upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-20 13:42:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7793 commits 23 branches 209 tags 127 MiB
Commit graph

334 commits

Author SHA1 Message Date
W.C.A. Wijngaards
4b2799fdd6 - Fix #533: Negative responses get cached even when setting 
cache-max-negative-ttl: 1
 2021-08-27 10:33:21 +02:00
W.C.A. Wijngaards
a9de6879b8 Merge branch 'master' into rpz-triggers 2021-08-18 09:53:35 +02:00
Shchelkunov Artem
e20b2c1aaf fix: free() call more than once with the same pointer 2021-08-11 15:14:43 +05:00
W.C.A. Wijngaards
f232562430 Merge branch 'master' into rpz-triggers 2021-08-05 13:37:22 +02:00
W.C.A. Wijngaards
79209823ac - Fix a number of warnings reported by the gcc analyzer. 2021-06-18 18:12:26 +02:00
W.C.A. Wijngaards
355526da7d - rpz-triggers, the added soa for client ip modified answers is affected 
by the minimal-responses config option.
 2021-05-14 16:34:38 +02:00
W.C.A. Wijngaards
50dcadd495 - rpz-triggers, for clientip modified answers the rpz SOA is added to the 
additional section with the serial number and name of the rpz zone that
  was applied.
 2021-05-14 15:34:48 +02:00
W.C.A. Wijngaards
32d82fac9b Merge branch 'master' into rpz-triggers 2021-05-14 08:47:56 +02:00
George Thessalonikefs
e9a5f5ab3f - Add more logging for out-of-memory cases. 2021-05-04 15:39:06 +02:00
W.C.A. Wijngaards
1c75e62804 - rpz-triggers, separate cache storage of RPZ records from network records. 2021-04-01 12:06:14 +02:00
W.C.A. Wijngaards
6f507eb036 Merge branch 'master' into rpz-triggers 2021-03-12 09:04:54 +01:00
W.C.A. Wijngaards
3b24d845ff - Fix doxygen and pydoc warnings. 2021-02-18 11:39:06 +01:00
George Thessalonikefs
f5b7169729 Merge branch 'orig_ttl' of https://github.com/rijswijk/unbound into rijswijk-orig_ttl 2021-01-25 17:39:24 +01:00
Roland van Rijswijk-Deij
d253db04fd Addressed review comment from @wcawijngaards 2021-01-22 18:56:09 +00:00
Roland van Rijswijk-Deij
c4c849d878 Rebase on master 2021-01-22 16:44:56 +00:00
Willem Toorop
48ecf95108 Merge branch 'master' into features/padding 2021-01-22 10:29:50 +01:00
W.C.A. Wijngaards
cdb60adcdc Merge branch 'rpz' of https://github.com/magenbluten/unbound into magenbluten-rpz 
Conflict fixed for rpz.disabled check added.
 2021-01-14 12:11:29 +01:00
W.C.A. Wijngaards
d9dd7bc36f - Add comment documentation. 2021-01-08 11:01:06 +01:00
W.C.A. Wijngaards
ee2545d939 - For #391: fix indentation. 2021-01-08 09:53:52 +01:00
W.C.A. Wijngaards
3e03e2c26d - For #391: use struct timeval* start_time for callback information. 2021-01-08 09:47:46 +01:00
Frank Riley
e3abd772f7 Add start_time to reply callbacks so modules can compute the response time. 2021-01-01 15:44:21 -07:00
mb
f7fb338c95 rpz: continue work on the nsip trigger 2020-11-16 12:42:23 +01:00
W.C.A. Wijngaards
4990dae87d - Fix that minimal-responses does not remove addresses from a priming 
query response.
 2020-10-22 09:26:27 +02:00
George Thessalonikefs
d55084ea9e - Fix that if there are reply callbacks for the given rcode, those 
are called per reply and a new message created if that was modified
  by the call.
- Pass the comm_reply information to the inplace_cb_reply* functions
  during the mesh state and update the documentation on that.
 2020-10-15 17:17:59 +02:00
