upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-16 09:08:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
5586 commits 27 branches 209 tags 137 MiB
Commit graph

3879 commits

Author SHA1 Message Date
George Thessalonikefs
c5897dc058 - Fix compiler warning in dns64/dns64.c. 2020-03-02 11:52:33 +01:00
W.C.A. Wijngaards
93189d3083 Changelog note for PR #164 and text for release explanation. 
- Merge PR #164: Framestreams, this branch implements dnstap
  unidirectional connectivity in unbound. This has a number of
  new features.

  The dependency on libfstrm is removed. The fstrm protocol code
  resides in dnstap/dnstap_fstrm.h and dnstap/dnstap_fstrm.c. This
  contains a brief definition of what unbound needs.

  The make unbound-dnstap-socket builds a debug tool,
  unbound-dnstap-socket. It can listen, accept multiple DNSTAP
  streams and print information. Commandline options control it.

  Unbound can reconnect if the unix domain socket file socket is
  closed. This uses exponential backoff after which it uses a
  one second timer to throttle cpu down. There is also support
  to use TCP and TLS for connecting to the log server. There
  are new config options to turn them on, in the dnstap section
  in the man page and example config file. dnstap-ip with IP
  address of server for TCP or TLS use. dnstap-tls to turn
  on TLS. And dnstap-tls-server-name, dnstap-tls-cert-bundle,
  dnstap-tls-client-key-file and dnstap-tls-client-cert-file
  to configure the certificates for server authentication and
  client authentication, or leave at "" to not use that.
 2020-02-28 15:23:54 +01:00
W.C.A. Wijngaards
614ed2717b Merge branch 'master' into framestreams 
Fixed bison and flex conflicts by regenerating the files.
 2020-02-28 14:31:24 +01:00
Ralph Dolmans
8f1cb41725 Merge PR #172: Add IBM s390x arch for testing, by noloader. 2020-02-28 11:42:17 +01:00
W.C.A. Wijngaards
d68c1e29b6 Changelog note for PR #173. 
- Merge PR #173: updated makedist.sh for config.guess and
  config.sub and sha256 digest for gpg, by noloader.
 2020-02-28 10:15:57 +01:00
George Thessalonikefs
9efe85fb4c - Merge PR #171: Add additional compilers and platforms to Travis 
testing, by noloader.
 2020-02-27 18:13:22 +01:00
W.C.A. Wijngaards
6f4818ebcb - Fix more undefined sanitizer issues, in respip copy_rrset null 
dname, and in the client_info_compare routine for null memcmp.
 2020-02-27 15:43:27 +01:00
W.C.A. Wijngaards
57bbbfc0e6 - Fix #170: Fix gcc undefined sanitizer signed integer overflow 
warning in signature expiry RFC1982 serial number arithmetic.
 2020-02-27 15:22:35 +01:00
W.C.A. Wijngaards
348e246b66 - Fix #169: Fix warning for daemon/remote.c output may be truncated 
from snprintf.
 2020-02-27 15:08:10 +01:00
W.C.A. Wijngaards
f469049198 - iana portlist updated. 2020-02-26 14:32:14 +01:00
W.C.A. Wijngaards
e24d7c64a8 Dnstap io, note that it creates a thread when possible. 2020-02-26 12:21:42 +01:00
W.C.A. Wijngaards
de35486fb7 Documentation for prefer-ip4, Issue #165. 2020-02-25 09:58:32 +01:00
W.C.A. Wijngaards
318d4e91cc - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for 
using ipv4 filters, because the hosts ip6 netblock /64 is not owned
  by one operator, and thus reputation is shared.
 2020-02-25 09:55:59 +01:00
George Thessalonikefs
f99dd8f6dc Changelog note for PR #166. 
- Merge PR #166: Fix typo in unbound.service.in, by glitsj16.
 2020-02-24 12:01:20 +01:00
W.C.A. Wijngaards
d2a843b422 - master branch has 1.10.1 version. 2020-02-20 14:42:58 +01:00
W.C.A. Wijngaards
6d7e0d68cf Note tag position in Changelog. 2020-02-20 14:41:39 +01:00
W.C.A. Wijngaards
ec0d6f196e - Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for 
Unbound from Yuri Voinov.
 2020-02-20 09:17:24 +01:00
W.C.A. Wijngaards
184f26355a Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and 
Merge branch 'master' into framestreams
 2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
6accd3d681 - protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for 
different openssl versions.
