1config BR2_PACKAGE_UNBOUND 2 bool "unbound" 3 depends on !BR2_STATIC_LIBS 4 select BR2_PACKAGE_EXPAT 5 select BR2_PACKAGE_LIBEVENT 6 select BR2_PACKAGE_OPENSSL 7 help 8 Unbound is a validating, recursive, and caching DNS resolver. 9 It supports DNSSEC, QNAME minimisation, DNS-over-TLS and 10 DNSCrypt. 11 12 https://www.unbound.net 13 14if BR2_PACKAGE_UNBOUND 15config BR2_PACKAGE_UNBOUND_DNSCRYPT 16 bool "enable DNSCrypt" 17 select BR2_PACKAGE_LIBSODIUM 18 help 19 DNSCrypt wraps unmodified DNS queries between a client and 20 a DNS resolver. Default port used is 443 and like with 21 normal unencrypted DNS, it uses UDP first and falling back 22 to TCP if response too large. 23 24 There is also DNS-over-TLS, a TCP only version 25 of proposed standard for DNS encryption (RFC 7858). 26 Default port for DNS-over-TLS is 853 and Unbound has 27 built-in support for it. 28 29 https://tools.ietf.org/html/rfc7858 30 31 Note: Neither DNSCrypt or DNS-over-TLS encrypt the SNI. 32 Here is some suggestions how to handle SNI encryption: 33 34 https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00 35endif 36 37comment "unbound needs a toolchain w/ dynamic library" 38 depends on BR2_STATIC_LIBS 39