Ubuntu
027884aad2 Disable enforcing of min/max TTL when serving original TTL 2020-07-29 15:52:58 +00:00
Ubuntu
506dad946b Ensure packet_rrset_data is always initialised to zero upon allocation 2020-07-29 15:26:42 +00:00
Ubuntu
ec6fde611c Cleaned up adjustment in message encoding, fixes spurious negative TTLs 2020-07-15 15:36:06 +00:00
Ubuntu
b5b79e3a36 Add feature to serve original TTLs rather than decrementing ones 2020-07-15 15:15:45 +00:00
W.C.A. Wijngaards
ba0f382eee - CVE-2020-12662 Unbound can be tricked into amplifying an incoming 
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.
 2020-05-19 10:27:27 +02:00
Willem Toorop
2c8a91c2f9 pad-queries default yes 2020-04-14 08:52:51 +02:00
Willem Toorop
4f78b37c61 Down- and upstream padding a la RFC7830 & RFC8467 2020-04-02 18:34:03 +02:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
1d9185229e - Make dname_has_label's dnamelen check work with 0 length 2020-01-29 11:30:22 +01:00
Ralph Dolmans
bda4c4a375 - improve dname_has_label(), add unit test 2020-01-16 17:50:44 +01:00
Ralph Dolmans
72c4c6b30c - Fix the dname_has_label fix 2020-01-16 01:36:07 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
Ralph Dolmans
344f12dd99 - fix compiler warnings 2020-01-15 23:03:44 +01:00
Ralph Dolmans
14913d75c0 - processed RPZ review feedback 
- fix potential locking issue
  - add extra out of bound checks
 2020-01-15 22:45:29 +01:00
Ralph Dolmans
2abaca7a49 - Fix dname_has_label() code review changes 2019-12-23 17:35:11 +01:00
Ralph Dolmans
ae4f6a259b Proccess more review feedback 2019-12-23 16:02:43 +01:00
W.C.A. Wijngaards
6c3a0b54ed - Fix Out of Bound Write Compressed Names in rdata_copy(), 
reported by X41 D-Sec.
 2019-12-03 16:18:47 +01:00
W.C.A. Wijngaards
2d444a5037 - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), 
reported by X41 D-Sec.
 2019-12-03 16:17:03 +01:00
W.C.A. Wijngaards
d2eb78e871 - Fix Assert Causing DoS in dname_pkt_copy(), 
reported by X41 D-Sec.
 2019-12-03 15:20:48 +01:00
W.C.A. Wijngaards
72d348de6a - Fix Out-of-Bounds Read in dname_valid(), 
reported by X41 D-Sec.
 2019-11-20 11:38:11 +01:00
W.C.A. Wijngaards
b60c4a472c Branch 1.9.4 prepares for 1.9.4 release from 1.9.3 2019-10-03 10:34:40 +02:00
Ralph Dolmans
4ac33aa104 - Merge clean up 
- revert dname2str off by one fix
- fix str2dname off by one at right location
 2019-09-09 17:13:08 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
W.C.A. Wijngaards
80c2c69fa7 - Fix log_dns_msg to log irrespective of minimal responses config. 2019-08-21 17:41:29 +02:00
W.C.A. Wijngaards
368386c011 - Fix #48: Unbound returns additional records on NODATA response, 
if minimal-responses is enabled, also the additional for negative
  responses is removed.
 2019-07-12 14:34:35 +02:00
Ralph Dolmans
395d83cfc8 Procedures to parse RPZ ip address notation. 2019-06-24 16:01:01 +02:00
Ralph Dolmans
46acf0f99d Merge branch 'feature/rpz' of github.com:ralphdolmans/unbound into feature/rpz 2019-04-25 14:47:09 +02:00
Ralph Dolmans
ba67920f9a - IXFR/AXFR support for RPZ 2019-04-25 14:46:45 +02:00
Ralph Dolmans
186c9e8e82
Merge pull request #5 from NLnetLabs/master 
bring fork up to date
 2019-04-25 14:43:02 +02:00
George Thessalonikefs
d1150541bb - Update python documentation for init_standard(). 
- Typos.


