Merge branch 'master' into xfr-tsig

configure

@@ -685,6 +685,7 @@ opt_dnstap_socket_path
 ENABLE_DNSTAP
 PROTOBUFC_LIBS
 PROTOBUFC_CFLAGS
+PROTOC_GEN_C
 PROTOC_C
 PROTOC
 UBSYMS
@@ -24426,6 +24427,77 @@ fi
 	  as_fn_error $? "The protoc or protoc-c program was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c to provide protoc or protoc-c" "$LINENO" 5
 	fi
 
+	# Check for protoc-gen-c plugin
+	# Extract the first word of "protoc-gen-c", so it can be a program name with args.
+set dummy protoc-gen-c; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PROTOC_GEN_C+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PROTOC_GEN_C in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PROTOC_GEN_C="$PROTOC_GEN_C" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PROTOC_GEN_C="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PROTOC_GEN_C=$ac_cv_path_PROTOC_GEN_C
+if test -n "$PROTOC_GEN_C"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PROTOC_GEN_C" >&5
+printf "%s\n" "$PROTOC_GEN_C" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+	if test -z "$PROTOC_GEN_C"; then
+	  as_fn_error $? "The protoc-gen-c plugin was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c-compiler to provide protoc-gen-c" "$LINENO" 5
+	fi
+
+	# Test that protoc-gen-c actually works
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if protoc-gen-c plugin works" >&5
+printf %s "checking if protoc-gen-c plugin works... " >&6; }
+	cat > conftest.proto << EOF
+syntax = "proto2";
+message TestMessage {
+  optional string test_field = 1;
+}
+EOF
+	if $PROTOC_C --c_out=. conftest.proto >/dev/null 2>&1; then
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	else
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	  as_fn_error $? "The protoc-gen-c plugin is not working properly. Please ensure protobuf-c-compiler is properly installed" "$LINENO" 5
+	fi
+
+
 # Check whether --with-protobuf-c was given.
 if test ${with_protobuf_c+y}
 then :

daemon/remote.c

@@ -1576,7 +1576,7 @@ do_view_zone_add(RES* ssl, struct worker* worker, char* arg)
 		}
 		if(!v->isfirst) {
 			/* Global local-zone is not used for this view,
-			 * therefore add defaults to this view-specic
+			 * therefore add defaults to this view-specific
 			 * local-zone. */
 			struct config_file lz_cfg;
 			memset(&lz_cfg, 0, sizeof(lz_cfg));
@@ -5424,7 +5424,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 	COPY_VAR_ptr(tls_cert_bundle);
 	COPY_VAR_int(tls_win_cert);
 	COPY_VAR_ptr(tls_additional_port);
-	/* The first is used to walk throught the list but last is
+	/* The first is used to walk through the list but last is
 	 * only used during config read. */
 	COPY_VAR_ptr(tls_session_ticket_keys.first);
 	COPY_VAR_ptr(tls_session_ticket_keys.last);
@@ -5611,7 +5611,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 	   tagname, num_tags
 	*/
 	COPY_VAR_int(remote_control_enable);
-	/* The first is used to walk throught the list but last is
+	/* The first is used to walk through the list but last is
 	 * only used during config read. */
 	COPY_VAR_ptr(control_ifs.first);
 	COPY_VAR_ptr(control_ifs.last);
@@ -7174,7 +7174,7 @@ void
 fast_reload_worker_pickup_changes(struct worker* worker)
 {
 	/* The pickup of changes is called when the fast reload has
-	 * a syncronized moment, and all the threads are paused and the
+	 * a synchronized moment, and all the threads are paused and the
 	 * reload has been applied. Then the worker can pick up the new
 	 * changes and store them in worker-specific structs.
 	 * The pickup is also called when there is no pause, and then

dns64/dns64.c

@@ -631,7 +631,7 @@ handle_event_moddone(struct module_qstate* qstate, int id)
 
 	/* When an AAAA query completes check if we want to perform DNS64
 	 * synthesis. We skip queries with DNSSEC enabled (!CD) and
-	 * ones generated by us to retrive the A/PTR record to use for
+	 * ones generated by us to retrieve the A/PTR record to use for
 	 * synth. */
 	int could_synth =
 		qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA &&

dnstap/dnstap.m4

@@ -29,6 +29,30 @@ AC_DEFUN([dt_DNSTAP],
 	if test -z "$PROTOC_C"; then
 	  AC_MSG_ERROR([[The protoc or protoc-c program was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c to provide protoc or protoc-c]])
 	fi
+
+	# Check for protoc-gen-c plugin
+	AC_PATH_PROG([PROTOC_GEN_C], [protoc-gen-c])
+	if test -z "$PROTOC_GEN_C"; then
+	  AC_MSG_ERROR([[The protoc-gen-c plugin was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c-compiler to provide protoc-gen-c]])
+	fi
+
+	# Test that protoc-gen-c actually works
+	AC_MSG_CHECKING([if protoc-gen-c plugin works])
+	cat > conftest.proto << EOF
+syntax = "proto2";
+message TestMessage {
+  optional string test_field = 1;
+}
+EOF
+	if $PROTOC_C --c_out=. conftest.proto >/dev/null 2>&1; then
+	  AC_MSG_RESULT([yes])
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	else
+	  AC_MSG_RESULT([no])
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	  AC_MSG_ERROR([[The protoc-gen-c plugin is not working properly. Please ensure protobuf-c-compiler is properly installed]])
+	fi
+
         AC_ARG_WITH([protobuf-c],
             AS_HELP_STRING([--with-protobuf-c=path], [Path where protobuf-c is installed, for dnstap]),
             [

dnstap/dnstap.proto

@@ -98,7 +98,7 @@ message Policy {
     // rule: the rule matched by the message.
     //
     // In a RPZ context, this is the owner name of the rule in
-    // the Reponse Policy Zone in wire format.
+    // the Response Policy Zone in wire format.
     optional bytes rule = 2;
 
