Bug #8473


Not a bug: a feature patch that's been part implemented.

Added by Stilez y almost 4 years ago. Updated almost 4 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


In the last couple of weeks there's been news on DNS privacy. I was JUST about to submit a PR for a bunch of Unbound options and found someone beat me to it.

I've covered a few options beyond those in Github, and looking at the code history I honestly like how I've done it - dropdowns rather than checkboxes, and merging all Unbound security/privacy options into one place (services_unbound_security.php, taken from the advanced page). It looks good, and the help text is helpful.

So I'm putting it here for a look, even though it partly doubles up on existing PRs - it also partly doesn't double up and you might like the rest.

I don't like good work to go to waste. Attached is a diff against 2.4.3-RELEASE (amd64) built Mar 26 18:02:04 CDT. Could someone try it out and see what, if anything, is liked and worth PR-ing?

In case the patch file has any issues I've also attached the full text of all 5 files as well.

Should be self-explanatory. Apply diff to 2.4.3 and visit unbound config pages.


unbound_stilez.patch (23.6 KB) unbound_stilez.patch patches for 5 files against 2.4.3 Stilez y, 04/19/2018 12:25 PM (103 KB) full text of 5 files Stilez y, 04/19/2018 12:25 PM
Actions #1

Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Closed

I'm not inclined to split off those options to their own page. There aren't that many, and I also don't like the idea of removing the DNSSEC option from the main set of options where it has a lot more visibility.

As for the other parts it was a little hard to follow in a patch format, can you summarize specifically what you added? Looks like other than the move, it was primarily an option to control whether or not it can use TCP or UDP, which could make things problematic in the DNS over TLS case. At least it would need validation to prevent someone from picking UDP only along with TLS upstream or locally.

If you'd like things like this to be considered, it would be best to have individual feature request issues for each change and a github PR to match.


Also available in: Atom PDF