upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-06 06:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
7793 commits 23 branches 209 tags 124 MiB
Commit graph

994 commits

Author SHA1 Message Date
W.C.A. Wijngaards
6568841bb0 - Fix doc test so it ignores but outputs unsupported doxygen options. 2024-03-08 16:43:24 +01:00
W.C.A. Wijngaards
e361f6b284 - Fix qname minimisation for reply with a DNAME for qtype CNAME that 
answers it.
 2024-03-08 16:33:17 +01:00
W.C.A. Wijngaards
2a255076f5 - Fix validator classification of qtype DNAME for positive and 
redirection answers, and fix validator signature routine for dealing
  with the synthesized CNAME for a DNAME without previously
  encountering it and also for when the qtype is DNAME.
 2024-03-08 14:10:06 +01:00
W.C.A. Wijngaards
fb080e7853 - Remove unused portion from iter_dname_ttl unit test. 2024-03-08 09:51:37 +01:00
W.C.A. Wijngaards
0818841038 - Fix TTL of synthesized CNAME when a DNAME is used from cache. 2024-03-08 09:47:59 +01:00
W.C.A. Wijngaards
be626f7c53 - Fix edns subnet replies for scope zero answers to not get stored 
in the global cache, and in cachedb, when the upstream replies
  without an EDNS record.
 2024-03-04 13:20:13 +01:00
W.C.A. Wijngaards
56a2b564ef Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c' 2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9 Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae' 2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69 - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. 2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
Yorgos Thessalonikefs
3522451600 - Update message TTL when using cached RRSETs. It could result in 
non-expired messages with expired RRSETs (non-usable messages by
  Unbound).
 2024-01-23 10:10:37 +01:00
W.C.A. Wijngaards
418eeb642c - Fix unit test for #987 change in udp1xxx retry packet send. 2024-01-05 14:11:55 +01:00
W.C.A. Wijngaards
4ef1fb5a24 - Fix root_zonemd unit test, it checks that the root ZONEMD verifies, 
now that the root has a valid ZONEMD.
 2023-12-08 17:15:35 +01:00
Yorgos Thessalonikefs
be6fd80a1c - Merge PR #973: Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672. 2023-12-08 09:23:26 +01:00
Philip Homburg
0cfc6e6d95 Fixed some syntax errors in rpl files. 2023-12-07 11:38:01 +01:00
Yorgos Thessalonikefs
8517f49745 - Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672. 2023-12-06 23:40:01 +01:00
W.C.A. Wijngaards
6c76b4e2f8 - Fix tests to use new common.sh functions, wait_logfile and 
kill_from_pidfile.
 2023-12-06 16:32:06 +01:00
W.C.A. Wijngaards
c91bd60051 - Update test script file common.sh. 2023-12-06 16:14:24 +01:00
W.C.A. Wijngaards
5997355e22 - Fix to sync the tests script file common.sh. 2023-12-06 11:58:14 +01:00
Yorgos Thessalonikefs
ca88669435 - Replace the obsolescent fgrep with grep -F in tests. 2023-11-24 15:51:17 +01:00
Yorgos Thessalonikefs
15a9b0f2be - Use 127.0.0.1 explicitly in tests to avoid delays and errors on newer 
systems.
 2023-11-24 15:34:25 +01:00
Wouter Wijngaards
3f66230874
Merge pull request #951 from NLnetLabs/cachedb-no-store 
Cachedb no store
 2023-10-20 17:00:13 +02:00
George Thessalonikefs
44c3d4d2dc - Changelog entry for: 
Merge #955 from buevsan: fix ipset wrong behavior.
- Update testdata/ipset.tdir test for ipset fix.
 2023-10-18 15:11:38 +02:00
George Thessalonikefs
2f0b11673a - Update the dns64_lookup.rpl test for the DNS64 fallback patch. 2023-10-18 12:59:54 +02:00
W.C.A. Wijngaards
0f78bea4a3 - Fix #954: Inconsistent RPZ handling for A record returned along with 
CNAME.