 2020-02-18 08:31:38 +01:00
W.C.A. Wijngaards
b4f055effc Merge branch 'master' into framestreams 2020-02-17 15:25:47 +01:00
W.C.A. Wijngaards
85fd23769f - changelog point where the tag for 1.10.0rc2 release is. 2020-02-17 15:24:29 +01:00
Ralph Dolmans
fe5370a98a - Add respip to supported module-config options in unbound-checkconf. 2020-02-17 13:36:30 +01:00
George Thessalonikefs
4b354d38c1 - Remove unused variable. 2020-02-17 12:56:20 +01:00
W.C.A. Wijngaards
a9b7638f4b Neater changelog 2020-02-17 10:10:44 +01:00
W.C.A. Wijngaards
42fdfd8121 - contrib/drop2rpz: perl script that converts the Spamhaus DROP-List 
in RPZ-Format, contributed by Andreas Schulze.
 2020-02-17 10:09:46 +01:00
W.C.A. Wijngaards
6d1b4e050d dnstap io, dnstap tls default is yes, and man page documentation. 2020-02-14 10:01:37 +01:00
W.C.A. Wijngaards
78e6060858 dnstap io, example.conf example, config_file entries for tcp and tls. 2020-02-14 09:03:09 +01:00
W.C.A. Wijngaards
2665ae0414 - Stop unbound-checkconf from insisting that auth-zone and rpz 
zonefiles have to exist.  They can not exist, and download later.
 2020-02-14 07:57:57 +01:00
W.C.A. Wijngaards
77bdbc6e98 - Fix spelling in unbound.conf.5.in. 2020-02-14 07:54:49 +01:00
W.C.A. Wijngaards
00d622bed7 - updated version number to 1.10.0. 2020-02-12 12:51:35 +01:00
W.C.A. Wijngaards
9e193be648 - Fix compile warning when threads disabled. 2020-02-12 11:55:02 +01:00
W.C.A. Wijngaards
7dcfe531e4 - Fix to clean memory leak of respip_addr.lock when ip_tree deleted. 2020-02-12 11:49:26 +01:00
W.C.A. Wijngaards
e965775064 - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale 
fixes, but it does not compile, conflicts with new rpz code.
 2020-02-12 11:29:55 +01:00
W.C.A. Wijngaards
6e13c6f401 - Fix contrib/fastrpz.patch to apply cleanly. 2020-02-12 11:24:59 +01:00
W.C.A. Wijngaards
2916cfb3b0 - Fix with libnettle make test with dsa disabled. 2020-02-12 11:15:24 +01:00
George Thessalonikefs
adda4f6ace - Fix use after free on log-identity after a reload; Fixes #163. 2020-02-10 13:56:22 +01:00
George Thessalonikefs
c316b1d7d5 - Document 'ub_result.was_ratelimited' in libunbound. 2020-02-10 10:31:47 +01:00
W.C.A. Wijngaards
aee3706f66 - Fix to put braces around empty if body when threading is disabled. 2020-02-06 15:33:02 +01:00
George Thessalonikefs
8e135d5f59 - Document in unbound.conf manpage that configuration clauses can be repeated in the configuration file. 2020-02-06 14:39:58 +01:00
George Thessalonikefs
5d6358b66d - Cleaner code for mesh_serve_expired_lookup. 2020-02-06 14:38:01 +01:00
W.C.A. Wijngaards
4089147351 - Fix to lock and release once in mesh_serve_expired_lookup. 2020-02-06 14:01:45 +01:00
W.C.A. Wijngaards
18ea62e369 - Fix to lock zone before adding rpz qname trigger. 2020-02-06 12:22:15 +01:00
W.C.A. Wijngaards
d000523b00 - Fix to create and destroy rpz_lock in auth_zones structure. 2020-02-06 11:51:17 +01:00
George Thessalonikefs
0758d29324 - Fix num_reply_states and num_detached_states counting with 
serve_expired_callback.
 2020-02-06 11:44:48 +01:00
W.C.A. Wijngaards
af7abd4dfd - Fix num_reply_addr counting in mesh and tcp drop due to size 
after serve_stale commit.
 2020-02-06 11:09:30 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
8c88ab4747 - Add assertion to please static analyzer 2020-02-03 16:44:21 +01:00
W.C.A. Wijngaards
7495b25f94 - Fix fclose on error in TLS session ticket code. 2020-01-31 07:49:14 +01:00
Ralph Dolmans
810862dc65 - Stop working on socket when socket() call returns an error. 