     // action: the policy action taken in response to the

doc/Changelog

@@ -1,3 +1,15 @@
+8 July 2025: Wouter
+	- Fix to improve dnstap discovery on Fedora.
+
+3 July 2025: Wouter
+	- Fix #1300: Is 'sock-queue-timeout' a linux only feature.
+	- For #1300: implement sock-queue-timeout for FreeBSD as well.
+	- Fix layout of comm_point_udp_ancil_callback.
+
+2 July 2025: Wouter
+	- Merge #1299: Fix typos.
+	- Generate ltmain.sh and configure again.
+
 25 June 2025: Yorgos
 	- Fix #1247: forward-first: ssl handshake failed on root nameservers.
 	- For #1247, turn off fetch-policy for delegation when looking into
@@ -768,7 +780,7 @@
 	  now checks both single and multi process/thread operation.
 
 16 May 2024: Yorgos
-	- Merge #1070: Fix rtt assignement for low values of
+	- Merge #1070: Fix rtt assignment for low values of
 	  infra-cache-max-rtt.
 
 16 May 2024: Wouter
@@ -1176,7 +1188,7 @@
 13 October 2023: George
 	- Better fix for infinite loop when reading multiple lines of input on
 	  a broken remote control socket, by treating a zero byte line the
-	  same as transmission end. Addesses #947 and #948.
+	  same as transmission end. Addresses #947 and #948.
 
 12 October 2023: Wouter
 	- Merge #944: Disable EDNS DO.
@@ -1199,7 +1211,7 @@
 
 10 October 2023: George
 	- Fix infinite loop when reading multiple lines of input on a broken
-	  remote control socket. Addesses #947 and #948.
+	  remote control socket. Addresses #947 and #948.
 
 9 October 2023: Wouter
 	- Fix edns subnet so that queries with a source prefix of zero cause
@@ -1632,7 +1644,7 @@
 	- Ignore expired error responses.
 
 11 November 2022: Wouter
-	- Fix #779: [doc] Missing documention in ub_resolve_event() for
+	- Fix #779: [doc] Missing documentation in ub_resolve_event() for
 	  callback parameter was_ratelimited.
 
 9 November 2022: George
@@ -2596,7 +2608,7 @@
 	  not hang. removed trailing slashes from configure paths. Moved iOS
 	  tests to allow-failure.
 	- travis, analyzer disabled on test without debug, that does not
-	  run anway.  Turn off failing tests except one.  Update iOS test
+	  run anyway.  Turn off failing tests except one.  Update iOS test
 	  to xcode image 12.2.
 
 22 March 2021: George
@@ -2685,7 +2697,7 @@
 	- Fix build on Python 3.10.
 
 10 February 2021: Wouter
-	- Merge PR #420 from dyunwei: DOH not responsing with
+	- Merge PR #420 from dyunwei: DOH not responding with
 	  "http2_query_read_done failure" logged.
 
 9 February 2021: Wouter
@@ -3085,7 +3097,7 @@
 
 6 August 2020: Wouter
 	- Merge PR #284 and Fix #246: Remove DLV entirely from Unbound.
-	  The DLV has been decommisioned and in unbound 1.5.4, in 2015, there
+	  The DLV has been decommissioned and in unbound 1.5.4, in 2015, there
 	  was advise to stop using it.  The current code base does not contain
 	  DLV code any more.  The use of dlv options displays a warning.
 
@@ -3634,7 +3646,7 @@
 3 December 2019: Wouter
 	- Merge pull request #124 from rmetrich: Changed log lock
 	  from 'quick' to 'basic' because this is an I/O lock.
-	- Fix text around serial arithmatic used for RRSIG times to refer
+	- Fix text around serial arithmetic used for RRSIG times to refer
 	  to correct RFC number.
 	- Fix Assert Causing DoS in synth_cname(),
 	  reported by X41 D-Sec.
@@ -3897,7 +3909,7 @@
 	- For #52 #53, second context does not close logfile override.
 	- Fix #52 #53, fix for example fail program.
 	- Fix to return after failed auth zone http chunk write.
-	- Fix to remove unused test for task_probe existance.
+	- Fix to remove unused test for task_probe existence.
 	- Fix to timeval_add for remaining second in microseconds.
 	- Check repinfo in worker_handle_request, if null, drop it.
 
@@ -5154,7 +5166,7 @@
 
 1 February 2018: Wouter
 	- fix unaligned structure making a false positive in checklock
-	  unitialised memory.
+	  uninitialised memory.
 
 29 January 2018: Ralph
 	- Use NSEC with longest ce to prove wildcard absence.
@@ -5757,8 +5769,8 @@
 	- Remove (now unused) event2 include from dnscrypt code.
 
 24 March 2017: George
-	- Fix to prevent non-referal query from being cached as referal when the
-	  no_cache_store flag was set.
+	- Fix to prevent non-referral query from being cached as referral when
+	  the no_cache_store flag was set.
 
 23 March 2017: Wouter
 	- Fix #1239: configure fails to find python distutils if python
@@ -5821,7 +5833,7 @@
 
 7 March 2017: Wouter
 	- Fix #1230: swig version 2.0.0 is required for pythonmod, with
-	  1.3.40 it crashes when running repeatly unbound-control reload.
+	  1.3.40 it crashes when running repeatedly unbound-control reload.
 	- Response actions based on IP address from Jinmei Tatuya (Infoblox).
 
