What I changed:
Respected repo rules / avoided generated & third‑party artifacts
Skipped Autotools/libtool generated files like configure, aclocal.m4, ltmain.sh, config.guess, config.sub.
Skipped large test vectors (testdata/, dnscrypt/testdata/) and non-UTF8 sample data (pythonmod/examples/dict_data.txt).
Skipped contrib/fastrpz.patch (patch content is effectively third‑party / not meant to be edited in-tree).
Fixed typos in maintained sources/docs
Various doc/comment spelling fixes (e.g. doc/Changelog, doc/example.conf.in, headers, etc.).
Fixed a real typo in a runtime log message: cachedb/redis.c ("%swith" -> "%s with").
Updated Makefile.in to avoid the misspelling Decomissioned while still matching both spellings via regex.
Fixed Synthetize -> Synthesize and other comment-level typos.
Improved a few “codespell false-positive” tokens by adjusting comments (e.g. inout -> in/out).
Repaired an accidental corruption
During edits, daemon/remote.c got partially mangled around the view local-data handlers. I restored it by:
Reintroducing do_view_data_remove()
Repairing do_view_datas_add() and its end-of-function logic
Cleaning up the remaining removed 0 ... message text
Added future-proof configuration
Created repo-root .codespellrc with:
skip = ... list matching the “do not edit / generated / testdata” policy
ignore-words-list = ... for known project terms / false positives
ignore-regex = ... to preserve your existing ignore patterns
Verification
codespell --config ./.codespellrc . now exits 0 (clean run).
Summary
Typos were fixed where safe, generated/third-party areas were excluded, .codespellrc was added for repeatable checks, and codespell now passes cleanly using that config.
Signed-off-by: rezky_nightky <with.rezky@gmail.com>
- Cached messages that reach 0 TTL are considered expired. This prevents
Unbound itself from issuing replies with TTL 0 and possibly causing a
thundering herd at the last second. Upstream replies of TTL 0 still
get the usual pass-through but they are not considered for caching
from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
TTL value of the record to try and make some sense when replying
with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
high-order bit means the value is positive instead of 0.
- Fix NSEC3 code to not break on broken auth zones that include unsigned
out of zone (above apex) data. Could lead to hang while trying to
prove a wildcard answer.
Reported by Dmitrii Kuvaiskii from Amazon Web Services.
- Tests for NSEC3 auth zones with out of zone data.
- Fix cache update when serve expired is used in order to not evict
still usable expired records. Modules are forbidden to update the
cache if their answer is DNSSEC unchecked or bogus and a valid
(expired) entry already exists. Bogus replies from the validator are
also discarded in favor of existing (expired) valid replies.
- serve-expired-ttl-reset should try to keep expired records in the
cache in case they are reset.
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
Enabling this option protects the Unbound resolver against bad
glue, that is unverified out of zone glue, by resolving them.
It uses the records as last resort if there is no other working
glue.
- Fix#1059: Intermittent DNS blocking failure with local-zone and
always_nxdomain. Addition of local_zones dynamically via
unbound-control was not finding the zone's parent correctly.
8 bytes after a client option of length 8, and then ignore them to
recreate a 24 byte response. The fixup does not read out of bounds,
and puts zeroes in the buffer at that point, that then are ignored.
