upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-23 00:00:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5605 commits 23 branches 209 tags 123 MiB
Commit graph

215 commits

Author SHA1 Message Date
Wouter Wijngaards
874165904f doc and flex and yacc. 
git-svn-id: file:///svn/unbound/trunk@4589 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 14:23:51 +00:00
Wouter Wijngaards
e784758a21 - Add --with-libhiredis, unbound support for a new cached backend 
that uses a Redis server as the storage.  This implementation
  depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
  And unbound should be built with both --enable-cachedb and
  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
  should exist).  Patch from Jinmei Tatuya (Infoblox).


git-svn-id: file:///svn/unbound/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 12:33:51 +00:00
Wouter Wijngaards
54bd1fdd62 - tls-cert-bundle option in unbound.conf enables TLS authentication. 
git-svn-id: file:///svn/unbound/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:09 +00:00
Ralph Dolmans
77f78152ee - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: file:///svn/unbound/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00
Wouter Wijngaards
0362614f94 auth zone, make depend, fallback, create and delete, and lease_time, 
and lock fixes.


git-svn-id: file:///svn/unbound/trunk@4466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-30 10:35:20 +00:00
Wouter Wijngaards
4b4b1eec8b - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is 
also recognized and means the same.  Also for tls-port,
  tls-service-key, tls-service-pem, stub-tls-upstream and
  forward-tls-upstream.


git-svn-id: file:///svn/unbound/trunk@4444 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 08:35:44 +00:00
Ralph Dolmans
7e8d3423cd Please lint 
git-svn-id: file:///svn/unbound/trunk@4435 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-03 17:05:48 +00:00
Wouter Wijngaards
cba64aaaa4 - lexer output. 
git-svn-id: file:///svn/unbound/trunk@4390 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-31 10:07:01 +00:00
Wouter Wijngaards
b37bc47eaa - Work on local root zone code. 
git-svn-id: file:///svn/unbound/trunk@4376 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 15:16:31 +00:00
Wouter Wijngaards
52e2331dd4 - [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert 
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
  from Manu Bretelle.
	This option allows handling multiple cert/key pairs while only
	distributing some of them.
	In order to reliably match a client magic with a given key without
	strong assumption as to how those were generated, we need both key and
	cert. Likewise, in order to know which ES version should be used.
	On the other hand, when rotating a cert, it can be desirable to only
	serve the new cert but still be able to handle clients that are still
	using the old certs's public key.
	The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
	publish the cert as part of the DNS's provider_name's TXT answer.



git-svn-id: file:///svn/unbound/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 07:34:49 +00:00
Wouter Wijngaards
ee8f07a686 - Fix #1440: [dnscrypt] client nonce cache. 
git-svn-id: file:///svn/unbound/trunk@4351 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:55:08 +00:00
Wouter Wijngaards
c49226613b - Fix #1435: Please allow UDP to be disabled separately upstream and 
downstream.


git-svn-id: file:///svn/unbound/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:42:24 +00:00
Wouter Wijngaards
e583448a6d les and bison. 
git-svn-id: file:///svn/unbound/trunk@4329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 11:59:38 +00:00
Wouter Wijngaards
5797c77f55 yacc 1.9 and flex 2.6.1. 
git-svn-id: file:///svn/unbound/trunk@4296 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-08 09:09:45 +00:00
Wouter Wijngaards
abb6cfdebd - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), 
config.sub(2016-09-05).
- annotate case statement fallthrough for gcc 7.1.1.
- flex output from flex 2.6.1.
- snprintf of thread number does not warn about truncated string.


