upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-06-11 01:20:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
8243 commits 26 branches 212 tags 168 MiB
Commit graph

1076 commits

Author SHA1 Message Date
Willem Toorop
2217c9b96e Merge branch 'master' into update-with-branches/poisonlicious 2025-10-30 09:48:57 +01:00
Yorgos Thessalonikefs
e06b7eb3f1 Merge branch 'branch-1.24.1' 2025-10-22 12:44:59 +02:00
Yorgos Thessalonikefs
a33f0638e1 - Fix CVE-2025-11411 (possible domain hijacking attack), reported by Yuxiao Wu, 
Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University.
 2025-10-22 10:54:57 +02:00
W.C.A. Wijngaards
8687d69131 Merge branch 'master' into xfr-tsig 2025-10-01 15:52:40 +02:00
W.C.A. Wijngaards
feeebc95f8 - Fix for #1344: Fix that respip and dns64 can be enabled at the 
same time, the client info is copied for attach_sub and add_sub
  calls. That makes respip work on dns64 synthesized answers, and
  also makes RPZ work with DNS64. The order for the modules is
  module-config: "respip dns64 validator iterator".
 2025-09-30 11:28:15 +02:00
W.C.A. Wijngaards
f1fea8dc46 - Fix #1353: auth-zone can not use empty label for $ORIGIN when 
http download.
 2025-09-29 14:24:31 +02:00
Yorgos Thessalonikefs
e2bf773089 Merge branch 'features/no-ttl-zero-cacherep' 2025-09-19 14:56:04 +02:00
Yorgos Thessalonikefs
73e408f1d0 A few changes for TTL processing: 
- Cached messages that reach 0 TTL are considered expired. This prevents
  Unbound itself from issuing replies with TTL 0 and possibly causing a
  thundering herd at the last second. Upstream replies of TTL 0 still
  get the usual pass-through but they are not considered for caching
  from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
  TTL value of the record to try and make some sense when replying
  with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
  high-order bit means the value is positive instead of 0.
 2025-09-15 10:03:35 +02:00
W.C.A. Wijngaards
a23c5347a7 - xfr-tsig, unit test shows zonefile that is created. 2025-09-12 15:43:45 +02:00
Yorgos Thessalonikefs
d521135f66 Merge branch 'master' into features/no-ttl-zero-cacherep 2025-09-12 15:24:06 +02:00
W.C.A. Wijngaards
c904a3d375 - xfr-tsig, remove rpl unit test. 2025-09-12 11:23:29 +02:00
W.C.A. Wijngaards
b451cc4af7 - xfr-tsig, add tdir test that performs tsig signed zone transfer. 2025-09-12 10:40:23 +02:00
W.C.A. Wijngaards
dfac72edfc - xfr-tsig, unit test use to make tsig for rpl. 2025-09-11 17:05:58 +02:00
W.C.A. Wijngaards
64e102aacb - xfr-tsig, fix notify tsig answer, fix parse edns allows TSIG, 
unit test for auth zone with notify with tsig and notify answer with tsig.
 2025-09-11 16:21:38 +02:00
W.C.A. Wijngaards
63aa70ab32 - xfr-tsig, unit test for tsig sign every couple packets, and verify that. 2025-09-10 15:26:57 +02:00
W.C.A. Wijngaards
7b59014ba3 - xfr-tsig, unit test with another trace of tsig every couple packets. 2025-09-09 16:24:55 +02:00
W.C.A. Wijngaards
156846e6c4 - xfr-tsig, unit test to verify tsig every couple packets. 2025-09-09 15:50:14 +02:00
W.C.A. Wijngaards
aea2a821b9 - xfr-tsig, unit test for tsig-verify-reply-xfr, with output that works 
with dig and NSD.
 2025-09-09 15:40:51 +02:00
W.C.A. Wijngaards
cacdfee755 Merge branch 'master' into xfr-tsig 2025-09-09 14:38:03 +02:00
W.C.A. Wijngaards
e3c1981a6a - xfr-tsig, fix algorithm name write in xfr reply tsig and unit test 
that works with output that works with dig and NSD.
 2025-09-09 14:36:33 +02:00
W.C.A. Wijngaards
4267de87b5 - Fix #1332: CNAME chains are sometimes not followed when RPZs add a 
local CNAME rewrite.
 2025-09-09 12:34:11 +02:00
W.C.A. Wijngaards
708581579c - xfr-tsig, add test case with AXFR packet with TSIG. 2025-08-27 15:52:08 +02:00
W.C.A. Wijngaards
54175a4180 Merge branch 'master' into xfr-tsig 2025-08-19 15:27:43 +02:00
W.C.A. Wijngaards
1e37f86ef5 - unbound-control cache_lookup +t allows tld and root names. And 
subnet cache contents are printed.
