upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-25 09:09:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
2682 commits 23 branches 209 tags 124 MiB
Commit graph

407 commits

Author SHA1 Message Date
Wouter Wijngaards
07470115e5 - fix bogus nodata cname chain not reported as bogus by validator, 
(Thanks Peter van Dijk).


git-svn-id: file:///svn/unbound/trunk@2727 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-27 13:38:00 +00:00
Wouter Wijngaards
0f1aa80123 - Fix bug#452 and another assertion failure in mesh.c, makes 
assertions in mesh.c resist duplicates.  Fixes DS NS search to
  not generate duplicate sub queries.


git-svn-id: file:///svn/unbound/trunk@2718 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-20 13:08:19 +00:00
Wouter Wijngaards
fa3337d42a - new approach to NS fetches for DS lookup that works with 
cornercases, and is more robust and considers forwarders.


git-svn-id: file:///svn/unbound/trunk@2646 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-21 15:01:01 +00:00
Wouter Wijngaards
0d5441bd8a - fix to locate nameservers for DS lookup with NS fetches. 
git-svn-id: file:///svn/unbound/trunk@2645 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-19 15:44:21 +00:00
Wouter Wijngaards
1736d8078a - forward-first option. Tries without forward if a query fails. 
Also stub-first option that is similar.


git-svn-id: file:///svn/unbound/trunk@2637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-01 13:16:40 +00:00
Wouter Wijngaards
773d8e3b84 Fix prefetch and stickyness. 
git-svn-id: file:///svn/unbound/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 11:04:53 +00:00
Wouter Wijngaards
03a7425ead - Fix sticky NS (ghost domain problem) if prefetch is yes. 
git-svn-id: file:///svn/unbound/trunk@2619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-14 11:06:44 +00:00
Wouter Wijngaards
db33e4dbf6 fix unit test to be more reliable on slower systems. 
git-svn-id: file:///svn/unbound/trunk@2615 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 14:09:39 +00:00
Wouter Wijngaards
05aaa8a138 - unit test fix for nomem_cnametopos.rpl race condition. 
git-svn-id: file:///svn/unbound/trunk@2614 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 12:54:27 +00:00
Wouter Wijngaards
09b9ea04a3 - Fix timeouts to keep track of query type, A, AAAA and other, if 
another has caused timeout blacklist, different type can still probe.


git-svn-id: file:///svn/unbound/trunk@2613 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 12:17:25 +00:00
Wouter Wijngaards
924789d877 - implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This 
implementation is experimental at this time and not recommended
  for use on the public internet (the protocol numbers have not
  been assigned).  Needs recent ldns with --enable-ecdsa.
- fix memory leak in errorcase for DSA signatures.


git-svn-id: file:///svn/unbound/trunk@2606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 13:22:44 +00:00
Wouter Wijngaards
dff630c788 - Fix validation failures (like: validation failure xx: no NSEC3 
closest encloser from yy for DS zz. while building chain of trust,
         because of a bug in the TTL-fix in 1.4.15, it picked the wrong rdata
         for an NSEC3.  Now it does not change rdata, and fixes TTL.


git-svn-id: file:///svn/unbound/trunk@2599 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-01 11:18:07 +00:00
Wouter Wijngaards
6dd2c0467e - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
Wouter Wijngaards
65ad15da56 - Fix parse error on negative SOA RRSIGs if badly ordered in the packet. 
git-svn-id: file:///svn/unbound/trunk@2573 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-15 13:37:13 +00:00
Wouter Wijngaards
2824d0ad52 fix exit code of remote-threaded.post. 
git-svn-id: file:///svn/unbound/trunk@2552 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-11 14:33:39 +00:00
Wouter Wijngaards
cf1d2135e1 unit test for SSL upstream. 
git-svn-id: file:///svn/unbound/trunk@2543 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-09 13:20:30 +00:00
Wouter Wijngaards
11f5e16932 infra cache consolidated and stores per zone, IP. 
git-svn-id: file:///svn/unbound/trunk@2525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-26 15:46:23 +00:00
Wouter Wijngaards
17e5bba504 Fix validation of qtype ANY responses with CNAMEs (thanks Cathy Zhang and Luo Ce). 
git-svn-id: file:///svn/unbound/trunk@2477 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 12:02:50 +00:00
Wouter Wijngaards
7359d84e2f - Fix wildcard expansion no-data reply under an optout NSEC3 zone is 
validated as insecure, reported by Jia Li (lijia@cnnic.cn).


git-svn-id: file:///svn/unbound/trunk@2461 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-07-11 09:03:18 +00:00
Wouter Wijngaards
784d659e91 - Fix TTL of SOA so negative TTL is separately cached from normal TTL. 
git-svn-id: file:///svn/unbound/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 12:34:47 +00:00
Wouter Wijngaards
efb9c02d54 - iana portlist updated. 
- queries with CD flag set cause DNSSEC validation, but the answer is
  not withheld if it is bogus.  Thus, unbound will retry if it is bad
  and curb the TTL if it is bad, thus protecting the cache for use by
  downstream validators.


