#
-# Copyright (C) 2010 OpenWrt.org
+# Copyright (C) 2010-2011 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
-PKG_VERSION:=1.4.5
-PKG_RELEASE:=3
+PKG_VERSION:=1.4.11
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_MD5SUM:=f1f6c97b90b15ca503a80b888c311d6c
+PKG_MD5SUM:=8e9903dd5cba0d3501e24f55b25debbd
+PKG_BUILD_DEPENDS:=libexpat
+PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=libtool
PKG_INSTALL:=1
PKG_LIBTOOL_PATHS:= ./libtool ./ldns-src/libtool
include $(INCLUDE_DIR)/package.mk
+define Package/unbound/Default
+ TITLE:=A validating, recursive & caching DNS resolver
+ URL:=http://www.unbound.net/
+ DEPENDS:=+libldns
+endef
+
define Package/unbound
+ $(call Package/unbound/Default)
SECTION:=net
CATEGORY:=Network
SUBMENU:=IP Addresses and Names
- TITLE:=A validating, recursive, and caching DNS resolver
- URL:=http://www.unbound.net/
- DEPENDS:=+libopenssl
+ TITLE+= (daemon)
+ DEPENDS+= +libunbound
+endef
+
+define Package/unbound/description
+ This package contains the Unbound daemon.
+endef
+
+define Package/unbound-anchor
+ $(call Package/unbound/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=IP Addresses and Names
+ TITLE+= (anchor utility)
+ DEPENDS+= +unbound +libexpat
+endef
+
+define Package/unbound-anchor/description
+ This package contains the Unbound anchor utility.
+endef
+
+define Package/unbound-control
+ $(call Package/unbound/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=IP Addresses and Names
+ TITLE+= (control utility)
+ DEPENDS+= +unbound
+endef
+
+define Package/unbound-control/description
+ This package contains the Unbound control utility.
+endef
+
+define Package/unbound-control-setup
+ $(call Package/unbound/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=IP Addresses and Names
+ TITLE+= (control setup utility)
+ DEPENDS+= +unbound-control +openssl-util
+endef
+
+define Package/unbound-control-setup/description
+ This package contains the Unbound control setup utility.
+endef
+
+define Package/unbound-host
+ $(call Package/unbound/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=IP Addresses and Names
+ TITLE+= (DNS lookup utility)
+ DEPENDS+= +libunbound
+endef
+
+define Package/unbound-host/description
+ This package contains the Unbound DNS lookup utility.
+endef
+
+define Package/libunbound
+ $(call Package/unbound/Default)
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE+= (library)
+endef
+
+define Package/libunbound/description
+ This package contains the Unbound shared library.
endef
CONFIGURE_ARGS += \
+ --disable-gost \
+ --enable-allsymbols \
+ --with-ldns="$(STAGING_DIR)/usr" \
+ --with-libexpat="$(STAGING_DIR)/usr" \
--with-ssl="$(STAGING_DIR)/usr" \
- --without-pthreads \
+ --without-pthreads
define Package/unbound/conffiles
/etc/unbound/unbound.conf
endef
-define Package/unbound/install
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) \
- $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* \
- $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/
+endef
+
+define Package/unbound/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) \
$(PKG_INSTALL_DIR)/usr/sbin/unbound \
$(PKG_INSTALL_DIR)/usr/sbin/unbound-checkconf \
- $(PKG_INSTALL_DIR)/usr/sbin/unbound-control \
- $(PKG_INSTALL_DIR)/usr/sbin/unbound-host \
$(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/unbound
- $(INSTALL_CONF) ./files/unbound.conf $(1)/etc/unbound/
- $(INSTALL_CONF) ./files/root.autokey $(1)/etc/unbound/
+ $(INSTALL_CONF) \
+ $(PKG_INSTALL_DIR)/etc/unbound/unbound.conf \
+ $(1)/etc/unbound/
+ $(INSTALL_CONF) ./files/root.key $(1)/etc/unbound/
$(INSTALL_CONF) ./files/named.cache $(1)/etc/unbound/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/unbound.init $(1)/etc/init.d/unbound
endef
-$(eval $(call BuildPackage,unbound))
+define Package/unbound-anchor/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/
+endef
+
+define Package/unbound-control/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control $(1)/usr/sbin/
+endef
+
+define Package/unbound-control-setup/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control-setup $(1)/usr/sbin/
+endef
+define Package/unbound-host/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-host $(1)/usr/sbin/
+endef
+
+define Package/libunbound/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,unbound))
+$(eval $(call BuildPackage,unbound-anchor))
+$(eval $(call BuildPackage,unbound-control))
+$(eval $(call BuildPackage,unbound-control-setup))
+$(eval $(call BuildPackage,unbound-host))
+$(eval $(call BuildPackage,libunbound))
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
-; last update: Jun 17, 2010
-; related version of root zone: 2010061700
+; last update: Jun 8, 2011
+; related version of root zone: 2011060800
;
; formerly NS.INTERNIC.NET
;
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
+++ /dev/null
-. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
--- /dev/null
+. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+++ /dev/null
-server:
- verbosity: 1
-
- interface: ::0
- interface: 0.0.0.0
-
- # the amount of memory to use for the RRset cache.