 6 March 2017: Wouter
@@ -5837,7 +5849,7 @@
 	  known vulns.
 
 27 February 2017: Wouter
-	- Fix #1227: Fix that Unbound control allows weak ciphersuits.
+	- Fix #1227: Fix that Unbound control allows weak ciphersuites.
 	- Fix #1226: provide official 32bit binary for windows.
 
 24 February 2017: Wouter
@@ -6826,7 +6838,7 @@
 	- Fix #674: Do not free pointers given by getenv.
 
 29 May 2015: Wouter
-	- Fix that unparseable error responses are ratelimited.
+	- Fix that unparsable error responses are ratelimited.
 	- SOA negative TTL is capped at minimumttl in its rdata section.
 	- cache-max-negative-ttl config option, default 3600.
 
@@ -6844,7 +6856,7 @@
 
 10 May 2015: Wouter
 	- Change syntax of particular validator error to be easier for
-	  machine parse, swap rrset and ip adres info so it looks like:
+	  machine parse, swap rrset and ip address info so it looks like:
 	  validation failure <www.example.nl. TXT IN>: signature crypto
 	  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
 
@@ -8424,7 +8436,7 @@
 	- fix that --enable-static-exe does not complain about it unknown.
 
 30 June 2011: Wouter
-	- tag relase 1.4.11, trunk is 1.4.12 development.
+	- tag release 1.4.11, trunk is 1.4.12 development.
 	- iana portlist updated.
 	- fix bug#395: id bits of other query may leak out under conditions
 	- fix replyaddr count wrong after jostled queries, which leads to
@@ -9754,7 +9766,7 @@
 
 8 June 2009: Wouter
 	- Removed RFC5011 REVOKE flag support. Partial 5011 support may cause
-	  inadvertant behaviour.
+	  inadvertent behaviour.
 	- 1.3.0 tarball for release created.
 	- 1.3.1 development in svn trunk.
 	- iana portlist updated.
@@ -10103,7 +10115,7 @@
 	- initgroups(3) is called to drop secondary group permissions, if
 	  applicable.
 	- configure option --with-ldns-builtin forces the use of the 
-	  inluded ldns package with the unbound source.  The -I include
+	  included ldns package with the unbound source.  The -I include
 	  is put before the others, so it avoids bad include files from
 	  an older ldns install.
 	- daemon(3) posix call is used when available.
@@ -10408,7 +10420,7 @@
 	  please ranlib, stop file without symbols warning.
 	- harden referral path now also validates the root after priming.
 	  It looks up the root NS authoritatively as well as the root servers
-	  and attemps to validate the entries.
+	  and attempts to validate the entries.
 
 16 October 2008: Wouter
 	- Fixup negative TTL values appearing (reported by Attila Nagy).
@@ -11187,7 +11199,7 @@
 	- please doxygen, put doxygen comment in one place.
 	- asynclook -b blocking mode and test.
 	- refactor asynclook, nicer code.
-	- fixup race problems from opensll in rand init from library, with
+	- fixup race problems from openssl in rand init from library, with
 	  a mutex around the rand init.
 	- fix pass async_id=NULL to _async resolve().
 	- rewrote _wait() routine, so that it is threadsafe.
@@ -12160,7 +12172,7 @@
 11 June 2007: Wouter
 	- replies on TCP queries have the address field set in replyinfo,
 	  for serviced queries, because the initiator does not know that
-	  a TCP fallback has occured.
+	  a TCP fallback has occurred.
 	- omit DNSSEC types from nonDO replies, except if qtype is ANY or
 	  if qtype directly queries for the type (and then only show that
 	  'unknown type' in the answer section).

doc/example.conf.in

@@ -279,7 +279,7 @@ server:
 	# do-ip6: yes
 
 	# If running unbound on an IPv6-only host, domains that only have
-	# IPv4 servers would become unresolveable.  If NAT64 is available in
+	# IPv4 servers would become unresolvable.  If NAT64 is available in
 	# the network, unbound can use NAT64 to reach these servers with
 	# the following option.  This is NOT needed for enabling DNS64 on a
 	# system that has IPv4 connectivity.

doc/unbound.conf.rst

@@ -910,6 +910,7 @@ These options are part of the **server:** clause.
     This could happen if the host has not been able to service the queries for
     a while, i.e. Unbound is not running, and then is enabled again.
     It uses timestamp socket options.
+    The socket option is available on the Linux and FreeBSD platforms.
 
     Default: 0 (disabled)
 
@@ -3239,7 +3240,7 @@ These options are part of the **server:** clause.
 @@UAHL@unbound.conf@ede@@: *<yes or no>*
     If enabled, Unbound will respond with Extended DNS Error codes
     (:rfc:`8914`).
-    These EDEs privide additional information with a response mainly for, but
+    These EDEs provide additional information with a response mainly for, but
     not limited to, DNS and DNSSEC errors.
 
     When the :ref:`val-log-level<unbound.conf.val-log-level>` option is also

edns-subnet/addrtree.h

@@ -116,7 +116,7 @@ struct addredge {
 	addrlen_t len;
 	/** child node this edge is connected to */
 	struct addrnode *node;
-	/** Parent node this ege is connected to */
+	/** Parent node this edge is connected to */
 	struct addrnode *parent_node;
 	/** Index of this edge in parent_node */
 	int parent_index;

iterator/iter_delegpt.h

@@ -82,7 +82,7 @@ struct delegpt {
 	/** if true, the delegation point has reached last resort processing
 	 *  and the parent side information has been possibly added to the
 	 *  delegation point.
-	 *  For now this singals that further target lookups will ignore
+	 *  For now this signals that further target lookups will ignore
 	 *  the configured target-fetch-policy and only resolve on
 	 *  demand to try and avoid triggering limits at this stage (.i.e, it
 	 *  is very likely that the A/AAAA queries for the newly added name

makedist.sh

@@ -59,7 +59,7 @@ Generate a distribution tar file for unbound.
     -wxp expat.xx.tar.gz Also build expat from tarball for windows dist.
     -wdir directory     Build openssl and expat in a persistent directory for
                         windows dist. If builds are already in that directory
-                        they are used right away. Useful when debuggin windows
+                        they are used right away. Useful when debugging windows
                         builds.
     -w32                32bit windows compile.
     -w ...              Build windows binary dist. last args passed to configure.

