upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7812 commits 23 branches 209 tags 123 MiB
Commit graph

4753 commits

Author SHA1 Message Date
W.C.A. Wijngaards
1b7e14dc39 - Fix to disable detection of quic configured ports when quic is 
not compiled in.
 2024-10-11 08:51:14 +02:00
W.C.A. Wijngaards
8b7782e8fc - Fix add reallocarray to alloc stats unit test, and disable 
override of strdup in unbound-host, and the result of config
  get option is freed properly.
 2024-10-10 10:43:23 +02:00
W.C.A. Wijngaards
e0201435a4 - Fix cookie_file test sporadic fails for time change during 
the test.
 2024-10-10 09:45:48 +02:00
W.C.A. Wijngaards
66fb3ff670 - Fix for dnstap compile of doqclient with doq disabled. 2024-10-09 15:52:33 +02:00
W.C.A. Wijngaards
36461ea73d Changelog entry and unit test for fix of NSEC TTL and prefetch ttl. 
- Fix to limit NSEC TTL for messages from cachedb. Fix to limit the
  prefetch ttl for messages after a CNAME with short TTL.
 2024-10-09 15:29:23 +02:00
W.C.A. Wijngaards
a4d8c0c43b Changelog note for #871 
- Merge #871: DNS over QUIC. This adds `quic-port: 853` and
  `quic-size: 8m` that enable dnsoverquic, and the counters
  `num.query.quic` and `mem.quic` in the statistics output.
  The feature needs to be enabled by compiling with libngtcp2,
  with `--with-libngtcp2=path` and libngtcp2 needs openssl+quic,
  pass that with `--with-ssl=path` to compile unbound as well.
 2024-10-09 10:35:45 +02:00
W.C.A. Wijngaards
dcf7afd722 - Fix #1128: Cannot override tcp-upstream and tls-upstream with 
forward-tcp-upstream and forward-tls-upstream.
 2024-10-08 15:29:03 +02:00
W.C.A. Wijngaards
e67171612b - Fix #1149: unbound-control-setup hangs sometimes depending on 
the openssl version.
 2024-10-08 11:54:07 +02:00
Yorgos Thessalonikefs
a1b25f0296 - The fix for CVE-2024-8508 was part of 1.21.1, a security point release 
on 1.21.0. The code repository continues with this fix and the version
  number 1.22.0.
 2024-10-03 18:19:01 +02:00
W.C.A. Wijngaards
5bb3b9cc83 - Fix unbound dnstap socket test program analyzer warnings about 
unused variable assignments and variable initialization.
 2024-09-30 16:36:01 +02:00
W.C.A. Wijngaards
3a1b79f6a1 - Fix negative cache NSEC3 parameter compares for zero length NSEC3 
salt.
 2024-09-30 09:25:51 +02:00
W.C.A. Wijngaards
84eeb9b97c - Fix #1144: [FR] log timestamps in ISO8601 format with timezone. 
This adds the option `log-time-iso: yes` that logs in ISO8601
  format.
 2024-09-25 11:16:46 +02:00
Yorgos Thessalonikefs
d88eeb4c32 Changelog entry for #1143: 
- Merge #1143: Fix cache update when serve expired is used. Expired
  records are favored over resolution and validation failures when
  serve-expired is used.
 2024-09-24 16:49:34 +02:00
Yorgos Thessalonikefs
24ebca7df6 - More clear text for prefetch and minimal-responses in the 
unbound.conf man page.
 2024-09-24 15:10:21 +02:00
Yorgos Thessalonikefs
7f4a61e6fc - Attempt to further fix doh_downstream_buffer_size.tdir flakiness. 2024-09-24 12:21:03 +02:00
Yorgos Thessalonikefs
db719d404f - Fix doxygen warnings by commenting out CLANG_ASSISTED_PARSING, 
CLANG_ADD_INC_PATHS, CLANG_OPTIONS and CLANG_DATABASE_PATH; they were
  already disabled.
 2024-09-23 15:31:32 +02:00
W.C.A. Wijngaards
a35a0c49da - Fix dns64 with prefetch that the prefetch is stored in cache. 2024-09-23 12:19:43 +02:00
W.C.A. Wijngaards
5e9b6296b7 - Add redis-command-timeout: 20 and redis-connect-timeout: 200, 
that can set the timeout separately for commands and the
  connection set up to the redis server. If they are not
  specified, the redis-timeout value is used.
 2024-09-17 13:10:34 +02:00
W.C.A. Wijngaards
606e262fdd Changelog comment for #1140. 
- Merge #1140: Fix spelling mistake in comments.
 2024-09-16 12:15:04 +02:00
Yorgos Thessalonikefs
6bf2b2ac56 - Fix and add comments in testdata/val_negcache_ttl.rpl. 2024-09-11 12:16:02 +02:00
W.C.A. Wijngaards
5767b0933f - Add unit test for ttl limit for aggressive nsec. 2024-09-10 10:17:31 +02:00
W.C.A. Wijngaards
24e0f0ab7e - Fix to limit NSEC and NSEC3 TTL when aggressive nsec is 
enabled (RFC9077).
