upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-25 09:09:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
7609 commits 23 branches 209 tags 124 MiB
Commit graph

581 commits

Author SHA1 Message Date
W.C.A. Wijngaards
fef974ca5c - Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that 
clientip and nsip can give a CNAME.
 2024-03-19 09:32:53 +01:00
W.C.A. Wijngaards
8dbf46913b - Fix rpz for qtype CNAME after nameserver trigger. 2024-03-18 14:36:29 +01:00
W.C.A. Wijngaards
79e25e192c - Fix that rpz CNAME content is limited to the max number of cnames. 2024-03-18 11:25:29 +01:00
W.C.A. Wijngaards
4b54d8e15e - Fix rpz for cname override action after nsdname and nsip triggers. 2024-03-13 17:14:14 +01:00
W.C.A. Wijngaards
e361f6b284 - Fix qname minimisation for reply with a DNAME for qtype CNAME that 
answers it.
 2024-03-08 16:33:17 +01:00
W.C.A. Wijngaards
be626f7c53 - Fix edns subnet replies for scope zero answers to not get stored 
in the global cache, and in cachedb, when the upstream replies
  without an EDNS record.
 2024-03-04 13:20:13 +01:00
W.C.A. Wijngaards
b9b488b6d3 - Remove unneeded newlines and improve indentation in remote control 
code.
 2024-01-04 17:06:15 +01:00
Yorgos Thessalonikefs
8517f49745 - Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672. 2023-12-06 23:40:01 +01:00
W.C.A. Wijngaards
a8739bad76 - Updated IPv4 and IPv6 address for b.root-servers.net in root hints. 2023-12-06 13:25:58 +01:00
W.C.A. Wijngaards
0f78bea4a3 - Fix #954: Inconsistent RPZ handling for A record returned along with 
CNAME.
 2023-10-17 16:47:04 +02:00
W.C.A. Wijngaards
1e85749e6e Merge branch 'master' into disable-edns-do 2023-10-05 15:57:41 +02:00
W.C.A. Wijngaards
b865aca03a - Fix #946: Forwarder returns servfail on upstream response noerror no 
data.
 2023-10-04 18:16:22 +02:00
W.C.A. Wijngaards
9aaafddf04 - disable-edns-do, the option turns of the EDNS DO flag when a message is 
sent from the iterator.
 2023-09-20 13:28:06 +02:00
W.C.A. Wijngaards
fdd5f8ff83 - Fix to add EDE text when RRs have been removed due to length. 2023-09-07 14:44:48 +02:00
W.C.A. Wijngaards
63616a5fce - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. 2023-09-07 11:29:53 +02:00
W.C.A. Wijngaards
dfc00271d1 - Fix to scrub resource records of type A and AAAA that have an 
inappropriate size. They are removed from responses.
 2023-09-07 11:08:04 +02:00
W.C.A. Wijngaards
be53e37b15 - Fix #923: processQueryResponse() THROWAWAY should be mindful of 
fail_reply.
 2023-08-21 14:32:13 +02:00
W.C.A. Wijngaards
2791ccbe02 - Fix for iter_dec_attempts that could cause a hang, part of 
capsforid and qname minimisation, depending on the settings.
 2023-08-18 09:11:06 +02:00
George Thessalonikefs
6819c1e444 - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. 2023-07-30 11:48:04 +02:00
George Thessalonikefs
f5a2a58ce3 Review for #759: 
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
  0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
 2023-07-17 17:26:31 +02:00
George Thessalonikefs
15b8d8b96a Merge branch 'master' into features/ede-caching 2023-07-13 11:25:59 +02:00
Boris VANHOOF
17559c737b typo in comments 2023-05-23 09:21:58 +02:00
George Thessalonikefs
adb4aeb609 - For #722: Minor fixes, formatting and refactoring. 2023-05-01 18:23:13 +02:00
George Thessalonikefs
e1ec3cf893 Merge branch 'nat64' of https://github.com/eqvinox/unbound into eqvinox-nat64 2023-04-26 15:14:39 +02:00
W.C.A. Wijngaards
c7618a9b80 - Fix #870: NXDOMAIN instead of NOERROR rcode when asked for existing 
CNAME record.
 2023-04-04 10:06:16 +02:00
George Thessalonikefs
eb81761b13 - Clean up iterator/iterator.c::error_response_cache() and allow for 
better interaction with serve-expired, prefetch and cached error
  responses.
 2023-02-10 16:51:07 +01:00
George Thessalonikefs
1c1c5d72d3 Changelog entry for 
- Allow TTL refresh of expired error responses.
 2023-02-09 10:52:56 +01:00
George Thessalonikefs
87a8c80fcb - Allow TTL refresh of expired error responses. 2023-02-09 10:47:46 +01:00
W.C.A. Wijngaards
4953daa016 - Fix to ignore entirely empty responses, and try at another authority. 
This turns completely empty responses, a type of noerror/nodata into
  a servfail, but they do not conform to RFC2308, and the retry can
  fetch improved content.
 2023-02-09 09:56:40 +01:00
W.C.A. Wijngaards
8df1e58209 - Add harden-unknown-additional option. Default on and it removes 
unknown records from the authority section and additional section.
  Thanks to Xiang Li, from NISL Lab, Tsinghua University.
 2023-01-19 14:59:18 +01:00
W.C.A. Wijngaards
b12ab31ae3 - Fix not following cleared RD flags potentially enables amplification 
DDoS attacks, reported by Xiang Li and Wei Xu from NISL Lab,
  Tsinghua University. The fix stops query loops, by refusing to send
  RD=0 queries to a forwarder, they still get answered from cache.
 2023-01-18 13:18:47 +01:00
George Thessalonikefs
df411b3f28 - Updates for #461 (Add max-query-restarts option). 2022-12-13 15:29:22 +01:00
George Thessalonikefs
71db243b0d Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf 2022-12-13 14:35:01 +01:00
George Thessalonikefs
c61b2121b5 - Expose 'max-sent-count' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 13:57:07 +01:00
TCY16
8b4a8493d0 Merge branch 'master' of github.com:NLnetLabs/unbound into features/ede-caching 2022-11-21 11:34:36 +01:00
David Lamparter
64fb06f892 NAT64 support 
This implements #721.  Includes documentation and some very basic tests.
Please refer to doc for further detail.
 2022-11-07 11:37:50 +00:00
George Thessalonikefs
e9107907e5 - Clarify the use of MAX_SENT_COUNT in the iterator code. 2022-10-18 12:29:07 +02:00
W.C.A. Wijngaards
b043bc5eb4 - Fix to stop responses with TC flag from resulting in partial 
responses. It retries to fetch the data elsewhere, or fails the
  query and in depth fix removes the TC flag from the cached item.
 2022-10-06 10:01:09 +02:00
Yorgos Thessalonikefs
f1d263a318
Leniency for target discovery when under load (for NRDelegation changes) (#764) 
* - Introduce leniency for target discovery when under load.

