upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-28 02:29:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
2545 commits 23 branches 209 tags 124 MiB
Commit graph

359 commits

Author SHA1 Message Date
Wouter Wijngaards
09b9ea04a3 - Fix timeouts to keep track of query type, A, AAAA and other, if 
another has caused timeout blacklist, different type can still probe.


git-svn-id: file:///svn/unbound/trunk@2613 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 12:17:25 +00:00
Wouter Wijngaards
14059dca14 - Slightly smaller critical region in one case in infra cache. 
git-svn-id: file:///svn/unbound/trunk@2611 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 09:21:06 +00:00
Wouter Wijngaards
dff630c788 - Fix validation failures (like: validation failure xx: no NSEC3 
closest encloser from yy for DS zz. while building chain of trust,
         because of a bug in the TTL-fix in 1.4.15, it picked the wrong rdata
         for an NSEC3.  Now it does not change rdata, and fixes TTL.


git-svn-id: file:///svn/unbound/trunk@2599 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-01 11:18:07 +00:00
Wouter Wijngaards
589924e36c - uninitialised variable in reprobe for rtt blocked domains fixed. 
- lintfix and new flex output.


git-svn-id: file:///svn/unbound/trunk@2583 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 15:07:16 +00:00
Wouter Wijngaards
6dd2c0467e - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
Wouter Wijngaards
1238b7979f - Fix for memory leak (about 20 bytes when a tcp or udp send 
operation towards authority servers failed, takes about 50.000
such failures to leak one Mb, such failures are also
usually logged), reported by Robert Fleischmann.



git-svn-id: file:///svn/unbound/trunk@2578 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-24 11:27:53 +00:00
Wouter Wijngaards
8e62925ffb fix infra cache comparison. 
git-svn-id: file:///svn/unbound/trunk@2570 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-13 12:14:40 +00:00
Wouter Wijngaards
35172e89f4 - Fix for tcp-upstream and ssl-upstream for if a laptop sleeps, 
causes SERVFAILs.  Also fixed for UDP (but less likely).


git-svn-id: file:///svn/unbound/trunk@2559 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-30 13:39:11 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
8f5596f643 ssl_port setting, so that the dnssec-trigger server can be on one host machine. 
git-svn-id: file:///svn/unbound/trunk@2539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-08 10:56:42 +00:00
Wouter Wijngaards
9a0b040403 fix tests, the ssl upstream setting is per-query (inside outside_network.c). 
git-svn-id: file:///svn/unbound/trunk@2535 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-01 10:18:56 +00:00
Wouter Wijngaards
115c36a94e support for ssl-upstream (works from unbound-control). 
git-svn-id: file:///svn/unbound/trunk@2532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-01 09:26:58 +00:00
Wouter Wijngaards
aa0536dcb5 - dns over ssl support, ssl-service-pem and ssl-service-key files 
can be given and then TCP queries are serviced wrapped in SSL.


git-svn-id: file:///svn/unbound/trunk@2530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-31 14:48:48 +00:00
Wouter Wijngaards
11f5e16932 infra cache consolidated and stores per zone, IP. 
git-svn-id: file:///svn/unbound/trunk@2525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-26 15:46:23 +00:00
Wouter Wijngaards
0f825eb283 - Fix make_new_space function so that the incoming query is not 
overwritten if a jostled out query causes a waiting query to be
  resumed that then fails and sends an error message.  (Thanks to
  Matthew Lee).


git-svn-id: file:///svn/unbound/trunk@2523 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-24 13:49:59 +00:00
Wouter Wijngaards
684429e6c8 - better documentation for inform_super (Thanks Yang Zhe). 
git-svn-id: file:///svn/unbound/trunk@2512 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-17 13:11:58 +00:00
Wouter Wijngaards
68d82e9ce4 - TCP-upstream calculates tcp-ping so server selection works if there 
are alternatives.


