upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-15 08:37:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5853 commits 26 branches 209 tags 136 MiB
Commit graph

943 commits

Author SHA1 Message Date
Ralph Dolmans
16543731f5 - Fix doxygen issue 2020-01-15 23:14:24 +01:00
Ralph Dolmans
344f12dd99 - fix compiler warnings 2020-01-15 23:03:44 +01:00
Ralph Dolmans
14913d75c0 - processed RPZ review feedback 
- fix potential locking issue
  - add extra out of bound checks
 2020-01-15 22:45:29 +01:00
Ralph Dolmans
e098285892 - Implement RPZ CNAME target wildcard synthesis 2020-01-15 22:42:18 +01:00
W.C.A. Wijngaards
1e0c957dcd - Fix auth zone support for NSEC3 records without salt. 2020-01-14 16:03:29 +01:00
Ralph Dolmans
ae4f6a259b Proccess more review feedback 2019-12-23 16:02:43 +01:00
W.C.A. Wijngaards
41d3e2027c - Fix to make auth zone IXFR to fallback to AXFR if a single 
response RR is received over TCP with the SOA in it.
 2019-12-10 13:09:50 +01:00
W.C.A. Wijngaards
5a66aecef9 - Fix similar code in auth_zone synth cname to add the extra checks. 2019-12-03 15:11:22 +01:00
W.C.A. Wijngaards
1718a8e6b5 - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. 2019-11-22 14:23:00 +01:00
Ralph Dolmans
bbb737ca5a processing RPZ review feedback 2019-11-22 12:56:24 +08:00
W.C.A. Wijngaards
493921ef1f Review fix of space. 2019-11-20 14:24:31 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
16bbfc3461 - Fix authzone printout buffer length check. 2019-11-19 10:09:44 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
PMunch
1762437121 Add dynamic library support 2019-10-21 09:34:51 +02:00
W.C.A. Wijngaards
554e4a939c - Fix fix for #78 to also free service callback struct. 2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
1a4eaaabc5 - Fix #78: Memory leak in outside_network.c. 2019-09-19 09:11:23 +02:00
Ralph Dolmans
4ac33aa104 - Merge clean up 
- revert dname2str off by one fix
- fix str2dname off by one at right location
 2019-09-09 17:13:08 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
Ralph Dolmans
bc39217070 Don't pass along unused parameter 2019-08-23 12:45:34 +02:00
Ralph Dolmans
ccb576f95e - add always_deny action, use this one for RPZ 
- use localzone's memory layout when removing rr from rrset
 2019-08-23 12:15:37 +02:00
Ralph Dolmans
a16111d471 Prevent potential double free 2019-08-16 12:13:30 +02:00
Ralph Dolmans
965f16cc89 - Add RPZ AXFR test 
- Fix memory leak
 2019-08-13 17:06:43 +02:00
Ralph Dolmans
88fce791df - Add RPZ respip test 
- Fix rpz memory leak
 2019-08-12 16:06:15 +02:00
Ralph Dolmans
401fc15443 - Extend RPZ/QNAME trigger test 
- Fix potential memory leak
 2019-08-08 16:07:16 +02:00
Ralph Dolmans
0987a82877 Add statistics support for disabled (action override) response IP RPZ 
triggers.
 2019-08-07 14:09:48 +02:00
W.C.A. Wijngaards
df0c844eed - Fix to timeval_add for remaining second in microseconds. 2019-08-01 16:48:41 +02:00
W.C.A. Wijngaards
199e6c586b - Fix to return after failed auth zone http chunk write. 
- Fix to remove unused test for task_probe existance.
 2019-08-01 16:40:52 +02:00
Ralph Dolmans
1c5d081853 - Add RPZ response IP override option, logging, and statistics 2019-08-01 14:31:37 +02:00
W.C.A. Wijngaards
7d5ab2f4de - Add verbose log message when auth zone file is written, at level 4. 2019-07-29 09:25:49 +02:00
W.C.A. Wijngaards
5f5c00203e - Fix question section mismatch in local zone redirect. 2019-07-23 14:01:59 +02:00
Ralph Dolmans
9ce7045413 - Fix doxygen issue 
- Fix memory leak
 - IANA ports update
 - merge littlehash ASAN changes
 2019-07-16 19:45:49 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
Ralph Dolmans
395d83cfc8 Procedures to parse RPZ ip address notation. 2019-06-24 16:01:01 +02:00
W.C.A. Wijngaards
ed95b07764 Merge branch 'master' of git://github.com/k9982874/unbound into k9982874-master 2019-06-18 13:52:52 +02:00
W.C.A. Wijngaards
bf2307ca97 - Fix for #24: Fix abort due to scan of auth zone masters using old 
address from previous scan.
 2019-06-17 14:15:36 +02:00
W.C.A. Wijngaards
6067ce6d2b - Fix that fixes the Fix that spoolbuf is not used to store tcp 
pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
 2019-06-11 12:15:43 +02:00
Ralph Dolmans
3021e320dd Only strdup rpz_log_name when configured 2019-06-05 14:26:57 +02:00
Ralph Dolmans
bc83e0b016 fix double free issue 2019-06-04 12:38:44 +02:00
Ralph Dolmans
268580f348 Added RPZ log name and stats 2019-06-03 15:46:39 +02:00
W.C.A. Wijngaards
a03f0a388e - Fix double file close in tcp pipelined response code. 2019-05-27 11:23:41 +02:00
Wouter Wijngaards
0b77c9d676 - Fix that spoolbuf is not used to store tcp pipelined response 
between mesh send and callback end.
 2019-05-24 09:35:38 +02:00
Ralph Dolmans
b0b69321f9 - Added RPZ action overrides 
- Added RPZ policy apply logging
 2019-05-16 22:30:42 +02:00
W.C.A. Wijngaards
a08fe8ca60 - Attempt to fix malformed tcp response. 2019-05-13 15:39:59 +02:00
Kevin Chu
1a48bdebb5 Add support for ipset 2019-05-02 19:43:30 +08:00
Wouter Wijngaards
e60f92ea29
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:41:56 +02:00
Wouter Wijngaards
46b5e96c54
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:41:45 +02:00
Wouter Wijngaards
f5a197f96e
Update services/outside_network.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:45 +02:00
Wouter Wijngaards
196654efec
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:09 +02:00
Wouter Wijngaards
a9c8d00d63
Update services/outside_network.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:04 +02:00
Wouter Wijngaards
5e4cfcc665
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:24:45 +02:00
Wouter Wijngaards
193cb2fcc4
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:23:23 +02:00
Wouter Wijngaards
b57a2f15db
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:23:11 +02:00
wtoorop
e19da1b619
Merge pull request #3 from wcawijngaards/features/XoT 
Fixup fd pass.
 2019-04-29 10:44:06 +02:00
W.C.A. Wijngaards
6ce60bcb61 Fixup fd pass. 2019-04-29 10:40:12 +02:00
Wouter Wijngaards
ff026a1f3c
Merge branch 'master' into features/XoT 2019-04-29 10:32:27 +02:00
W.C.A. Wijngaards
af11b54071 Review changes for the XoT branch 
With doc, SSL setup function, and function parameter doc.
 2019-04-29 10:25:19 +02:00
Ralph Dolmans
a7f68865e4 - Make IXFR deletion more robust 2019-04-25 20:00:56 +02:00
Ralph Dolmans
8dac8c00ce - Don't attempt an RPZ delete for unsupported actions 2019-04-25 19:02:17 +02:00
Ralph Dolmans
83bf2fd253 - locking issues 2019-04-25 16:14:39 +02:00
Wouter Wijngaards
2a78803049 - Fix wrong query name in local zone redirect answers with a CNAME, 
the copy of the local alias is in unpacked form.


