upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-18 18:25:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8190 commits 27 branches 209 tags 137 MiB
Commit graph

2139 commits

Author SHA1 Message Date
Yorgos Thessalonikefs
18fec256b7 - Support pthread_setname_np, and variants, to set the name on spawned 
threads for easier debugging/monitoring.
 2026-02-06 14:17:04 +01:00
Yorgos Thessalonikefs
9d271c5343
Merge pull request #1396 from NLnetLabs/features/thread-id 2026-01-23 17:42:30 +01:00
Yorgos Thessalonikefs
74cc49e6c4 - Introduce the 'log-thread-id' configuration option to manage logging 
the system-wide Linux thread ID for easier debugging with system
  tools.
 2026-01-23 17:15:14 +01:00
Yorgos Thessalonikefs
d414ebf0c7 - On Linux systems log the system-wide unique thread ID instead of 
Unbound's internal thread counter.
 2026-01-23 17:08:55 +01:00
nnarayanamurthy
fe10bc7682
QNX Porting support for unbound branch-1.24.1 (#1388) 
* qnx Porting support for version release-1.24.1

* updating __QNXNTO__ with __QNX__
 2026-01-21 13:12:13 +01:00
W.C.A. Wijngaards
4198343dbe Compile fixup for #1381.
Some checks failed
ci / build (push) Has been cancelled
Details
2026-01-08 14:19:06 +01:00
Petr Menšík
18e098285e
Do not initialize quic_table unless it is enabled (#1381) 
* Do not initialize quic_table unless it is enabled

Fedora in FIPS mode might fail to initialize ngtcp2 library, because
some ciphers desired are not available.

Make it possible to skip initialization by setting explicitly quic_port
to 0. Unless we have some listeners for port 853 configured, skip its
initialization as well.

Related: https://pagure.io/freeipa/issue/9877

* Fix typo in logged function name
 2026-01-08 14:12:32 +01:00
Yorgos Thessalonikefs
44659cb3bf - Use the same EDE removal logic when encoding errors as when encoding
Some checks failed
ci / build (push) Has been cancelled
Details 
replies.
 2025-12-31 16:22:15 +01:00
W.C.A. Wijngaards
c0522043f0 - Fix http2 drop handling to clear the postpone_drop state so that
Some checks failed
ci / build (push) Has been cancelled
Details 
other streams on the http2 session are not affected by a drop,
  and can clean up properly if also dropped. Fix http2 send reply
  so that when there is a send failure is does not recurse into
  the mesh functions and also does not drop the connection due to
  the condition of one stream.
 2025-12-03 14:41:10 +01:00
W.C.A. Wijngaards
98f4257890 - iana portlist updated.
Some checks are pending
ci / build (push) Waiting to run
Details
2025-11-12 11:49:21 +01:00
Yorgos Thessalonikefs
024c921dbf - Fix #1366: Infra cache does not work correctly for NAT64, by
Some checks failed
ci / build (push) Has been cancelled
Details 
moving the NAT64 synthesis from the iterator when selecting a target
  address, to the delegation point itself when adding target
  addresses.
 2025-11-01 15:10:27 +01:00
Yorgos Thessalonikefs
e06b7eb3f1 Merge branch 'branch-1.24.1' 2025-10-22 12:44:59 +02:00
Yorgos Thessalonikefs
a33f0638e1 - Fix CVE-2025-11411 (possible domain hijacking attack), reported by Yuxiao Wu, 
Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University.
 2025-10-22 10:54:57 +02:00
W.C.A. Wijngaards
adaf5dab49 - Fix that https is set up as enabled when the port is listed in 
interface-automatic-ports. Also for the set up of quic it is
  enabled when listed there.
 2025-10-02 10:16:06 +02:00
W.C.A. Wijngaards
feeebc95f8 - Fix for #1344: Fix that respip and dns64 can be enabled at the 
same time, the client info is copied for attach_sub and add_sub
  calls. That makes respip work on dns64 synthesized answers, and
  also makes RPZ work with DNS64. The order for the modules is
  module-config: "respip dns64 validator iterator".
 2025-09-30 11:28:15 +02:00
Yorgos Thessalonikefs
499a3a7a61
Fix #1346: [FR] Please allow back TLS 1.2. (#1349) 
* 'tls-use-system-policy-versions' is introduced to allow Unbound to use
  any system available TLS version when serving TLS.

