upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-02 21:09:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5613 commits 23 branches 209 tags 124 MiB
Commit graph

1534 commits

Author SHA1 Message Date
Ralph Dolmans
0fbfce4c99 - Add DoH tests 2020-06-24 14:04:34 +02:00
Ralph Dolmans
8fc2320b5c - Add mem.http.query_buffer and mem.http.response_buffer stats 
- Add configurable limits for http-query-buffer-size and
  http-response-buffer-size
- Make http endpoint, max_streams, and TCP_NODELAY for HTTP sockets
  configurable.
 2020-05-12 18:12:19 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
George Thessalonikefs
226d66ca92 - Change default value for 'rrset-roundrobin' to yes. 2020-04-21 12:58:48 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
George Thessalonikefs
a601fd6d3c Merge branch 'Talkabout-redis-expire-records' 2020-04-01 17:24:07 +02:00
George Thessalonikefs
557a309f9d - Changes for PR #206 (formatting and remade lex and yacc output). 2020-04-01 17:14:58 +02:00
Talkabout
c25eb2c4c8 implemented review feedback 
renamed option from 'redis-set-ttl' to 'redis-expire-records'
 2020-03-31 23:10:45 +02:00
Talkabout
b130a8b459 added option 'redis-set-ttl' to define whether ttl should be added to redis records 
added check for redis command 'setex' when initializing redis connection
updated documentation
minor improvements to previous changes
 2020-03-31 12:47:13 +02:00
Willem Toorop
af0bd5b0b4 Send tcp_req_info->spool_buffer as dnstap CLIENT_RESPONSE 
When tcp_req_info exists. This fixes that dnstap CLIENT_RESPONSE messages did not contain the response message when answering on statful transport for uncached responses.
 2020-03-30 12:19:17 +02:00
Willem Toorop
9d9eee8402 Fix uncached CLIENT_RESPONSE'es on stateful transports 
Because repinfo->c->buffer does not contain the response when the it did not came from cache.
Only after tcp_req_info_send_reply is called, is the response on the buffer which is used to fill the dnstap protobuf's.
 2020-03-30 11:39:07 +02:00
W.C.A. Wijngaards
7459b1dceb - Fixes for #200 : example.conf note and set_value for ip-dscp. 2020-03-24 09:36:27 +01:00
W.C.A. Wijngaards
311f163aed Changelog for #200 and bison, flex regenerate. 
- Merge PR #200 from yarikk: add ip-dscp option to specify the DSCP
  tag for outgoing packets.
 2020-03-24 09:25:05 +01:00
Yaroslav K
c0118410a2 add ip-dscp configuration option for setting IP DiffServ codepoint (DSCP, previously TOS) on sockets 2020-03-23 19:37:43 +00:00
Florian Obser
bdd245ff7d Make log_ident_revert_to_default() a proper prototype. 
Pointed out by clang with -Wstrict-prototypes.
 2020-03-20 11:44:38 +01:00
Ralph Dolmans
4504dd3737 - Log warning when using outgoing-port-permit and outgoing-port-avoid 
while explicit port randomisation is disabled.
 2020-03-19 17:34:46 +01:00
Ralph Dolmans
2c03028fa3 - Fix #158: open tls-session-ticket-keys as binary, for Windows. By Daisuke 
HIGASHI.
 2020-03-19 14:00:33 +01:00
Jeffrey Walton
6ab0db6e25
Fix NetBSD compile (GH #189) 2020-03-11 03:35:28 -04:00
W.C.A. Wijngaards
614ed2717b Merge branch 'master' into framestreams 
Fixed bison and flex conflicts by regenerating the files.
 2020-02-28 14:31:24 +01:00
W.C.A. Wijngaards
e13dfc743d For incoming ssl context with verifypem != NULL, we can set 
SSL_VERIFY_FAIL_IF_NO_PEER_CERT that can reject client
connections without peer cert during the handshake, which is nicer
than just a connection drop to the client (when we then check
for no peer certificate afterwards).
 2020-02-28 11:10:12 +01:00
W.C.A. Wijngaards
b63032b4dd dnstap io, fixup fptr_wlist for unbound_dnstap_socket tool. 2020-02-28 08:55:10 +01:00
W.C.A. Wijngaards
5b61afd38c Return 0 when ssl authentication is not available 2020-02-28 08:11:11 +01:00
