unbound-1.4.20-1.el6 bugfix update
|Release:||Fedora EPEL 6|
|Date Submitted:||2013-04-16 16:57:57|
|Date Released:||2013-04-17 21:10:38|
Mostly a minor bugfix release by upstream, unbound-anchor made more selinux friendly, hardened buildBugs Fixedbodhi - 2013-04-16 16:58:56This update has been submitted for testing by pwouters.
bodhi - 2013-04-17 20:13:36This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-04-17 21:46:56This update has been pushed to testing
pwouters - 2013-04-19 14:18:43This update has been unpushed
alexanderhunt - 2013-06-06 06:39:54After 2 days of fighting with unbound to get a local caching/recursive server up with full DNSSEC, here's what I came up with. The permissions I had to put on the 2 files listed below are ridiculous, but for now it works and I have a lot of faith in my iptables firewall...lol. (unbound version 1.4.19-1.el6 x86_64 -- works with procedures outlined below) (unbound version 1.4.20-1.el6 x86_64 -- could not get rid of access denied to root.key, therefore DNSSEC wouldn't work either, even with specific DNSSEC servers listed in unbound.conf) root.key is in /var/lib/unbound (by default now) cd to that directory do: ln -P root.key /etc/unbound/root.key cd to /etc/unbound I did: chown -rv unbound:root roothints (this is a folder I created for the root-hints file) chmod 7777 roothints chown -v unbound:root rootkey chmod 7777 root.key That got rid of the cannot write/read problem I was having on those 2 files. Doing the recommended (?) SeLinux fix: # grep unbound /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp stopped the SeLinux denials (checked through audit.log quite carefully for more denials as I was working on this) Also (for more info) /etc/unbound is owner:(root:root) and "nameserverconfig" selinux context I hope that helps nail this down, or at least help someone having the same problems. Contact me if you need more info, I used to help Daniel and Miroslav on selinux problems I encountered when I was running Fedora releases. Now I use Scientific-Linux 6.4, the completely CERN version. I can always do a VM for testing, since I don't want to play with the server anymore...hahaha! Best regards, Alexander Hunt
bodhi - 2013-09-19 17:17:35This update has been obsoleted by https://admin.fedoraproject.org/updates/unbound-1.4.21-1.el6