Topic: Adding Unbound to repo

If you could add Unbound (and its few dependencies) to your repo and keep them freshly updated, I'd be more than happy to donate $100 for it. For those unfamiliar with Unbound, it's a great lightweight validating, recursive, and caching DNS resolver. Its source is even designed to be set to chroot the daemon by default making it extra secure and it fully supports IPv6 and DNSSEC.

Currently EPEL is *way* behind in its updates and CentALT is also a few releases behind (and those few releases are very important fixes/enhancements).

Thx.

Re: Adding Unbound to repo

Can you try unbound 1.4.12 in remi-test repository (fedora >= 14 and EL >= 5) ?

ldns 1.6.10 also in remi-test for EL-5 (already available in official repo for other versions)

Remi.

Desktop: Fedora 33 + rpmfusion + remi-test + remi-dev
Laptop:  Fedora 32 + rpmfusion + remi (SCL only)
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Adding Unbound to repo

Getting:

# yum install unbound     
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.teklinks.com
* epel: www.gtlib.gatech.edu
* extras: mirror.teklinks.com
* remi: remi-mirror.dedipower.com
* remi-test: remi-mirror.dedipower.com
* updates: mirror.ash.fastserv.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package unbound.x86_64 0:1.4.12-1.el5.remi set to be updated
--> Processing Dependency: unbound-libs = 1.4.12-1.el5.remi for package: unbound
--> Processing Dependency: ldns >= 1.5.0 for package: unbound
--> Processing Dependency: libevent-1.4.so.2()(64bit) for package: unbound
--> Processing Dependency: libunbound.so.2()(64bit) for package: unbound
--> Processing Dependency: libldns.so.1()(64bit) for package: unbound
--> Running transaction check
---> Package ldns.x86_64 0:1.6.10-1.el5.remi set to be updated
--> Processing Dependency: libpcap.so.0.9.4()(64bit) for package: ldns
---> Package libevent.x86_64 0:1.4.13-1 set to be updated
---> Package unbound-libs.x86_64 0:1.4.12-1.el5.remi set to be updated
--> Processing Dependency: openssl >= 0.9.8g-12 for package: unbound-libs
--> Running transaction check
---> Package libpcap.x86_64 14:0.9.4-15.el5 set to be updated
---> Package unbound-libs.x86_64 0:1.4.12-1.el5.remi set to be updated
--> Processing Dependency: openssl >= 0.9.8g-12 for package: unbound-libs
--> Finished Dependency Resolution
unbound-libs-1.4.12-1.el5.remi.x86_64 from remi-test has depsolving problems
  --> Missing Dependency: openssl >= 0.9.8g-12 is needed by package unbound-libs-1.4.12-1.el5.remi.x86_64 (remi-test)
Error: Missing Dependency: openssl >= 0.9.8g-12 is needed by package unbound-libs-1.4.12-1.el5.remi.x86_64 (remi-test)


Even with all the repos we have listed, the most recent version of openssl that we have (installed) is openssl-0.9.8e-12.el5_5.7.

thx.

Re: Adding Unbound to repo

As an FYI, we are running on CentOS 5.5 right now in the test VM.

Re: Adding Unbound to repo

rhopek wrote:

As an FYI, we are running on CentOS 5.5 right now in the test VM.

Correction our full yum update has us on 5.6 (Final) now.

Re: Adding Unbound to repo

Can you try the new build ?

I have lowered the dependency for openssl for EL-5.
Unbound seems to work (tested on RHEL-5.6 x86_64), but with some issue in validating the server, from log

Jul 16 18:35:57 sd-15108 unbound: [17358:0] info: validation failure i.root-servers.net. A IN
Jul 16 18:35:57 sd-15108 unbound: [17358:0] info: validation failure j.root-servers.net. A IN
Jul 16 18:35:57 sd-15108 unbound: [17358:0] info: validation failure k.root-servers.net. A IN
...

But I don't plan to update the openssl library, as this is a major library with to much packages depending on it.

Upgrading to EL-6 seems the only rational way to have a more recent openssl version.

Desktop: Fedora 33 + rpmfusion + remi-test + remi-dev
Laptop:  Fedora 32 + rpmfusion + remi (SCL only)
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Adding Unbound to repo

So far everything looks good. We've reconfigured it to be chrooted since the default no longer appears to do that (even though they say it is on their site). We're not seeing the errors you note (which log did you see those in?).

Re: Adding Unbound to repo

which log did you see those in?

In /var/log/message.
(tried with simple default configuration)

P.S. I can't reproduce....

Desktop: Fedora 33 + rpmfusion + remi-test + remi-dev
Laptop:  Fedora 32 + rpmfusion + remi (SCL only)
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Adding Unbound to repo

Thank you for adding and maintaining an RPM for Unbound (they typically only have about 4-5 releases a year). Promised donation has been made.

Re: Adding Unbound to repo

Thanks.

Packages will be moved shortly from remi-test to remi repository.

Desktop: Fedora 33 + rpmfusion + remi-test + remi-dev
Laptop:  Fedora 32 + rpmfusion + remi (SCL only)
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Adding Unbound to repo

Remi,

Can you you let know what params (if any) you passed on the ./compile line? I just want to be aware of what modes are supported based on how you compiled it. For example, did you use any of the following:

--with-libevent
--without-pthreads
--without-solaris-threads


Thx.

Re: Adding Unbound to repo

From unbound.spec

%configure  --with-ldns= --with-libevent --with-pthreads --with-ssl \
            --disable-rpath --enable-XXXdebug --disable-static \
            --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \
            --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \
            --with-pythonmodule --with-pyunbound \
            --enable-sha2 --disable-gost
Desktop: Fedora 33 + rpmfusion + remi-test + remi-dev
Laptop:  Fedora 32 + rpmfusion + remi (SCL only)
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi