-
-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FR] modify behaviour of unbound-control rpz_enable zone (or ...) #678
Comments
Hello there, |
tested, correct, sudo /usr/sbin/unbound-control auth_zone_transfer "doh" works as desired. Thanks for your time and effort. |
* nlnet/master: - Fix some lint type warnings. - Fix ede test to not use default pidfile, and use local interface. - Fix to silence test for ede error output to the console from the test setup script. - Fix typos in config_set_option for the 'num-threads' and 'ede-serve-expired' options. - Fix NLnetLabs#678: [FR] modify behaviour of unbound-control rpz_enable zone, by updating unbound-control's documentation. - For NLnetLabs#677: Added tls-system-cert to config parser and documentation. - Changelog note for NLnetLabs#677. Allow using system certificates not only on Windows - Fix NLnetLabs#417: prefetch and ECS causing cache corruption when used together. - Fix NLnetLabs#673: DNS over TLS: error: SSL_handshake syscall: No route to host. - Fix Python build in non-source directory; based on patch by Michael Tokarev. Changelog entry for NLnetLabs#604: Add the basic EDE (RFC8914) cases Add the basic EDE (RFC8914) cases (NLnetLabs#604) - Fix NLnetLabs#670: SERVFAIL problems with unbound 1.15.0 running on OpenBSD 7.1.
unbound-control can disable / enable a zone (syntax, example zone doh: sudo /usr/sbin/unbound-control rpz_enable doh
The doh zone has the following `header:
$TTL 30
@ SOA jpgpi250.github.io. hostmaster.jpgpi250.github.io. 2205150849 86400 1800 604800 30
NS localhost.
which implies, if I'm not wrong, unbound will fetch the latest version once a day. This time frame (24h) will start when unbound starts and fetches the zone.
The script that generates the zone runs once a day, if however unbound is (re)started shortly before the new data becomes available, unbound uses the old data for almost a day.
It would be very usefull to change the behaviour of unbound-control rpz_enable ( or, see below), so that the zone file would be refreshed immediatly, once the zone is enabled. This would allow for:
of course, I'm not opossed to an additional (new) unbound-control command: unbound-control rpz-refresh zone ...
for now, I'm forced to restart unbound to force an update, as unbound-control reload doesn't appear to force a refresh (fetch the latest zone dat from source).
The text was updated successfully, but these errors were encountered: