menuconfig FREETZ_PACKAGE_UNBOUND bool "Unbound 1.16.0" select FREETZ_LIB_libssl select FREETZ_LIB_libcrypto select FREETZ_LIB_libunbound default n help Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. if FREETZ_PACKAGE_UNBOUND config FREETZ_PACKAGE_UNBOUND_WEBIF bool "Add webinterface" select FREETZ_PACKAGE_UNBOUND_DAEMON default y help Freetz web interface to configure unbound daemon. config FREETZ_PACKAGE_UNBOUND_WEBIF_CRON bool "Update root servers" depends on FREETZ_PACKAGE_UNBOUND_WEBIF select FREETZ_BUSYBOX_MD5SUM select FREETZ_PACKAGE_WGET select FREETZ_PACKAGE_WGET_WITH_SSL select FREETZ_PACKAGE_WGET_CA_BUNDLE default n help Updates root.hints with wget by cron. config FREETZ_PACKAGE_UNBOUND_WEBIF_STATS bool "Show daemon stats" depends on FREETZ_PACKAGE_UNBOUND_WEBIF select FREETZ_PACKAGE_UNBOUND_CONTROL default n help Uses unbound-control to show stats. config FREETZ_PACKAGE_UNBOUND_DAEMON bool "Binary unbound" default n help unbound - Unbound DNS validating resolver It uses a built in list of authoritative nameservers for the root zone (.), the so called root hints. On receiving a DNS query it will ask the root nameservers for an answer and will in almost all cases receive a delegation to a top level domain (TLD) authoritative nameserver. It will then ask that nameserver for an answer. It will recursively con- tinue until an answer is found or no answer is available (NXDOMAIN). For performance and efficiency reasons that answer is cached for a cer- tain time (the answer's time-to-live or TTL). A second query for the same name will then be answered from the cache. Unbound can also do DNSSEC validation. About 1,1 MB uncompressed. config FREETZ_PACKAGE_UNBOUND_ANCHOR bool "Binary unbound-anchor" default n help unbound-anchor - Unbound anchor utility. Unbound-anchor performs setup or update of the root trust anchor for DNSSEC validation. The program fetches the trust anchor with the method from RFC7958 when regular RFC5011 update fails to bring it up to date. It can be run (as root) from the commandline, or run as part of startup scripts. Before you start the unbound DNS server. About 60 kB uncompressed. config FREETZ_PACKAGE_UNBOUND_CHECKCONF bool "Binary unbound-checkconf" default n help unbound-checkconf - Check unbound configuration file for errors. Unbound-checkconf checks the configuration file for the unbound DNS resolver for syntax and other errors. The config file syntax is de- scribed in unbound.conf. About 1,0 MB uncompressed. config FREETZ_PACKAGE_UNBOUND_CONTROL bool "Binary unbound-control" default n help unbound-control - Unbound remote server control utility. Unbound-control performs remote administration on the unbound DNS server. It reads the configuration file, contacts the unbound server over SSL sends the command and displays the result. About 1,0 MB uncompressed. config FREETZ_PACKAGE_UNBOUND_CONTROL_SETUP bool "Script unbound-control-setup" depends on FREETZ_PACKAGE_UNBOUND_CONTROL select FREETZ_PACKAGE_OPENSSL default n help unbount-control-setup - helper script for unbound-control About 6 kB uncompressed. config FREETZ_PACKAGE_UNBOUND_HOST bool "Binary unbound-host" default n help unbound-host - unbound DNS lookup utility Unbound-host uses the unbound validating resolver to query for the hostname and display results. With the -v option it displays validation status: secure, insecure, bogus (security failure). By default it reads no configuration file whatsoever. It attempts to reach the internet root servers. With -C an unbound config file and with -r resolv.conf can be read. About 119 kB uncompressed. endif # FREETZ_PACKAGE_UNBOUND