Commit Graph

32 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
d0d49703a5 Add support for DNS-over-TLS to the local_unbound service.
Approved by:	re (kib)
2018-10-18 15:35:13 +00:00
Dag-Erling Smørgrav
0ff59c3e99 Improved substitution logic for Unbound man pages.
Approved by:	re (kib)
2018-10-10 08:20:14 +00:00
Dag-Erling Smørgrav
202ec22078 If the sole non-option command line argument is "none", remove any
pre-existing forwarder configuration and set Unbound up to recurse.

PR:		222902
MFC after:	1 week
2018-05-12 18:07:53 +00:00
Dag-Erling Smørgrav
b70d78d6e8 Rename all Unbound binaries and man pages from unbound* to local-unbound*.
PR:		222902
2018-05-12 17:10:36 +00:00
Dag-Erling Smørgrav
65b390aa03 Upgrade Unbound to 1.6.2. More to follow. 2018-05-12 14:15:39 +00:00
Dag-Erling Smørgrav
d7d1dffb61 Upgrade Unbound to 1.6.1. More to follow. 2018-05-12 14:04:30 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Enji Cooper
62f32e06bc Use SRCTOP-relative paths to other directories instead of .CURDIR-relative ones
This simplifies pathing in make/displayed output.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-01 04:41:59 +00:00
Dag-Erling Smørgrav
e2d1500434 Upgrade to Unbound 1.5.9. 2016-09-04 12:17:57 +00:00
Glen Barber
538354481e MFH
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:54:29 +00:00
Justin Hibbits
bf081e9948 Add to CFLAGS, rather than replacing.
This allows additional CFLAGS, as set in bsd.cpu.mk, to go through.
2016-03-11 20:04:32 +00:00
Glen Barber
0fe0fe112f MFH
Sponsored by:	The FreeBSD Foundation
2016-02-15 21:58:52 +00:00
Dag-Erling Smørgrav
0de4f1bf64 Use the new insecure-lan-zones option instead of listing each AS112 zone
separately.

MFC after:	3 days
2016-02-11 17:37:02 +00:00
Dag-Erling Smørgrav
8232a681f5 Remove unbound-contrl-setup since we use a local control socket which
does not require keys.

MFC after:	3 days
Relnotes:	yes
2016-02-11 17:33:55 +00:00
Glen Barber
b626f5a73a MFH r289384-r293170
Sponsored by:	The FreeBSD Foundation
2016-01-04 19:19:48 +00:00
Bryan Drewery
b1f92fa229 META MODE: Update dependencies with 'the-lot' and add missing directories.
This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so.  A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR.  These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package.  The current implementation of targets/ is
very unmaintainable.

Currently rescue/rescue and sys/modules are still not connected.

Sponsored by:	EMC / Isilon Storage Division
2015-12-01 05:23:19 +00:00
Baptiste Daroussin
5a2b666ce5 Merge from head 2015-10-01 09:36:43 +00:00
Bryan Drewery
595fe15108 Add more SUBDIR_PARALLEL.
MFC after:	3 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-09-26 14:13:51 +00:00
Dag-Erling Smørgrav
ae96779933 If forwarders were specified on the command line, create an empty
resolvconf.conf so that resolvconf won't replace the manually configured
forwarders with dynamically configured ones the next time the lease is
renewed.
2015-09-16 23:09:31 +00:00
Baptiste Daroussin
219c72ef13 Make unbound an individual package
Ensure we keep all tags from mtrees when creating the METALOG
2015-03-05 12:40:59 +00:00
Dag-Erling Smørgrav
f1b3840c9a Enable remote control using a local socket in the default configuration. 2015-01-05 15:09:00 +00:00
Baptiste Daroussin
c6db8143ed Convert usr.sbin to LIBADD
Reduce overlinking
2014-11-25 16:57:27 +00:00
Dag-Erling Smørgrav
24de4f90fa Fix support for IPv6 nameservers.
PR:		188931
Submitted by:	Takefu <takefu@airport.fm>
MFC after:	3 days
2014-09-08 09:16:07 +00:00
Baptiste Daroussin
d029c3aa25 Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
Dag-Erling Smørgrav
5741c3f510 Use a combination of unblock-lan-zones (r268839) and domain-insecure
to fix reverse lookups on networks using private addresses.
2014-07-18 12:33:22 +00:00
Dag-Erling Smørgrav
9b17fa8f3c Create /var/unbound/conf.d for additional configuration files.
Ensure that it is used if present.

MFH:	3 weeks
2014-05-29 22:34:04 +00:00
Dag-Erling Smørgrav
058a4e3419 Prevent resolvconf from updating /etc/resolv.conf. As Jakob Schlyter
pointed out, having additional nameservers listed in /etc/resolv.conf
can break DNSSEC verification by providing a false positive if unbound
returns SERVFAIL due to an invalid signature.  The downside is that
the domain / search path won't get updated either, but we can live
with that.

Approved by:	re (blanket)
2013-09-23 20:06:59 +00:00
Dag-Erling Smørgrav
98e2cd036d Ensure that resolvconf(8) preserves the edns0 setting.
Approved by:	re (blanket)
2013-09-23 17:35:23 +00:00
Dag-Erling Smørgrav
49cede74ee Add a setup script for unbound(8) called local-unbound-setup. It
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf.  The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost.  Alternatively, a list of forwarders can be provided on the
command line.

To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks.  We should consider doing
the same for "status", which is currently pointless.

Add an rc script for unbound, called local_unbound.  If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.

Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound.  This is necessary so that
unbound can reload its configuration while chrooted.  We should
probably provide symlinks in /etc.

Approved by:	re (blanket)
2013-09-23 04:36:51 +00:00
Dag-Erling Smørgrav
5a92968ca6 Set NO_WERROR for unbound until I can figure out how to unbreak the
non-clang build.

Approved by:	re (blanket)
2013-09-15 16:27:25 +00:00
Dag-Erling Smørgrav
8f8790cdf4 Build and install the Unbound caching DNS resolver daemon.
Approved by:	re (blanket)
2013-09-15 14:51:23 +00:00