Changelog, documentation and unit test.
 2025-08-15 13:03:31 +02:00
W.C.A. Wijngaards
cdcc0337d1 - Fix edns subnet, so that the subquery without subnet is stored in 
global cache if the querier used 0.0.0.0/0 and the name and address
  do not receive subnet treatment. If the name and address are
  configured for subnet, it is stored in the subnet cache.
 2025-08-06 12:08:44 +02:00
W.C.A. Wijngaards
3b88577dd1 Merge branch 'master' into xfr-tsig 2025-07-31 15:59:25 +02:00
W.C.A. Wijngaards
da9ab59e10 - Redis checks for server down and throttles reconnects. 
And unit test for redis reconnect interval.
 2025-07-24 11:06:00 +02:00
W.C.A. Wijngaards
3d7dfe2f36 - xfr-tsig, unit test for tsig_verify_reply for failed tsig. 2025-07-23 16:35:25 +02:00
W.C.A. Wijngaards
baee7885bd Merge branch 'master' into xfr-tsig 2025-07-23 16:23:58 +02:00
W.C.A. Wijngaards
e55b3a2a4c - xfr-tsig, unit test for tsig_verify_reply. 2025-07-23 16:16:41 +02:00
W.C.A. Wijngaards
a1150078f2 - Add unit tests for non-ecs aggregation. 2025-07-16 11:46:04 +02:00
Yorgos Thessalonikefs
1a6052fcac - For #1289: test num.valops in existing stat_values.tdir. 2025-07-12 17:33:43 +02:00
W.C.A. Wijngaards
e4069e5619 Merge branch 'master' into xfr-tsig 2025-07-11 15:27:40 +02:00
Jose Luis Duran
41c55ffac1
Fix typos (#1299) 2025-07-02 10:50:49 +02:00
W.C.A. Wijngaards
57dd6a971d - xfr-tsig, extra unit tests for tsig_sign_reply. 2025-06-27 11:29:41 +02:00
W.C.A. Wijngaards
3807bf00da - xfr-tsig, unit test for tsig_sign_reply. 2025-06-27 10:59:36 +02:00
W.C.A. Wijngaards
ca147a147d - xfr-tsig, unit test for tsig_sign_shared and tsig_verify_shared. 2025-06-27 09:24:51 +02:00
W.C.A. Wijngaards
dc37849546 - xfr-tsig, test cases for BADTRUNC and not parseable. 2025-06-25 14:19:22 +02:00
W.C.A. Wijngaards
766666139b Merge branch 'master' into xfr-tsig 2025-06-25 14:05:06 +02:00
W.C.A. Wijngaards
47a2d71fd3 - xfr-tsig, unit test cases for tsig errors. 2025-06-25 14:03:12 +02:00
Yorgos Thessalonikefs
4200d23882 - For #1247, replay test (added tcp_transport to 
outnet_serviced_query).
 2025-06-25 14:02:47 +02:00
W.C.A. Wijngaards
0719ef21fa - xfr-tsig, unit test for tsig_verify_query. 2025-06-25 12:06:15 +02:00
W.C.A. Wijngaards
6d5f22b56d - xfr-tsig, fix tsig_verify_query. 2025-06-25 10:21:42 +02:00
W.C.A. Wijngaards
b5beb800c8 - xfr-tsig, tsig_find_rr function. 2025-06-24 16:51:41 +02:00
W.C.A. Wijngaards
418ef3765d Merge branch 'master' into xfr-tsig 2025-06-20 14:33:02 +02:00
W.C.A. Wijngaards
29c8b3edba - xfr-tsig, unit tests for md5, sha1, sha224, sha256, sha384 and sha512. 2025-06-20 14:31:44 +02:00
Yorgos Thessalonikefs
2d90d5d729 - Fix #1293: EDE 6 is attached to insecure cached answers when client sends 
the CD bit.
 2025-06-20 14:09:30 +02:00
W.C.A. Wijngaards
a1d68cdc96 - Fix #1296: DNS over QUIC depends on a very outdated version of 
ngtcp2. Fixed so it works with ngtcp2 1.13.0 and OpenSSL 3.5.0.
 2025-06-19 14:39:45 +02:00
Yorgos Thessalonikefs
9201c75013 - Fix for consistent use of local zone CNAME alias for configured auth 
zones. Now it also applies to downstream configured auth zones.
 2025-06-17 15:03:29 +02:00
W.C.A. Wijngaards
32644937b0 - Fix for cname chain length with qtype ANY and qname minimisation. 
Thanks to Jim Greenwood from Nominet for the report.
 2025-05-19 13:17:21 +02:00