 2023-10-17 16:47:04 +02:00
George Thessalonikefs
4b627bd29e - Update pymod tests for the new Python script variable. 2023-10-16 16:32:09 +02:00
Wouter Wijngaards
dbd2a43ab1
Apply suggestions from code review 
Co-authored-by: Yorgos Thessalonikefs <george@nlnetlabs.nl>
 2023-10-13 13:46:52 +02:00
W.C.A. Wijngaards
18ebe165ba Merge branch 'master' into cachedb-no-store 2023-10-12 14:51:12 +02:00
Wouter Wijngaards
5c6c57ed89
Merge pull request #944 from NLnetLabs/disable-edns-do 
Disable EDNS DO
 2023-10-12 14:04:29 +02:00
W.C.A. Wijngaards
47094fd83f Merge branch 'master' into cachedb-no-store 2023-10-11 13:51:34 +02:00
W.C.A. Wijngaards
935bc162e1 - cachedb-no-store, unit test cachedb_no_store.tdir. 2023-10-11 12:01:55 +02:00
W.C.A. Wijngaards
6d0812b567 - Fix edns subnet so that queries with a source prefix of zero cause 
the recursor send no edns subnet option to the upstream.
 2023-10-09 12:21:22 +02:00
W.C.A. Wijngaards
1e85749e6e Merge branch 'master' into disable-edns-do 2023-10-05 15:57:41 +02:00
W.C.A. Wijngaards
b865aca03a - Fix #946: Forwarder returns servfail on upstream response noerror no 
data.
 2023-10-04 18:16:22 +02:00
W.C.A. Wijngaards
39df4f0923 - disable-edns-do, queriers receive no EDNS in response if the 
disable-edns-do option is enabled and they set the DO flag. And unit test
  for that.
 2023-10-04 13:54:05 +02:00
W.C.A. Wijngaards
eff3e01ec3 Merge branch 'master' into disable-edns-do 2023-10-04 13:34:47 +02:00
W.C.A. Wijngaards
0102360e92 root-zonemd-test, add test for ZONEMD usage from the root zone, 
currently with the unsupported algorithm.
 2023-09-29 16:03:08 +02:00
W.C.A. Wijngaards
4e5b0b7eec - disable-edns-do, unit test checks lookup without EDNS DO flag. 2023-09-22 11:39:39 +02:00
W.C.A. Wijngaards
bd5dc855af - Fix rpz tcp-only action with rpz triggers nsdname and nsip. 2023-09-18 09:55:39 +02:00
W.C.A. Wijngaards
33784e612a - Fix to set ede match in unit test for rr length removal. 2023-09-07 14:58:51 +02:00
W.C.A. Wijngaards
fdd5f8ff83 - Fix to add EDE text when RRs have been removed due to length. 2023-09-07 14:44:48 +02:00
W.C.A. Wijngaards
63616a5fce - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. 2023-09-07 11:29:53 +02:00
W.C.A. Wijngaards
dfc00271d1 - Fix to scrub resource records of type A and AAAA that have an 
inappropriate size. They are removed from responses.
 2023-09-07 11:08:04 +02:00
W.C.A. Wijngaards
10843805ac - Fix #927: unbound 1.18.0 make test error. Fix make test without SHA1. 2023-08-31 13:54:03 +02:00
W.C.A. Wijngaards
6e43145382 - Fix unit test for unbound-control to work when threads are disabled, 
and fix cache dump check.
 2023-08-21 16:58:10 +02:00
W.C.A. Wijngaards
be53e37b15 - Fix #923: processQueryResponse() THROWAWAY should be mindful of 
fail_reply.
 2023-08-21 14:32:13 +02:00
W.C.A. Wijngaards
083770cb39 - Fix stat_values test to work with dig that enables DNS cookies. 2023-08-18 13:39:27 +02:00
W.C.A. Wijngaards
5f423906de - Fix ip_ratelimit test to work with dig that enables DNS cookies. 2023-08-17 15:43:14 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
49e4258102 - For #762: Interaction between DNS Cookies and source IP ratelimiting 
by allowing Cookies to bypass the ratelimit, but still allowing
  ratelimit to valid DNS Cookie clients via the new
  ip-ratelimit-cookie option.