git-svn-id: file:///svn/unbound/trunk@5157 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 15:03:04 +00:00
Ralph Dolmans
c66e47c372 Initial RPZ commit - now with all files 2019-04-05 17:39:10 +02:00
Wouter Wijngaards
198a7ce74d - cache-max-ttl also defines upperbound of initial TTL in response. 
git-svn-id: file:///svn/unbound/trunk@5007 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-03 14:50:47 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
7bb6358540 Better fix. 
git-svn-id: file:///svn/unbound/trunk@4987 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 13:46:44 +00:00
Wouter Wijngaards
ca33c52086 - Fix windows compile for new rrset roundrobin fix. 
git-svn-id: file:///svn/unbound/trunk@4986 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 13:35:29 +00:00
Wouter Wijngaards
d5922830d0 - Fix #4141: More randomness to rrset-roundrobin. 
git-svn-id: file:///svn/unbound/trunk@4950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:26:40 +00:00
Wouter Wijngaards
898d4c8dd9 - Fix memory leak when message parse fails partway through copy. 
- remove unused udpsize assignment in message encode.


git-svn-id: file:///svn/unbound/trunk@4904 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:30:44 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
George Thessalonikefs
0171d06aa2 - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This 
gives access to reply information for the client's communication
  point when the callback is called before the mesh state (modules).
  Changes to C and Python's inplace_callback signatures were also
  necessary.


git-svn-id: file:///svn/unbound/trunk@4870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-22 10:51:13 +00:00
George Thessalonikefs
749d1b9ebc - Expose if a query (or a subquery) was ratelimited (not src IP 
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Tidy pylib tests.


git-svn-id: file:///svn/unbound/trunk@4828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 14:00:46 +00:00
Ralph Dolmans
4d06c36342 - Added root-key-sentinel support 
git-svn-id: file:///svn/unbound/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
Wouter Wijngaards
ad9784c5e8 - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 14:57:38 +00:00
Wouter Wijngaards
a66fd181e5 auth zone race condition remove and checklock fix for 
check of unused alignment memory in structure.


git-svn-id: file:///svn/unbound/trunk@4496 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 10:35:11 +00:00
Wouter Wijngaards
8605797002 - fix unaligned structure making a false positive in checklock 
unitialised memory.


git-svn-id: file:///svn/unbound/trunk@4490 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-01 15:55:48 +00:00
Wouter Wijngaards
d88bb99957 - auth zone work. probe hostname lookup. 
git-svn-id: file:///svn/unbound/trunk@4411 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-01 14:02:28 +00:00
Wouter Wijngaards
bbe5c6acf0 - Fix param unused warning for windows exportsymbol compile. 
git-svn-id: file:///svn/unbound/trunk@4359 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-02 12:24:48 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Wouter Wijngaards
1624efa939 - Fix #1414: fix segfault on parse failure and log_replies. 
git-svn-id: file:///svn/unbound/trunk@4316 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 07:28:29 +00:00
Wouter Wijngaards
062515d9bc - Fix #1316: heap read buffer overflow in parse_edns_options. 
git-svn-id: file:///svn/unbound/trunk@4240 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-21 11:50:39 +00:00
Wouter Wijngaards
dd0da65da9 fix for lint 
git-svn-id: file:///svn/unbound/trunk@4197 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-29 14:34:28 +00:00
Wouter Wijngaards
8b2397542e - Fix assertion for low buffer size and big edns payload when worker 
overrides udpsize.


