE Fixes commit da76aeb24c1b ("unbound: expose interface-auto to UCI") Signed-off-by: David Bauer --- net/unbound/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 962524bd1..08e7c35e3 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.10.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound From 5fcf2cb0922aa51d53e199039773d85521ff2b49 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Sat, 13 Jun 2020 15:06:20 -0400 Subject: [PATCH 3/3] unbound: make option interface_auto default on Unbound has a quirk and may reply on a different device address. When Unbound answers with from-address different than it received queries on, it may cause trouble for select VPN and firewall configurations. Ensure Unbound replies with the same address by changing this default. Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 2 +- net/unbound/files/README.md | 2 +- net/unbound/files/unbound.sh | 4 ++-- net/unbound/files/unbound.uci | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 08e7c35e3..8e6cb7249 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.10.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md index 52378d5c5..ec06de5a0 100644 --- a/net/unbound/files/README.md +++ b/net/unbound/files/README.md @@ -261,7 +261,7 @@ config unbound Boolean. If enabled version.server, version.bind, id.server, and hostname.bind queries are refused. - option interface_auto '0' + option interface_auto '1' Boolean. If enabled DNS replies will have the same source address as the request was sent to. diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index 5cc959b7f..a57d81d4e 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -36,7 +36,7 @@ UB_B_NTP_BOOT=1 UB_B_QUERY_MIN=0 UB_B_QRY_MINST=0 UB_B_AUTH_ROOT=0 -UB_B_IF_AUTO=0 +UB_B_IF_AUTO=1 UB_D_CONTROL=0 UB_D_DOMAIN_TYPE=static @@ -1214,7 +1214,7 @@ unbound_uci() { config_get_bool UB_B_LOCL_BLCK "$cfg" rebind_localhost 0 config_get_bool UB_B_DNSSEC "$cfg" validator 0 config_get_bool UB_B_NTP_BOOT "$cfg" validator_ntp 1 - config_get_bool UB_B_IF_AUTO "$cfg" interface_auto 0 + config_get_bool UB_B_IF_AUTO "$cfg" interface_auto 1 config_get UB_IP_DNS64 "$cfg" dns64_prefix "64:ff9b::/96" diff --git a/net/unbound/files/unbound.uci b/net/unbound/files/unbound.uci index b75381f96..12809b95d 100644 --- a/net/unbound/files/unbound.uci +++ b/net/unbound/files/unbound.uci @@ -11,6 +11,7 @@ config unbound option edns_size '1280' option extended_stats '0' option hide_binddata '1' + option interface_auto '1' option listen_port '53' option localservice '1' option manual_conf '0' @@ -28,7 +29,6 @@ config unbound option validator '0' option validator_ntp '1' option verbosity '1' - option interface_auto '0' list trigger_interface 'lan' list trigger_interface 'wan' #list domain_insecure 'ntp.example.com'