upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-01 20:39:38 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7166 commits 23 branches 209 tags 124 MiB
Commit graph

916 commits

Author SHA1 Message Date
W.C.A. Wijngaards
a97d7175a6 - Fix ssl.h include brackets, instead of quotes. 2023-03-16 15:40:43 +01:00
Sergey Kacheev
52a4ccee18 add a metric about the maximum number of collisions in lrushah 2023-01-13 13:33:38 +07:00
George Thessalonikefs
7716d26d46 - Use an explicit 'reload_keep_cache' command and introduce test cases 
for #569.
 2022-12-14 16:33:28 +01:00
George Thessalonikefs
857d6ce3a1 Merge branch 'reuse-caches-on-reload' of https://github.com/jinmeiib/unbound-1 into jinmeiib-reuse-caches-on-reload 2022-12-13 16:42:38 +01:00
George Thessalonikefs
859d0f2dfe - Expose 'statistics-inhibit-zero' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 10:47:37 +01:00
George Thessalonikefs
90f6cb1158 - Add SVCB and HTTPS to the types removed by 'unbound-control flush'. 2022-11-30 14:33:16 +01:00
George Thessalonikefs
896f7a8306 - Ignore expired error responses. 2022-11-22 17:44:55 +01:00
W.C.A. Wijngaards
6b8181acb7 - Fix dnscrypt compile for proxy protocol code changes. 2022-10-05 14:09:12 +02:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
W.C.A. Wijngaards
7d96a7e3fe - Fix windows compile, the identifier interface is defined in headers. 2022-10-03 15:03:50 +02:00
Yorgos Thessalonikefs
eb02170338
Apply suggestions from code review 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2022-09-16 14:43:23 +02:00
George Thessalonikefs
d301bfe4a2 - ACL per interface: refactor, complete testing and a bugfix for 
interface names.
 2022-09-11 20:57:41 +02:00
George Thessalonikefs
7e9fd2114b Cleared error messages for interface-* options. 2022-09-11 20:21:32 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
5bbaf78c3f - Remove include that was there for debug purposes. 2022-09-02 10:11:23 +02:00
W.C.A. Wijngaards
57230d7f22 - Fix to log a verbose message at operational notice level if a 
thread is not responding, to stats requests. It is logged with
  thread identifiers.
 2022-09-01 15:14:20 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
JINMEI Tatuya
fccb2eb2e8 prevent memory leak in case cache isn't reused 2022-07-22 14:33:21 -07:00
George Thessalonikefs
b816318106 - Fix #704: [FR] Statistics counter for number of outgoing UDP queries 
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
  command.
 2022-06-29 10:51:54 +02:00
George Thessalonikefs
c8e7539313 - Formatting. 2022-06-28 18:31:27 +02:00
George Thessalonikefs
12796d0af8 - Fix for cached 0 TTL records to not trigger prefetching when 
serve-expired-client-timeout is set.
 2022-06-28 17:05:28 +02:00
George Thessalonikefs
7c9177095f - Remove unused LDNS function check for GOST Engine unloading. 2022-06-20 16:27:15 +02:00
George Thessalonikefs
daf316ea1b - Fix #417: prefetch and ECS causing cache corruption when used 
together.
 2022-05-12 00:56:01 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
W.C.A. Wijngaards
722391baf1 - Fix #651: [FR] Better logging for refused queries. 2022-03-23 13:56:52 +01:00
W.C.A. Wijngaards
c084c27b39 - Fix check interface existence for support detection in remote lookup. 2022-02-25 15:24:40 +01:00
W.C.A. Wijngaards
4b772ed571 - Fix to detect that no IPv6 support means that IPv6 addresses are 
useless for delegation point lookups.
 2022-02-25 10:27:56 +01:00
W.C.A. Wijngaards
2b90181d3a - Fix #628: A rpz-passthru action is not ending RPZ zone processing. 2022-02-15 16:20:12 +01:00
W.C.A. Wijngaards
4c6b59fa47 - Fix #624: Unable to stop Unbound in Windows console (does not 
respond to CTRL+C command).
 2022-02-11 08:53:24 +01:00
gthess
11f2e7e6ae
Merge pull request #617 from NLnetLabs/update-host-notation 
Update stub/forward-host notation to accept port and tls-auth-name
 2022-02-02 11:56:27 +01:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
George Thessalonikefs
3086335724 - Introduce ratelimit-backoff and ip-ratelimit-backoff options for more 
aggressive rate limiting.
 2022-01-30 00:36:29 +01:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
Petr Mensik
c7f44b99e3 Change file mode before changing file owner 
Change mode first when configuring remote control unix socket. Some
security systems might strip capability of changing other user's system
even to process with effective uid 0. That is done on Fedora by SELinux
policy and systemd for example. SELinux audit then shows errors, because
unbound tries modifying permissions of not own file. Fix just by mode
change as first step, make it owned by unbound:unbound user as the last
step only.

Related: rhbz#1905441
 2022-01-07 12:08:32 +01:00
Tom Carpay
e899b4cefe Make explicit whether edns options are parsed from queries or responses 2021-11-15 13:40:51 +00:00
JINMEI Tatuya
5b2eda28e3 add keep-cache option to unbound-control reload to keep caches 2021-11-11 10:47:08 -08:00
TCY16
8205c87a96 complete renaming of the modules edns list 2021-11-08 11:50:29 +01:00
tcarpay
fa73142b79
Apply suggestions from code review 
Co-authored-by: Willem Toorop <willem@nlnetlabs.nl>
 2021-11-08 11:02:54 +01:00
Tom Carpay
cb48d9e4a1 Fix keepalive logic 2021-11-01 15:01:07 +00:00
Tom Carpay
5f8447830a Move option handling to parse-time 2021-11-01 13:48:31 +00:00
Tom Carpay
89d7476539 split edns_data.opt_list in opt_list_in and opt_list_out 
opt_list_in for parsed (incoming) edns options, and
opt_list_out for outgoing (to be encoded) edns options
 2021-11-01 12:48:40 +00:00
Tom Carpay
3925297d07 Remove apply_edns_options from worker and mesh... 
to be returned in message encoding later...
 2021-11-01 10:44:55 +00:00
Tom Carpay
3ebfa9fc97 Outgoing module options go to opt_list_modules_out 
And opt_list_modules_out is reset in case of failure
BEWARE! No options from modules will be encoded in the responses now!
 2021-10-27 14:01:56 +00:00
Tom Carpay
3e6eeb504d Modules have their own outgoing ends options list 
But nothing happens with it yet
 2021-10-27 13:48:49 +00:00
W.C.A. Wijngaards
09afdb7669 - Fix chaos replies to have truncation for short message lengths, 
or long reply strings.
 2021-10-11 17:00:20 +02:00
W.C.A. Wijngaards
a64cbe958d - Fix lock debug code for gcc sanitizer reports. 2021-09-10 15:11:30 +02:00
Thomas du Boÿs
ebb4987146 Fix subnetcache statistics 2021-09-03 10:37:07 +02:00
W.C.A. Wijngaards
c93a7fb38a - Fix the stream wait stream_wait_count_lock and http2 buffer locks 
setup and desetup from race condition.
 2021-08-25 13:37:50 +02:00
W.C.A. Wijngaards
a9de6879b8 Merge branch 'master' into rpz-triggers 2021-08-18 09:53:35 +02:00
W.C.A. Wijngaards
f232562430 Merge branch 'master' into rpz-triggers 2021-08-05 13:37:22 +02:00