git-svn-id: file:///svn/unbound/trunk@4278 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:04:18 +00:00
Wouter Wijngaards
c52c07c086 - Fix #1350: make cachedb backend configurable (from JINMEI Tatuya). 
git-svn-id: file:///svn/unbound/trunk@4275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-17 08:21:19 +00:00
Wouter Wijngaards
cf0429f3e1 and yacc, lex it. 
git-svn-id: file:///svn/unbound/trunk@4232 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-16 07:56:28 +00:00
Ralph Dolmans
998793998d - Added domain name based ECS whitelist. 
git-svn-id: file:///svn/unbound/trunk@4217 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-08 14:44:55 +00:00
Wouter Wijngaards
7641f23f87 - updated configure, dependencies and flex output. 
git-svn-id: file:///svn/unbound/trunk@4159 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 13:21:10 +00:00
Ralph Dolmans
a511d5d95e - Implemented trust anchor signaling using key tag query. 
git-svn-id: file:///svn/unbound/trunk@4134 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 12:58:13 +00:00
Wouter Wijngaards
4d7d32c846 - harden algo downgrade also makes unbound more lenient about digest 
algorithms in DS records.


git-svn-id: file:///svn/unbound/trunk@4104 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-10 13:38:50 +00:00
Ralph Dolmans
a2bc93547f - Generalise inplace callback (de)registration 
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event


git-svn-id: file:///svn/unbound/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-06 13:13:06 +00:00
Wouter Wijngaards
553544feac autoconf (because easier diffs with other releases) 
git-svn-id: file:///svn/unbound/trunk@4075 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-21 14:18:45 +00:00
Ralph Dolmans
b0fd814975 - Merge EDNS Client subnet implementation from feature branch into main branch, 
using new EDNS processing framework.


git-svn-id: file:///svn/unbound/trunk@4074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-21 12:08:17 +00:00
Wouter Wijngaards
86f0baf146 - make depend, autoconf, remove warnings about statement before var. 
git-svn-id: file:///svn/unbound/trunk@4066 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-20 15:09:06 +00:00
Wouter Wijngaards
6c456aa15e - Add trustanchor.unbound CH TXT that gets a response with a number 
of TXT RRs with a string like "example.com. 2345 1234" with
  the trust anchors and their keytags.


git-svn-id: file:///svn/unbound/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:17:58 +00:00
Wouter Wijngaards
05215e8e7d - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and 
DS records.  NSEC3 is not disabled.
- fake-sha1 test option; print warning if used.  To make unit tests.


git-svn-id: file:///svn/unbound/trunk@4043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-09 13:18:08 +00:00
Wouter Wijngaards
cae9809e11 - Response actions based on IP address from Jinmei Tatuya (Infoblox). 
git-svn-id: file:///svn/unbound/trunk@4035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-07 14:58:51 +00:00
Wouter Wijngaards
35ae8ef313 - Patch from Luiz Fernando Softov for Stats Shared Memory. 
- unbound-control stats_shm command prints stats using shared memory,
  which uses less cpu.


git-svn-id: file:///svn/unbound/trunk@4020 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-23 12:05:05 +00:00
Wouter Wijngaards
3a1ffe4c69 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: file:///svn/unbound/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
Wouter Wijngaards
9b4b0de746 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
Wouter Wijngaards
cd7db58ce3 - configure --enable-systemd and lets unbound use systemd sockets if 
you enable use-systemd: yes in unbound.conf.
  Also there are contrib/unbound.socket and contrib/unbound.service:
  systemd files for unbound, install them in /usr/lib/systemd/system.
  Contributed by Sami Kerola and Pavel Odintsov.



git-svn-id: file:///svn/unbound/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-03 13:43:29 +00:00
Ralph Dolmans
95d5334783 - Fix #1188: Unresolved symbol 'fake_dsa' in libunbound.so when built with 
Nettle


git-svn-id: file:///svn/unbound/trunk@3971 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-21 10:29:19 +00:00
Wouter Wijngaards
ba274dd312 - Note that for harden-below-nxdomain the nxdomain must be secure, 
this means nsec3 with optout is insufficient.


git-svn-id: file:///svn/unbound/trunk@3925 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 14:49:43 +00:00
Ralph Dolmans
efe248c46a - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: file:///svn/unbound/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
Wouter Wijngaards
680e14cb65 - log-identity: config option to set sys log identity, patch from 
"Robin H. Johnson" <robbat2@gentoo.org>


git-svn-id: file:///svn/unbound/trunk@3917 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 08:51:40 +00:00
Wouter Wijngaards
27182d614b - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled 
with the undocumented switch 'fake-dsa'.  It logs a warning.


