upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-14 00:03:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8134 commits 26 branches 209 tags 136 MiB
Commit graph

1049 commits

Author SHA1 Message Date
W.C.A. Wijngaards
0f2f6025e7 - Fix that alloc stats for forwards and hints are printed, and when 
alloc stats is enabled, the unit test for unbound control waits for
  reloads to complete.
 2024-08-02 15:51:40 +02:00
Wouter Wijngaards
ad21dbd1c2
Cookie secret file (#1090) 
* - cookie-secret-file, define struct.

* - cookie-secret-file, add config option, create, read and delete struct.

* - cookie-secret-file, check cookie secrets for cookie validation.

* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
  activate_cookie_secret and print_cookie_secrets.

* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
  staging cookies get a fresh cookie and spelling in error message.

* - cookie-secret-file, remove unused variable from cookie file unit test.

* Remove unshare and faketime dependencies for cookie_file test; documentation nits.

---------

Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
 2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards
92be76fb89 - Fix that the worker mem report with alloc stats does not attempt 
to print memory use of forwards and hints if they have been
  deleted already.
 2024-08-01 17:15:07 +02:00
Wouter Wijngaards
92b6c2a7b9
Merge pull request #1098 from NLnetLabs/ipset-pf-support 
Ipset pf support
 2024-07-03 14:49:16 +02:00
W.C.A. Wijngaards
a335e601e4 ipset-pf-support, move startup and destartup to the front of the module 
func block functions, modstack call deinit function names, and detect
module change when no startup functions are needed.
 2024-07-03 13:53:44 +02:00
W.C.A. Wijngaards
2fe4e2ec3e - Fix compile warning in worker pthread id printout. 2024-07-02 09:44:58 +02:00
W.C.A. Wijngaards
e54928a628 - Fix unused variable warning in do_cache_remove. 2024-07-02 09:33:22 +02:00
W.C.A. Wijngaards
65e7253d19 ipset-pf-support, simplification of code. 2024-07-02 09:08:27 +02:00
W.C.A. Wijngaards
ff653a7ef8 Call module init init again, and new function startup and destartup. 
NULL can be used if the function is not used. Open shared ports during
reload. Deinit is called during reload.
 2024-07-01 16:10:07 +02:00
W.C.A. Wijngaards
3953f827fb Merge branch 'master' of https://github.com/madroach/unbound into ipset-pf-support 2024-07-01 14:36:33 +02:00
Yorgos Thessalonikefs
486985fbdf - Fix memory leak when reload_keep_cache is used and num-threads changes. 2024-05-31 12:09:35 +02:00
Martin Vopatek
8ff1baf585 Only check old pid if no username 
Do as the comment says and only check old pid if there is no username
configured.
 2024-05-29 14:16:18 +02:00
Yorgos Thessalonikefs
7f184c8ca8
Fix unbound-control stdin commands for multi-process Unbounds (#1069) 
- Fix unbound-control commands that read stdin in multi-process
  operation (local_zones_remove, local_zones, local_datas_remove,
  local_datas, view_local_datas_remove, view_local_datas). They will
  be properly distributed to all processes. dump_cache and load_cache
  are no longer supported in multi-process operation.

 - Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir
  now checks both single and multi process/thread operation.