respip/respip.h

@@ -276,7 +276,7 @@ void respip_inform_print(struct respip_action_info* respip_actinfo,
  * @param addrlen: length of addr.
  * @param net: netblock to lookup.
  * @param create: create node if it does not exist when 1.
- * @param ipstr: human redable ip string, for logging.
+ * @param ipstr: human readable ip string, for logging.
  * @return newly created of found node, not holding lock.
  */
 struct resp_addr*

services/listen_dnsport.c

@@ -906,7 +906,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
 	   against IP spoofing attacks as suggested in RFC7413 */
 #ifdef __APPLE__
 	/* OS X implementation only supports qlen of 1 via this call. Actual
-	   value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */
+	   value is configured by the net.inet.tcp.fastopen_backlog kernel param. */
 	qlen = 1;
 #else
 	/* 5 is recommended on linux */
@@ -1183,6 +1183,15 @@ set_recvtimestamp(int s)
 		return 0;
 	}
 	return 1;
+#elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP)
+	int on = 1;
+	/* FreeBSD and also Linux. */
+	if (setsockopt(s, SOL_SOCKET, SO_TIMESTAMP, (void*)&on, (socklen_t)sizeof(on)) < 0) {
+		log_err("setsockopt(..., SO_TIMESTAMP, ...) failed: %s",
+			strerror(errno));
+		return 0;
+	}
+	return 1;
 #else
 	log_err("packets timestamping is not supported on this platform");
 	(void)s;
@@ -1602,7 +1611,7 @@ listen_create(struct comm_base* base, struct listen_port* ports,
 				front->udp_buff, ports->pp2_enabled, cb,
 				cb_arg, ports->socket);
 #else
-			log_warn("This system does not support UDP ancilliary data.");
+			log_warn("This system does not support UDP ancillary data.");
 #endif
 		}
 		if(!cp) {
@@ -3103,7 +3112,7 @@ static int http2_req_header_cb(nghttp2_session* session,
 		return 0;
 	}
 	/* Content type is a SHOULD (rfc7231#section-3.1.1.5) when using POST,
-	 * and not needed when using GET. Don't enfore.
+	 * and not needed when using GET. Don't enforce.
 	 * If set only allow lowercase "application/dns-message".
 	 *
 	 * Clients SHOULD (rfc8484#section-4.1) set an accept header, but MUST
@@ -3165,7 +3174,7 @@ static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session),
 			qlen = h2_stream->content_length;
 		} else if(len <= h2_session->c->http2_stream_max_qbuffer_size) {
 			/* setting this to msg-buffer-size can result in a lot
-			 * of memory consuption. Most queries should fit in a
+			 * of memory consumption. Most queries should fit in a
 			 * single DATA frame, and most POST queries will
 			 * contain content-length which does not impose this
 			 * limit. */
@@ -3191,7 +3200,7 @@ static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session),
 
 	if(!h2_stream->qbuffer ||
 		sldns_buffer_remaining(h2_stream->qbuffer) < len) {
-		verbose(VERB_ALGO, "http2 data_chunck_recv failed. Not enough "
+		verbose(VERB_ALGO, "http2 data_chunk_recv failed. Not enough "
 			"buffer space for POST query. Can happen on multi "
 			"frame requests without content-length header");
 		h2_stream->query_too_large = 1;

services/modstack.h

@@ -67,7 +67,7 @@ void modstack_init(struct module_stack* stack);
 void modstack_free(struct module_stack* stack);
 
 /**
- * Initialises modules and assignes ids. Calls module_startup().
+ * Initialises modules and assigns ids. Calls module_startup().
  * @param stack: Expected empty, filled according to module_conf
  * @param module_conf: string what modules to initialize
  * @param env: module environment which is inited by the modules.

sldns/keyraw.c

@@ -272,7 +272,7 @@ sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 		return NULL;
 	}
 	if (!DSA_set0_key(dsa, Y, NULL)) {
-		/* QPG attached, cleaned up by DSA_fre() */
+		/* QPG attached, cleaned up by DSA_free() */
 		DSA_free(dsa);
 		BN_free(Y);
 		return NULL;

sldns/wire2str.h

@@ -262,7 +262,7 @@ int sldns_wire2str_rdata_unknown_scan(uint8_t** data, size_t* data_len,
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
  * @param comprloop: inout bool, that is set true if compression loop failure
- * 	happens.  Pass in 0, if passsed in as true, a lower bound is set
+ * 	happens.  Pass in 0, if passed in as true, a lower bound is set
  * 	on compression loops to stop arbitrary long packet parse times.
  * 	This is meant so you can set it to 0 at the start of a list of dnames,
  * 	and then scan all of them in sequence, if a loop happens, it becomes

