upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-08 07:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5732 commits 23 branches 209 tags 126 MiB
Commit graph

1565 commits

Author SHA1 Message Date
W.C.A. Wijngaards
f6a527c25a - Similar to NSD PR#113, implement that interface names can be used, 
eg. something like interface: eth0 is resolved at server start and
  uses the IP addresses for that named interface.
 2020-08-27 14:53:33 +02:00
Ralph Dolmans
a6603c94d8 Merge branch 'master' of github.com:NLnetLabs/unbound 2020-08-10 17:32:00 +02:00
Ralph Dolmans
31f81adadb - Check for existence 'EVP_MAC_CTX_set_params' function (openssl >= 
3.0.0-alpha5)
 2020-08-10 17:29:06 +02:00
Ralph Dolmans
afd49e897f Merge branch 'openssl-3.0' of https://github.com/ciz/unbound into ciz-openssl-3.0 2020-08-06 17:27:27 +02:00
W.C.A. Wijngaards
2fade6f970 Merge branch 'master' into dlv-removal 2020-08-06 14:20:42 +02:00
W.C.A. Wijngaards
4ec55910c4 dlv removal, free unused variable. 2020-08-06 08:14:14 +02:00
Ralph Dolmans
74ec8a758b
Merge pull request #272 from NLnetLabs/edns-client-tag 
Add EDNS client tag functionality
 2020-08-05 16:07:49 +02:00
Ralph Dolmans
70c8d09edd - Process EDNS client tag review feedback 2020-08-05 15:56:45 +02:00
W.C.A. Wijngaards
c0c722cd97 DLV removal 2020-08-04 09:05:09 +02:00
W.C.A. Wijngaards
fc55345dcb - Fix mini_event.h on OpenBSD cannot find fd_set. 2020-08-04 08:14:25 +02:00
Vitezslav Cizek
61100b6463 net_help: Rename EVP_MAC_set_ctx_params to EVP_MAC_CTX_set_params 
This fixes build with OpenSSL 3.0.0 Alpha 5.
EVP_MAC_set_ctx_params got renamed back to EVP_MAC_CTX_set_params
in https://github.com/openssl/openssl/pull/12186
 2020-07-31 14:48:44 +02:00
W.C.A. Wijngaards
e855d5779a - Fix doxygen comment for no ssl for tls session ticket key callback 
routine.
 2020-07-31 09:10:40 +02:00
Ralph Dolmans
2fe398f4bf EDNS client tags - insert configured tags into tree 2020-07-24 16:00:13 +02:00
Ralph Dolmans
64806a0d14 Add edns-client-tag configuration option 2020-07-24 14:52:04 +02:00
Ralph Dolmans
16029281a8 Start of EDNS client tags implementation. 2020-07-23 17:17:44 +02:00
W.C.A. Wijngaards
7d4445c03d - Fix libnettle compile for session ticket key callback function 
changes.
 2020-07-17 16:53:52 +02:00
Ralph Dolmans
14a0433470 - Merge PR #234 - Ensure proper alignment of cmsg buffers by Jérémie 
Courrèges-Anglas.
- Fix PR #234 log_assert sizeof to use union buffer.
 2020-07-17 13:07:03 +02:00
Ralph Dolmans
7d364f1111 Merge branch 'align-cmsg-buffers' of https://github.com/jcourreges/unbound into jcourreges-align-cmsg-buffers 2020-07-17 13:01:44 +02:00
George Thessalonikefs
833ab1aab3 Merge branch 'master' into include-toplevel 2020-07-16 12:53:29 +02:00
George Thessalonikefs
7f802b07ef Merge branch 'master' into include-toplevel 2020-07-15 15:17:48 +02:00
Ralph Dolmans
d4bcfbe996 Merge branch 'master' into fstrm-bidi 2020-07-13 17:30:36 +02:00
Ralph Dolmans
9cebc13150 - Add option to send DNSTAP messages over bidirectional frame streams 2020-07-13 17:28:50 +02:00
W.C.A. Wijngaards
e99b5046eb - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL 
3.0.0-alpha4.
- Longer keys for the test set, this avoids weak crypto errors.
 2020-07-08 16:22:39 +02:00
W.C.A. Wijngaards
be1182c3db - iana portlist updated. 2020-06-24 13:33:47 +02:00
W.C.A. Wijngaards
5203954068 - Fix display of event loop method with libev. 2020-06-17 14:32:57 +02:00
W.C.A. Wijngaards
ba0f382eee - CVE-2020-12662 Unbound can be tricked into amplifying an incoming 
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.
 2020-05-19 10:27:27 +02:00
W.C.A. Wijngaards
2c8ebe6206 - Fixed conflicts for PR #93 and make configure, yacc, lex. 2020-05-15 14:55:36 +02:00
W.C.A. Wijngaards
edcef18274 Merge branch 'master' of git://github.com/PMunch/unbound into PMunch-master 
Fixed conflicts in Makefile.in and configparser.y
 2020-05-15 14:52:53 +02:00
Jeremie Courreges-Anglas
8175161059 Ensure proper alignment of cmsg buffers 
The cmsg macros expect a control message buffer to be aligned like
a struct cmsghdr.  The current layout around those stack-allocated
buffers probably provides the required alignment (usually 4 bytes).
Use a union to enforce proper alignment, in case future changes modify
the stack layout.