- Check malloc return values in TLS session ticket code
 2020-01-30 19:15:58 +01:00
W.C.A. Wijngaards
a4244e79ca - Add getentropy_freebsd.o to Makefile dependencies. 2020-01-30 16:15:51 +01:00
W.C.A. Wijngaards
833021d84d - Add build rule for ipset to Makefile 2020-01-30 16:12:39 +01:00
Ralph Dolmans
2c459443da - Add changelog entry for RPZ merge 2020-01-30 16:04:27 +01:00
Ralph Dolmans
056176ec9a Merge branch 'master' into rpz 2020-01-30 15:57:34 +01:00
Ralph Dolmans
d69ba6f39f - Add changelog entry for memory leak fix 2020-01-30 15:47:49 +01:00
Ralph Dolmans
5dc6798e75 Merge branch 'master' of github.com:NLnetLabs/unbound 2020-01-30 14:58:25 +01:00
Ralph Dolmans
4f5b934688 - Fix small memory leak in error condition remote.c 
- Fix double free in error condition view.c
 2020-01-30 14:56:48 +01:00
W.C.A. Wijngaards
a5f133ef2f - updated .gitignore for added contrib file. 2020-01-30 14:20:08 +01:00
W.C.A. Wijngaards
de5c0d4228 Changelog note for PR#151. 
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
  and Frzk.  Updates the unbound.service systemd file and adds
  a portable systemd service file.
 2020-01-30 14:11:41 +01:00
W.C.A. Wijngaards
20a2574da1 - Update contrib/fastrpz.patch for clean diff with current code. 2020-01-30 13:05:35 +01:00
W.C.A. Wijngaards
bf13191b87 - Fix subnet tests for disabled DSA algorithm by default. 2020-01-30 09:08:19 +01:00
Ralph Dolmans
4326b10169 - Add PR#156 merge to changelog (Added unbound-control view_local_datas_remove 
command)
 2020-01-29 15:46:05 +01:00
Ralph Dolmans
d82de651c6
Merge pull request #156 from n3bul4/master 
Added unbound-control view_local_datas_remove command
 2020-01-29 15:44:39 +01:00
Alexander Berkes
61c2333174 Added view_local_datas_remove description to documentation 2020-01-29 15:32:55 +01:00
W.C.A. Wijngaards
079de39b46 - Fix #157: undefined reference to `htobe64'. 2020-01-29 11:56:29 +01:00
W.C.A. Wijngaards
6c0a863584 - Fix to silence the tls handshake errors for broken pipe and reset 
by peer, unless verbosity is set to 2 or higher.
 2020-01-28 14:32:06 +01:00
Ralph Dolmans
a930b94658 - Add PR#147 merge to changelog 2020-01-28 13:41:26 +01:00
Ralph Dolmans
13a7783d7b
Merge pull request #147 from mnach/minor-rfc-comment 
minor #1344 change rfc reference for reserved top level dns names
 2020-01-28 13:39:18 +01:00
W.C.A. Wijngaards
f6287fc718 - iana portlist updated. 2020-01-28 12:25:37 +01:00
Mikhail Nacharov
c3fac2550f
minor #1344 change rfc reference for reserved top level dns names 2020-01-27 22:04:09 +05:00
Ralph Dolmans
0feee99055 - Add changelog entry for PR#148. 2020-01-27 16:06:06 +01:00
Ralph Dolmans
41621fb1df - Add changelog entry for RP#154 
- autoconf after PR#154
 2020-01-27 15:50:12 +01:00
W.C.A. Wijngaards
68ff1730ac - Fix #153: Disable validation for DSA algorithms. RFC 8624 
compliance.
 2020-01-27 09:40:18 +01:00
W.C.A. Wijngaards
82a6a2f8cc Changelog note for PR#155. 
- Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes
  to Libs/Requires for crypto library dependencies.
 2020-01-27 09:31:07 +01:00
W.C.A. Wijngaards
61456ff81d Changelog and contrib/README note for PR#150. 
- Merge PR#150 from Frzk: Systemd unit without chroot.  It add
  contrib/unbound_nochroot.service.in, a systemd file for use with
  chroot: "", see comments in the file, it uses systemd protections
  instead.