testdata/iter_nxns_fallback.rpl

@@ -49,7 +49,7 @@ RANGE_BEGIN 0 100
 		ADJUST copy_id copy_query
 		REPLY QR NOERROR
 		SECTION QUESTION
-			nonexistant.com. IN A
+			nonexistent.com. IN A
 		SECTION AUTHORITY
 			com.	IN NS	a.gtld-servers.net.
 		SECTION ADDITIONAL
@@ -89,9 +89,9 @@ RANGE_BEGIN 0 100
 		ADJUST copy_id copy_query
 		REPLY QR NOERROR
 		SECTION QUESTION
-			nonexistant.com. IN A
+			nonexistent.com. IN A
 		SECTION AUTHORITY
-			nonexistant.com. IN NS	ns.example.com.
+			nonexistent.com. IN NS	ns.example.com.
 		SECTION ADDITIONAL
 			ns.example.com.	 10 IN A	1.2.3.4
 	ENTRY_END
@@ -107,18 +107,18 @@ RANGE_BEGIN 0 100
 		SECTION QUESTION
 			example.com. IN NS
 		SECTION ANSWER
-			example.com.    IN NS   ns1.nonexistant.com.
-			example.com.    IN NS   ns2.nonexistant.com.
-			example.com.    IN NS   ns3.nonexistant.com.
-			example.com.    IN NS   ns4.nonexistant.com.
-			example.com.    IN NS   ns5.nonexistant.com.
-			example.com.    IN NS   ns6.nonexistant.com.
-			example.com.    IN NS   ns7.nonexistant.com.
-			example.com.    IN NS   ns8.nonexistant.com.
-			example.com.    IN NS   ns9.nonexistant.com.
-			example.com.    IN NS   ns10.nonexistant.com.
-			example.com.    IN NS   ns11.nonexistant.com.
-			example.com.    IN NS   ns12.nonexistant.com.
+			example.com.    IN NS   ns1.nonexistent.com.
+			example.com.    IN NS   ns2.nonexistent.com.
+			example.com.    IN NS   ns3.nonexistent.com.
+			example.com.    IN NS   ns4.nonexistent.com.
+			example.com.    IN NS   ns5.nonexistent.com.
+			example.com.    IN NS   ns6.nonexistent.com.
+			example.com.    IN NS   ns7.nonexistent.com.
+			example.com.    IN NS   ns8.nonexistent.com.
+			example.com.    IN NS   ns9.nonexistent.com.
+			example.com.    IN NS   ns10.nonexistent.com.
+			example.com.    IN NS   ns11.nonexistent.com.
+			example.com.    IN NS   ns12.nonexistent.com.
 	ENTRY_END
 
 	ENTRY_BEGIN
@@ -146,7 +146,7 @@ RANGE_BEGIN 0 100
 		ADJUST copy_id copy_query
 		REPLY QR NXDOMAIN
 		SECTION QUESTION
-			nonexistant.com. IN A
+			nonexistent.com. IN A
 	ENTRY_END
 
 	ENTRY_BEGIN
@@ -158,18 +158,18 @@ RANGE_BEGIN 0 100
 		SECTION ANSWER
 			a.example.com. IN A	10.20.30.40
 		SECTION AUTHORITY
-			example.com.    IN NS   ns1.nonexistant.com.
-			example.com.    IN NS   ns2.nonexistant.com.
-			example.com.    IN NS   ns3.nonexistant.com.
-			example.com.    IN NS   ns4.nonexistant.com.
-			example.com.    IN NS   ns5.nonexistant.com.
-			example.com.    IN NS   ns6.nonexistant.com.
-			example.com.    IN NS   ns7.nonexistant.com.
-			example.com.    IN NS   ns8.nonexistant.com.
-			example.com.    IN NS   ns9.nonexistant.com.
-			example.com.    IN NS   ns10.nonexistant.com.
-			example.com.    IN NS   ns11.nonexistant.com.
-			example.com.    IN NS   ns12.nonexistant.com.
+			example.com.    IN NS   ns1.nonexistent.com.
+			example.com.    IN NS   ns2.nonexistent.com.
+			example.com.    IN NS   ns3.nonexistent.com.
+			example.com.    IN NS   ns4.nonexistent.com.
+			example.com.    IN NS   ns5.nonexistent.com.
+			example.com.    IN NS   ns6.nonexistent.com.
+			example.com.    IN NS   ns7.nonexistent.com.
+			example.com.    IN NS   ns8.nonexistent.com.
+			example.com.    IN NS   ns9.nonexistent.com.
+			example.com.    IN NS   ns10.nonexistent.com.
+			example.com.    IN NS   ns11.nonexistent.com.
+			example.com.    IN NS   ns12.nonexistent.com.
 	ENTRY_END
 
 	ENTRY_BEGIN
@@ -181,18 +181,18 @@ RANGE_BEGIN 0 100
 		SECTION ANSWER
 			b.example.com. IN A	10.20.30.40
 		SECTION AUTHORITY
-			example.com.    IN NS   ns1.nonexistant.com.
-			example.com.    IN NS   ns2.nonexistant.com.
-			example.com.    IN NS   ns3.nonexistant.com.
-			example.com.    IN NS   ns4.nonexistant.com.
-			example.com.    IN NS   ns5.nonexistant.com.
-			example.com.    IN NS   ns6.nonexistant.com.
-			example.com.    IN NS   ns7.nonexistant.com.
-			example.com.    IN NS   ns8.nonexistant.com.
-			example.com.    IN NS   ns9.nonexistant.com.
-			example.com.    IN NS   ns10.nonexistant.com.
-			example.com.    IN NS   ns11.nonexistant.com.
-			example.com.    IN NS   ns12.nonexistant.com.
+			example.com.    IN NS   ns1.nonexistent.com.
+			example.com.    IN NS   ns2.nonexistent.com.
+			example.com.    IN NS   ns3.nonexistent.com.
+			example.com.    IN NS   ns4.nonexistent.com.
+			example.com.    IN NS   ns5.nonexistent.com.
+			example.com.    IN NS   ns6.nonexistent.com.
+			example.com.    IN NS   ns7.nonexistent.com.
+			example.com.    IN NS   ns8.nonexistent.com.
+			example.com.    IN NS   ns9.nonexistent.com.
+			example.com.    IN NS   ns10.nonexistent.com.
+			example.com.    IN NS   ns11.nonexistent.com.
+			example.com.    IN NS   ns12.nonexistent.com.
 	ENTRY_END
 
