[Swan-dev] setting libunbound options
Paul Wouters
paul at nohats.ca
Mon Jan 28 21:06:58 UTC 2019
So we need to set some options for libunbound. In one case because it
opens ephemeral ports that selinux does not allow.
libunbound supports reading an unbound.conf file. It also supports
setting options directly, eg:
ub_ctx_set_option(ctx, "outgoing-port-permit:", "32768-60999");
ub_ctx_set_option(ctx, "outgoing-port-avoid:", "0-32767");
Should we set these options in an /etc/ipsec.d/libunbound.conf or should
we just add these two calls in the code? Or should we default to using
/etc/unbound/unbound.conf ?
We already support loading trust anchors via a separate file. And we
allow enabling/disabling dnssec. These could also be done using such
a config file.
I'm personally tempted to just add these two lines in code, since they
won't hurt anyone else. But I could also be convinced to use a new
conf file for these.
Thoughts?
Paul
More information about the Swan-dev
mailing list