From 6f2ceb74b93db3c395da9890702f6c0e6dcdcff6 Mon Sep 17 00:00:00 2001 From: Michael Hanselmann Date: Sun, 17 Aug 2014 20:39:56 +0200 Subject: [PATCH] Import net/unbound package from Subversion This is an import of the net/unbound package from Subversion revision 40658 (May 2, 2014). The only change is the addition of PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile. Unbound 1.4.22 is the current upstream release. Signed-off-by: Michael Hanselmann --- net/unbound/Makefile | 176 +++++++++++++++++++++++++++++ net/unbound/files/named.cache | 89 +++++++++++++++ net/unbound/files/root.key | 1 + net/unbound/files/unbound.init | 14 +++ net/unbound/patches/001-conf.patch | 154 +++++++++++++++++++++++++ 5 files changed, 434 insertions(+) create mode 100644 net/unbound/Makefile create mode 100644 net/unbound/files/named.cache create mode 100644 net/unbound/files/root.key create mode 100755 net/unbound/files/unbound.init create mode 100644 net/unbound/patches/001-conf.patch diff --git a/net/unbound/Makefile b/net/unbound/Makefile new file mode 100644 index 000000000..55867ee55 --- /dev/null +++ b/net/unbound/Makefile @@ -0,0 +1,176 @@ +# +# Copyright (C) 2010-2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=unbound +PKG_VERSION:=1.4.22 +PKG_RELEASE:=1 + +PKG_LICENSE:=BSD-3-Clause +PKG_LICENSE_FILE:=LICENSE +PKG_MAINTAINER:=Michael Hanselmann + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://www.unbound.net/downloads +PKG_MD5SUM:=59728c74fef8783f8bad1d7451eba97f + +PKG_BUILD_DEPENDS:=libexpat +PKG_BUILD_PARALLEL:=1 +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/unbound/Default + TITLE:=A validating, recursive & caching DNS resolver + URL:=http://www.unbound.net/ + DEPENDS:=+libopenssl +endef + +define Package/unbound + $(call Package/unbound/Default) + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE+= (daemon) + DEPENDS+= +libunbound +endef + +define Package/unbound/description + This package contains the Unbound daemon. +endef + +define Package/unbound-anchor + $(call Package/unbound/Default) + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE+= (anchor utility) + DEPENDS+= +unbound +libexpat +endef + +define Package/unbound-anchor/description + This package contains the Unbound anchor utility. +endef + +define Package/unbound-control + $(call Package/unbound/Default) + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE+= (control utility) + DEPENDS+= +unbound +endef + +define Package/unbound-control/description + This package contains the Unbound control utility. +endef + +define Package/unbound-control-setup + $(call Package/unbound/Default) + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE+= (control setup utility) + DEPENDS+= +unbound-control +openssl-util +endef + +define Package/unbound-control-setup/description + This package contains the Unbound control setup utility. +endef + +define Package/unbound-host + $(call Package/unbound/Default) + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE+= (DNS lookup utility) + DEPENDS+= +libunbound +endef + +define Package/unbound-host/description + This package contains the Unbound DNS lookup utility. +endef + +define Package/libunbound + $(call Package/unbound/Default) + SECTION:=libs + CATEGORY:=Libraries + TITLE+= (library) +endef + +define Package/libunbound/description + This package contains the Unbound shared library. +endef + +CONFIGURE_ARGS += \ + --disable-ecdsa \ + --disable-gost \ + --enable-allsymbols \ + --with-libexpat="$(STAGING_DIR)/usr" \ + --with-ssl="$(STAGING_DIR)/usr" \ + --without-pthreads + +define Package/unbound/conffiles +/etc/unbound/unbound.conf +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/ +endef + +define Package/unbound/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) \ + $(PKG_INSTALL_DIR)/usr/sbin/unbound \ + $(PKG_INSTALL_DIR)/usr/sbin/unbound-checkconf \ + $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/unbound + $(INSTALL_CONF) \ + $(PKG_INSTALL_DIR)/etc/unbound/unbound.conf \ + $(1)/etc/unbound/ + $(INSTALL_CONF) ./files/root.key $(1)/etc/unbound/ + $(INSTALL_CONF) ./files/named.cache $(1)/etc/unbound/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/unbound.init $(1)/etc/init.d/unbound +endef + +define Package/unbound-anchor/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/ +endef + +define Package/unbound-control/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control $(1)/usr/sbin/ +endef + +define Package/unbound-control-setup/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control-setup $(1)/usr/sbin/ +endef + +define Package/unbound-host/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-host $(1)/usr/sbin/ +endef + +define Package/libunbound/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,unbound)) +$(eval $(call BuildPackage,unbound-anchor)) +$(eval $(call BuildPackage,unbound-control)) +$(eval $(call BuildPackage,unbound-control-setup)) +$(eval $(call BuildPackage,unbound-host)) +$(eval $(call BuildPackage,libunbound)) diff --git a/net/unbound/files/named.cache b/net/unbound/files/named.cache new file mode 100644 index 000000000..442b515df --- /dev/null +++ b/net/unbound/files/named.cache @@ -0,0 +1,89 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Mar 26, 2014 +; related version of root zone: 2014032601 +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::C +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 +; End of File diff --git a/net/unbound/files/root.key b/net/unbound/files/root.key new file mode 100644 index 000000000..2ad664134 --- /dev/null +++ b/net/unbound/files/root.key @@ -0,0 +1 @@ +. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init new file mode 100755 index 000000000..4e700e445 --- /dev/null +++ b/net/unbound/files/unbound.init @@ -0,0 +1,14 @@ +#!/bin/sh /etc/rc.common +#Copyright (C) 2010 Ondrej Caletka +START=61 + +start () { + unbound +} + +stop () { + PIDFILE='/var/run/unbound.pid' + if [ -f $PIDFILE ] ; then + kill $(cat $PIDFILE) + fi +} diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch new file mode 100644 index 000000000..6300e516a --- /dev/null +++ b/net/unbound/patches/001-conf.patch @@ -0,0 +1,154 @@ +--- a/doc/example.conf.in ++++ b/doc/example.conf.in +@@ -38,6 +38,8 @@ server: + # interface: 192.0.2.154 + # interface: 192.0.2.154@5003 + # interface: 2001:DB8::5 ++ interface: 0.0.0.0 ++ interface: ::0 + + # enable this feature to copy the source address of queries to reply. + # Socket options are not supported on all platforms. experimental. +@@ -57,6 +59,7 @@ server: + # port range that can be open simultaneously. About double the + # num-queries-per-thread, or, use as many as the OS will allow you. + # outgoing-range: 4096 ++ outgoing-range: 60 + + # permit unbound to use this port number or port range for + # making outgoing queries, using an outgoing interface. +@@ -73,9 +76,11 @@ server: + + # number of outgoing simultaneous tcp buffers to hold per thread. + # outgoing-num-tcp: 10 ++ outgoing-num-tcp: 1 + + # number of incoming simultaneous tcp buffers to hold per thread. + # incoming-num-tcp: 10 ++ incoming-num-tcp: 1 + + # buffer size for UDP port 53 incoming (SO_RCVBUF socket option). + # 0 is system default. Use 4m to catch query spikes for busy servers. +@@ -99,18 +104,22 @@ server: + # buffer size for handling DNS data. No messages larger than this + # size can be sent or received, by UDP or TCP. In bytes. + # msg-buffer-size: 65552 ++ msg-buffer-size: 8192 + + # the amount of memory to use for the message cache. + # plain value in bytes or you can append k, m or G. default is "4Mb". + # msg-cache-size: 4m ++ msg-cache-size: 100k + + # the number of slabs to use for the message cache. + # the number of slabs must be a power of 2. + # more slabs reduce lock contention, but fragment memory usage. + # msg-cache-slabs: 4 ++ msg-cache-slabs: 1 + + # the number of queries that a thread gets to service. + # num-queries-per-thread: 1024 ++ num-queries-per-thread: 30 + + # if very busy, 50% queries run to completion, 50% get timeout in msec + # jostle-timeout: 200 +@@ -121,11 +130,13 @@ server: + # the amount of memory to use for the RRset cache. + # plain value in bytes or you can append k, m or G. default is "4Mb". + # rrset-cache-size: 4m ++ rrset-cache-size: 100k + + # the number of slabs to use for the RRset cache. + # the number of slabs must be a power of 2. + # more slabs reduce lock contention, but fragment memory usage. + # rrset-cache-slabs: 4 ++ rrset-cache-slabs: 1 + + # the time to live (TTL) value lower bound, in seconds. Default 0. + # If more than an hour could easily give trouble due to stale data. +@@ -143,9 +154,11 @@ server: + # the number of slabs must be a power of 2. + # more slabs reduce lock contention, but fragment memory usage. + # infra-cache-slabs: 4 ++ infra-cache-slabs: 1 + + # the maximum number of hosts that are cached (roundtrip, EDNS, lame). + # infra-cache-numhosts: 10000 ++ infra-cache-numhosts: 200 + + # Enable IPv4, "yes" or "no". + # do-ip4: yes +@@ -178,6 +191,8 @@ server: + # access-control: ::0/0 refuse + # access-control: ::1 allow + # access-control: ::ffff:127.0.0.1 allow ++ access-control: 0.0.0.0/0 allow ++ access-control: ::0/0 allow + + # if given, a chroot(2) is done to the given directory. + # i.e. you can chroot to the working directory, for example, +@@ -208,6 +223,7 @@ server: + # and the given username is assumed. Default is user "unbound". + # If you give "" no privileges are dropped. + # username: "@UNBOUND_USERNAME@" ++ username: "" + + # the working directory. The relative files in this config are + # relative to this directory. If you give "" the working directory +@@ -230,10 +246,12 @@ server: + + # the pid file. Can be an absolute path outside of chroot/work dir. + # pidfile: "@UNBOUND_PIDFILE@" ++ pidfile: "/var/run/unbound.pid" + + # file to read root hints from. + # get one from ftp://FTP.INTERNIC.NET/domain/named.cache + # root-hints: "" ++ root-hints: "/etc/unbound/named.cache" + + # enable to not answer id.server and hostname.bind queries. + # hide-identity: no +@@ -256,12 +274,15 @@ server: + # positive value: fetch that many targets opportunistically. + # Enclose the list of numbers between quotes (""). + # target-fetch-policy: "3 2 1 0 0" ++ target-fetch-policy: "2 1 0 0 0 0" + + # Harden against very small EDNS buffer sizes. + # harden-short-bufsize: no ++ harden-short-bufsize: yes + + # Harden against unseemly large queries. + # harden-large-queries: no ++ harden-large-queries: yes + + # Harden against out of zone rrsets, to avoid spoofing attempts. + # harden-glue: yes +@@ -342,7 +363,7 @@ server: + # you start unbound (i.e. in the system boot scripts). And enable: + # Please note usage of unbound-anchor root anchor is at your own risk + # and under the terms of our LICENSE (see that file in the source). +- # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" ++ auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + + # File with DLV trusted keys. Same format as trust-anchor-file. + # There can be only one DLV configured, it is trusted from root down. +@@ -428,15 +449,18 @@ server: + # the amount of memory to use for the key cache. + # plain value in bytes or you can append k, m or G. default is "4Mb". + # key-cache-size: 4m ++ key-cache-size: 100k + + # the number of slabs to use for the key cache. + # the number of slabs must be a power of 2. + # more slabs reduce lock contention, but fragment memory usage. + # key-cache-slabs: 4 ++ key-cache-slabs: 1 + + # the amount of memory to use for the negative cache (used for DLV). + # plain value in bytes or you can append k, m or G. default is "1Mb". + # neg-cache-size: 1m ++ neg-cache-size: 10k + + # By default, for a number of zones a small default 'nothing here' + # reply is built-in. Query traffic is thus blocked. If you