git-svn-id: file:///svn/unbound/trunk@5175 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-25 14:07:42 +00:00
Ralph Dolmans
46acf0f99d Merge branch 'feature/rpz' of github.com:ralphdolmans/unbound into feature/rpz 2019-04-25 14:47:09 +02:00
Ralph Dolmans
ba67920f9a - IXFR/AXFR support for RPZ 2019-04-25 14:46:45 +02:00
Ralph Dolmans
186c9e8e82
Merge pull request #5 from NLnetLabs/master 
bring fork up to date
 2019-04-25 14:43:02 +02:00
Ralph Dolmans
edf1ad369a - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain 
answers.
 - For harden-below-nxdomain: do not consider a name to be non-exitent when
   message contains a CNAME record.


git-svn-id: file:///svn/unbound/trunk@5174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 15:09:15 +00:00
Wouter Wijngaards
2552a81b40 - Better braces in if statement in TCP fastopen code. 
git-svn-id: file:///svn/unbound/trunk@5160 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-16 12:53:50 +00:00
Wouter Wijngaards
ead84a5a64 Nicer. 
git-svn-id: file:///svn/unbound/trunk@5156 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 13:51:08 +00:00
Wouter Wijngaards
c6369e9ffa - Fix that auth zone fails over to next master for timeout in tcp. 
git-svn-id: file:///svn/unbound/trunk@5155 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 13:41:53 +00:00
Wouter Wijngaards
474afc9016 - Fix that auth zone uses correct network type for sockets for 
SOA serial probes.  This fixes that probes fail because earlier
  probe addresses are unreachable.