git-svn-id: file:///svn/unbound/trunk@4195 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-29 07:32:45 +00:00
Ralph Dolmans
a5c7c469ee - Remove ECS option after REFUSED answer 
- Fix small memory leak in edns_opt_copy_alloc



git-svn-id: file:///svn/unbound/trunk@4100 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-10 09:12:04 +00:00
Ralph Dolmans
a2bc93547f - Generalise inplace callback (de)registration 
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event


git-svn-id: file:///svn/unbound/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-06 13:13:06 +00:00
Ralph Dolmans
b0fd814975 - Merge EDNS Client subnet implementation from feature branch into main branch, 
using new EDNS processing framework.


git-svn-id: file:///svn/unbound/trunk@4074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-21 12:08:17 +00:00
Wouter Wijngaards
6ac9904ee5 please doxygen. 
git-svn-id: file:///svn/unbound/trunk@4039 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-08 08:27:17 +00:00
Wouter Wijngaards
cae9809e11 - Response actions based on IP address from Jinmei Tatuya (Infoblox). 
git-svn-id: file:///svn/unbound/trunk@4035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-07 14:58:51 +00:00
Wouter Wijngaards
8746283787 fixup pythonmod. 
git-svn-id: file:///svn/unbound/trunk@3991 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 11:51:47 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Wouter Wijngaards
ba11247f93 - Fix #1202: Fix code comment that packed_rrset_data is not always 
'packed'.


git-svn-id: file:///svn/unbound/trunk@3984 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-09 09:47:06 +00:00
Wouter Wijngaards
b019a6aad9 please splint. 
git-svn-id: file:///svn/unbound/trunk@3982 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 14:07:51 +00:00
Wouter Wijngaards
3a1ffe4c69 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: file:///svn/unbound/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
Wouter Wijngaards
9b4b0de746 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
George Thessalonikefs
7b948b0647 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
Wouter Wijngaards
9d2b5ca345 - Removed patch comments from acllist.c and msgencode.c 
git-svn-id: file:///svn/unbound/trunk@3886 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-18 13:20:42 +00:00
Wouter Wijngaards
503df095b2 - Patch that resolves CNAMEs entered in local-data conf statements that 
point to data on the internet, from Jinmei Tatuya (Infoblox).


git-svn-id: file:///svn/unbound/trunk@3885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-18 13:18:20 +00:00
Wouter Wijngaards
031caba9c0 - and also generic edns options for upstream messages (and replies). 
after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID),
  to insert use edns_opt_append(edns, region, code, len, bindata) on
  the opt_list passed to send_query, or in edns_opt_inplace_reply.


git-svn-id: file:///svn/unbound/trunk@3742 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:55:22 +00:00
Wouter Wijngaards
40dd2acfd9 - generic edns option parse and store code. 
git-svn-id: file:///svn/unbound/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00
Wouter Wijngaards
eaa3428d58 - No side effects in tolower() call, in case it is a macro. 
git-svn-id: file:///svn/unbound/trunk@3669 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-11 13:46:46 +00:00
Wouter Wijngaards
72a5931a68 - remove NULL-checks before free, patch from Michael McConville. 
git-svn-id: file:///svn/unbound/trunk@3580 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-11 10:26:15 +00:00
Wouter Wijngaards
8a6817d1c9 - please afl-gcc (llvm) for uninitialised variable warning. 
git-svn-id: file:///svn/unbound/trunk@3461 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 08:51:51 +00:00
Wouter Wijngaards
cb90782087 - Fix #677 Fix DNAME responses from cache that failed internal chain 
test.


git-svn-id: file:///svn/unbound/trunk@3435 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-26 07:27:32 +00:00
Wouter Wijngaards
94a6478e05 - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: file:///svn/unbound/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
6feb8fb6a5 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: file:///svn/unbound/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
Wouter Wijngaards
e9e1b464a6 extra sanity check for integer overflow. 
git-svn-id: file:///svn/unbound/trunk@3368 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-17 16:22:04 +00:00
Wouter Wijngaards
24236a6d28 - Fix log at high verbosity and memory allocation failure. 
git-svn-id: file:///svn/unbound/trunk@3278 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-24 08:17:45 +00:00