W.C.A. Wijngaards
398e260145 Fixup ssl authentication not available with check for it. 2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards
f03245c362 Document log check functions. 2020-02-27 16:28:36 +01:00
W.C.A. Wijngaards
f469049198 - iana portlist updated. 2020-02-26 14:32:14 +01:00
W.C.A. Wijngaards
6a51e9e037 Add dnstap io callbacks to fptr whitelist event. 2020-02-26 12:14:52 +01:00
W.C.A. Wijngaards
318d4e91cc - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for 
using ipv4 filters, because the hosts ip6 netblock /64 is not owned
  by one operator, and thus reputation is shared.
 2020-02-25 09:55:59 +01:00
W.C.A. Wijngaards
184f26355a Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and 
Merge branch 'master' into framestreams
 2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
465af58457 dnstap io, fix to compile without ssl. 2020-02-14 13:23:58 +01:00
W.C.A. Wijngaards
6d1b4e050d dnstap io, dnstap tls default is yes, and man page documentation. 2020-02-14 10:01:37 +01:00
W.C.A. Wijngaards
00700bbe13 dnstap io, config entries parse and lex. 2020-02-14 09:40:37 +01:00
W.C.A. Wijngaards
78e6060858 dnstap io, example.conf example, config_file entries for tcp and tls. 2020-02-14 09:03:09 +01:00
W.C.A. Wijngaards
25a88d6d54 dnstap io, check peer verification in dtstream dtio_ssl_handshake. 2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
e5e72eb398 Merge branch 'master' into framestreams 2020-02-12 11:58:01 +01:00
W.C.A. Wijngaards
2916cfb3b0 - Fix with libnettle make test with dsa disabled. 2020-02-12 11:15:24 +01:00
George Thessalonikefs
da2bda6f4d - Clean debug comments. 2020-02-10 15:54:41 +01:00
George Thessalonikefs
adda4f6ace - Fix use after free on log-identity after a reload; Fixes #163. 2020-02-10 13:56:22 +01:00
W.C.A. Wijngaards
ad180402ea dnstap io, set tls auth name in outgoing ssl 2020-02-05 16:17:21 +01:00
W.C.A. Wijngaards
58fdcf06e8 Merge branch 'master' into framestreams 2020-02-05 14:25:47 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
W.C.A. Wijngaards
dc31cf3652 dnstap unbound-dnstap-sock, read from TLS. 2020-01-31 14:03:28 +01:00
W.C.A. Wijngaards
7495b25f94 - Fix fclose on error in TLS session ticket code. 2020-01-31 07:49:14 +01:00
Ralph Dolmans
810862dc65 - Stop working on socket when socket() call returns an error. 
- Check malloc return values in TLS session ticket code
 2020-01-30 19:15:58 +01:00
Ralph Dolmans
056176ec9a Merge branch 'master' into rpz 2020-01-30 15:57:34 +01:00
Ralph Dolmans
88a706acf8 - Add extra dnamelen checks to ipdnametoaddr and netblockdnametoaddr 2020-01-29 15:16:44 +01:00
Ralph Dolmans
1d9185229e - Make dname_has_label's dnamelen check work with 0 length 2020-01-29 11:30:22 +01:00
W.C.A. Wijngaards
6c0a863584 - Fix to silence the tls handshake errors for broken pipe and reset 
by peer, unless verbosity is set to 2 or higher.
 2020-01-28 14:32:06 +01:00
W.C.A. Wijngaards
f6287fc718 - iana portlist updated. 2020-01-28 12:25:37 +01:00
Steven Chamberlain
f6b4f2a149 Allow use of libbsd functions with configure option --with-libbsd 
Add a new configure option `--with-libbsd', which allows to use libbsd's
portable implementations of:

    strlcpy strlcat arc4random arc4random_uniform reallocarray

instead of the embedded code copies in contrib/, which will be
difficult to maintain in the long term.

Also patch util/random.c so that, when building with libbsd and without
OpenSSL, arc4random can still be used as the PRNG.  Otherwise, building
with libnettle would need a kernel-specific getentropy implementation,
and libbsd does not export one.

[edmonds@debian.org: Imported patch description from BTS, refreshed
patch against Unbound 1.9.6.]
 2020-01-26 19:09:43 -05:00