-
-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
one unbound config for all OS, fix #602 #604
base: master
Are you sure you want to change the base?
Conversation
Fix for angristan#602 Create new config as /etc/unbound/unbound.conf.d/openvpn.conf, include this into /etc/unbound/unbound.conf. On uninstall simple remove the include, if if was injected by openvpn-install.
harden-glue: yes and qname-minimisation: yes for all OS, not only for Arch.
Full path to remove include of /etc/unbound/unbound.conf.d/openvpn.conf, and missing ":" after the "include".
@angristan I think in Arch we can remove the following code because they are defaults. openvpn-install/openvpn-install.sh Line 116 in e5f169a
openvpn-install/openvpn-install.sh Lines 120 to 128 in e5f169a
The non defaults are the root-hints option because they are built in and so downloading them isn't necessary and the num-threads: 2 option that defaults to 1 (see https://wiki.archlinux.org/index.php/Unbound#Issues_concerning_num-threads)
|
As a note, we specify |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update the path to our config in the questions please?
openvpn-install/openvpn-install.sh
Line 270 in e5f169a
echo "We will simply add a second server to /etc/unbound/unbound.conf for the OpenVPN subnet." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@HenryNe Looks good.
Now I'm waiting for feedback from @angristan to resolve my previous comments.
"username: unbound" is default. Found in arch linu xdefauls unbound.conf and https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/#username
|
@HenryNe these are defaults too #604 (comment). You can use unbound.conf.txt to see them |
"directory: /etc/unbound" is default on Arch Linux.
|
use-syslog is default, directory /etc/unbound is default, port 53 is default
Or you can use |
unbound is started with |
The only last would be |
Arch Linux starts "/usr/bin/unbound -d -p". "-d" do not fork into the background. So the "daemonize: no" is default. (For Systemd on Arch Linux)
All entries after "server:" with a TAP/ident
I changed the PR into ready for pull now, because this change uses the same options as before. Only the include and config file was movoed. |
Fix for #602
Create config
/etc/unbound/unbound.conf.d/openvpn.conf
,include this config into
/etc/unbound/unbound.conf
,do it for all OS.
On uninstall simple remove the include, if if was injected by openvpn-install.
edit:
tested on Debian 9 and Arch Linux 1.4