* - Allow for easier testing (to be reverted).

* - Happy compiler.

* - Precheck access to target_fetch_policy.

* - Do not mark a nameserver as resolved when one of A/AAAA is negative.

* - Update fetch_glue.rpl test for (possible) outstanding queries.

* - Update fetch_glue_cname.rpl test for possible outstanding queries.

* - Better fix for fetch_glue_cname.rpl.

* - Fix iter_emptydp_for_glue.rpl to match the referral.

* - Disabled the nxns tests for now (to be reverted).

* - Update iter_recurse.rpl for possible outstanding queries.

* Revert "- Disabled the nxns tests for now (to be reverted)."

This reverts commit 34a9c13a90.

* Revert "- Allow for easier testing (to be reverted)."

This reverts commit b6dfe35e1d.
 2022-10-04 22:21:08 +02:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
W.C.A. Wijngaards
a102fb1df8 - Fix to remove erroneous TC flag from TCP upstream. 2022-10-03 09:53:41 +02:00
W.C.A. Wijngaards
e3871ca907 Merge branch 'branch-1.16.3' 2022-09-21 12:11:26 +02:00
TCY16
dcfcde2ec8 add cached EDE strings 2022-09-21 11:21:33 +02:00
W.C.A. Wijngaards
137719522a - Patch for CVE-2022-3204 Non-Responsive Delegation Attack. 2022-09-21 11:10:38 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
Minghang Chen
249efd4285 Introduce infra-cache-max-rtt option to config max retransmit timeout 
Added the option and let it default to 120 seconds so that it won't change
current behavior.

Related-to #717
 2022-07-16 01:46:18 -07:00
George Thessalonikefs
2dbaba7d73 - Improved logging for NXNS fallback. 2022-07-01 16:18:33 +02:00
George Thessalonikefs
923eb7d474 - Allow fallback to the parent side when MAX_TARGET_NX is reached. 
This will also allow MAX_TARGET_NX more NXDOMAINs.
 2022-06-29 17:32:29 +02:00
George Thessalonikefs
58b21e4fca - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. 2022-06-29 17:26:09 +02:00