upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-29 19:09:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7084 commits 23 branches 209 tags 124 MiB
Commit graph

240 commits

Author SHA1 Message Date
Willem Toorop
75f3fbdd65 Downstream DNS Cookies a la RFC7873 and RFC9018 
Create server cookies for clients that send client cookies.
Needs to be turned on in the config file with:

	answer-cookie: yes

A cookie-secret can be configured for anycast setups.
Also adds an access control list that will allow queries with
either a valid cookie or over a stateful transport.
 2022-09-28 10:28:19 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
George Thessalonikefs
efdd70c7b5 - Cleanup some comments and TODO text. 2022-07-23 19:55:15 +02:00
George Thessalonikefs
187bc72633 - Add testcase for allowing NOTIFY on URL addresses. 2022-06-14 17:44:37 +02:00
Philip Homburg
16dd802c2e Add url 'master' to allow notify list 2022-05-31 15:10:38 +02:00
Philip Homburg
6dad2d2fc6 allow-notify doesn't work for url on rpz zones (https://github.com/NLnetLabs/unbound/issues/679) 2022-05-31 15:10:38 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
W.C.A. Wijngaards
1289c53c1a - Fix zonemd unsupported algo check to set reason to NULL before the 
check routine, but after malformed checks, to get the correct NULL
  output when the digest matches.
 2022-04-08 11:19:40 +02:00
W.C.A. Wijngaards
d02e83ae2b - Fix zonemd unsupported algo check to print unsupported reason before 
zeroing it.
 2022-04-08 11:10:11 +02:00
W.C.A. Wijngaards
8f2847ba69 - Fix zonemd unsupported algo check reason to not copy to next record, 
and check for success for debug printout.
 2022-04-08 10:54:57 +02:00
W.C.A. Wijngaards
730a03e9bd - Fix zonemd unsupported algo check. 2022-04-08 09:36:01 +02:00
W.C.A. Wijngaards
e4ca71e85b - Fix zonemd check to allow unsupported algorithms to load. 
If there are only unsupported algorithms, or unsupported schemes,
  and no failed or successful other ZONEMD records, or malformed
  or bad ZONEMD records, the unsupported records allow the zone load.
 2022-04-08 09:29:37 +02:00
W.C.A. Wijngaards
debe5c665f - Fix #637: Integer Overflow in sldns_str2period function. 2022-03-03 14:19:59 +01:00
W.C.A. Wijngaards
2b90181d3a - Fix #628: A rpz-passthru action is not ending RPZ zone processing. 2022-02-15 16:20:12 +01:00
Wouter Wijngaards
9645228f03
Merge pull request #570 from rex4539/typos 
Fix typos
 2021-11-29 11:39:48 +01:00
tcarpay
c47e98a659
Merge pull request #563 from NLnetLabs/bugfix/general-edns-options3 
Better positioning of general EDNS option handling: revisited V2
 2021-11-15 15:14:51 +01:00
Dimitris Apostolou
c21d6af617
Fix typos 2021-11-13 16:56:15 +02:00
TCY16
8205c87a96 complete renaming of the modules edns list 2021-11-08 11:50:29 +01:00
W.C.A. Wijngaards
1a94a68fc2 - Fix #552: Unbound assumes index.html exists on RPZ host. 2021-11-02 16:45:02 +01:00
Tom Carpay
89d7476539 split edns_data.opt_list in opt_list_in and opt_list_out 
opt_list_in for parsed (incoming) edns options, and
opt_list_out for outgoing (to be encoded) edns options
 2021-11-01 12:48:40 +00:00
Tom Carpay
3ebfa9fc97 Outgoing module options go to opt_list_modules_out 
And opt_list_modules_out is reset in case of failure
BEWARE! No options from modules will be encoded in the responses now!
 2021-10-27 14:01:56 +00:00
Tom Carpay
3e6eeb504d Modules have their own outgoing ends options list 
But nothing happens with it yet
 2021-10-27 13:48:49 +00:00
W.C.A. Wijngaards