git-svn-id: file:///svn/unbound/trunk@3909 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-26 07:38:00 +00:00
Wouter Wijngaards
a9a65800b8 - serve-expired config option: serve expired responses with TTL 0. 
git-svn-id: file:///svn/unbound/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:43:20 +00:00
Wouter Wijngaards
3d62b46073 - suppress compile warning in lex files. 
git-svn-id: file:///svn/unbound/trunk@3895 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 07:46:35 +00:00
Ralph Dolmans
9c0944ec1e - Added qname-minimisation-strict config option. 
git-svn-id: file:///svn/unbound/trunk@3878 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-11 11:32:50 +00:00
Ralph Dolmans
b587c7f72d Added views functionality. 
git-svn-id: file:///svn/unbound/trunk@3876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:36:25 +00:00
Wouter Wijngaards
0c954d99c3 - Silenced flex-generated sign-unsigned warning print with gcc 
diagnostic pragma.


git-svn-id: file:///svn/unbound/trunk@3852 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-13 10:44:24 +00:00
Wouter Wijngaards
b6b3e2b914 - For #787: prefer-ip6 option for unbound.conf prefers to send 
upstream queries to ipv6 servers.


git-svn-id: file:///svn/unbound/trunk@3803 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 14:49:49 +00:00
Wouter Wijngaards
c697604224 - Fix #784: Build configure assumess that having getpwnam means there 
is endpwent function available.
- Updated repository with newer flex and bison output.


git-svn-id: file:///svn/unbound/trunk@3799 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-27 08:00:55 +00:00
Ralph Dolmans
54b820773c - Possibility to specify local-zone types for an acl/tag pair 
- Possibility to specify (override) local-zone types for a source address block


git-svn-id: file:///svn/unbound/trunk@3797 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-24 19:08:58 +00:00
Wouter Wijngaards
68f6a22d75 Newer flex lexed it. 
git-svn-id: file:///svn/unbound/trunk@3780 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-13 06:57:28 +00:00
Wouter Wijngaards
12f96dc321 - In unbound.conf directory: dir immediately changes to that directory, 
so that include: file below that is relative to that directory.
  With chroot, make the directory an absolute path inside chroot.


git-svn-id: file:///svn/unbound/trunk@3775 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-09 22:59:07 +00:00
Wouter Wijngaards
0e97374466 - access-control-tag-action and access-control-tag-data config 
directives.
- make depend


git-svn-id: file:///svn/unbound/trunk@3759 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 13:47:24 +00:00
Wouter Wijngaards
65bcb9b0ca - local-zone-override config directive. 
git-svn-id: file:///svn/unbound/trunk@3758 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 10:00:25 +00:00
Wouter Wijngaards
415fc52b08 - access-control-tag config directive. 
git-svn-id: file:///svn/unbound/trunk@3754 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:33:59 +00:00
Wouter Wijngaards
7fcec8102f - disable-dnssec-lame-check config option from Charles Walker. 
git-svn-id: file:///svn/unbound/trunk@3725 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-24 12:17:42 +00:00
Wouter Wijngaards
feb1b86d1c - trunk updated with output of flex 2.6.0. 
git-svn-id: file:///svn/unbound/trunk@3719 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-17 15:01:24 +00:00
Wouter Wijngaards
46d476b0c2 define-tag and local-zone-tag configuration. 
git-svn-id: file:///svn/unbound/trunk@3708 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-21 09:49:02 +00:00
Wouter Wijngaards
9f8b2bb468 - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for 
binding to an IP address while the interface or address is down.


git-svn-id: file:///svn/unbound/trunk@3673 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-15 09:35:48 +00:00
Wouter Wijngaards
785697de82 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: file:///svn/unbound/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
Wouter Wijngaards
c53222e101 - Fix to simplify empty string checking from Michael McConville. 
git-svn-id: file:///svn/unbound/trunk@3600 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-14 08:28:46 +00:00
Wouter Wijngaards
5d0ad681a2 - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: file:///svn/unbound/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
Wouter Wijngaards
3ee1dc25d5 yacced,lexed, include for undeclared function and make depend. 
git-svn-id: file:///svn/unbound/trunk@3555 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 08:11:48 +00:00
Ralph Dolmans
a05bf09811 Implemented qname minimisation 
git-svn-id: file:///svn/unbound/trunk@3554 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-30 16:10:26 +00:00
Wouter Wijngaards
897ee33df1 - Fix config globbed include chroot treatment, this fixes reload of 
globs (patch from Dag-Erling Smørgrav).