 2024-09-10 10:13:48 +02:00
Yorgos Thessalonikefs
d3fdbba877 - Fix comment to not trigger doxygen unknown command. 2024-09-06 16:03:20 +02:00
Yorgos Thessalonikefs
c36ce2a390 - Fix alloc-size and calloc-transposed-args compiler warnings. 2024-09-06 16:01:30 +02:00
W.C.A. Wijngaards
7ecff4113c - Fix config file read for dnstap-sample-rate. 2024-09-05 09:35:54 +02:00
W.C.A. Wijngaards
99824bc0e6 Changelog note for #1135 
- Merge #1135: Add new IANA trust anchor.
 2024-09-02 09:25:44 +02:00
W.C.A. Wijngaards
a887284703 - Fix for #1132, comment about adjusted copy of reference check. 2024-08-30 08:56:00 +02:00
W.C.A. Wijngaards
fb198b96f1 Changelog note for #1132 and fix for #1132. 
- Merge #1132: b.root renumbering.
- Fix for #1132, adjusted unit test for change in the test file.
 2024-08-30 08:51:56 +02:00
W.C.A. Wijngaards
52154e658a - Fix to print port number in logs for auth zone transfer activities. 2024-08-29 13:04:03 +02:00
W.C.A. Wijngaards
c06d3646a9 - Unit test for auth zone transfer TLS, and TLS failure. 2024-08-29 10:40:31 +02:00
W.C.A. Wijngaards
42d421a305 - Fix that stub-zone and forward-zone clauses do not exhaust memory 
for long content.
 2024-08-28 13:16:29 +02:00
W.C.A. Wijngaards
b5951ce1fa - Fix that when rpz is applied the message does not get picked up by 
the validator. That stops validation failures for the message.
 2024-08-28 10:51:22 +02:00
W.C.A. Wijngaards
6b37309705 - Fix #1130: Loads of logs: "validation failure: key for validation 
<domain>. is marked as invalid because of a previous" for
  non-DNSSEC signed zone.
 2024-08-27 17:00:27 +02:00
W.C.A. Wijngaards
dc274fef9b - Fix documentation for cache_fill_missing function. 2024-08-23 13:19:15 +02:00
W.C.A. Wijngaards
db1167c8b3 - Fix #1127: error: "memory exhausted" when defining more than 9994 
local-zones.
 2024-08-23 09:22:07 +02:00
W.C.A. Wijngaards
1e0cf1e86b - Merge patch to fix for glue that is outside of zone, with 
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
  Enabling this option protects the Unbound resolver against bad
  glue, that is unverified out of zone glue, by resolving them.
  It uses the records as last resort if there is no other working
  glue.
 2024-08-23 08:56:48 +02:00
W.C.A. Wijngaards
6b3266aaf8 - Fix for char signedness warnings on NetBSD. 2024-08-21 14:15:23 +02:00
W.C.A. Wijngaards
4f52461e81 - Add cross platform netbsd to github ci. 2024-08-21 14:03:11 +02:00
W.C.A. Wijngaards
06d5031d22 - Add cross platform openbsd to github ci. 2024-08-21 13:50:55 +02:00
W.C.A. Wijngaards
04e6f9e03b - Add cross platform freebsd to github ci. 2024-08-21 13:20:00 +02:00
W.C.A. Wijngaards
3d350fa73d - Add iter-scrub-ns, iter-scrub-cname and max-global-quota 
configuration options.
 2024-08-20 14:08:52 +02:00
W.C.A. Wijngaards
015b2b0daf - Fix #1126: unbound-control-setup hangs while testing for openssl 
presence starting from version 1.21.0.
 2024-08-19 15:51:47 +02:00
W.C.A. Wijngaards
5fa84d50bf - Tag for release 1.21.0, the repository continues with 1.21.1 
in development.
 2024-08-15 11:01:41 +02:00
W.C.A. Wijngaards
79e4c57851 - Fix spelling for the cache-min-negative-ttl entry in the 
example.conf.
 2024-08-09 14:04:25 +02:00
W.C.A. Wijngaards
5abdd09095 - Fix that for windows the module startup is called and sets up 
the module-config.
 2024-08-08 16:14:09 +02:00
W.C.A. Wijngaards
158c1defe3 - Set version number to 1.21.0 for release. 2024-08-08 09:30:53 +02:00
W.C.A. Wijngaards
b4519012dc - Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek, 
Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv
  University and Reichman University).
 2024-08-08 09:28:44 +02:00
W.C.A. Wijngaards
ed883238fd - Fix CAMP issues with global quota. Thanks to Huayi Duan, Marco 
Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich.
 2024-08-08 09:27:45 +02:00
W.C.A. Wijngaards
0f2f6025e7 - Fix that alloc stats for forwards and hints are printed, and when 
alloc stats is enabled, the unit test for unbound control waits for
  reloads to complete.
 2024-08-02 15:51:40 +02:00
W.C.A. Wijngaards
3cbf554e3b Changelog note for #1090 
- Merge #1090: Cookie secret file. Adds
  `cookie-secret-file: "unbound_cookiesecrets.txt"` option to store
  cookie secrets for EDNS COOKIE secret rollover. The remote control
  add_cookie_secret, activate_cookie_secret and drop_cookie_secret
  commands can be used for rollover, the command print_cookie_secrets
  shows the values in use.
 2024-08-02 13:36:06 +02:00