 	ENTRY_BEGIN
@@ -204,18 +204,18 @@ RANGE_BEGIN 0 100
 		SECTION ANSWER
 			c.example.com. IN A	10.20.30.40
 		SECTION AUTHORITY
-			example.com.    IN NS   ns1.nonexistant.com.
-			example.com.    IN NS   ns2.nonexistant.com.
-			example.com.    IN NS   ns3.nonexistant.com.
-			example.com.    IN NS   ns4.nonexistant.com.
-			example.com.    IN NS   ns5.nonexistant.com.
-			example.com.    IN NS   ns6.nonexistant.com.
-			example.com.    IN NS   ns7.nonexistant.com.
-			example.com.    IN NS   ns8.nonexistant.com.
-			example.com.    IN NS   ns9.nonexistant.com.
-			example.com.    IN NS   ns10.nonexistant.com.
-			example.com.    IN NS   ns11.nonexistant.com.
-			example.com.    IN NS   ns12.nonexistant.com.
+			example.com.    IN NS   ns1.nonexistent.com.
+			example.com.    IN NS   ns2.nonexistent.com.
+			example.com.    IN NS   ns3.nonexistent.com.
+			example.com.    IN NS   ns4.nonexistent.com.
+			example.com.    IN NS   ns5.nonexistent.com.
+			example.com.    IN NS   ns6.nonexistent.com.
+			example.com.    IN NS   ns7.nonexistent.com.
+			example.com.    IN NS   ns8.nonexistent.com.
+			example.com.    IN NS   ns9.nonexistent.com.
+			example.com.    IN NS   ns10.nonexistent.com.
+			example.com.    IN NS   ns11.nonexistent.com.
+			example.com.    IN NS   ns12.nonexistent.com.
 	ENTRY_END
 
 	ENTRY_BEGIN
@@ -227,18 +227,18 @@ RANGE_BEGIN 0 100
 		SECTION ANSWER
 			d.example.com. IN A	10.20.30.40
 		SECTION AUTHORITY
-			example.com.    IN NS   ns1.nonexistant.com.
-			example.com.    IN NS   ns2.nonexistant.com.
-			example.com.    IN NS   ns3.nonexistant.com.
-			example.com.    IN NS   ns4.nonexistant.com.
-			example.com.    IN NS   ns5.nonexistant.com.
-			example.com.    IN NS   ns6.nonexistant.com.
-			example.com.    IN NS   ns7.nonexistant.com.
-			example.com.    IN NS   ns8.nonexistant.com.
-			example.com.    IN NS   ns9.nonexistant.com.
-			example.com.    IN NS   ns10.nonexistant.com.
-			example.com.    IN NS   ns11.nonexistant.com.
-			example.com.    IN NS   ns12.nonexistant.com.
+			example.com.    IN NS   ns1.nonexistent.com.
+			example.com.    IN NS   ns2.nonexistent.com.
+			example.com.    IN NS   ns3.nonexistent.com.
+			example.com.    IN NS   ns4.nonexistent.com.
+			example.com.    IN NS   ns5.nonexistent.com.
+			example.com.    IN NS   ns6.nonexistent.com.
+			example.com.    IN NS   ns7.nonexistent.com.
+			example.com.    IN NS   ns8.nonexistent.com.
+			example.com.    IN NS   ns9.nonexistent.com.
+			example.com.    IN NS   ns10.nonexistent.com.
+			example.com.    IN NS   ns11.nonexistent.com.
+			example.com.    IN NS   ns12.nonexistent.com.
 	ENTRY_END
 RANGE_END
 
@@ -259,18 +259,18 @@ a.example.com.	IN A
 SECTION ANSWER
 a.example.com.	IN A	10.20.30.40
 SECTION AUTHORITY
-example.com.    IN NS   ns1.nonexistant.com.
-example.com.    IN NS   ns2.nonexistant.com.
-example.com.    IN NS   ns3.nonexistant.com.
-example.com.    IN NS   ns4.nonexistant.com.
-example.com.    IN NS   ns5.nonexistant.com.
-example.com.    IN NS   ns6.nonexistant.com.
-example.com.    IN NS   ns7.nonexistant.com.
-example.com.    IN NS   ns8.nonexistant.com.
-example.com.    IN NS   ns9.nonexistant.com.
-example.com.    IN NS   ns10.nonexistant.com.
-example.com.    IN NS   ns11.nonexistant.com.
-example.com.    IN NS   ns12.nonexistant.com.
+example.com.    IN NS   ns1.nonexistent.com.
+example.com.    IN NS   ns2.nonexistent.com.
+example.com.    IN NS   ns3.nonexistent.com.
+example.com.    IN NS   ns4.nonexistent.com.
+example.com.    IN NS   ns5.nonexistent.com.
+example.com.    IN NS   ns6.nonexistent.com.
+example.com.    IN NS   ns7.nonexistent.com.
+example.com.    IN NS   ns8.nonexistent.com.
+example.com.    IN NS   ns9.nonexistent.com.
+example.com.    IN NS   ns10.nonexistent.com.
+example.com.    IN NS   ns11.nonexistent.com.
+example.com.    IN NS   ns12.nonexistent.com.
 ENTRY_END
 
