From: Wouter Wijngaards Date: Wed, 6 Jan 2010 14:48:44 +0000 (+0000) Subject: Documentation nicer. X-Git-Tag: release-1.4.2~61 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d11d56b0b3144d5cb0f9fe1fa2d08d8b73bce3b8;p=thirdparty%2Funbound.git Documentation nicer. Stronger crypto by default for unbound-control. git-svn-id: file:///svn/unbound/trunk@1950 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index b40d8fbc4..370cde88b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - iana portlist updated. - bug#291: DNS wireformat max is 255. dname_valid allowed 256 length. - verbose output includes parent-side-address notion for lameness. + - documented val-log-level: 2 setting in example.conf and man page. + - change unbound-control-setup from 1024(sha1) to 1536(sha256). 1 January 2010: Wouter - iana portlist updated. diff --git a/doc/example.conf.in b/doc/example.conf.in index 24bef15ff..401ad3f2f 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -357,7 +357,7 @@ server: # val-permissive-mode: no # Have the validator log failed validations for your diagnosis. - # 0: off. 1: A line per failed user query. + # 0: off. 1: A line per failed user query. 2: With reason and bad IP. # val-log-level: 0 # It is possible to configure NSEC3 maximum iteration counts per diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 6c7fba7ea..dc5a07513 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -596,11 +596,13 @@ to protect the users that rely on this validator for authentication from protentially bad data in the additional section. .TP .B val\-log\-level: \fI -Have the validator print validation failures to the log. Regardless of the -verbosity setting. Default is 0, off. At 1, for every user query that fails -a line is printed to the logs. This way you can monitor what happens with -validation. Use a diagnosis tool, such as dig or drill, to find out why -validation is failing for these queries. +Have the validator print validation failures to the log. Regardless of +the verbosity setting. Default is 0, off. At 1, for every user query +that fails a line is printed to the logs. This way you can monitor what +happens with validation. Use a diagnosis tool, such as dig or drill, +to find out why validation is failing for these queries. At 2, not only +the query that failed is printed but also the reason why unbound thought +it was wrong and which server sent the faulty data. .TP .B val\-permissive\-mode: \fI Instruct the validator to mark bogus messages as indeterminate. The security diff --git a/smallapp/unbound-control-setup.sh b/smallapp/unbound-control-setup.sh index ac584d619..1057124ce 100755 --- a/smallapp/unbound-control-setup.sh +++ b/smallapp/unbound-control-setup.sh @@ -46,7 +46,10 @@ CLIENTNAME=unbound-control DAYS=7200 # size of keys in bits -BITS=1024 +BITS=1536 + +# hash algorithm +HASH=sha256 # base name for unbound server keys SVR_BASE=unbound_server @@ -84,7 +87,7 @@ done # go!: echo "setup in directory $DESTDIR" -cd "$DESTDIR" || error "could not cd" +cd "$DESTDIR" || error "could not cd to $DESTDIR" # create certificate keys; do not recreate if they already exist. if test -f $SVR_BASE.key; then @@ -104,7 +107,7 @@ fi cat >request.cfg <request.cfg <