git-svn-id: file:///svn/unbound/trunk@3485 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-22 08:04:19 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
94a6478e05 - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: file:///svn/unbound/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
77088b12ff - Add ip-transparent config option for bind to non-local addresses. 
git-svn-id: file:///svn/unbound/trunk@3369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-19 09:50:35 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
3ef33154e5 - infra-cache-min-rtt patch from Florian Riehm, for expected long 
uplink roundtrip times.


git-svn-id: file:///svn/unbound/trunk@3328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-02 08:46:22 +00:00
Wouter Wijngaards
df73be98bd - patch for remote control over local sockets, from Dag-Erling 
Smorgrav, Ilya Bakulin.  Use control-interface: /path/sock and
  control-use-cert: no.


git-svn-id: file:///svn/unbound/trunk@3304 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:12:59 +00:00
Wouter Wijngaards
e8fa4a9aff - parser with bison 2.7 
git-svn-id: file:///svn/unbound/trunk@3270 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-14 15:59:30 +00:00
Wouter Wijngaards
8ccba42b1f - dnstap support, with a patch from Farsight Security, written by 
Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
  It is BSD licensed (see dnstap/dnstap.c).
  Building with --enable-dnstap needs pkg-config with this patch.
- Noted dnstap in doc/README and doc/CREDITS.


git-svn-id: file:///svn/unbound/trunk@3206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-05 07:57:52 +00:00
Wouter Wijngaards
04bacd679b - Changes from DNS64: 
strcpy changed to memmove.
  arraybound check fixed from prefix_net/8/4 to prefix_net/8+4.
  allocation of result consistently in the correct region.
  time_t is now used for ttl in unbound (since the patch's version).


git-svn-id: file:///svn/unbound/trunk@3199 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-31 08:00:38 +00:00
Wouter Wijngaards
45022b6add - DNS64 from Viagenie (BSD Licensed), written by Simon Perrault. 
Initial commit of the patch from the FreeBSD base (with its fixes).
  This adds a module (for module-config in unbound.conf) dns64 that
  performs DNS64 processing, see README.DNS64.


git-svn-id: file:///svn/unbound/trunk@3198 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-31 07:15:33 +00:00
Wouter Wijngaards
9f0a53e79b Fix compile and test on Linux. 
git-svn-id: file:///svn/unbound/trunk@3159 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-11 09:39:13 +00:00
Wouter Wijngaards
bdc57e5be5 - Feature, unblock-lan-zones: yesno that you can use to make unbound 
perform 10.0.0.0/8 and other reverse lookups normally, for use if
  unbound is running service for localhost on localhost.


git-svn-id: file:///svn/unbound/trunk@3133 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-20 10:38:32 +00:00
Wouter Wijngaards
d8e5a83392 - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: file:///svn/unbound/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00
Wouter Wijngaards
60511959ab - so-reuseport: yesno option to distribute queries evenly over 
threads on Linux (Thanks Robert Edmonds).


git-svn-id: file:///svn/unbound/trunk@3049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 11:43:38 +00:00
Wouter Wijngaards
eed60983ac - update pythonmod for ldns_ to sldns_ name change. 
git-svn-id: file:///svn/unbound/trunk@3035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-05 16:27:52 +00:00
Wouter Wijngaards
b9efb261da - Fix bug#536: acl_deny_non_local and refuse_non_local added. 
git-svn-id: file:///svn/unbound/trunk@3015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-12 10:08:54 +00:00
Wouter Wijngaards
e704e27be6 interface: and ip-address: 
also includes for newer ldns in pythonmod. 