 ; The child side nameservers are now known to Unbound
@@ -293,18 +293,18 @@ b.example.com.	IN A
 SECTION ANSWER
 b.example.com.	IN A	10.20.30.40
 SECTION AUTHORITY
-example.com.    IN NS   ns1.nonexistant.com.
-example.com.    IN NS   ns2.nonexistant.com.
-example.com.    IN NS   ns3.nonexistant.com.
-example.com.    IN NS   ns4.nonexistant.com.
-example.com.    IN NS   ns5.nonexistant.com.
-example.com.    IN NS   ns6.nonexistant.com.
-example.com.    IN NS   ns7.nonexistant.com.
-example.com.    IN NS   ns8.nonexistant.com.
-example.com.    IN NS   ns9.nonexistant.com.
-example.com.    IN NS   ns10.nonexistant.com.
-example.com.    IN NS   ns11.nonexistant.com.
-example.com.    IN NS   ns12.nonexistant.com.
+example.com.    IN NS   ns1.nonexistent.com.
+example.com.    IN NS   ns2.nonexistent.com.
+example.com.    IN NS   ns3.nonexistent.com.
+example.com.    IN NS   ns4.nonexistent.com.
+example.com.    IN NS   ns5.nonexistent.com.
+example.com.    IN NS   ns6.nonexistent.com.
+example.com.    IN NS   ns7.nonexistent.com.
+example.com.    IN NS   ns8.nonexistent.com.
+example.com.    IN NS   ns9.nonexistent.com.
+example.com.    IN NS   ns10.nonexistent.com.
+example.com.    IN NS   ns11.nonexistent.com.
+example.com.    IN NS   ns12.nonexistent.com.
 ENTRY_END
 
 ; Query a third time, this will get the cached NXDOMAINs (no NX counter for
@@ -330,18 +330,18 @@ c.example.com.	IN A
 SECTION ANSWER
 c.example.com.	IN A	10.20.30.40
 SECTION AUTHORITY
-example.com.    IN NS   ns1.nonexistant.com.
-example.com.    IN NS   ns2.nonexistant.com.
-example.com.    IN NS   ns3.nonexistant.com.
-example.com.    IN NS   ns4.nonexistant.com.
-example.com.    IN NS   ns5.nonexistant.com.
-example.com.    IN NS   ns6.nonexistant.com.
-example.com.    IN NS   ns7.nonexistant.com.
-example.com.    IN NS   ns8.nonexistant.com.
-example.com.    IN NS   ns9.nonexistant.com.
-example.com.    IN NS   ns10.nonexistant.com.
-example.com.    IN NS   ns11.nonexistant.com.
-example.com.    IN NS   ns12.nonexistant.com.
+example.com.    IN NS   ns1.nonexistent.com.
+example.com.    IN NS   ns2.nonexistent.com.
+example.com.    IN NS   ns3.nonexistent.com.
+example.com.    IN NS   ns4.nonexistent.com.
+example.com.    IN NS   ns5.nonexistent.com.
+example.com.    IN NS   ns6.nonexistent.com.
+example.com.    IN NS   ns7.nonexistent.com.
+example.com.    IN NS   ns8.nonexistent.com.
+example.com.    IN NS   ns9.nonexistent.com.
+example.com.    IN NS   ns10.nonexistent.com.
+example.com.    IN NS   ns11.nonexistent.com.
+example.com.    IN NS   ns12.nonexistent.com.
 ENTRY_END
 
 ; Allow for the nameserver glue to expire
@@ -365,18 +365,18 @@ d.example.com.	IN A
 SECTION ANSWER
 d.example.com.	IN A	10.20.30.40
 SECTION AUTHORITY
-example.com.    IN NS   ns1.nonexistant.com.
-example.com.    IN NS   ns2.nonexistant.com.
-example.com.    IN NS   ns3.nonexistant.com.
-example.com.    IN NS   ns4.nonexistant.com.
-example.com.    IN NS   ns5.nonexistant.com.
-example.com.    IN NS   ns6.nonexistant.com.
-example.com.    IN NS   ns7.nonexistant.com.
-example.com.    IN NS   ns8.nonexistant.com.
-example.com.    IN NS   ns9.nonexistant.com.
-example.com.    IN NS   ns10.nonexistant.com.
-example.com.    IN NS   ns11.nonexistant.com.
-example.com.    IN NS   ns12.nonexistant.com.
+example.com.    IN NS   ns1.nonexistent.com.
+example.com.    IN NS   ns2.nonexistent.com.
+example.com.    IN NS   ns3.nonexistent.com.
+example.com.    IN NS   ns4.nonexistent.com.
+example.com.    IN NS   ns5.nonexistent.com.
+example.com.    IN NS   ns6.nonexistent.com.
+example.com.    IN NS   ns7.nonexistent.com.
+example.com.    IN NS   ns8.nonexistent.com.
+example.com.    IN NS   ns9.nonexistent.com.
+example.com.    IN NS   ns10.nonexistent.com.
+example.com.    IN NS   ns11.nonexistent.com.
+example.com.    IN NS   ns12.nonexistent.com.
 ENTRY_END
 
 SCENARIO_END

testdata/iter_nxns_parentside.rpl

@@ -51,7 +51,7 @@ RANGE_BEGIN 0 100
 		ADJUST copy_id copy_query
 		REPLY QR NOERROR
 		SECTION QUESTION
-			nonexistant.com. IN A
+			nonexistent.com. IN A
 		SECTION AUTHORITY
 			com.	IN NS	a.gtld-servers.net.
 		SECTION ADDITIONAL
@@ -81,14 +81,14 @@ RANGE_BEGIN 0 100
 		SECTION QUESTION
 			example.com. IN A
 		SECTION AUTHORITY
-			example.com.    IN NS   ns1.nonexistant.com.
-			example.com.    IN NS   ns2.nonexistant.com.
-			example.com.    IN NS   ns3.nonexistant.com.
-			example.com.    IN NS   ns4.nonexistant.com.
-			example.com.    IN NS   ns5.nonexistant.com.
-			example.com.    IN NS   ns6.nonexistant.com.
-			example.com.    IN NS   ns7.nonexistant.com.
-			example.com.    IN NS   ns8.nonexistant.com.
+			example.com.    IN NS   ns1.nonexistent.com.
+			example.com.    IN NS   ns2.nonexistent.com.
+			example.com.    IN NS   ns3.nonexistent.com.
+			example.com.    IN NS   ns4.nonexistent.com.
+			example.com.    IN NS   ns5.nonexistent.com.
+			example.com.    IN NS   ns6.nonexistent.com.
+			example.com.    IN NS   ns7.nonexistent.com.
+			example.com.    IN NS   ns8.nonexistent.com.
 	ENTRY_END
 
 	ENTRY_BEGIN
@@ -96,7 +96,7 @@ RANGE_BEGIN 0 100
 		ADJUST copy_id copy_query
 		REPLY QR NXDOMAIN
 		SECTION QUESTION
-			nonexistant.com. IN A
+			nonexistent.com. IN A
 	ENTRY_END
 RANGE_END
 

testdata/subnet_cached_servfail.crpl

@@ -118,7 +118,7 @@ HEX_EDNSDATA_BEGIN
 HEX_EDNSDATA_END
 ENTRY_END
 
-; This answer was cached but a prefetch was triggerred
+; This answer was cached but a prefetch was triggered
 STEP 12 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH opcode qtype qname

testdata/val_failure_dnskey.rpl

@@ -17,7 +17,7 @@ stub-zone:
 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
 CONFIG_END
 
-SCENARIO_BEGIN Test validator with failure for chaing of trust lookup.
+SCENARIO_BEGIN Test validator with failure for chain of trust lookup.
 ; The error message that is created, also for EDE is more extensive.
 
 ; K.ROOT-SERVERS.NET.

util/data/msgencode.c

@@ -365,7 +365,7 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs,
 
 /** return true if type needs domain name compression in rdata */
 static const sldns_rr_descriptor*
-type_rdata_compressable(struct ub_packed_rrset_key* key)
+type_rdata_compressible(struct ub_packed_rrset_key* key)
 {
 	uint16_t t = ntohs(key->rk.type);
 	if(sldns_rr_descript(t) && 
@@ -486,7 +486,7 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
 		adjust = SERVE_ORIGINAL_TTL ? data->ttl_add : timenow;
 
 	if(do_data) {
-		const sldns_rr_descriptor* c = type_rdata_compressable(key);
+		const sldns_rr_descriptor* c = type_rdata_compressible(key);
 		for(i=0; i<data->count; i++) {
 			/* rrset roundrobin */
 			j = (i + rr_offset) % data->count;

util/data/msgencode.h

@@ -117,7 +117,7 @@ uint16_t calc_edns_field_size(struct edns_data* edns);
 uint16_t calc_edns_option_size(struct edns_data* edns, uint16_t code);
 
 /**
- * Calculate the size of the EDE option(s) in packet. Also calculate seperately
+ * Calculate the size of the EDE option(s) in packet. Also calculate separately
  * the size of the EXTRA-TEXT field(s) in case we can trim them to fit.
  * In this case include any LDNS_EDE_OTHER options in their entirety since they
  * are useless without extra text.

util/net_help.c

@@ -1035,7 +1035,7 @@ void log_crypto_err_code(const char* str, unsigned long err)
 }
 
 #ifdef HAVE_SSL
-/** Print crypt erro with SSL_get_error want code and err_get_error code */
+/** Print crypt error with SSL_get_error want code and err_get_error code */
 static void log_crypto_err_io_code_arg(const char* str, int r,
 	unsigned long err, int err_present)
 {

util/netevent.c

@@ -1083,6 +1083,11 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
 			} else if( cmsg->cmsg_level == SOL_SOCKET &&
 				cmsg->cmsg_type == SO_TIMESTAMP) {
 				memmove(&rep.c->recv_tv, CMSG_DATA(cmsg), sizeof(struct timeval));
+#elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP)
+			} else if( cmsg->cmsg_level == SOL_SOCKET &&
+				cmsg->cmsg_type == SCM_TIMESTAMP) {
+				/* FreeBSD and also Linux. */
+				memmove(&rep.c->recv_tv, CMSG_DATA(cmsg), sizeof(struct timeval));
 #endif /* HAVE_LINUX_NET_TSTAMP_H */
 			}
 		}

validator/validator.c

@@ -76,7 +76,7 @@ static void process_ds_response(struct module_qstate* qstate,
 	struct module_qstate* sub_qstate);
 
 
-/* Updates the suplied EDE (RFC8914) code selectively so we don't lose
+/* Updates the supplied EDE (RFC8914) code selectively so we don't lose
  * a more specific code */
 static void
 update_reason_bogus(struct reply_info* rep, sldns_ede_code reason_bogus)
@@ -2917,7 +2917,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
 		struct ub_packed_rrset_key* ds;
 		enum sec_status sec;
 		ds = reply_find_answer_rrset(qinfo, msg->rep);
-		/* If there was no DS rrset, then we have mis-classified 
+		/* If there was no DS rrset, then we have misclassified
 		 * this message. */
 		if(!ds) {
 			log_warn("internal error: POSITIVE DS response was "
@@ -3469,7 +3469,7 @@ val_inform_super(struct module_qstate* qstate, int id,
 		if(suspend) {
 			/* deep copy the return_msg to vq->sub_ds_msg; it will
 			 * be resumed later in the super state with the caveat
-			 * that the initial calculations will be re-caclulated
+			 * that the initial calculations will be re-calculated
 			 * and re-suspended there before continuing. */
 			vq->sub_ds_msg = dns_msg_deepcopy_region(
 				qstate->return_msg, super->region);