Spotted when chasing an unrelated bug with Otto Moerbeek (@omoerbeek).
 2020-05-10 17:23:33 +02:00
George Thessalonikefs
1bd4dbf302 - New include directive 'include-toplevel:'. It closes the previous 
clause (if any) and requires that all included files explicitly
  start a clause.
 2020-04-29 11:23:12 +02:00
George Thessalonikefs
226d66ca92 - Change default value for 'rrset-roundrobin' to yes. 2020-04-21 12:58:48 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
George Thessalonikefs
a601fd6d3c Merge branch 'Talkabout-redis-expire-records' 2020-04-01 17:24:07 +02:00
George Thessalonikefs
557a309f9d - Changes for PR #206 (formatting and remade lex and yacc output). 2020-04-01 17:14:58 +02:00
Talkabout
c25eb2c4c8 implemented review feedback 
renamed option from 'redis-set-ttl' to 'redis-expire-records'
 2020-03-31 23:10:45 +02:00
Talkabout
b130a8b459 added option 'redis-set-ttl' to define whether ttl should be added to redis records 
added check for redis command 'setex' when initializing redis connection
updated documentation
minor improvements to previous changes
 2020-03-31 12:47:13 +02:00
Willem Toorop
af0bd5b0b4 Send tcp_req_info->spool_buffer as dnstap CLIENT_RESPONSE 
When tcp_req_info exists. This fixes that dnstap CLIENT_RESPONSE messages did not contain the response message when answering on statful transport for uncached responses.
 2020-03-30 12:19:17 +02:00
Willem Toorop
9d9eee8402 Fix uncached CLIENT_RESPONSE'es on stateful transports 
Because repinfo->c->buffer does not contain the response when the it did not came from cache.
Only after tcp_req_info_send_reply is called, is the response on the buffer which is used to fill the dnstap protobuf's.
 2020-03-30 11:39:07 +02:00
W.C.A. Wijngaards
7459b1dceb - Fixes for #200 : example.conf note and set_value for ip-dscp. 2020-03-24 09:36:27 +01:00
W.C.A. Wijngaards
311f163aed Changelog for #200 and bison, flex regenerate. 
- Merge PR #200 from yarikk: add ip-dscp option to specify the DSCP
  tag for outgoing packets.
 2020-03-24 09:25:05 +01:00
Yaroslav K
c0118410a2 add ip-dscp configuration option for setting IP DiffServ codepoint (DSCP, previously TOS) on sockets 2020-03-23 19:37:43 +00:00
Florian Obser
bdd245ff7d Make log_ident_revert_to_default() a proper prototype. 
Pointed out by clang with -Wstrict-prototypes.
 2020-03-20 11:44:38 +01:00
Ralph Dolmans
4504dd3737 - Log warning when using outgoing-port-permit and outgoing-port-avoid 
while explicit port randomisation is disabled.
 2020-03-19 17:34:46 +01:00
Ralph Dolmans
2c03028fa3 - Fix #158: open tls-session-ticket-keys as binary, for Windows. By Daisuke 
HIGASHI.
 2020-03-19 14:00:33 +01:00
Jeffrey Walton
6ab0db6e25
Fix NetBSD compile (GH #189) 2020-03-11 03:35:28 -04:00
W.C.A. Wijngaards
614ed2717b Merge branch 'master' into framestreams 
Fixed bison and flex conflicts by regenerating the files.
 2020-02-28 14:31:24 +01:00
W.C.A. Wijngaards
e13dfc743d For incoming ssl context with verifypem != NULL, we can set 
SSL_VERIFY_FAIL_IF_NO_PEER_CERT that can reject client
connections without peer cert during the handshake, which is nicer
than just a connection drop to the client (when we then check
for no peer certificate afterwards).
 2020-02-28 11:10:12 +01:00
W.C.A. Wijngaards
b63032b4dd dnstap io, fixup fptr_wlist for unbound_dnstap_socket tool. 2020-02-28 08:55:10 +01:00
W.C.A. Wijngaards
5b61afd38c Return 0 when ssl authentication is not available 2020-02-28 08:11:11 +01:00
W.C.A. Wijngaards
398e260145 Fixup ssl authentication not available with check for it. 2020-02-27 16:57:24 +01:00