git-svn-id: file:///svn/unbound/trunk@5154 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 08:00:33 +00:00
Ralph Dolmans
edcf2ddd12 - Fix locking issue 
- Fixes for compiler warnings
 2019-04-10 11:53:08 +02:00
Wouter Wijngaards
c26fc84945 - verbose information about auth zone lookup process, also lookup 
start, timeout and fail.


git-svn-id: file:///svn/unbound/trunk@5150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 12:42:09 +00:00
Ralph Dolmans
c66e47c372 Initial RPZ commit - now with all files 2019-04-05 17:39:10 +02:00
Ralph Dolmans
9274d2630e Initial RPZ commit 2019-04-05 17:38:43 +02:00
Willem Toorop
92121f7878 Report XoT failure as XoT failure, not https 2019-04-03 12:41:14 +02:00
Wouter Wijngaards
ce8167a3bb - Fix auth-zone NSEC3 response for wildcard nodata answers, 
include the closest encloser in the answer.


git-svn-id: file:///svn/unbound/trunk@5146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-03 06:36:40 +00:00
Wouter Wijngaards
8a0de6b519 - Fix for auth zone nsec3 ent fix for wildcard nodata. 
git-svn-id: file:///svn/unbound/trunk@5144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 14:28:36 +00:00
Wouter Wijngaards
59570b0413 - Fix auth-zone NSEC3 response for empty nonterminals with exact 
match nsec3 records.


git-svn-id: file:///svn/unbound/trunk@5142 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 12:21:41 +00:00
Willem Toorop
48ad6477eb AXFR over TLS 
Enable by specifying an auth name, like this:
```
auth-zone:
        name: nlnetlabs.nl
        master: 185.49.140.60#ns.nlnetlabs.nl
```
 2019-03-24 10:43:57 +01:00
Wouter Wijngaards
ce0628ee55 - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482. 
git-svn-id: file:///svn/unbound/trunk@5137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 09:26:06 +00:00
Wouter Wijngaards
bb5251da66 - Add log message, at verbosity 4, that says the query is encrypted 
with TLS, if that is enabled for the query.


git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 08:41:39 +00:00
Wouter Wijngaards
c79a99a577 Fix to account for tabs as well. 
git-svn-id: file:///svn/unbound/trunk@5129 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-28 12:06:04 +00:00
Wouter Wijngaards
a82c0eeece - Print correct module that failed when module-config is wrong. 
git-svn-id: file:///svn/unbound/trunk@5128 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-28 09:56:45 +00:00
Wouter Wijngaards
225534e5ab - Fix #4227: pair event del and add for libevent for tcp_req_info. 
git-svn-id: file:///svn/unbound/trunk@5122 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-25 15:48:27 +00:00
Wouter Wijngaards
62428e17f6 - Fix the error for unknown module in module-config is understandable, 
and explains it was not compiled in and where to see the list.


git-svn-id: file:///svn/unbound/trunk@5119 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-21 09:40:25 +00:00
Wouter Wijngaards
91e863138b - Print query name and IP address when domain rate limit exceeded. 
git-svn-id: file:///svn/unbound/trunk@5117 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 15:53:02 +00:00
Wouter Wijngaards
d1e92a0ebd - Spaces instead of tabs in that log message. 
git-svn-id: file:///svn/unbound/trunk@5116 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 12:32:42 +00:00
Wouter Wijngaards
3949bf2c82 - Print query name with ip_ratelimit exceeded log lines. 
git-svn-id: file:///svn/unbound/trunk@5115 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 10:40:41 +00:00
Wouter Wijngaards
cae8361dcd - Fix #4225: clients seem to erroneously receive no answer with 
DNS-over-TLS and qname-minimisation.


git-svn-id: file:///svn/unbound/trunk@5108 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-08 15:05:24 +00:00
Wouter Wijngaards
fe97f25b75 - Fix that log-replies prints the correct name for local-alias 
names, for names that have a CNAME in local-data configuration.
  It logs the original query name, not the target of the CNAME.
- Add local-zone type inform_redirect, which logs like type inform,
  and redirects like type redirect.


git-svn-id: file:///svn/unbound/trunk@5099 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 09:51:27 +00:00
Ralph Dolmans
723845b350 - Fix case in which query timeout can result in marking delegation as 
edns_lame_known.