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2024-05-17 10:25:24 +02:00
W.C.A. Wijngaards
da2b307aa3 - Fix #1071: [FR] Clear both in-memory and cachedb module cache with 
`unbound-control flush*` commands.
 2024-05-16 16:56:58 +02:00
W.C.A. Wijngaards
7c5e765b3b - Fix cachedb with serve-expired-client-timeout disabled. The edns 
subnet module deletes global cache and cachedb cache when it
  stores a result, and serve-expired is enabled, so that the global
  reply, that is older than the ecs reply, does not return after
  the ecs reply expires.
 2024-04-26 13:32:15 +02:00
Wouter Wijngaards
ced9762b14
Merge pull request #1041 from NLnetLabs/stubfwd-unshare 
Stub and Forward unshare
 2024-04-25 11:11:00 +02:00
Yorgos Thessalonikefs
9b9bba9f02
Update locking management for iter_fwd and iter_hints methods. (#1054) 
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2024-04-25 11:05:58 +02:00
W.C.A. Wijngaards
cccf5e73c0 - Fixup compile without cachedb. 2024-04-10 11:33:52 +02:00
W.C.A. Wijngaards
d98c7b9ae3 - Implement cachedb-check-when-serve-expired: yes option, default 
is enabled. When serve expired is enabled with cachedb, it first
  checks cachedb before serving the expired response.
 2024-04-10 11:21:28 +02:00
Yorgos Thessalonikefs
fb4a7d65d7 - Fix #369: dnstap showing extra responses; for client responses 
right from the cache when replying with expired data or
  prefetching.
 2024-04-03 15:18:13 +02:00
W.C.A. Wijngaards
48113cfaba - fast-reload, unshared stub hints, making the structure locked, with an rwlock. 2024-04-03 13:55:57 +02:00
W.C.A. Wijngaards
c0b5754ef7 - fast-reload, for nonthreaded, the unbound-control commands forward, 
forward_add and forward_delete should be distributed to other processes,
  but when threaded, they should not be distributed to other threads because
  the structure is not thread specific any more.
 2024-04-03 13:55:57 +02:00
W.C.A. Wijngaards
f2fb498c69 - fast-reload, unshare forwards, making the structure locked, with an rwlock. 2024-04-03 13:55:54 +02:00
W.C.A. Wijngaards
6d1e61173b - Fix #1034: DoT forward-zone via unbound-control. 2024-03-28 09:58:03 +01:00
W.C.A. Wijngaards
6f82b5be4a - Fix that the server does not chown the pidfile. 2024-03-27 14:52:25 +01:00
W.C.A. Wijngaards
192f1b0e2b - Fix that when the server truncates the pidfile, it does not follow 
symbolic links.
 2024-03-27 14:07:54 +01:00
W.C.A. Wijngaards
2993437eaa - Fix that addrinfo is not kept around but copied and freed, so that 
log-destaddr uses a copy of the information, much like NSD does.
 2024-03-15 13:39:49 +01:00
W.C.A. Wijngaards
ec0b510f1c - Fix for #1022: Fix ede prohibited in access control refused answers. 2024-03-05 13:39:29 +01:00
Willem Toorop
e1229e375f
Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage (#1010) 
* Mention REFUSED with TC with unmatched allow_cookie acl in manpage

Also moved the part about bypassing ip-ratelimit to the ip-ratelimit
description as it will be bypassed with a valid DNS-Cookie regardless of the
allow_cookie acl.

* Apply suggestions from code review

* Update doc/unbound.conf.5.in

* DNS-Cookies should bypass ip-ratelimit setting
 2024-02-20 15:29:34 +01:00
dyunwei
eb7eb5ce68 Fix NLnetLabs#981: dump_cache truncates large records. 2024-01-09 14:17:31 +08:00
W.C.A. Wijngaards
b9b488b6d3 - Remove unneeded newlines and improve indentation in remote control 
code.
 2024-01-04 17:06:15 +01:00
k-akashi
4b9cd8e81d Add DoH and DoT to dnstap message 2023-12-27 07:26:21 +09:00
W.C.A. Wijngaards
3d1bc143af - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. 2023-12-05 10:05:51 +01:00
Wouter Wijngaards
c4e0354876
Merge pull request #971 from dukeartem/master 
fix 'WARNING: Message has 41 extra bytes at end'
 2023-12-05 09:09:23 +01:00
Artem
389e820878
fix 'WARNING: Message has 41 extra bytes at end' 2023-12-05 09:43:15 +03:00
W.C.A. Wijngaards
35d0a8a843 - Fix to print detailed errors when an SSL IO routine fails via 
SSL_get_error.
 2023-10-19 11:17:32 +02:00
George Thessalonikefs
07149f576a - Better fix for infinite loop when reading multiple lines of input on 
a broken remote control socket, by treating a zero byte line the
  same as transmission end. Addesses #947 and #948.
 2023-10-13 14:58:16 +02:00
Wouter Wijngaards
5c6c57ed89
Merge pull request #944 from NLnetLabs/disable-edns-do 
Disable EDNS DO
 2023-10-12 14:04:29 +02:00
George Thessalonikefs
516f90abdb - Fix infinite loop when reading multiple lines of input on a broken 
remote control socket. Addesses #947 and #948.
 2023-10-10 15:17:48 +02:00
W.C.A. Wijngaards
39df4f0923 - disable-edns-do, queriers receive no EDNS in response if the 
disable-edns-do option is enabled and they set the DO flag. And unit test
  for that.
 2023-10-04 13:54:05 +02:00
George Thessalonikefs
13d4504dfc - Merge #881: Generalise the proxy protocol code. 2023-10-03 14:51:50 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
49e4258102 - For #762: Interaction between DNS Cookies and source IP ratelimiting 
by allowing Cookies to bypass the ratelimit, but still allowing
  ratelimit to valid DNS Cookie clients via the new
  ip-ratelimit-cookie option.
 2023-08-08 10:14:03 +02:00
George Thessalonikefs
4ccb613396 Merge branch 'master' into features/downstream-cookies 2023-08-05 20:37:48 +02:00
George Thessalonikefs
fbc0256825 - For #762: Cleaner manpage text and uniform use of the term DNS 
Cookies.
 2023-08-05 20:00:37 +02:00
George Thessalonikefs
b6e2f4dbf8 - For #762: Formatting. 2023-08-04 19:03:23 +02:00
George Thessalonikefs
d4145772b5 - Move a cache reply callback in worker.c closer to the cache reply 
generation.
 2023-08-02 12:33:52 +02:00
George Thessalonikefs
2cc9563cf8 - Fix to use the now cached EDE, if any, for CD_bit queries. 2023-08-01 15:23:25 +02:00
George Thessalonikefs
6819c1e444 - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. 2023-07-30 11:48:04 +02:00
George Thessalonikefs
50ea4a1072 Address review comments for #759: 
- Decrease allocations for "" EDE strings when loading the cachedump.
- Check for existence of EDE code before attaching.
 2023-07-28 12:56:13 +02:00
George Thessalonikefs
5b7faca7db For #909: Numeric truncation when parsing TYPEXX and CLASSXX representation 
- Fix return values.
- Formatting nits.
 2023-07-20 11:42:05 +02:00
headshog
0b131d5a31 parse sldns_get_rr_class_by_name and sldns_get_rr_type_by_name return value 0 2023-07-19 18:09:03 +03:00
George Thessalonikefs
90b434c260 - For #759: add support for cached EDEs to cachedump 2023-07-19 17:06:10 +02:00
George Thessalonikefs
f5a2a58ce3 Review for #759: 
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
  0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
 2023-07-17 17:26:31 +02:00
George Thessalonikefs
15b8d8b96a Merge branch 'master' into features/ede-caching 2023-07-13 11:25:59 +02:00
George Thessalonikefs
a952ac17be Merge branch 'tilan7663-subnet_cache_prefetch' into subnet_cache_prefetch 2023-07-07 16:50:58 +02:00
George Thessalonikefs
40e47bf767 - For #664: easier code flow for subnetcache prefetching. 
- For #664: add testcase.
 2023-07-06 22:22:21 +02:00
George Thessalonikefs
41dac805f5 - Merge #892: Add cachedb hit stat. Introduces 'num.query.cachedb' as 
a new statistical counter.
 2023-06-27 12:46:26 +02:00
George Thessalonikefs
0f1ea7e490 - Properly handle all return values of worker_check_request during 
early EDE code.
- Do not check the incoming request more than once.
 2023-06-14 11:40:59 +02:00
Yorgos Thessalonikefs
9412b9c2ca
Review comment for daemon/stats.c 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2023-06-02 12:39:23 +02:00
George Thessalonikefs
4f52be4db9 - Introduce num.query.cachedb to track cache hits for the external cache. 2023-05-30 17:49:50 +02:00
W.C.A. Wijngaards
2a2598dbf2 - Fix #888: [FR] Use kernel timestamps for dnstap. 2023-05-16 08:50:38 +02:00
George Thessalonikefs
20184483df Merge branch 'eqvinox-nat64' 2023-05-01 18:24:05 +02:00
W.C.A. Wijngaards
70c2b587fc - Fix RPZ IP responses with trigger rpz-drop on cache entries, that 
they are dropped.
 2023-05-01 09:26:17 +02:00
George Thessalonikefs
e1ec3cf893 Merge branch 'nat64' of https://github.com/eqvinox/unbound into eqvinox-nat64 2023-04-26 15:14:39 +02:00
Vadim Fedorenko
263096d1f6 stats: add query max wait time metric 
Add new statistic value to know the size of the queue in microseconds.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-26 03:27:25 -07:00
Vadim Fedorenko
e577ab105e stats: add counter for timed out queries 
Add counter `num_queries_timed_out` meaning queries that were sitting in the
socket queue and waiting to being processed too long. There is no reason
to process such queries, so let's drop it in the very beginning of the
pipeline.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-26 03:27:25 -07:00
Vadim Fedorenko
2e6ddd6032 netevent: parse and store rcv timestamp from sock 
Add special field in comm_point to store the software receive timestamp
for every particular UDP packet. Aux data parser is updated to read
values and the whole callback is switched to use recvmsg form.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-26 03:26:51 -07:00
Vadim Fedorenko
a197aac2f6 timeval_func: move all timeval manipulation to separate file 
There are several definitions of the same functions manipulating timeval
structures. Let's move them to separate file and arrange the code
preperly.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-26 03:23:41 -07:00
Vadim Fedorenko
648ad4db6f Linting change. 
Remove config parser/lexer code as it's rebuilded every time but can
break adding new config options.
Also clean up the code base to avoid mixing actual code changes and lint
issues.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-25 17:05:00 -07:00
George Thessalonikefs
b5cc8b6c59 - Generalise the proxy protocol code 2023-04-24 16:15:56 +02:00
W.C.A. Wijngaards
a97d7175a6 - Fix ssl.h include brackets, instead of quotes. 2023-03-16 15:40:43 +01:00
Sergey Kacheev
52a4ccee18 add a metric about the maximum number of collisions in lrushah 2023-01-13 13:33:38 +07:00
George Thessalonikefs
7716d26d46 - Use an explicit 'reload_keep_cache' command and introduce test cases 
for #569.
 2022-12-14 16:33:28 +01:00
George Thessalonikefs
857d6ce3a1 Merge branch 'reuse-caches-on-reload' of https://github.com/jinmeiib/unbound-1 into jinmeiib-reuse-caches-on-reload 2022-12-13 16:42:38 +01:00
George Thessalonikefs
859d0f2dfe - Expose 'statistics-inhibit-zero' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 10:47:37 +01:00
George Thessalonikefs
90f6cb1158 - Add SVCB and HTTPS to the types removed by 'unbound-control flush'. 2022-11-30 14:33:16 +01:00
George Thessalonikefs
896f7a8306 - Ignore expired error responses. 2022-11-22 17:44:55 +01:00
TCY16
8b4a8493d0 Merge branch 'master' of github.com:NLnetLabs/unbound into features/ede-caching 2022-11-21 11:34:36 +01:00
TCY16
b65ff768bc remove superfluous variables 2022-11-18 11:30:11 +01:00
Willem Toorop
8df26b132b Merge branch 'master' into devel/merge-master-into-downstream-cookies 2022-11-07 17:09:20 +00:00
David Lamparter
64fb06f892 NAT64 support 
This implements #721.  Includes documentation and some very basic tests.
Please refer to doc for further detail.
 2022-11-07 11:37:50 +00:00
W.C.A. Wijngaards
6b8181acb7 - Fix dnscrypt compile for proxy protocol code changes. 2022-10-05 14:09:12 +02:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
W.C.A. Wijngaards
7d96a7e3fe - Fix windows compile, the identifier interface is defined in headers. 2022-10-03 15:03:50 +02:00
Willem Toorop
75f3fbdd65 Downstream DNS Cookies a la RFC7873 and RFC9018 
Create server cookies for clients that send client cookies.
Needs to be turned on in the config file with:

	answer-cookie: yes

A cookie-secret can be configured for anycast setups.
Also adds an access control list that will allow queries with
either a valid cookie or over a stateful transport.
 2022-09-28 10:28:19 +02:00
Willem Toorop
71f23ef354 extended_error_encode() for extended errors 2022-09-28 09:57:56 +02:00
TCY16
d731fa2e21 use correct edns_list attach function 2022-09-21 16:19:38 +02:00
TCY16
dcfcde2ec8 add cached EDE strings 2022-09-21 11:21:33 +02:00
Yorgos Thessalonikefs
eb02170338
Apply suggestions from code review 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2022-09-16 14:43:23 +02:00
George Thessalonikefs
d301bfe4a2 - ACL per interface: refactor, complete testing and a bugfix for 
interface names.
 2022-09-11 20:57:41 +02:00
George Thessalonikefs
7e9fd2114b Cleared error messages for interface-* options. 2022-09-11 20:21:32 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
5bbaf78c3f - Remove include that was there for debug purposes. 2022-09-02 10:11:23 +02:00
W.C.A. Wijngaards
57230d7f22 - Fix to log a verbose message at operational notice level if a 
thread is not responding, to stats requests. It is logged with
  thread identifiers.
 2022-09-01 15:14:20 +02:00
TCY16
5f309d0018 Add caching EDEs 2022-09-01 14:10:14 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
JINMEI Tatuya
fccb2eb2e8 prevent memory leak in case cache isn't reused 2022-07-22 14:33:21 -07:00
George Thessalonikefs
b816318106 - Fix #704: [FR] Statistics counter for number of outgoing UDP queries 
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
  command.
 2022-06-29 10:51:54 +02:00
George Thessalonikefs
c8e7539313 - Formatting. 2022-06-28 18:31:27 +02:00