 2023-08-08 10:14:03 +02:00
George Thessalonikefs
4ccb613396 Merge branch 'master' into features/downstream-cookies 2023-08-05 20:37:48 +02:00
George Thessalonikefs
fbc0256825 - For #762: Cleaner manpage text and uniform use of the term DNS 
Cookies.
 2023-08-05 20:00:37 +02:00
George Thessalonikefs
8580a74b37 - For #762: Introduce rpl testing for DNS Cookies. 2023-08-05 19:50:57 +02:00
George Thessalonikefs
00a08beee9 - For #762: Ignore util/siphash.c for the 01-doc test. 2023-08-01 17:40:49 +02:00
George Thessalonikefs
2cc9563cf8 - Fix to use the now cached EDE, if any, for CD_bit queries. 2023-08-01 15:23:25 +02:00
George Thessalonikefs
8936f3496e - For #790: clean testcase. 2023-07-31 09:41:57 +02:00
George Thessalonikefs
f97927a47e Merge branch 'master' into features/ede-caching-cachedb 2023-07-30 14:17:52 +02:00
George Thessalonikefs
66c95e8081 - Review for #790: replace tdir tests with simpler rpl tests. 2023-07-28 16:54:05 +02:00
George Thessalonikefs
95604a90e8 Review for #759: 
- Keep EDE information for keys close to key creation.
- Fix inconsistencies between reply and cached EDEs.
- Incorporate EDE caching checks in EDE tests.
- Fix some EDE cases where missing DNSKEY was wrongly reported.
 2023-07-19 15:20:44 +02:00
George Thessalonikefs
15b8d8b96a Merge branch 'master' into features/ede-caching 2023-07-13 11:25:59 +02:00
George Thessalonikefs
7240ecbeb0 - Merge #664 from tilan7763: Add prefetch support for subnet cache 
entries.
- For #664: Easier code flow for subnetcache prefetching.
- For #664: Add testcase.
- For #664: Rename subnet_prefetch tests to subnet_global_prefetch to
  differentiate from the new subnet prefetch support.
 2023-07-11 14:31:49 +02:00
George Thessalonikefs
a952ac17be Merge branch 'tilan7663-subnet_cache_prefetch' into subnet_cache_prefetch 2023-07-07 16:50:58 +02:00
George Thessalonikefs
40e47bf767 - For #664: easier code flow for subnetcache prefetching. 
- For #664: add testcase.
 2023-07-06 22:22:21 +02:00
George Thessalonikefs
0afe58a06e - Skip the 00-lint test. splint is not maintained; it either does not 
work or produces false positives. Static analysis is handled in the
  clang test.
 2023-07-03 15:38:16 +02:00
George Thessalonikefs
2069271384 - Merge #802: add validation EDEs to queries where the CD bit is set. 
- For #802: Cleanup comments and add RCODE check for CD bit test case.
 2023-07-03 14:48:39 +02:00
George Thessalonikefs
014db3fb03 - For #802: Cleanup comments and add RCODE check for CD bit test case. 2023-07-03 14:40:01 +02:00
George Thessalonikefs
ade710a9fd - For #739: minor cleanup for testcases. 2023-07-03 10:10:16 +02:00
George Thessalonikefs
31d38d2cfe Merge branch 'master' into features/dohpath-for-unbound 2023-06-30 11:50:23 +02:00
George Thessalonikefs
41dac805f5 - Merge #892: Add cachedb hit stat. Introduces 'num.query.cachedb' as 
a new statistical counter.
 2023-06-27 12:46:26 +02:00
W.C.A. Wijngaards
f9317d65b3 - Fix for uncertain unit test for doh buffer size events. 2023-06-12 12:39:00 +02:00
Yorgos Thessalonikefs
65230bd117
Review comment for testdata/stat_values.tdir/stat_values.test 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2023-05-31 17:09:16 +02:00
George Thessalonikefs
3c3fd7a795 - More predictable testing for cachedb. 2023-05-30 23:33:48 +02:00
George Thessalonikefs
4f52be4db9 - Introduce num.query.cachedb to track cache hits for the external cache. 2023-05-30 17:49:50 +02:00
W.C.A. Wijngaards
da78c42f88 - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR. 2023-05-19 14:38:41 +02:00
George Thessalonikefs
20184483df Merge branch 'eqvinox-nat64' 2023-05-01 18:24:05 +02:00
George Thessalonikefs
adb4aeb609 - For #722: Minor fixes, formatting and refactoring. 2023-05-01 18:23:13 +02:00
W.C.A. Wijngaards
70c2b587fc - Fix RPZ IP responses with trigger rpz-drop on cache entries, that 
they are dropped.
