* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a2022dc1fb46dc599c974a398b8d5c7a6b87c94e
@ 2026-05-27 10:49 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-05-27 10:49 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via a2022dc1fb46dc599c974a398b8d5c7a6b87c94e (commit)
via c06a7913849005891582ecac5d830454684dbdc1 (commit)
from de80f74152e08080c5f302cf56cab6daa79169b4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a2022dc1fb46dc599c974a398b8d5c7a6b87c94e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 11:48:09 2026 +0100
knot resolver: Force TCP flag only on TCP
This is required for TLS, too, but the policy.FORWARD_TLS function is
already setting this.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c06a7913849005891582ecac5d830454684dbdc1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 11:47:18 2026 +0100
knot resolver: Configure forwarders in the workers, too
Fixes: #13987 - KRESD - TLS forwarding doesn't work
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/knot-resolver/config.lua | 4 ++--
config/knot-resolver/config.yaml | 6 ++++++
2 files changed, 8 insertions(+), 2 deletions(-)
Difference in files:
diff --git a/config/knot-resolver/config.lua b/config/knot-resolver/config.lua
index 2e741e864..a38a83303 100644
--- a/config/knot-resolver/config.lua
+++ b/config/knot-resolver/config.lua
@@ -141,8 +141,8 @@ function config.transport()
-- Load the settings
local settings = config.load_settings("/var/ipfire/dns/settings")
- -- Force using TCP (and/or TLS) if configured
- if settings["PROTO"] == "TCP" or settings["PROTO"] == "TLS" then
+ -- Force using TCP if configured
+ if settings["PROTO"] == "TCP" then
policy.add(
policy.all(
policy.FLAGS("TCP")
diff --git a/config/knot-resolver/config.yaml b/config/knot-resolver/config.yaml
index 9fc6d069b..dfc849614 100644
--- a/config/knot-resolver/config.yaml
+++ b/config/knot-resolver/config.yaml
@@ -42,12 +42,18 @@ lua:
-- Load config helpers
local config = require("config")
+ -- Load the settings
+ local settings = config.load_settings("/var/ipfire/dns/settings")
+
-- Configure transport
config.transport()
-- Load DHCP Leases Lookup
config.load_leases()
+ -- Load Forwarders
+ config.load_forwarders(settings)
+
# Load policies
policy-script: |
-- Load config helpers
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-27 10:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-05-27 10:49 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a2022dc1fb46dc599c974a398b8d5c7a6b87c94e Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox