upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-17 09:38:03 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
8198 commits 27 branches 209 tags 137 MiB
Commit graph

8198 commits

This branch
This branch
All branches
Author SHA1 Message Date
W.C.A. Wijngaards
014ed9c5ff - Fix that cachedb aggressive negative responses have the RA flag set.
Some checks are pending
ci / build (push) Waiting to run
Details
2026-02-16 16:35:37 +01:00
Yorgos Thessalonikefs
16e1e6d375 - Fix #1404: Priming the root key fails after loading ipfire.org RPZ
Some checks are pending
ci / build (push) Waiting to run
Details 
zones. Fixed by including the ZONEMD RRtype in the list of types to
  ignore for RPZ zones. Analysis and patch provided by ummeegge.
 2026-02-16 13:37:19 +01:00
W.C.A. Wijngaards
1a9a4e4ca1 - Fix #1403: Inconsistency between do-nat64 and do-not-query-address
Some checks failed
ci / build (push) Has been cancelled
Details 
during retries.
 2026-02-11 16:01:30 +01:00
W.C.A. Wijngaards
f7f638e18f - Update generated man pages.
Some checks failed
ci / build (push) Has been cancelled
Details
2026-02-09 16:11:17 +01:00
W.C.A. Wijngaards
c956aea93d Changelog note and documentation for #1401. 
- Merge #1401: Add a new build-time option for system TLS.
  The --enable-system-tls flag enables the
  tls-use-system-policy-versions setting by default.
 2026-02-09 16:05:28 +01:00
Petr Menšík
4556a4f490
Add a new build-time option for system TLS (#1401) 
We want to use crypto-policy provided configuration always in our
builds. Allow changing the default of tls-use-system-policy-versions at
build time by a simple configure parameter.
 2026-02-09 15:57:16 +01:00
Yorgos Thessalonikefs
1cdddf0fe9 - Fix #1389: [FR] replacement with ECC-GOST12 according to RFC9558. 
Patch contributed by Igor V. Ruzanov, available in
  contrib/gost12.patch.
 2026-02-06 14:39:23 +01:00
W.C.A. Wijngaards
567c70dada Fix attribution of fix. 2026-02-04 14:17:56 +01:00
W.C.A. Wijngaards
8b4b2a88f7 - Fix local privilege escalation on Windows. Thanks to Hao Huang 
for the report. The OpenSSL init calls are set to not load
  the openssl.cnf file when compiled for Windows.
 2026-02-04 11:54:11 +01:00
Yorgos Thessalonikefs
faf40c97fc - Eagerly remove .skip mark files in between mini_tdir.sh runs in case
Some checks failed
ci / build (push) Has been cancelled
Details 
there has been a change on the environment.
 2026-02-03 15:08:59 +01:00
W.C.A. Wijngaards
daa016e3e4 - Add test for allow-notify with a host name.
Some checks failed
ci / build (push) Has been cancelled
Details
2026-01-27 13:49:33 +01:00
W.C.A. Wijngaards
039f69e735 - Fix to not skip allow-notify hostname lookups when there are only
Some checks are pending
ci / build (push) Waiting to run
Details 
urls.
 2026-01-26 16:16:38 +01:00
W.C.A. Wijngaards
b39009e487 Merge branch 'master' of github.com:NLnetLabs/unbound 2026-01-26 15:17:26 +01:00
W.C.A. Wijngaards
933769ee73 - Fix that allow-notify entries with hostnames are copied after IPv4 
and IPv6 lookup.
 2026-01-26 15:16:43 +01:00
Yorgos Thessalonikefs
57bff79627 - Update generated man pages.
Some checks failed
ci / build (push) Has been cancelled
Details
2026-01-23 18:04:25 +01:00
Yorgos Thessalonikefs
1b5559d534 Changelog entry for #1396: 
- Merge #1396: Log Linux thread ID.
- On Linux systems log the system-wide unique thread ID instead of
  Unbound's internal thread counter.
- Introduce the 'log-thread-id' configuration option to manage logging
  the system-wide Linux thread ID for easier debugging with system
  tools.
 2026-01-23 17:46:14 +01:00
Yorgos Thessalonikefs
9d271c5343
Merge pull request #1396 from NLnetLabs/features/thread-id 2026-01-23 17:42:30 +01:00
Yorgos Thessalonikefs
74cc49e6c4 - Introduce the 'log-thread-id' configuration option to manage logging 
the system-wide Linux thread ID for easier debugging with system
  tools.
 2026-01-23 17:15:14 +01:00
Yorgos Thessalonikefs
d414ebf0c7 - On Linux systems log the system-wide unique thread ID instead of 
Unbound's internal thread counter.
 2026-01-23 17:08:55 +01:00
W.C.A. Wijngaards
9b123d1b78 - Fix http test tool petal to not print errors when there is no
Some checks failed
ci / build (push) Has been cancelled
Details 
error.
 2026-01-22 14:19:35 +01:00
W.C.A. Wijngaards
37b71261a2 - Fix that fast reload copies the iter_scrub_ns, iter_scrub_cname
Some checks are pending
ci / build (push) Waiting to run
Details 
and max_global_quota options.
 2026-01-22 09:42:56 +01:00
W.C.A. Wijngaards
4426db4d3d - Merge #1388: QNX Porting support for unbound.
Some checks are pending
ci / build (push) Waiting to run
Details
2026-01-21 13:13:01 +01:00
nnarayanamurthy
fe10bc7682
QNX Porting support for unbound branch-1.24.1 (#1388) 
* qnx Porting support for version release-1.24.1

* updating __QNXNTO__ with __QNX__
 2026-01-21 13:12:13 +01:00
W.C.A. Wijngaards
67d2eae28c - Merge #1392: Include "V" (version) option in synopsis.
Some checks failed
ci / build (push) Has been cancelled
Details
2026-01-19 09:09:47 +01:00
David H. Gutteridge
9010a7075e
Include "V" (version) option in synopsis (#1392) 2026-01-19 09:09:12 +01:00
W.C.A. Wijngaards
cc6dbc9f38 - Fix documentation for requestlist.overwritten and
Some checks failed
ci / build (push) Has been cancelled
Details 
requestlist.exceeded, it explains which query was dropped.
 2026-01-15 09:35:04 +01:00
W.C.A. Wijngaards
4198343dbe Compile fixup for #1381.
Some checks failed
ci / build (push) Has been cancelled
Details
2026-01-08 14:19:06 +01:00
W.C.A. Wijngaards
08600d68e8 Changelog note for #1381, and man page explanation. 
- Merge #1381: Do not initialize quic_table unless it is enabled.
 2026-01-08 14:16:54 +01:00
Petr Menšík
18e098285e
Do not initialize quic_table unless it is enabled (#1381) 
* Do not initialize quic_table unless it is enabled

Fedora in FIPS mode might fail to initialize ngtcp2 library, because
some ciphers desired are not available.

Make it possible to skip initialization by setting explicitly quic_port
to 0. Unless we have some listeners for port 853 configured, skip its
initialization as well.

Related: https://pagure.io/freeipa/issue/9877

* Fix typo in logged function name
 2026-01-08 14:12:32 +01:00
Yorgos Thessalonikefs
f1b35bab4b Changelog entry for #1391:
Some checks failed
ci / build (push) Has been cancelled
Details 
- Merge #1391 from Götz Görisch: Fix documentation to adhere to
  RFC5952.
 2026-01-06 18:21:34 +01:00
Yorgos Thessalonikefs
84ed77238d
Merge pull request #1391 from GoetzGoerisch/docs 
Fix documentation to adhere to RFC 5952
 2026-01-06 18:19:47 +01:00
Goetz Goerisch
adb0374a4d Fix documentation to adhere to RFC 5952 
Update the text representations of IPv6 addresses.
 2026-01-06 16:10:37 +01:00
W.C.A. Wijngaards
b0b634558b - Fix edns subnet, that scope zero queries, when there is a
Some checks are pending
ci / build (push) Waiting to run
Details 
subquery without subnet, and the forward-no-cache or
  stub-no-cache option is set, it is not stored in cache due to
  the forward or stub option.
This has the changelog entry and test.
 2026-01-06 09:33:00 +01:00
W.C.A. Wijngaards
8546247292 - Fix edns subnet, that scope zero queries, when there is a 
subquery without subnet, and the forward-no-cache or
  stub-no-cache option is set, it is not stored in cache due to
  the forward or stub option.
 2026-01-06 09:32:21 +01:00
Yorgos Thessalonikefs
44659cb3bf - Use the same EDE removal logic when encoding errors as when encoding
Some checks failed
ci / build (push) Has been cancelled
Details 
replies.
 2025-12-31 16:22:15 +01:00
Yorgos Thessalonikefs
a1ac2d0252 - Update the unbound-anchor man page to note write permissions of the 
generated file if it is to be used with Unbound's
  auto-trust-anchor-file option.
 2025-12-31 14:05:42 +01:00
Yorgos Thessalonikefs
5c7a26b615 - Mark "THROWAWAY" and "(DNSSEC) LAME" responses clearly as Unbound's
Some checks are pending
ci / build (push) Waiting to run
Details 
categorization in the log output.
 2025-12-30 13:15:37 +01:00
Yorgos Thessalonikefs
09d352b917 - More specific wording in the unbound.conf man page for stub-first
Some checks failed
ci / build (push) Has been cancelled
Details 
and forward-first options.
 2025-12-24 14:57:44 +01:00
W.C.A. Wijngaards
c0522043f0 - Fix http2 drop handling to clear the postpone_drop state so that
Some checks failed
ci / build (push) Has been cancelled
Details 
other streams on the http2 session are not affected by a drop,
  and can clean up properly if also dropped. Fix http2 send reply
  so that when there is a send failure is does not recurse into
  the mesh functions and also does not drop the connection due to
  the condition of one stream.
 2025-12-03 14:41:10 +01:00
W.C.A. Wijngaards
b858801feb - Fix to remove http2 stream mesh state when mesh new request is
Some checks are pending
ci / build (push) Waiting to run
Details 
dropping the new request.
 2025-12-02 15:31:53 +01:00
W.C.A. Wijngaards
588db09928 - Fix header comment about EDE reference in validator/val_sigcrypt.h.
Some checks are pending
ci / build (push) Waiting to run
Details
2025-12-01 16:04:41 +01:00
W.C.A. Wijngaards
5c66c48a1b - Fix to add EDNS CO flag to testbound and debug message log. 2025-12-01 15:29:41 +01:00
Yorgos Thessalonikefs
83336477c6 - For #1375, there is no DNSTAP environment if it wasn't configured.
Some checks failed
ci / build (push) Has been cancelled
Details
2025-11-28 15:20:21 +01:00
Yorgos Thessalonikefs
e3e5eb66cf - Tag for 1.24.2 release.
Some checks failed
ci / build (push) Has been cancelled
Details 
The repository continues with version 1.24.3.
 2025-11-26 13:54:25 +01:00
Yorgos Thessalonikefs
00d3b97dbb Merge branch 'branch-1.24.2' 2025-11-26 13:50:49 +01:00
Yorgos Thessalonikefs
f6269baa60 - Additional fix for CVE-2025-11411 (possible domain hijacking attack), 
to include YXDOMAIN and non-referral nodata answers in the mitigation as
  well, reported by TaoFei Guo from Peking University, Yang Luo and JianJun
  Chen from Tsinghua University.
 2025-11-26 11:09:40 +01:00
Yorgos Thessalonikefs
19154c6e58 - Set version to 1.24.2. 2025-11-26 10:58:06 +01:00
W.C.A. Wijngaards
0f43b0ea6c Changelog note for #1375, and lock for lockchecks and ifdef for compile fix.
Some checks failed
ci / build (push) Has been cancelled
Details 
- Merge #1375: Copy DNSTAP changes from daemon to workers after
  fast_reload.
 2025-11-13 15:45:27 +01:00
smeddlep
e6d92f458f
Copy DNSTAP changes from daemon to workers after fast_reload (#1375) 
- On fast_reload, the identity and version strings are always freed and
  reallocated as part of dt_apply_cfg(). Add fr_worker_pickup_dnstap_changes()
  to copy any changes from daemon to workers.
 2025-11-13 15:42:44 +01:00
W.C.A. Wijngaards
a31b9d50e2 Changelog note for #1374
Some checks are pending
ci / build (push) Waiting to run
Details 
- Merge #1374: Mesh reply counters.
  This adds the statistics num.queries.replyaddr_limit and
  requestlist.current.replies.
 2025-11-13 09:34:45 +01:00