 2020-01-23 16:16:52 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
1e0c957dcd - Fix auth zone support for NSEC3 records without salt. 2020-01-14 16:03:29 +01:00
W.C.A. Wijngaards
ea26e5038e - Fix for memory leak when edns subnet config options are read when 
compiled without edns subnet support.
 2020-01-14 15:48:27 +01:00
W.C.A. Wijngaards
2c4be0c201 - Fix crash after reload where a stats lookup could reference old key 
cache and neg cache structures.
 2020-01-14 15:18:52 +01:00
W.C.A. Wijngaards
9b3f3101e3 - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, 
because dnscrypt-proxy (2.0.36) does not support the test setup
  any more, and also the config file format does not seem to have
  the appropriate keys to recreate that setup.
 2020-01-14 14:40:44 +01:00
W.C.A. Wijngaards
e149bc7046 - Fix unreachable code in ssl set options code. 2020-01-10 11:28:01 +01:00
W.C.A. Wijngaards
a8db52120b - Fix the relationship between serve-expired and prefetch options, 
patch from Saksham Manchanda from Secure64.
 2020-01-10 10:04:50 +01:00
Ralph Dolmans
92a525225b - Add changelog entry for fix #138 (stop binding pidfile inside chroot dir in 
systemd service file).
 2020-01-08 16:36:18 +01:00
W.C.A. Wijngaards
c4e199ecca - And update for more spare space. 2020-01-08 12:58:07 +01:00
W.C.A. Wijngaards
5ae1544583 - Updated sldns_bget_token_par fix for also space for the zero 
delimiter after the character.
 2020-01-08 11:55:42 +01:00
W.C.A. Wijngaards
05a5dc2d0d - Fix out-of-bounds null-byte write in sldns_bget_token_par while 
parsing type WKS, reported by Luis Merino from X41 D-Sec.
 2020-01-08 11:08:16 +01:00
W.C.A. Wijngaards
19473d95eb - Fix 'make test' to work for --disable-sha1 configure option. 2020-01-08 09:23:46 +01:00
George Thessalonikefs
8686b0abbf - Changes to compat/getentropy_solaris.c for, 
ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
 2020-01-07 15:19:15 +02:00
George Thessalonikefs
d68ece28c4 - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. 
The dl_iterate_phdr() function introduced in newer versions raises
  compilation errors on solaris 10.
 2020-01-07 15:06:14 +02:00
W.C.A. Wijngaards
453c84b237 - Fix #140: Document slave not downloading new zonefile upon update. 2020-01-06 16:36:44 +01:00
W.C.A. Wijngaards
20a3d3be5f (Changelog note for #135). 
- Merge #135 from Florian Obser: Use passed in neg and key cache
  if non-NULL.
 2020-01-06 16:18:46 +01:00
George Thessalonikefs
1d45b4a1e0 - Update mailing list URL. 2019-12-16 16:03:31 +01:00
Ralph Dolmans
90b42b56b6 - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by 
Florian Obser
 2019-12-12 13:05:09 +01:00
Ralph Dolmans
f1d5d5d682 Make master 1.9.7 in development. 2019-12-12 12:48:29 +01:00
W.C.A. Wijngaards
41d3e2027c - Fix to make auth zone IXFR to fallback to AXFR if a single 
response RR is received over TCP with the SOA in it.
 2019-12-10 13:09:50 +01:00
W.C.A. Wijngaards
e828d678ba - Fix Makefile.in for ipset module compile, from Adi Prasaja. 2019-12-06 11:31:34 +01:00
W.C.A. Wijngaards
f3c2d05728 - Fix ipsecmod compile. 2019-12-06 07:59:55 +01:00
W.C.A. Wijngaards
4b73b5f299 - tag for 1.9.6rc1. 2019-12-05 11:21:46 +01:00
W.C.A. Wijngaards
ff7d68ca53 - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 
replacements for unbound-fuzzme.c that gets created after applying
  the contrib/unbound-fuzzme.patch.  They are contributed by
  Eric Sesterhenn from X41 D-Sec.
 2019-12-05 09:10:49 +01:00
W.C.A. Wijngaards
3fb98a72d2 - Fix Make Test Fails when Configured With --enable-alloc-nonregional, 
reported by X41 D-Sec.
 2019-12-04 16:23:52 +01:00
W.C.A. Wijngaards
6e8b4a7796 - update contrib/fastrpz.patch to apply more cleanly. 2019-12-04 11:41:13 +01:00