git.ipfire.org Git - thirdparty/unbound.git/commit

author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Fri, 28 Feb 2020 14:23:54 +0000 (15:23 +0100)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Fri, 28 Feb 2020 14:23:54 +0000 (15:23 +0100)
commit	93189d3083e9ca7373ac4cbba1a3f1e75c25dc1c
tree	97339197b1da0db0db4565725b0d890465099b6c	tree \| snapshot
parent	1c3f0293fd1c7a0569c8f12d7c273e35512f7692	commit \| diff

Changelog note for PR #164 and text for release explanation.
- Merge PR #164: Framestreams, this branch implements dnstap
  unidirectional connectivity in unbound. This has a number of
  new features.

  The dependency on libfstrm is removed. The fstrm protocol code
  resides in dnstap/dnstap_fstrm.h and dnstap/dnstap_fstrm.c. This
  contains a brief definition of what unbound needs.

  The make unbound-dnstap-socket builds a debug tool,
  unbound-dnstap-socket. It can listen, accept multiple DNSTAP
  streams and print information. Commandline options control it.

  Unbound can reconnect if the unix domain socket file socket is
  closed. This uses exponential backoff after which it uses a
  one second timer to throttle cpu down. There is also support
  to use TCP and TLS for connecting to the log server. There
  are new config options to turn them on, in the dnstap section
  in the man page and example config file. dnstap-ip with IP
  address of server for TCP or TLS use. dnstap-tls to turn
  on TLS. And dnstap-tls-server-name, dnstap-tls-cert-bundle,
  dnstap-tls-client-key-file and dnstap-tls-client-cert-file
  to configure the certificates for server authentication and
  client authentication, or leave at "" to not use that.