upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-29 10:59:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5068 commits 23 branches 209 tags 124 MiB
Commit graph

73 commits

Author SHA1 Message Date
W.C.A. Wijngaards
af11b54071 Review changes for the XoT branch 
With doc, SSL setup function, and function parameter doc.
 2019-04-29 10:25:19 +02:00
Willem Toorop
48ad6477eb AXFR over TLS 
Enable by specifying an auth name, like this:
```
auth-zone:
        name: nlnetlabs.nl
        master: 185.49.140.60#ns.nlnetlabs.nl
```
 2019-03-24 10:43:57 +01:00
Ralph Dolmans
f30fe71395 - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query 
without EDNS after timeout.


git-svn-id: file:///svn/unbound/trunk@5037 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-16 10:23:13 +00:00
Wouter Wijngaards
6fefbb4115 - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 
git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-02 06:36:02 +00:00
Wouter Wijngaards
c16a32d2be fix doxygen comments. 
git-svn-id: file:///svn/unbound/trunk@4632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:16:10 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
75eb720ab5 auth zone work on http feature. 
git-svn-id: file:///svn/unbound/trunk@4517 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-07 16:10:31 +00:00
Wouter Wijngaards
392be1e787 auth zone fix comment 
git-svn-id: file:///svn/unbound/trunk@4483 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 15:19:23 +00:00
Wouter Wijngaards
84e819dc31 auth zone move file descriptor functionality to outside network 
for the unit test


git-svn-id: file:///svn/unbound/trunk@4482 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 14:59:17 +00:00
Wouter Wijngaards
30da6bde6f - authzone work, transfer connect. 
git-svn-id: file:///svn/unbound/trunk@4420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-12 15:39:45 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
George Thessalonikefs
7b948b0647 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
Wouter Wijngaards
1394dcba69 - Fix #787: outgoing-interface netblock/64 ipv6 option to use linux 
freebind to use 64bits of entropy for every query with random local
  part.


git-svn-id: file:///svn/unbound/trunk@3804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 14:51:30 +00:00
Wouter Wijngaards
031caba9c0 - and also generic edns options for upstream messages (and replies). 
after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID),
  to insert use edns_opt_append(edns, region, code, len, bindata) on
  the opt_list passed to send_query, or in edns_opt_inplace_reply.


git-svn-id: file:///svn/unbound/trunk@3742 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:55:22 +00:00
Wouter Wijngaards
dd8b5729f2 Fix signed-unsigned lint warnings in tcp-mss. 
git-svn-id: file:///svn/unbound/trunk@3592 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:08:37 +00:00
Wouter Wijngaards
5d0ad681a2 - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: file:///svn/unbound/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
Wouter Wijngaards
8ccba42b1f - dnstap support, with a patch from Farsight Security, written by 
Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
  It is BSD licensed (see dnstap/dnstap.c).
  Building with --enable-dnstap needs pkg-config with this patch.
- Noted dnstap in doc/README and doc/CREDITS.


git-svn-id: file:///svn/unbound/trunk@3206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-05 07:57:52 +00:00
Wouter Wijngaards
bc7f906590 - Fix caps-for-id fallback, and added fallback attempt when servers 
drop 0x20 perturbed queries.


git-svn-id: file:///svn/unbound/trunk@3146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-24 08:24:28 +00:00
Wouter Wijngaards
330b3219a0 - unbound-control stats prints num.query.tcpout with number of TCP 
outgoing queries made in the previous statistics interval.


git-svn-id: file:///svn/unbound/trunk@3108 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 09:13:58 +00:00
Matthijs Mekking
492a5ca681 only whitespace changes 
git-svn-id: file:///svn/unbound/trunk@3088 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-18 13:54:19 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
d8e5a83392 - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: file:///svn/unbound/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
f1fd2b53eb - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: file:///svn/unbound/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
Wouter Wijngaards
83f5814a07 - Fallback to 1472 and 1232, one fragment size without headers. 
git-svn-id: file:///svn/unbound/trunk@2746 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-22 08:46:30 +00:00
Wouter Wijngaards
9046a52364 - Fix that enables modules to register twice for the same 
serviced_query, without race conditions or administration issues.
  This should not happen with the current codebase, but it is robust.


git-svn-id: file:///svn/unbound/trunk@2730 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-31 11:33:06 +00:00
Wouter Wijngaards
09b9ea04a3 - Fix timeouts to keep track of query type, A, AAAA and other, if 
another has caused timeout blacklist, different type can still probe.


