[Swan-dev] setting libunbound options
Štěpán Brož
stepan at izitra.cz
Wed Jan 30 15:14:30 UTC 2019
Hello,
I was able to make the libunbound configuration working, with the help
from Wouter, the unbound developer, and Paul. The correct order of
options is:
ub_ctx_set_option(dns_ctx, "outgoing-port-avoid:", "0-65535");
ub_ctx_set_option(dns_ctx, "outgoing-port-permit:", "32768-60999");
I would prefer making this configurable rather than hardcoding it, and
ideally as part of the ipsec.conf file.
Another, less preferred option from my perspective, might be
introducing unbound configuration in a dedicated location. This would
allow more tweaking, but as said eariler, this would require further
SELinux policy changes.
Cheers,
Stepan
More information about the Swan-dev
mailing list