summaryrefslogtreecommitdiff
path: root/repo/unbound/conf.patch
diff options
context:
space:
mode:
Diffstat (limited to 'repo/unbound/conf.patch')
-rw-r--r--repo/unbound/conf.patch46
1 files changed, 46 insertions, 0 deletions
diff --git a/repo/unbound/conf.patch b/repo/unbound/conf.patch
new file mode 100644
index 0000000..e92cc37
--- /dev/null
+++ b/repo/unbound/conf.patch
@@ -0,0 +1,46 @@
+diff -upr unbound-1.13.0.orig/doc/example.conf.in unbound-1.13.0/doc/example.conf.in
+--- unbound-1.13.0.orig/doc/example.conf.in 2020-12-21 09:58:04.154390497 +0100
++++ unbound-1.13.0/doc/example.conf.in 2020-12-21 09:58:53.094583255 +0100
+@@ -355,9 +355,6 @@ server:
+ # print log lines that say why queries return SERVFAIL to clients.
+ # log-servfail: no
+
+- # the pid file. Can be an absolute path outside of chroot/work dir.
+- # pidfile: "@UNBOUND_PIDFILE@"
+-
+ # file to read root hints from.
+ # get one from https://www.internic.net/domain/named.cache
+ # root-hints: ""
+@@ -507,7 +504,7 @@ server:
+ # you start unbound (i.e. in the system boot scripts). And enable:
+ # Please note usage of unbound-anchor root anchor is at your own risk
+ # and under the terms of our LICENSE (see that file in the source).
+- # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
++ # auto-trust-anchor-file: ""
+
+ # trust anchor signaling sends a RFC8145 key tag query after priming.
+ # trust-anchor-signaling: yes
+@@ -519,7 +516,7 @@ server:
+ # with several entries, one file per entry.
+ # Zone file format, with DS and DNSKEY entries.
+ # Note this gets out of date, use auto-trust-anchor-file please.
+- # trust-anchor-file: ""
++ trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+
+ # Trusted key for validation. DS or DNSKEY. specify the RR on a
+ # single line, surrounded by "". TTL is ignored. class is IN default.
+@@ -900,12 +897,13 @@ dynlib:
+ remote-control:
+ # Enable remote control with unbound-control(8) here.
+ # set up the keys and certificates with unbound-control-setup.
+- # control-enable: no
++ control-enable: yes
+
+ # what interfaces are listened to for remote control.
+ # give 0.0.0.0 and ::0 to listen to all interfaces.
+ # set to an absolute path to use a unix local name pipe, certificates
+ # are not used for that, so key and cert files need not be present.
++ control-interface: /run/unbound.control.sock
+ # control-interface: 127.0.0.1
+ # control-interface: ::1
+
generated by cgit v1.2.1 (git 2.18.0) at 2024-11-01 02:33:38 +0000