[Buildroot] [PATCH] unbound: new package
bos at je-eigen-domein.nl
Mon Sep 15 23:20:48 UTC 2014
On 09/15/2014 10:46 PM, Eric Le Bihan wrote:
> This package provides Unbound, a validating, recursive, and caching DNS
We're an unbound user as well, but never got around to submitting our
local package, and I know unbound has some odd issues.
- Unbound (at least when using your package with sysv) currently creates
a pid file in /etc/unbound/unbound.pid
Suggest that to be changed to /var/run/unbound.pid, so it also works on
read-only file systems.
- Unbound is currently broken when IPv6 is disabled in the buildroot
Listens on both 127.0.0.1 and ::1 by default, and errors out on the ::1
unbound[118:0] error: node ::1:53 getaddrinfo: ai_family not supported
 unbound[118:0] fatal error: could not open ports
You do can override the default by specifying "interface: 127.0.0.1" in
unbound.conf but then it errors out on:
"error: cannot parse access control: ::0/0 refuse"
Don't no how to override that internal ACL rule.
Might need to let the package depend on IPv6
- Unbound is typically used as local resolving nameserver.
I was wondering if the startup script shouldn't put "nameserver
127.0.0.1" in /etc/resolv.conf
Possibly with an option to turn that off by a setting in
- Unbound expects /etc/unbound to be owned by user unbound
Or if you do enable DNSSEC by uncommenting the "auto-trust-anchor-file"
line in /etc/unbound/unbound.conf, you get errors that it is unable to
error: could not open autotrust file for writing, /root.key.306-0:
- I also wonder if there shouldn't be an option to let the startup
script run unbound-anchor prior to starting the unbound daemon.
This updates the DNSSEC trust anchor files.
(Enabling DNSSEC validation has some caveats though, in particular it
requires the system to have correct date/time settings, so should be
left disabled by default)
nsd -> unbound
> +UNBOUND_DEPENDENCIES = expat libevent openssl
libevent is an optional dependency. (don't have it in my local package)
> +++ b/package/unbound/S80unbound
- Wondering if S80unbound shouldn't be a lower number like S41 for
systems that intend to use it as local resolver.
So that other services like S49ntp can use it to resolve pool.ntp.org.
More information about the buildroot