* Apply suggestions from code review

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-09-29 12:03:56 +02:00
Yorgos Thessalonikefs
35f6fd47fb - Test for nonstring attribute in configure and add 
nonstring attribute annotations.
 2025-09-26 16:23:55 +02:00
Yorgos Thessalonikefs
e2bf773089 Merge branch 'features/no-ttl-zero-cacherep' 2025-09-19 14:56:04 +02:00
Yorgos Thessalonikefs
bc61034f60
code review: use proper roundrobin index 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-09-17 12:19:20 +02:00
Yorgos Thessalonikefs
2dd821c257 - Too many quotes for the EDE message debug printout. 2025-09-17 11:27:16 +02:00
Yorgos Thessalonikefs
c3a8d5251f - Small debug output improvement when attaching an EDE. 2025-09-15 12:06:49 +02:00
Yorgos Thessalonikefs
73e408f1d0 A few changes for TTL processing: 
- Cached messages that reach 0 TTL are considered expired. This prevents
  Unbound itself from issuing replies with TTL 0 and possibly causing a
  thundering herd at the last second. Upstream replies of TTL 0 still
  get the usual pass-through but they are not considered for caching
  from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
  TTL value of the record to try and make some sense when replying
  with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
  high-order bit means the value is positive instead of 0.
 2025-09-15 10:03:35 +02:00
Yorgos Thessalonikefs
d521135f66 Merge branch 'master' into features/no-ttl-zero-cacherep 2025-09-12 15:24:06 +02:00
W.C.A. Wijngaards
85e916e7e0 - Fix indentation in tcp-mss option parsing. 2025-09-02 17:12:14 +02:00
W.C.A. Wijngaards
af96824642 - Fix #1324: Memory leak in 'msgparse.c' in 
'parse_edns_options_from_query(...)'.
 2025-09-02 17:10:42 +02:00
Yorgos Thessalonikefs
44da5eee66 - Limit the number of consecutive reads on an HTTP/2 session. 
Thanks to Gal Bar Nahum for exposing the possibility of infinite
  reads on the session.
 2025-08-29 15:35:32 +02:00
W.C.A. Wijngaards
ebfa09e04f - For #1318: Fix compile warnings for DoH compile on windows. 2025-08-22 10:04:00 +02:00
W.C.A. Wijngaards
752a3f7f52 - Fix to whitespace in dname_str. 2025-08-07 16:19:10 +02:00
W.C.A. Wijngaards
08d59c9a78 - Fix dname_str for printout of long names. Thanks to Jan Komissar 
for the fix.
 2025-08-07 09:45:02 +02:00
W.C.A. Wijngaards
3d7e847a5e - Fix to use assertions for consistency checks in #1309 reclaimed 2025-08-05 16:20:01 +02:00
W.C.A. Wijngaards
da6b735ed9 - Fix #1309: incorrectly reclaimed tcp handler can cause data 
corruption and segfault.
 2025-08-05 15:46:54 +02:00
W.C.A. Wijngaards
910288c0d1 - iana portlist updated. 2025-07-17 14:50:29 +02:00
W.C.A. Wijngaards
b6e52c0a52 - Fix #1303: [FR] Disable TLSv1.2. 2025-07-17 14:50:13 +02:00
W.C.A. Wijngaards
9fe92d1119 - Fix detection of SSL_CTX_set_tmp_ecdh function. 2025-07-11 15:47:59 +02:00
W.C.A. Wijngaards
1de9d6ec66 - Fix layout of comm_point_udp_ancil_callback. 2025-07-03 15:57:49 +02:00
W.C.A. Wijngaards
cb919d5126 - For #1300: implement sock-queue-timeout for FreeBSD as well. 2025-07-03 15:54:33 +02:00
Jose Luis Duran
41c55ffac1
Fix typos (#1299) 2025-07-02 10:50:49 +02:00
Yorgos Thessalonikefs
9201c75013 - Fix for consistent use of local zone CNAME alias for configured auth 
zones. Now it also applies to downstream configured auth zones.
 2025-06-17 15:03:29 +02:00
W.C.A. Wijngaards
e4cf7aeccf - Fix header return value description for skip_pkt_rrs and 
parse_edns_from_query_pkt.
 2025-06-12 12:17:01 +02:00
W.C.A. Wijngaards
a8aa1dbbe1 - Fix conditional expressions with parentheses for bitwise and. 2025-06-11 16:42:43 +02:00
W.C.A. Wijngaards
9f29292839 - Fix bitwise operators in conditional expressions with parentheses. 2025-06-11 15:46:31 +02:00
W.C.A. Wijngaards
1cc1e0b89e - iana portlist updated. 2025-06-05 11:11:56 +02:00
W.C.A. Wijngaards
565bce670c - Fix comment for the dname_remove_label_limit_len function. 2025-06-05 11:11:32 +02:00
W.C.A. Wijngaards
ff7dfd52a2 - Fix #1288: [FR] Improve fuzzing of unbound by adapting the netbound 
program.
 2025-05-21 12:41:54 +02:00
W.C.A. Wijngaards
1ef7b4a246 - Adjusted so-sndbuf default to 4m. 2025-05-13 15:31:05 +02:00
W.C.A. Wijngaards
03772d10fb - Change default for so-sndbuf to 1m, to mitigate a cross-layer 
issue where the UDP socket send buffers are exhausted waiting
  for ARP/NDP resolution. Thanks to Reflyable for the report.
 2025-05-13 15:04:32 +02:00
Yorgos Thessalonikefs
9152c914af - Fix #1282: log-destaddr fail on long ipv6 addresses. 2025-05-13 11:02:58 +02:00
W.C.A. Wijngaards
21e3278400 - Fix #1283: Unsafe usage of atoi() while parsing the configuration 
file.
 2025-05-12 14:57:42 +02:00
Yorgos Thessalonikefs
4e23523d1a
Fix auth nsec3 code (#1280) 
- Fix NSEC3 code to not break on broken auth zones that include unsigned
  out of zone (above apex) data. Could lead to hang while trying to
  prove a wildcard answer.
  Reported by Dmitrii Kuvaiskii from Amazon Web Services.

- Tests for NSEC3 auth zones with out of zone data.
 2025-05-12 14:26:47 +02:00
Yorgos Thessalonikefs
fcc21885e4
Auto-configure '-slabs' values (#1276) 
- Auto-configure '-slabs' values to a power of 2 value close to num-threads
  by default for multi-threaded environments.

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-04-29 15:21:47 +02:00