a9de6879b8 Merge branch 'master' into rpz-triggers 2021-08-18 09:53:35 +02:00
W.C.A. Wijngaards
d0cc58be3d - Fix to support harden-algo-downgrade for ZONEMD dnssec checks. 2021-08-16 16:14:32 +02:00
W.C.A. Wijngaards
4034c009bb - zonemd, fix order of bogus printout string manipulation. 2021-08-13 15:24:53 +02:00
W.C.A. Wijngaards
c8c2dfff22 - Fix zonemd verification of key that is not in DNS but in the zone 
and needs a chain of trust.
 2021-08-13 14:43:11 +02:00
W.C.A. Wijngaards
f232562430 Merge branch 'master' into rpz-triggers 2021-08-05 13:37:22 +02:00
George Thessalonikefs
ca4d68c64c - Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. 2021-07-16 14:32:18 +02:00
W.C.A. Wijngaards
8e5c3f51a2 - Fix auth zone download on windows to unlink before rename. 2021-06-25 15:31:33 +02:00
W.C.A. Wijngaards
79209823ac - Fix a number of warnings reported by the gcc analyzer. 2021-06-18 18:12:26 +02:00
W.C.A. Wijngaards
cf0aad9fb6 Merge branch 'master' into rpz-triggers 2021-05-28 15:00:55 +02:00
W.C.A. Wijngaards
ea4f1ee8a6 - zonemd-check: yesno option, default no, enables the processing 
of ZONEMD records for that zone.
 2021-05-27 14:20:53 +02:00
W.C.A. Wijngaards
e5cb48c432 Merge branch 'master' into rpz-triggers 2021-05-21 14:09:30 +02:00
George Thessalonikefs
ff6b527184 - Fix for #411, #439, #469: Reset the DNS message ID when moving queries 
between TCP streams.
- Refactor for uniform way to produce random DNS message IDs.
 2021-05-19 15:07:32 +02:00
W.C.A. Wijngaards
355526da7d - rpz-triggers, the added soa for client ip modified answers is affected 
by the minimal-responses config option.
 2021-05-14 16:34:38 +02:00
W.C.A. Wijngaards
50dcadd495 - rpz-triggers, for clientip modified answers the rpz SOA is added to the 
additional section with the serial number and name of the rpz zone that
  was applied.
 2021-05-14 15:34:48 +02:00
W.C.A. Wijngaards
39a557833d - Fix for zonemd, do not reject insecure result from trust anchor 
validation step in dnssec chain of trust.
 2021-02-23 17:09:40 +01:00
W.C.A. Wijngaards
c802298fca - Fix for zonemd, that domain-insecure zones work without dnssec. 2021-02-23 17:03:23 +01:00
W.C.A. Wijngaards
131d38f8f2 - Fix for zonemd, that nxdomain for the chain of trust is allowed 
for island zones, it is treates as an insecure zone for verification.
 2021-02-22 17:32:40 +01:00
W.C.A. Wijngaards
b7ffa6618c zonemd, review comments, fix no anchor lookup if none. 2021-02-12 09:16:22 +01:00
W.C.A. Wijngaards
8490508559 zonemd, review comments, stop null dnskey, skip dnssec for insecure islands. 2021-02-12 08:33:03 +01:00
W.C.A. Wijngaards
6965cef5e8 zonemd, review comments, check qname for zonemd dnskey lookup. 2021-02-11 17:33:10 +01:00
W.C.A. Wijngaards
e0f17c2443 zonemd, review comments, stop callback for a deleted zone. 2021-02-11 17:27:59 +01:00
W.C.A. Wijngaards
d3b6e1679c zonemd, review comments, indentation. 2021-02-11 16:05:28 +01:00
W.C.A. Wijngaards
9a972aa5b2 zonemd, review comments, compare list size for rrsigtype add. 2021-02-10 16:38:39 +01:00
W.C.A. Wijngaards
12171e3124 zonemd, review comments, compare list size correctly. 2021-02-10 16:34:24 +01:00
W.C.A. Wijngaards
3d2692d6bc zonemd, review comments, add comments to unit test, scope verbose output. 2021-02-10 15:30:23 +01:00
W.C.A. Wijngaards
b7a633fdc0 Merge branch 'master' into zonemd 2021-02-04 16:08:11 +01:00
Willem Toorop
b7864b0c48 Merge branch 'master' into features/padding 2021-01-22 15:13:01 +01:00
W.C.A. Wijngaards
20ff80c5bb zonemd, fix to detect duplicate zonemd scheme and algo RRs. 2021-01-22 14:36:53 +01:00