05 January 2016: Wouter
- #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch
from Daisuke Higashi.
+ - Support RFC7686: handle ".onion" Special-Use Domain. It is blocked
+ by default, and can be unblocked with "nodefault" localzone config.
04 January 2016: Wouter
- Define DEFAULT_SOURCE together with BSD_SOURCE when that is defined,
# local-zone: "localhost." nodefault
# local-zone: "127.in-addr.arpa." nodefault
# local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
+ # local-zone: "onion." nodefault
# local-zone: "10.in-addr.arpa." nodefault
# local-zone: "16.172.in-addr.arpa." nodefault
# local-zone: "17.172.in-addr.arpa." nodefault
given zone. Use \fInodefault\fR if you use exactly that zone, if you want to
use a subzone, use \fItransparent\fR.
.P
-The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112
-zones. The AS112 zones are reverse DNS zones for private use and reserved
-IP addresses for which the servers on the internet cannot provide correct
-answers. They are configured by default to give nxdomain (no reverse
+The default zones are localhost, reverse 127.0.0.1 and ::1, the onion and
+the AS112 zones. The AS112 zones are reverse DNS zones for private use and
+reserved IP addresses for which the servers on the internet cannot provide
+correct answers. They are configured by default to give nxdomain (no reverse
information) answers. The defaults can be turned off by specifying your
own local\-zone of that name, or using the 'nodefault' type. Below is a
list of the default zone contents.
PTR localhost."
.fi
.TP 10
+\h'5'\fIonion (RFC 7686)\fR
+Default content:
+.nf
+local\-zone: "onion." static
+local\-data: "onion. 10800 IN NS localhost."
+local\-data: "onion. 10800 IN
+ SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.fi
+.TP 10
\h'5'\fIreverse RFC1918 local use zones\fR
Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to
31.172.in\-addr.arpa, 168.192.in\-addr.arpa.
{
struct local_zone* z;
- /* this list of zones is from RFC 6303 */
+ /* this list of zones is from RFC 6303 and RFC 7686 */
- /* block localhost level zones, first, later the LAN zones */
+ /* block localhost level zones first, then onion and later the LAN zones */
/* localhost. zone */
if(!lz_exists(zones, "localhost.") &&
}
lock_rw_unlock(&z->lock);
}
+ /* onion. zone (RFC 7686) */
+ if(!lz_exists(zones, "onion.") &&
+ !lz_nodefault(cfg, "onion.")) {
+ if(!(z=lz_enter_zone(zones, "onion.", "static",
+ LDNS_RR_CLASS_IN)) ||
+ !lz_enter_rr_into_zone(z,
+ "onion. 10800 IN NS localhost.") ||
+ !lz_enter_rr_into_zone(z,
+ "onion. 10800 IN SOA localhost. nobody.invalid. "
+ "1 3600 1200 604800 10800")) {
+ log_err("out of memory adding default zone");
+ if(z) { lock_rw_unlock(&z->lock); }
+ return 0;
+ }
+ lock_rw_unlock(&z->lock);
+ }
/* if unblock lan-zones, then do not add the zones below.
* we do add the zones above, about 127.0.0.1, because localhost is
projects / thirdparty / unbound.git / commitdiff