git-svn-id: file:///svn/unbound/trunk@2613 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 12:17:25 +00:00
Wouter Wijngaards
9a0b040403 fix tests, the ssl upstream setting is per-query (inside outside_network.c). 
git-svn-id: file:///svn/unbound/trunk@2535 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-01 10:18:56 +00:00
Wouter Wijngaards
aa0536dcb5 - dns over ssl support, ssl-service-pem and ssl-service-key files 
can be given and then TCP queries are serviced wrapped in SSL.


git-svn-id: file:///svn/unbound/trunk@2530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-31 14:48:48 +00:00
Wouter Wijngaards
11f5e16932 infra cache consolidated and stores per zone, IP. 
git-svn-id: file:///svn/unbound/trunk@2525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-26 15:46:23 +00:00
Wouter Wijngaards
68d82e9ce4 - TCP-upstream calculates tcp-ping so server selection works if there 
are alternatives.


git-svn-id: file:///svn/unbound/trunk@2502 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-23 12:56:28 +00:00
Wouter Wijngaards
1af30c02fc After UDP timeout EDNS1480 probe, stop fragmentation caused trouble. 
git-svn-id: file:///svn/unbound/trunk@2492 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-15 14:32:17 +00:00
Wouter Wijngaards
05e118b7d5 tcp upstream option. 
git-svn-id: file:///svn/unbound/trunk@2480 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 13:58:40 +00:00
Wouter Wijngaards
18a7df3d5c - Fix EDNS probe for .de DNSSEC testbed failure, where the infra 
cache timeout coincided with a server update, the current EDNS 
  backoff is less sensitive, and does not cache the backoff unless 
  the backoff actually works and the domain is not expecting DNSSEC.


git-svn-id: file:///svn/unbound/trunk@2063 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-06 08:35:37 +00:00
Wouter Wijngaards
1d8013c67a do-udp: no fixed. 
git-svn-id: file:///svn/unbound/trunk@1882 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-29 12:11:38 +00:00
Wouter Wijngaards
b86b9f7fdc Fix IPv6 detection on XP. 
Fix loop to service on quit when there are messages waiting.

git-svn-id: file:///svn/unbound/trunk@1624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-05-27 08:24:19 +00:00
Wouter Wijngaards
a30d1f9f20 Neater configure and no double config.h includes. 
git-svn-id: file:///svn/unbound/trunk@1545 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-24 10:42:57 +00:00
Wouter Wijngaards
6cebdd2baf unwanted reply threshold like in the draft. 
git-svn-id: file:///svn/unbound/trunk@1321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-22 14:36:46 +00:00
Wouter Wijngaards
d4fadf55a8 EDNS fallback when timeout and multiple query rtt backoff. 
git-svn-id: file:///svn/unbound/trunk@1272 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-29 14:50:35 +00:00
Wouter Wijngaards
636f742ef0 extended statistics. 
git-svn-id: file:///svn/unbound/trunk@1239 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-16 14:08:38 +00:00
Wouter Wijngaards
0f80e5e78a - removed base_port. 
- created 256-port ephemeral space for the OS, 59802 available.


git-svn-id: file:///svn/unbound/trunk@1030 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-04-11 14:10:16 +00:00
Wouter Wijngaards
a8bf62f962 - random port selection out of the configged ports. 
- fixup threadsafety for libevent-1.4.3+ (event_base_get_method).



git-svn-id: file:///svn/unbound/trunk@1029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-04-11 13:24:49 +00:00
Wouter Wijngaards
46e703c989 libev can be used (but not multithreaded) and del fd unused. 
git-svn-id: file:///svn/unbound/trunk@1023 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-04-09 11:58:53 +00:00
Wouter Wijngaards
130a5f2dee can use DNS-0x20 draft casing. 
git-svn-id: file:///svn/unbound/trunk@994 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-27 09:21:31 +00:00
Wouter Wijngaards
b2710818d4 Faster due to time-sharing. 
git-svn-id: file:///svn/unbound/trunk@966 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-19 13:12:23 +00:00
Wouter Wijngaards
c854c57c6f please doxygen. 
git-svn-id: file:///svn/unbound/trunk@870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-01-17 08:26:15 +00:00
Wouter Wijngaards
2a547a35a7 function pointer whitelists on data types. 
git-svn-id: file:///svn/unbound/trunk@660 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-05 11:41:12 +00:00
Wouter Wijngaards
9a60182c86 fptr whitelist network code callbacks. 
git-svn-id: file:///svn/unbound/trunk@659 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-05 08:05:06 +00:00
Wouter Wijngaards
41e847df18 security audit changes. 
git-svn-id: file:///svn/unbound/trunk@657 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-04 15:10:11 +00:00