 2023-05-01 09:26:17 +02:00
Philip Homburg
4a04ba813a Merge branch '0ttl' 2023-04-26 17:14:15 +02:00
George Thessalonikefs
e1ec3cf893 Merge branch 'nat64' of https://github.com/eqvinox/unbound into eqvinox-nat64 2023-04-26 15:14:39 +02:00
W.C.A. Wijngaards
7033234a48 - Fix for #870: Add test case for the qname minimisation and CNAME. 2023-04-06 10:04:04 +02:00
Philip Homburg
1ac9b7548b Small fixes from Wouter's review 2023-03-23 15:15:54 +01:00
Philip Homburg
072be3300f Tests for serve-expired in combination with new 0 TTL data. 2023-03-22 15:23:47 +01:00
Philip Homburg
fb187d1a60 Merge branch 'master' into ecs-serve-expired-bug 2023-02-21 09:28:13 +01:00
Philip Homburg
b89d0d1cce Test cache update from serve-expired and client-subnet-always-forward 2023-02-21 09:21:43 +01:00
George Thessalonikefs
96c70d91ca - Add testcase for refreshing expired error responses. 2023-02-09 12:44:01 +01:00
W.C.A. Wijngaards
e225e4bcab - Fix consistency of unit test without roundrobin answers for the 
cnametooptout unit test.
 2023-02-09 11:46:33 +01:00
W.C.A. Wijngaards
a8977df4d9 - Fix unit tests for spurious empty messages. 2023-02-09 10:38:55 +01:00
W.C.A. Wijngaards
4953daa016 - Fix to ignore entirely empty responses, and try at another authority. 
This turns completely empty responses, a type of noerror/nodata into
  a servfail, but they do not conform to RFC2308, and the retry can
  fetch improved content.
 2023-02-09 09:56:40 +01:00
George Thessalonikefs
24e6d1e18e - Add duration variable for speed_local.test. 2023-01-30 11:33:58 +01:00
W.C.A. Wijngaards
6afdc336ba - Fix test for new default. 2023-01-19 16:06:30 +01:00
W.C.A. Wijngaards
8df1e58209 - Add harden-unknown-additional option. Default on and it removes 
unknown records from the authority section and additional section.
  Thanks to Xiang Li, from NISL Lab, Tsinghua University.
 2023-01-19 14:59:18 +01:00
W.C.A. Wijngaards
ba6325f24f - Fix #823: Response change to NODATA for some ANY queries since 
1.12, tested on 1.16.1.
 2023-01-06 09:16:59 +01:00
George Thessalonikefs
7716d26d46 - Use an explicit 'reload_keep_cache' command and introduce test cases 
for #569.
 2022-12-14 16:33:28 +01:00
TCY16
dd3984eae9 add validation EDEs to CD bit queries 2022-12-05 11:41:17 +01:00
TCY16
a96c64d966 add subnetcache test and rename/improve cachedb test 2022-11-24 16:14:37 +01:00
George Thessalonikefs
896f7a8306 - Ignore expired error responses. 2022-11-22 17:44:55 +01:00
tcarpay
a7ac109e4e
Remove erroneous filepath in test 2022-11-22 12:11:55 +01:00
TCY16
79108f4c3d add ede cachedb test 2022-11-21 15:26:49 +01:00
TCY16
8b4a8493d0 Merge branch 'master' of github.com:NLnetLabs/unbound into features/ede-caching 2022-11-21 11:34:36 +01:00
David Lamparter
64fb06f892 NAT64 support 
This implements #721.  Includes documentation and some very basic tests.
Please refer to doc for further detail.
 2022-11-07 11:37:50 +00:00