1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-26 06:13:49 +01:00
Commit Graph

49 Commits

Author SHA1 Message Date
Frank Denis
549c8a553f Make val-bogus-ttl match cache_ttl_error
Fixes #92
2021-02-09 22:31:27 +01:00
Frank Denis
bfcaa89430 Disable udp-connect 2020-12-12 12:29:27 +01:00
mibere
eaaabf72f1 Adjust edns-buffer-size (DNS Flag Day 2020)
DNS Flag Day 2020 recommends a message size of 1232 bytes to avoid IP fragmentation while minimizaing the use of TCP
2020-09-08 18:49:33 +02:00
Frank Denis
64a841d5ef Downgrade Unbound, disable serve-stale, disable parking_lot for tokio
Essentially revert anything new and potentially causing #80
2020-03-21 18:14:31 +01:00
Frank Denis
c4e1b96747 Enable serve-stale 2020-03-20 15:09:41 +01:00
Frank Denis
9ba1c98268 Bump cache-min-ttl
Spotted by @mibere
2020-01-31 20:17:42 +01:00
Frank Denis
2110fb899d Don't include serve-expired twice 2020-01-27 19:30:21 +01:00
Frank Denis
10a60401fc Disable ratelimit in Unbound 2020-01-27 16:46:38 +01:00
Frank Denis
65f78b41d7 Enable server-expired in Unbound 2020-01-27 16:45:41 +01:00
Frank Denis
ba7e420768 Add localhost to undelegated 2019-12-26 11:17:35 +01:00
Frank Denis
a952a7e6b8 sync 2019-12-24 11:00:58 +01:00
mibere
122b4d7942 Limit serving of expired responses (#42) 2019-12-16 19:10:11 +01:00
Frank Denis
5e1ce7605b Add some IPv6 reverse addresses 2019-12-10 00:31:12 +01:00
Frank Denis
d022ff704c Add more static zones 2019-12-10 00:22:27 +01:00
Frank Denis
2881cc9207 Add more undelegated zones 2019-12-09 12:11:24 +01:00
mibere
d0bb7e6ac9 enable aggressive-nsec
for detailed description and benefits read https://medium.com/nlnetlabs/aggressive-use-of-the-dnssec-validated-cache-in-unbound-1ab3e315d13f
2019-12-06 21:04:12 +01:00
mibere
9fc2cbe4b1 Local copy of the DNS root zone (hyperlocal)
Solves #38
2019-12-04 19:24:44 +01:00
Frank Denis
93cae8ceb5 Bump the encrypted-dns cache up 2019-10-26 22:24:37 +02:00
Frank Denis
4ee1aedaec shfmt 2019-10-01 19:55:57 +02:00
Frank Denis
399f0a89de If unbound-control-setup fails, this is not the end of the world 2019-09-26 01:08:02 +02:00
Frank Denis
a3efabd367 Preliminary code to move to the new server 2019-09-22 15:38:22 +02:00
Peter Dave Hello
fa7fed55de Format shell scripts with shfmt and test it on CI 2019-08-05 22:19:43 +08:00
Frank Denis
0b439b661d Dropping the cache doesn't work inside a container 2019-06-29 20:04:07 +02:00
Frank Denis
f5f3bf4017 Drop the caches before starting unbound
This reduces memory pressure.
2019-06-29 17:55:11 +02:00
Frank Denis
8f1b0f30ec Give qname minimisation a new chance
Fixes #61
2019-05-28 00:08:12 +02:00
Frank Denis
40595af59d Bump up the reserved memory size
The default is very low, and makes it difficult to do any other task on the
same host.
2019-05-16 17:47:33 +02:00
Frank Denis
156345f0a9 Decrease edns-buffer-size to 1220
Ref: https://sk.tl/2PbhxjbN
2019-05-12 13:45:04 +02:00
Peter Dave Hello
fc47a319d4 Use replace non-standard egrep/fgrep with grep -E/-F 2019-05-12 19:19:22 +08:00
Peter Dave Hello
96b9dc9b32 Remoe unnecessary $ on arithmetic variables in shell script 2019-05-12 19:13:06 +08:00
Peter Dave Hello
3ea7dd925c Quote var/cmd output in shell script to prevent word splitting 2019-05-12 19:10:41 +08:00
Frank Denis
6661b87530 Add bash and find from findutils in order to avoid surprises from busybox 2017-04-27 09:03:55 +02:00
Frank Denis
74fb53de51 Switch to Alpine Linux 2017-04-19 10:58:16 +02:00
Frank Denis
9051c13aaa There is a .host TLD now. Don't tag it as a local zone. 2016-12-27 15:10:36 +01:00
Frank Denis
1814c3c844 Enable serve-expired 2016-12-16 08:53:46 +01:00
Jacob Henner
996ef48786
Removing sed regression which breaks config, fixes #27 2016-10-01 22:52:35 -04:00
Matthew Sojourner Newton
fb203db38c Added /opt/unbound/etc/unbound/zones directory and a section in the README discussing how to customize Unbound 2016-08-24 15:42:13 -07:00
Matthew Sojourner Newton
4ee775ee64 Added unbound directive to search for additional configuration files at /opt/unbound/etc/unbound/zones/*.conf 2016-08-24 13:36:21 -07:00
Frank Denis
d49b2e745a Sadly disable query minimization for now
This still occasionally prevents resolution from working properly.

Sample test case: A pop.secureserver.net.
2016-06-21 12:38:28 +02:00
Frank Denis
c72fd91c1d Correctly compute availableMemory 2016-04-22 11:31:02 +02:00
Frank Denis
27c3b67e4e Use MemTotal if MemAvailable does not exist 2016-04-21 10:21:40 +02:00
Frank Denis
9c277f829c Enable qname minimisation for increased privacy 2015-12-11 10:29:38 +01:00
Frank Denis
8566959cfc Have unbound listen to port 553 instead of the default port 53
This prevents issues with docker hosts already having a local resolver
2015-11-28 13:52:35 +01:00
Frank Denis
850a1e68a6 Create certificates for unbound-control 2015-11-28 13:19:39 +01:00
Frank Denis
fcf6cecef7 Enable stats in the unbound config 2015-11-28 12:59:25 +01:00
Frank Denis
f292b9ff14 Recommend --net=host 2015-08-29 00:17:30 +02:00
Frank Denis
2a82e45376 + ratelimit 2015-07-15 20:07:50 +02:00
Frank Denis
8ca4558207 Increase the negative cache size 2015-07-12 14:54:26 +02:00
Frank Denis
fa9f6254af Have Unbound refuse queries for the provider name
since certificates are served by dnscrypt-wrapper.
2015-07-12 14:52:48 +02:00
Frank Denis
b3f33d2b6a Initial import 2015-07-06 01:39:54 +02:00