From: David Bauer Date: Tue, 2 Jun 2020 22:05:33 +0000 (+0200) Subject: unbound: expose interface-auto to UCI X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=da76aeb24c1bf757415ccebb93a62002b245f4d2;p=feed%2Fpackages.git unbound: expose interface-auto to UCI This exposes the interface-auto option to UCI. By default, interface-auto is disabled. This leads to the DNS reply possibly originating from a different address then the request was sent to. Devices with a packet filter might not receive the reply in this case. Enabling interface-auto ensures the reply is sent with the source-address the request was sent to. Signed-off-by: David Bauer --- diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md index 653a3f8367..fd971bc07d 100644 --- a/net/unbound/files/README.md +++ b/net/unbound/files/README.md @@ -259,6 +259,10 @@ config unbound Boolean. If enabled version.server, version.bind, id.server, and hostname.bind queries are refused. + option interface_auto '0' + Boolean. If enabled DNS replies will have the same source address as + the request was sent to. + option listen_port '53' Port. Incoming. Where Unbound will listen for queries. diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index 32a2e938a1..5cc959b7f7 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -36,6 +36,7 @@ UB_B_NTP_BOOT=1 UB_B_QUERY_MIN=0 UB_B_QRY_MINST=0 UB_B_AUTH_ROOT=0 +UB_B_IF_AUTO=0 UB_D_CONTROL=0 UB_D_DOMAIN_TYPE=static @@ -720,6 +721,11 @@ unbound_conf() { esac + if [ "$UB_B_IF_AUTO" -gt 0 ] ; then + echo " interface-automatic: yes" >> $UB_CORE_CONF + fi + + case "$UB_D_RESOURCE" in # Tiny - Unbound's recommended cheap hardware config tiny) rt_mem=1 ; rt_conn=2 ; rt_buff=1 ;; @@ -1208,6 +1214,7 @@ unbound_uci() { config_get_bool UB_B_LOCL_BLCK "$cfg" rebind_localhost 0 config_get_bool UB_B_DNSSEC "$cfg" validator 0 config_get_bool UB_B_NTP_BOOT "$cfg" validator_ntp 1 + config_get_bool UB_B_IF_AUTO "$cfg" interface_auto 0 config_get UB_IP_DNS64 "$cfg" dns64_prefix "64:ff9b::/96" diff --git a/net/unbound/files/unbound.uci b/net/unbound/files/unbound.uci index 604c960aa3..b75381f96b 100644 --- a/net/unbound/files/unbound.uci +++ b/net/unbound/files/unbound.uci @@ -28,6 +28,7 @@ config unbound option validator '0' option validator_ntp '1' option verbosity '1' + option interface_auto '0' list trigger_interface 'lan' list trigger_interface 'wan' #list domain_insecure 'ntp.example.com'