Commit Graph

16 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
0de4f1bf64 Use the new insecure-lan-zones option instead of listing each AS112 zone
separately.

MFC after:	3 days
2016-02-11 17:37:02 +00:00
Dag-Erling Smørgrav
8232a681f5 Remove unbound-contrl-setup since we use a local control socket which
does not require keys.

MFC after:	3 days
Relnotes:	yes
2016-02-11 17:33:55 +00:00
Bryan Drewery
b1f92fa229 META MODE: Update dependencies with 'the-lot' and add missing directories.
This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so.  A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR.  These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package.  The current implementation of targets/ is
very unmaintainable.

Currently rescue/rescue and sys/modules are still not connected.

Sponsored by:	EMC / Isilon Storage Division
2015-12-01 05:23:19 +00:00
Bryan Drewery
595fe15108 Add more SUBDIR_PARALLEL.
MFC after:	3 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-09-26 14:13:51 +00:00
Dag-Erling Smørgrav
ae96779933 If forwarders were specified on the command line, create an empty
resolvconf.conf so that resolvconf won't replace the manually configured
forwarders with dynamically configured ones the next time the lease is
renewed.
2015-09-16 23:09:31 +00:00
Dag-Erling Smørgrav
f1b3840c9a Enable remote control using a local socket in the default configuration. 2015-01-05 15:09:00 +00:00
Baptiste Daroussin
c6db8143ed Convert usr.sbin to LIBADD
Reduce overlinking
2014-11-25 16:57:27 +00:00
Dag-Erling Smørgrav
24de4f90fa Fix support for IPv6 nameservers.
PR:		188931
Submitted by:	Takefu <takefu@airport.fm>
MFC after:	3 days
2014-09-08 09:16:07 +00:00
Baptiste Daroussin
d029c3aa25 Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
Dag-Erling Smørgrav
5741c3f510 Use a combination of unblock-lan-zones (r268839) and domain-insecure
to fix reverse lookups on networks using private addresses.
2014-07-18 12:33:22 +00:00
Dag-Erling Smørgrav
9b17fa8f3c Create /var/unbound/conf.d for additional configuration files.
Ensure that it is used if present.

MFH:	3 weeks
2014-05-29 22:34:04 +00:00
Dag-Erling Smørgrav
058a4e3419 Prevent resolvconf from updating /etc/resolv.conf. As Jakob Schlyter
pointed out, having additional nameservers listed in /etc/resolv.conf
can break DNSSEC verification by providing a false positive if unbound
returns SERVFAIL due to an invalid signature.  The downside is that
the domain / search path won't get updated either, but we can live
with that.

Approved by:	re (blanket)
2013-09-23 20:06:59 +00:00
Dag-Erling Smørgrav
98e2cd036d Ensure that resolvconf(8) preserves the edns0 setting.
Approved by:	re (blanket)
2013-09-23 17:35:23 +00:00
Dag-Erling Smørgrav
49cede74ee Add a setup script for unbound(8) called local-unbound-setup. It
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf.  The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost.  Alternatively, a list of forwarders can be provided on the
command line.

To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks.  We should consider doing
the same for "status", which is currently pointless.

Add an rc script for unbound, called local_unbound.  If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.

Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound.  This is necessary so that
unbound can reload its configuration while chrooted.  We should
probably provide symlinks in /etc.

Approved by:	re (blanket)
2013-09-23 04:36:51 +00:00
Dag-Erling Smørgrav
5a92968ca6 Set NO_WERROR for unbound until I can figure out how to unbreak the
non-clang build.

Approved by:	re (blanket)
2013-09-15 16:27:25 +00:00
Dag-Erling Smørgrav
8f8790cdf4 Build and install the Unbound caching DNS resolver daemon.
Approved by:	re (blanket)
2013-09-15 14:51:23 +00:00