[Buildroot] package: unbound
Stefan Fröberg
stefan.froberg at protonmail.com
Fri Nov 6 22:25:14 UTC 2020
Nice of you to accept my original patch...It only took you 2 years.
My original patch:
http://buildroot-busybox.2317881.n4.nabble.com/PATCH-v2-1-1-unbound-new-package-td184477.html
And below exactly same as above but only few lines removed
https://git.buildroot.org/buildroot/tree/package/unbound/Config.in
https://git.buildroot.org/buildroot/tree/package/unbound/unbound.mk
Now at least, I don't need to patch my copy of buildroot everytime i do update.
P.S:
Improvement suggestion: Let user enable DNSSEC.
Have option in Config.in to enable DNSSEC in unbound.conf
Either by sed/grepping unbound.conf in post-install phase OR two copies of bare-bone unbound.conf:
one for unbound_non_DNSSEC.conf and one for unbound.DNSSEC.conf and then just install/cp the correct
one into target/etc/unbound/unbound.conf in post-install phase.
Also you need to patch S70unbound to run unbound-anchor to initialize the anchor file
if unbound.conf has DNSSEC enabled.
In otherwords, startup-script finds if the "auto-trust-anchor-file" line is in unbound.conf:
For example:
auto-trust-anchor-file: "/etc/unbound/root-anchors.txt"
And if auto-trust-anchor-file is in unboud.conf, then check if that /etc/unbound/root-anchors.txt file exists.
If not, then you have to run "unbound-anchor -a /etc/unbound/root-anchors.txt" in script file to create it.
Also check this howto make optimized default unboud.conf
https://nlnetlabs.nl/documentation/unbound/howto-optimise/
Stefan Fröberg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20201106/03577720/attachment.html>
More information about the buildroot
mailing list