git-svn-id: file:///svn/unbound/trunk@2409 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 13:58:41 +00:00
Wouter Wijngaards
04fa474ac3 fix test 
git-svn-id: file:///svn/unbound/trunk@2408 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-29 10:38:59 +00:00
Wouter Wijngaards
b4a089ff0d - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. 
git-svn-id: file:///svn/unbound/trunk@2397 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:48:45 +00:00
Wouter Wijngaards
c2299a3c5f version 3 for common.sh 
git-svn-id: file:///svn/unbound/trunk@2395 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-02-23 15:17:49 +00:00
Wouter Wijngaards
d8928e1b19 common.sh to version 2. 
git-svn-id: file:///svn/unbound/trunk@2392 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-02-18 16:11:21 +00:00
Wouter Wijngaards
1550bc65f3 use common functionality file. 
git-svn-id: file:///svn/unbound/trunk@2390 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-02-11 12:30:42 +00:00
Wouter Wijngaards
87296966ae - Added regression test for addition of a .net DS to the root, and 
cache effects with different TTL for glue and DNSKEY.


git-svn-id: file:///svn/unbound/trunk@2387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-02-07 12:07:46 +00:00
Wouter Wijngaards
f5a97a3e8f - Fix so a changed NS RRset does not get moved name stuck on old 
server, for type NS the TTL is not increased.


git-svn-id: file:///svn/unbound/trunk@2373 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-14 13:56:25 +00:00
Wouter Wijngaards
790cb51775 - Fix prefetch so it does not get stuck on old server for moved names. 
git-svn-id: file:///svn/unbound/trunk@2372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-13 10:13:01 +00:00
Wouter Wijngaards
4a746142cf - Fix insecure CNAME sequence marked as secure, reported by Bert Hubert. 
git-svn-id: file:///svn/unbound/trunk@2369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-11 12:32:29 +00:00
Wouter Wijngaards
003658eea0 test and cleanup. 
git-svn-id: file:///svn/unbound/trunk@2360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-22 09:41:38 +00:00
Wouter Wijngaards
c4c8a65ff2 - fix validation in this case: CNAME to nodata for co-hosted opt-in 
NSEC3 insecure delegation, was bogus, fixed to be insecure.


git-svn-id: file:///svn/unbound/trunk@2355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-17 10:05:56 +00:00
Wouter Wijngaards
dd8e44ac37 - feature typetransparent localzone, does not block other RR types. 
git-svn-id: file:///svn/unbound/trunk@2350 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-02 12:39:33 +00:00
Wouter Wijngaards
79f4ca6a28 Fix storage of noEDNS in the infra cache. 
iana portlist updated.


git-svn-id: file:///svn/unbound/trunk@2348 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-30 12:55:48 +00:00
Wouter Wijngaards
78cc3d8ae1 harden-below-nxdomain option taken from draft-vixie-dnsext-resimprove. 
Default off (for now), as some older software that gives nxdomain for ENT
would be incompatible.  But that would only happen in the reverse tree, and
such software (nonDNSSEC) may go out of style, so in the future a default yes
could be possible.



git-svn-id: file:///svn/unbound/trunk@2347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-18 08:49:15 +00:00
Wouter Wijngaards
289f13bc25 - implement draft-vixie-dnsext-resimprove-00, we stop on NXDOMAIN. 
git-svn-id: file:///svn/unbound/trunk@2345 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-17 10:02:34 +00:00
Wouter Wijngaards
2fe65ab2b5 - Be lenient and accept imgw.pl malformed packet (like BIND). 
git-svn-id: file:///svn/unbound/trunk@2339 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-08 18:32:55 +00:00
Wouter Wijngaards
c140638659 Test DS and CNAME in cache. 
git-svn-id: file:///svn/unbound/trunk@2336 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-05 15:45:53 +00:00
Wouter Wijngaards
f41a92daf5 detect nc version 
git-svn-id: file:///svn/unbound/trunk@2334 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-04 15:20:11 +00:00
Wouter Wijngaards
93e8ff1bb0 Fix test to work on ubuntu. 
git-svn-id: file:///svn/unbound/trunk@2333 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-04 15:16:13 +00:00
Wouter Wijngaards
488aee467a - Fix validation failure for parent and child on same server with an 
insecure childzone and a CNAME from parent to child.


git-svn-id: file:///svn/unbound/trunk@2321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-29 13:10:26 +00:00
Wouter Wijngaards
8cf752e577 Uses curl to check if the icann cert file has been updated on the website. 
git-svn-id: file:///svn/unbound/trunk@2297 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-18 13:25:30 +00:00
Wouter Wijngaards
a0b58301ca unbound-anchor works on vista. 
git-svn-id: file:///svn/unbound/trunk@2292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-14 14:55:38 +00:00
Wouter Wijngaards
c60c5d188e less verbose on output. 
git-svn-id: file:///svn/unbound/trunk@2290 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-14 09:18:20 +00:00
Wouter Wijngaards
46345c0809 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
Wouter Wijngaards
236d4cea25 Fix out-of-order XML element parse, zone name check and newline filter for unbound-anchor XML parse. 
git-svn-id: file:///svn/unbound/trunk@2274 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-01 15:01:49 +00:00
Wouter Wijngaards
cb978ff7be test update and nicer text output for unbound-anchor 
git-svn-id: file:///svn/unbound/trunk@2273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-01 13:55:16 +00:00
Wouter Wijngaards
00ae321bf4 fix test 
git-svn-id: file:///svn/unbound/trunk@2272 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-01 12:26:20 +00:00
Wouter Wijngaards
f3a4dad2c8 no override time, works on Minix and not needed for the tpkg. 
git-svn-id: file:///svn/unbound/trunk@2271 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-01 12:14:05 +00:00
Wouter Wijngaards
b3e4186cf2 Test for unbound-anchor. 
git-svn-id: file:///svn/unbound/trunk@2268 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-01 11:31:35 +00:00