| Age | Commit message (Collapse) | Author |
|---|
|
Handles typical split-horzizon setups. ok florian@
|
|
IP address, port and authentication name.
This makes print_config less awkward and fixes a bug were an
alternative port number was not printed.
|
|
reuse in the future.
OK otto
|
|
OK otto
|
|
future work to be able to easily delete elements while iterating.
OK kn
|
|
OK benno
|
|
|
|
in the block list it answers with rcode REFUSED.
|
|
Unfortunately the nameserver types enums needed to be renamed
to not collide with yacc tokens.
|
|
section 7.1 for DoT servers.
We are setting the CA cert bundle path (/etc/ssl/cert.pem) directly in
libunbound so we need to losen pledge(2) a bit and allow rpath. At the
same time we unveil only /etc/ssl/cert.pem. We can drop the chroot(2)
since pledge(2) and unveil(2) give us more fine grained isolation.
prodding by tb@.
p.s. for portable it might be necessary to pass in a file descriptor
from the parent, slurp in the file and then use X509_STORE_load_mem()
(pointed out by sthen) in the guts of libunbound.
|
|
|
|
|
|
|
|
|
|
directives, some of them no longer necessary.
Cleanup by Caspar Schutijser, thank you very much!
|
|
unwind(8) is a hybrid validating stub & recursive resolver.
It actively observes the local net to decide how to best resolve
names. It can chose to recurse on it's own or talk to dhcp
provided forwardes or statically defined forwarders in the
config file.
The intention is to be able to run it on localhost on every machine.
"toss it in man" deraadt@
|