git-svn-id: file:///svn/unbound/trunk@2502 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-23 12:56:28 +00:00
Wouter Wijngaards
f82a0847eb - max sent count. EDNS1480 only for rtt < 5000. No promiscuous 
fetch if sentcount > 3, stop query if sentcount > 16.  Count is
reset when referral or CNAME happens.  This makes unbound better
at managing large NS sets, they are explored when there is continued
interest (in the form of queries).


git-svn-id: file:///svn/unbound/trunk@2499 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 14:11:12 +00:00
Wouter Wijngaards
c3f5b5f773 fixup compilation. 
git-svn-id: file:///svn/unbound/trunk@2498 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 12:43:07 +00:00
Wouter Wijngaards
b72d40f3dd - fix various compiler warnings (reported by Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@2497 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 11:35:01 +00:00
Wouter Wijngaards
c4cac78f10 fix EDNS1480. 
git-svn-id: file:///svn/unbound/trunk@2496 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 10:04:08 +00:00
Wouter Wijngaards
365f87a4a4 fix memleak and add edns section when 1480 probe. 
git-svn-id: file:///svn/unbound/trunk@2493 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-15 15:35:04 +00:00
Wouter Wijngaards
1af30c02fc After UDP timeout EDNS1480 probe, stop fragmentation caused trouble. 
git-svn-id: file:///svn/unbound/trunk@2492 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-15 14:32:17 +00:00
Wouter Wijngaards
af93d6033c revert earlier commit. 
git-svn-id: file:///svn/unbound/trunk@2488 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-12 11:28:14 +00:00
Wouter Wijngaards
d56aef7b33 - Fix validation failures due to EDNS backoff retries, the retry 
for fetch of data has want_dnssec because the iter_indicate_dnssec
         function returns true when validation failure retry happens, and
         then the serviced query code does not fallback to noEDNS, even if
         the cache says it has this.  This helps for DLV deployment when
         the DNSSEC status is not known for sure before the lookup concludes.


git-svn-id: file:///svn/unbound/trunk@2483 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-26 09:00:43 +00:00
Wouter Wijngaards
05e118b7d5 tcp upstream option. 
git-svn-id: file:///svn/unbound/trunk@2480 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 13:58:40 +00:00
Wouter Wijngaards
3d2156dacc - Unbound implements RFC6303 (since version 1.4.7). 
git-svn-id: file:///svn/unbound/trunk@2463 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-07-14 08:17:11 +00:00
Wouter Wijngaards
59f5480df1 - fix replyaddr count wrong after jostled queries, which leads to 
eventual starvation where the daemon has no replyaddrs left to use.


git-svn-id: file:///svn/unbound/trunk@2445 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-30 11:01:44 +00:00
Wouter Wijngaards
ca38a8bd55 - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers. 
git-svn-id: file:///svn/unbound/trunk@2414 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 11:20:14 +00:00
Wouter Wijngaards
efb9c02d54 - iana portlist updated. 
- queries with CD flag set cause DNSSEC validation, but the answer is
  not withheld if it is bogus.  Thus, unbound will retry if it is bad
  and curb the TTL if it is bad, thus protecting the cache for use by
  downstream validators.


git-svn-id: file:///svn/unbound/trunk@2409 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 13:58:41 +00:00
Wouter Wijngaards
3c87eb6c49 - harden-below-nxdomain: changed so that it activates when the 
cached nxdomain is dnssec secure.  This avoids backwards
         incompatibility because those old servers do not have dnssec.


