upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-27 10:10:09 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
3605 commits 23 branches 209 tags 124 MiB
Commit graph

419 commits

Author SHA1 Message Date
Wouter Wijngaards
2a39f48deb Fixup _get_osfhandle calls 
git-svn-id: file:///svn/unbound/trunk@3809 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-05 07:46:16 +00:00
Wouter Wijngaards
941b31f90b - Fixes for 64bit windows compile. 
git-svn-id: file:///svn/unbound/trunk@3808 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-05 07:40:13 +00:00
Wouter Wijngaards
230ef2110b - Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures. 
git-svn-id: file:///svn/unbound/trunk@3766 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-07 13:02:02 +00:00
Wouter Wijngaards
8336eab1e1 - Fix distinction between free and CRYPTO_free in dsa and ecdsa alloc. 
git-svn-id: file:///svn/unbound/trunk@3745 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-02 08:31:17 +00:00
Wouter Wijngaards
40dd2acfd9 - generic edns option parse and store code. 
git-svn-id: file:///svn/unbound/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00
Wouter Wijngaards
7fdde81b8f - cachedb module event handling design. 
git-svn-id: file:///svn/unbound/trunk@3700 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-15 14:19:00 +00:00
Wouter Wijngaards
fd07245a0a Stop memory leak on error condition. 
git-svn-id: file:///svn/unbound/trunk@3694 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 09:18:29 +00:00
Wouter Wijngaards
fe4760787e please lint. 
git-svn-id: file:///svn/unbound/trunk@3693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:42:18 +00:00
Wouter Wijngaards
b8df3634cc please lint. 
git-svn-id: file:///svn/unbound/trunk@3692 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:37:27 +00:00
Wouter Wijngaards
038f4ca8b5 please lint. 
git-svn-id: file:///svn/unbound/trunk@3690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:32:17 +00:00
Wouter Wijngaards
fbae76885a - OpenSSL 1.1.0 portability, --disable-dsa configure option. 
git-svn-id: file:///svn/unbound/trunk@3689 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:19:49 +00:00
Wouter Wijngaards
718e98b1cd - Fix that NSEC3 negative cache is used when there is no salt. 
git-svn-id: file:///svn/unbound/trunk@3639 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-24 15:02:35 +00:00
Wouter Wijngaards
e9f954b828 - load gost algorithm if digest is seen before key algorithm. 
git-svn-id: file:///svn/unbound/trunk@3630 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:17:03 +00:00
Wouter Wijngaards
134924c4da Remove lint warning. 
git-svn-id: file:///svn/unbound/trunk@3629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:16:27 +00:00
Wouter Wijngaards
2c94a5b312 - Print understandable debug log when unusable DS record is seen. 
git-svn-id: file:///svn/unbound/trunk@3627 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 10:48:23 +00:00
Wouter Wijngaards
785697de82 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: file:///svn/unbound/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
Wouter Wijngaards
152458c40b - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
Wouter Wijngaards
ffb5a2d9eb Document ASN contents. 
git-svn-id: file:///svn/unbound/trunk@3542 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 14:36:10 +00:00
Wouter Wijngaards
4e3ae5505e cast to please lint. 
git-svn-id: file:///svn/unbound/trunk@3541 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 14:27:49 +00:00
Wouter Wijngaards
39dc5be222 - Fixup DER encoded DSA signatures for libnettle. 
git-svn-id: file:///svn/unbound/trunk@3540 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 13:31:22 +00:00
Wouter Wijngaards
2756b0f873 Repair // style comments for portability. 
git-svn-id: file:///svn/unbound/trunk@3539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 12:46:47 +00:00
Wouter Wijngaards
fa57a6c6e8 use digest_nettle function for nsec3_hash calls. 
git-svn-id: file:///svn/unbound/trunk@3537 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:39:58 +00:00
Wouter Wijngaards
3433a30878 please lint. 
git-svn-id: file:///svn/unbound/trunk@3536 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:32:04 +00:00
Wouter Wijngaards
2a73ccd5b4 - refactor nsec3 hash implementation to be more library-portable. 
git-svn-id: file:///svn/unbound/trunk@3535 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:30:04 +00:00
Wouter Wijngaards
2bdea62a9e - Fix #594. libunbound: optionally use libnettle for crypto. 
Contributed by Luca Bruno.  Added --with-nettle for use with
  --with-libunbound-only.


git-svn-id: file:///svn/unbound/trunk@3533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 09:43:07 +00:00
Wouter Wijngaards
bdb24c91b2 - Fix #716: nodata proof with empty non-terminals and wildcards. 
git-svn-id: file:///svn/unbound/trunk@3526 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-29 13:08:15 +00:00
Wouter Wijngaards
dd174820dc windows portability. 
git-svn-id: file:///svn/unbound/trunk@3521 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-27 15:35:08 +00:00
Wouter Wijngaards
40c139cd8f - Fix #712: unbound-anchor appears to not fsync root.key. 
git-svn-id: file:///svn/unbound/trunk@3512 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-22 07:06:31 +00:00
Wouter Wijngaards
e3351c3606 - Remove confusion comment from canonical_compare() function. 
git-svn-id: file:///svn/unbound/trunk@3488 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-22 08:43:56 +00:00
Wouter Wijngaards
934954375e configuration option affects autotrust. 
git-svn-id: file:///svn/unbound/trunk@3472 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-13 12:52:51 +00:00
Wouter Wijngaards
08e6883578 - 5011 implementation does not insist on all algorithms, when 
harden-algo-downgrade is turned off.


git-svn-id: file:///svn/unbound/trunk@3471 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-13 12:03:53 +00:00
Wouter Wijngaards
771e7295ac - Fix 5011 anchor update timer after reload. 
git-svn-id: file:///svn/unbound/trunk@3466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 11:56:37 +00:00
Wouter Wijngaards
7166c1ad36 no zero waiting times. 
git-svn-id: file:///svn/unbound/trunk@3464 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 14:01:04 +00:00
Wouter Wijngaards
814ddc5d48 fixup. 
git-svn-id: file:///svn/unbound/trunk@3463 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 12:02:18 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
b5f391d845 - DLV is going to be decommissioned. Advice to stop using it, and 
put text in the example configuration and man page to that effect.


git-svn-id: file:///svn/unbound/trunk@3424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-20 06:24:06 +00:00
Wouter Wijngaards
bfd78a8c23 - Change syntax of particular validator error to be easier for 
machine parse, swap rrset and ip adres info so it looks like:
  validation failure <www.example.nl. TXT IN>: signature crypto
  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>


git-svn-id: file:///svn/unbound/trunk@3422 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-10 12:04:22 +00:00
Wouter Wijngaards
32f808fcfa - Unbound exits with a fatal error when the auto-trust-anchor-file 
fails to be writable.  This is seconds after startup.  You can
  load a readonly auto-trust-anchor-file with trust-anchor-file.
  The file has to be writable to notice the trust anchor change,
  without it, a trust anchor change will be unnoticed and the system
  will then become unoperable.


git-svn-id: file:///svn/unbound/trunk@3387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 12:03:05 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
7a9ccf858c - If unknown trust anchor algorithm, and libressl is used, error 
message encourages upgrade of the libressl package.


git-svn-id: file:///svn/unbound/trunk@3378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-25 16:04:05 +00:00
Wouter Wijngaards
6feb8fb6a5 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: file:///svn/unbound/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
Wouter Wijngaards
63b5d109f8 - Use reallocarray for integer overflow protection, patch submitted 
by Loganaden Velvindron.


git-svn-id: file:///svn/unbound/trunk@3365 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-17 08:24:24 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
e08aa7c5e1 - Fix validation failure in case upstream forwarder (ISC BIND) does 
not have the same trust anchors and decides to insert unsigned NS
  record in authority section.


git-svn-id: file:///svn/unbound/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-09 11:44:46 +00:00
Wouter Wijngaards
15d16580a8 - Fix unintended use of gcc extension for incomplete enum types, 
compile with pedantic c99 compliance (from Daniel Dickman).


git-svn-id: file:///svn/unbound/trunk@3321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-26 08:46:40 +00:00
Wouter Wijngaards
67a3c4933c - Fix cdflag dns64 processing. 
git-svn-id: file:///svn/unbound/trunk@3275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-19 08:43:08 +00:00
Wouter Wijngaards
b781f2d48d - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: file:///svn/unbound/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
Wouter Wijngaards
f1bcc1032f More casts. 
git-svn-id: file:///svn/unbound/trunk@3244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 09:23:12 +00:00
Wouter Wijngaards
339a6be27d More unsigned chasts for toupper/tolower/ctype 
git-svn-id: file:///svn/unbound/trunk@3242 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 08:35:00 +00:00
Matthijs Mekking
dab0af8d87 Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is received. 
This is okay according 4035, but not after revising existence in 4592. 
NSEC empty non-terminals exist and thus the RCODE should have been NOERROR.

If this occurs, and the RRsets are secure, we set the RCODE to NOERROR and
the security status of the reponse is also considered secure.



git-svn-id: file:///svn/unbound/trunk@3089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-20 09:46:50 +00:00