- # plain value in bytes or you can append k, m or G. default is "4Mb".
- rrset-cache-size: 1m
-
- # the number of slabs to use for the RRset cache.
- # the number of slabs must be a power of 2.
- # more slabs reduce lock contention, but fragment memory usage.
- rrset-cache-slabs: 2
-
- # control which clients are allowed to make (recursive) queries
- # to this server. Specify classless netblocks with /size and action.
- # By default everything is refused, except for localhost.
- # Choose deny (drop message), refuse (polite error reply),
- # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
- # access-control: 0.0.0.0/0 refuse
- # access-control: 127.0.0.0/8 allow
- # access-control: ::0/0 refuse
- # access-control: ::1 allow
- # access-control: ::ffff:127.0.0.1 allow
- access-control: 0.0.0.0/0 allow
- access-control: ::0/0 allow
-
-
- # if given, user privileges are dropped (after binding port),
- # and the given username is assumed. Default is user "unbound".
- # If you give "" no privileges are dropped.
- # username: "unbound"
- username: ""
-
- # the working directory. The relative files in this config are
- # relative to this directory. If you give "" the working directory
- # is not changed.
- directory: "/etc/unbound"
-
- # the log file, "" means log to stderr.
- # Use of this option sets use-syslog to "no".
- # logfile: ""
-
- # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
- # log to, with identity "unbound". If yes, it overrides the logfile.
- use-syslog: yes
-
- # print UTC timestamp in ascii to logfile, default is epoch in seconds.
- # log-time-ascii: no
-
- # the pid file. Can be an absolute path outside of chroot/work dir.
- pidfile: "/var/run/unbound.pid"
-
- # file to read root hints from.
- # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
- root-hints: "named.cache"
-
-
- # Root zone trust anchor key
- # Will be autoupdated by unbound in case of key change
- auto-trust-anchor-file: "root.autokey"
-
- # If you want to also do DLV validation (RFC5074),
- # download http://ftp.isc.org/www/dlv/dlv.isc.org.key
- # and uncomment following line:
- #dlv-anchor-file: "dlv.isc.org.key"
-
- # You can also do ITAR validation (https://itar.iana.org)
- # To download and update anchors.mf file, use update-itar.sh
- # from page http://www.unbound.net/documentation/howto_itar.html
- #trust-anchor-file: "anchors.mf"
-
-
- # If you want to forward requests to another recursive DNS server
- # uncomment this. Please note that many DNS recursors do strip
- # DNSSEC data, rendering unbound server unusable.
- # forward-zone:
- # name: "."
- # forward-addr: 8.8.8.8
- # forward-addr: 8.8.4.4
-
-
--- /dev/null
+--- a/doc/example.conf.in
++++ b/doc/example.conf.in
+@@ -38,6 +38,8 @@ server:
+ # interface: 192.0.2.154
+ # interface: 192.0.2.154@5003
+ # interface: 2001:DB8::5
++ interface: 0.0.0.0
++ interface: ::0
+
+ # enable this feature to copy the source address of queries to reply.
+ # Socket options are not supported on all platforms. experimental.
+@@ -57,6 +59,7 @@ server:
+ # port range that can be open simultaneously. About double the
+ # num-queries-per-thread, or, use as many as the OS will allow you.
+ # outgoing-range: 4096
++ outgoing-range: 60
+
+ # permit unbound to use this port number or port range for
+ # making outgoing queries, using an outgoing interface.
+@@ -71,9 +74,11 @@ server:
+
+ # number of outgoing simultaneous tcp buffers to hold per thread.
+ # outgoing-num-tcp: 10
++ outgoing-num-tcp: 1
+
+ # number of incoming simultaneous tcp buffers to hold per thread.
+ # incoming-num-tcp: 10
++ incoming-num-tcp: 1
+
+ # buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
+ # 0 is system default. Use 4m to catch query spikes for busy servers.
+@@ -90,18 +95,22 @@ server:
+ # buffer size for handling DNS data. No messages larger than this
+ # size can be sent or received, by UDP or TCP. In bytes.
+ # msg-buffer-size: 65552
++ msg-buffer-size: 8192
+
+ # the amount of memory to use for the message cache.