git-svn-id: file:///svn/unbound/trunk@2407 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-29 09:47:54 +00:00
Matthijs Mekking
797ef20155 nicely outlined 
git-svn-id: file:///svn/unbound/trunk@2378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-17 13:59:07 +00:00
Wouter Wijngaards
5feb72d1eb fix 
git-svn-id: file:///svn/unbound/trunk@2376 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-14 15:58:05 +00:00
Wouter Wijngaards
22ac684cd9 and store bogus ttl (this is not picked out of the cache to send to, so saves work and avoids this target) 
git-svn-id: file:///svn/unbound/trunk@2375 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-14 15:51:11 +00:00
Wouter Wijngaards
e2dc829258 store if ttl expired 
git-svn-id: file:///svn/unbound/trunk@2374 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-14 15:23:51 +00:00
Wouter Wijngaards
f5a97a3e8f - Fix so a changed NS RRset does not get moved name stuck on old 
server, for type NS the TTL is not increased.


git-svn-id: file:///svn/unbound/trunk@2373 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-14 13:56:25 +00:00
Wouter Wijngaards
0bc54677db - Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept. 
git-svn-id: file:///svn/unbound/trunk@2361 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-23 10:49:47 +00:00
Wouter Wijngaards
bc7ac1981a Fix compile on WinXP. 
git-svn-id: file:///svn/unbound/trunk@2352 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-15 14:44:04 +00:00
Wouter Wijngaards
dd8e44ac37 - feature typetransparent localzone, does not block other RR types. 
git-svn-id: file:///svn/unbound/trunk@2350 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-02 12:39:33 +00:00
Wouter Wijngaards
9997255caa - Fix bug#338: print address when socket creation fails. 
git-svn-id: file:///svn/unbound/trunk@2349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-01 09:59:39 +00:00
Wouter Wijngaards
79f4ca6a28 Fix storage of noEDNS in the infra cache. 
iana portlist updated.


git-svn-id: file:///svn/unbound/trunk@2348 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-30 12:55:48 +00:00
Wouter Wijngaards
78cc3d8ae1 harden-below-nxdomain option taken from draft-vixie-dnsext-resimprove. 
Default off (for now), as some older software that gives nxdomain for ENT
would be incompatible.  But that would only happen in the reverse tree, and
such software (nonDNSSEC) may go out of style, so in the future a default yes
could be possible.



git-svn-id: file:///svn/unbound/trunk@2347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-18 08:49:15 +00:00
Wouter Wijngaards
289f13bc25 - implement draft-vixie-dnsext-resimprove-00, we stop on NXDOMAIN. 
git-svn-id: file:///svn/unbound/trunk@2345 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-17 10:02:34 +00:00
Wouter Wijngaards
8c5b3d3c8f - so-sndbuf option for very busy servers, a bit like so-rcvbuf. 
git-svn-id: file:///svn/unbound/trunk@2344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-15 14:30:34 +00:00
Wouter Wijngaards
0b30fca935 - do not synthesize a CNAME message from cache for qtype DS. 
git-svn-id: file:///svn/unbound/trunk@2335 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-05 15:29:50 +00:00
Wouter Wijngaards
a3a1119f54 - Change the rtt used to probe EDNS-timeout hosts to 1000 msec. 
git-svn-id: file:///svn/unbound/trunk@2329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-03 09:06:49 +00:00
Wouter Wijngaards
758a42643a nicer output from debug commands 
git-svn-id: file:///svn/unbound/trunk@2314 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-27 08:09:22 +00:00
Wouter Wijngaards
fdfa7b2793 subtract 1000 so it is more than the RTT_BAND 
git-svn-id: file:///svn/unbound/trunk@2313 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-26 15:41:23 +00:00
Wouter Wijngaards
a6b302f117 fix for top reuse 
git-svn-id: file:///svn/unbound/trunk@2312 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-26 15:28:01 +00:00
Wouter Wijngaards
498cc8ab88 - Change of timeout code. No more lost and backoff in blockage. 
At 12sec timeout (and at least 2x lost before) one probe per IP
  is allowed only.  At 120sec, the IP is blocked.  After 15min, a
  120sec entry has a single retry packet.


git-svn-id: file:///svn/unbound/trunk@2311 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-26 15:02:08 +00:00