git-svn-id: file:///svn/unbound/trunk@3014 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-06 02:48:59 +00:00
Wouter Wijngaards
d86d7c050c and lex. 
git-svn-id: file:///svn/unbound/trunk@2941 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 14:14:32 +00:00
Wouter Wijngaards
b2274bedd9 - max include of 100.000 files (depth and globbed at one time). 
This is to preserve system memory in bug cases, or endless cases.


git-svn-id: file:///svn/unbound/trunk@2928 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-07-26 13:11:53 +00:00
Wouter Wijngaards
f7bf35b23a - Max include depth is unlimited. 
git-svn-id: file:///svn/unbound/trunk@2909 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-06-10 13:37:14 +00:00
Wouter Wijngaards
ff1dbe4fcc - Implement max-udp-size config option, default 4096 (thanks 
Daisuke Higashi).


git-svn-id: file:///svn/unbound/trunk@2893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 11:55:46 +00:00
Wouter Wijngaards
2be3e34658 - Fix so that for a configuration line of include: "*.conf" it is not 
an error if there are no files matching the glob pattern.


git-svn-id: file:///svn/unbound/trunk@2883 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-15 07:57:08 +00:00
Wouter Wijngaards
9c4bbfd37d - include: directive in config file accepts wildcards. Patch from 
Paul Wouters.  Suggested use: include: "/etc/unbound.d/conf.d/*"


git-svn-id: file:///svn/unbound/trunk@2765 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-09-27 08:52:37 +00:00
Wouter Wijngaards
cf147df593 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and 
minimal-responses features.


git-svn-id: file:///svn/unbound/trunk@2658 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-04-10 09:16:39 +00:00
Wouter Wijngaards
1736d8078a - forward-first option. Tries without forward if a query fails. 
Also stub-first option that is similar.


git-svn-id: file:///svn/unbound/trunk@2637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-01 13:16:40 +00:00
Wouter Wijngaards
589924e36c - uninitialised variable in reprobe for rtt blocked domains fixed. 
- lintfix and new flex output.


git-svn-id: file:///svn/unbound/trunk@2583 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 15:07:16 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
8f5596f643 ssl_port setting, so that the dnssec-trigger server can be on one host machine. 
git-svn-id: file:///svn/unbound/trunk@2539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-08 10:56:42 +00:00
Wouter Wijngaards
aa0536dcb5 - dns over ssl support, ssl-service-pem and ssl-service-key files 
can be given and then TCP queries are serviced wrapped in SSL.


git-svn-id: file:///svn/unbound/trunk@2530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-31 14:48:48 +00:00
Wouter Wijngaards
05e118b7d5 tcp upstream option. 
git-svn-id: file:///svn/unbound/trunk@2480 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 13:58:40 +00:00
Wouter Wijngaards
8ecb52c532 Different flex version, no warning about signed and unsigned comparison. 
git-svn-id: file:///svn/unbound/trunk@2433 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-17 09:59:53 +00:00
Wouter Wijngaards
f24f631838 tag 1.4.11rc1 
git-svn-id: file:///svn/unbound/trunk@2431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-17 09:42:37 +00:00
Wouter Wijngaards
8def9c1043 - log-queries: yesno option, default is no, prints querylog. 
git-svn-id: file:///svn/unbound/trunk@2429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-16 13:15:57 +00:00
Wouter Wijngaards
ca38a8bd55 - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers. 
git-svn-id: file:///svn/unbound/trunk@2414 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 11:20:14 +00:00
Wouter Wijngaards
0b0a580422 - give config parse error for multiple names on a stub or forward zone. 
git-svn-id: file:///svn/unbound/trunk@2398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:59:27 +00:00
Wouter Wijngaards
583eabb13e iana portlist updated 
git-svn-id: file:///svn/unbound/trunk@2370 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-12 08:55:27 +00:00
Wouter Wijngaards
78cc3d8ae1 harden-below-nxdomain option taken from draft-vixie-dnsext-resimprove. 
Default off (for now), as some older software that gives nxdomain for ENT
would be incompatible.  But that would only happen in the reverse tree, and
such software (nonDNSSEC) may go out of style, so in the future a default yes
could be possible.



git-svn-id: file:///svn/unbound/trunk@2347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-18 08:49:15 +00:00