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
+ # msg-cache-size: 4m
++ msg-cache-size: 100k
+
+ # the number of slabs to use for the message cache.
+ # the number of slabs must be a power of 2.
+ # more slabs reduce lock contention, but fragment memory usage.
+ # msg-cache-slabs: 4
++ msg-cache-slabs: 1
+
+ # the number of queries that a thread gets to service.
+ # num-queries-per-thread: 1024
++ num-queries-per-thread: 30
+
+ # if very busy, 50% queries run to completion, 50% get timeout in msec
+ # jostle-timeout: 200
+@@ -109,11 +118,13 @@ server:
+ # the amount of memory to use for the RRset cache.
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
+ # rrset-cache-size: 4m
++ rrset-cache-size: 100k
+
+ # the number of slabs to use for the RRset cache.
+ # the number of slabs must be a power of 2.
+ # more slabs reduce lock contention, but fragment memory usage.
+ # rrset-cache-slabs: 4
++ rrset-cache-slabs: 1
+
+ # the time to live (TTL) value lower bound, in seconds. Default 0.
+ # If more than an hour could easily give trouble due to stale data.
+@@ -134,12 +145,15 @@ server:
+ # the number of slabs must be a power of 2.
+ # more slabs reduce lock contention, but fragment memory usage.
+ # infra-cache-slabs: 4
++ infra-cache-slabs: 1
+
+ # the maximum number of hosts that are cached (roundtrip times, EDNS).
+ # infra-cache-numhosts: 10000
++ infra-cache-numhosts: 200
+
+ # the maximum size of the lame zones cached per host. in bytes.
+ # infra-cache-lame-size: 10k
++ infra-cache-lame-size: 1k
+
+ # Enable IPv4, "yes" or "no".
+ # do-ip4: yes
+@@ -166,6 +180,8 @@ server:
+ # access-control: ::0/0 refuse
+ # access-control: ::1 allow
+ # access-control: ::ffff:127.0.0.1 allow
++ access-control: 0.0.0.0/0 allow
++ access-control: ::0/0 allow
+
+ # if given, a chroot(2) is done to the given directory.
+ # i.e. you can chroot to the working directory, for example,
+@@ -196,6 +212,7 @@ server:
+ # and the given username is assumed. Default is user "unbound".
+ # If you give "" no privileges are dropped.
+ # username: "@UNBOUND_USERNAME@"
++ username: ""
+
+ # the working directory. The relative files in this config are
+ # relative to this directory. If you give "" the working directory
+@@ -218,10 +235,12 @@ server:
+
+ # the pid file. Can be an absolute path outside of chroot/work dir.
+ # pidfile: "@UNBOUND_PIDFILE@"
++ pidfile: "/var/run/unbound.pid"
+
+ # file to read root hints from.
+ # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
+ # root-hints: ""
++ root-hints: "/etc/unbound/named.cache"
+
+ # enable to not answer id.server and hostname.bind queries.
+ # hide-identity: no
+@@ -244,12 +263,15 @@ server:
+ # positive value: fetch that many targets opportunistically.
+ # Enclose the list of numbers between quotes ("").
+ # target-fetch-policy: "3 2 1 0 0"
++ target-fetch-policy: "2 1 0 0 0 0"
+
+ # Harden against very small EDNS buffer sizes.
+ # harden-short-bufsize: no
++ harden-short-bufsize: yes
+
+ # Harden against unseemly large queries.
+ # harden-large-queries: no
++ harden-large-queries: yes
+
+ # Harden against out of zone rrsets, to avoid spoofing attempts.
+ # harden-glue: yes
+@@ -323,7 +345,7 @@ server:
+ # you start unbound (i.e. in the system boot scripts). And enable:
+ # Please note usage of unbound-anchor root anchor is at your own risk
+ # and under the terms of our LICENSE (see that file in the source).
+- # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
++ auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+
+ # File with DLV trusted keys. Same format as trust-anchor-file.
+ # There can be only one DLV configured, it is trusted from root down.
+@@ -409,15 +431,18 @@ server:
+ # the amount of memory to use for the key cache.
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
+ # key-cache-size: 4m
++ key-cache-size: 100k
+
+ # the number of slabs to use for the key cache.
+ # the number of slabs must be a power of 2.
+ # more slabs reduce lock contention, but fragment memory usage.
+ # key-cache-slabs: 4
++ key-cache-slabs: 1
+
+ # the amount of memory to use for the negative cache (used for DLV).
+ # plain value in bytes or you can append k, m or G. default is "1Mb".
+ # neg-cache-size: 1m
++ neg-cache-size: 10k
+
+ # a number of locally served zones can be configured.
+ # local-zone: <zone> <type>