git-svn-id: file:///svn/unbound/trunk@5089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-30 13:44:19 +00:00
Wouter Wijngaards
ce65cdde71 - no lock when threads disabled in tcp request buffer count. 
git-svn-id: file:///svn/unbound/trunk@5076 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:54:40 +00:00
Wouter Wijngaards
3028fa50a8 - Patch from Florian Obser fixes some compiler warnings: 
include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c



git-svn-id: file:///svn/unbound/trunk@5072 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:05:00 +00:00
Wouter Wijngaards
649e265d6f - Fix for IXFR fallback to reset counter when IXFR does not timeout. 
git-svn-id: file:///svn/unbound/trunk@5066 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 11:52:17 +00:00
Wouter Wijngaards
55f560a3ca - Fix that auth zone after IXFR fallback tries the same master. 
git-svn-id: file:///svn/unbound/trunk@5053 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:44:09 +00:00
Wouter Wijngaards
51caffb454 - Fix for #4219: secondaries not updated after serial change, unbound 
falls back to AXFR after IXFR gives several timeout failures.


git-svn-id: file:///svn/unbound/trunk@5052 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:36:58 +00:00
Wouter Wijngaards
c10712a82b - Fix space calculation for tcp req buffer size. 
git-svn-id: file:///svn/unbound/trunk@5047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 08:27:49 +00:00
Wouter Wijngaards
d81e2c654f - Add stream-wait-size: 4m config option to limit the maximum 
memory used by waiting tcp and tls stream replies.  This avoids
  a denial of service where these replies use up all of the memory.


git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 16:20:14 +00:00
Wouter Wijngaards
be4583ac84 - Fix that multiple dns fragments can be carried in one TLS frame. 
git-svn-id: file:///svn/unbound/trunk@5043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 13:41:13 +00:00
Wouter Wijngaards
19a3907657 - increase mesh max activation count for capsforid long fetches. 
git-svn-id: file:///svn/unbound/trunk@5039 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-17 08:58:09 +00:00
Ralph Dolmans
f30fe71395 - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query 
without EDNS after timeout.


git-svn-id: file:///svn/unbound/trunk@5037 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-16 10:23:13 +00:00
Wouter Wijngaards
ec6f4bab46 comment fixes after review. 
git-svn-id: file:///svn/unbound/trunk@5036 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 13:42:22 +00:00
Wouter Wijngaards
0d2efc3f3f - Review fixes in out of order processing. 
git-svn-id: file:///svn/unbound/trunk@5035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 10:27:00 +00:00
Wouter Wijngaards
bb480068fa - In the out of order processing, reset byte count for (potential) 
partial read.


git-svn-id: file:///svn/unbound/trunk@5034 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 09:24:00 +00:00
Wouter Wijngaards
ae9fe1a10e - streamtcp option -a send queries consecutively and prints answers 
as they arrive.
- Fix for out of order processing administration quit cleanup.
- unit test for tcp out of order processing.


git-svn-id: file:///svn/unbound/trunk@5033 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-14 15:52:50 +00:00
Wouter Wijngaards
dd19026e91 - Initial commit for out-of-order processing for TCP and TLS. 
git-svn-id: file:///svn/unbound/trunk@5032 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-11 14:12:27 +00:00
Wouter Wijngaards
42d2c04ae1 - Log query name for looping module errors. 
git-svn-id: file:///svn/unbound/trunk@5031 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-09 13:57:14 +00:00
Wouter Wijngaards
db2557826a - Fix NSEC3 record that is returned in wildcard replies from 
auth-zone zones with NSEC3 and wildcards.


git-svn-id: file:///svn/unbound/trunk@5030 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-08 14:39:31 +00:00
Wouter Wijngaards
90b00dfe57 - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, 
and server tcp fastopen is enabled at compile time.


git-svn-id: file:///svn/unbound/trunk@5026 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-07 09:06:41 +00:00
Wouter Wijngaards
1b72e814e7 - Fixup openssl 1.0.2 compile 
git-svn-id: file:///svn/unbound/trunk@5019 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:36:43 +00:00
Wouter Wijngaards
71b078611f - Fix #4206: support openssl 1.0.2 for TLS hostname verification, 
alongside the 1.1.0 and later support that is already there.


git-svn-id: file:///svn/unbound/trunk@5018 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:27:24 +00:00
Wouter Wijngaards
b23c373f4d - Refuse to start with no ports. 
git-svn-id: file:///svn/unbound/trunk@4997 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 14:26:16 +00:00
Wouter Wijngaards
63dcbe3d75 - Fix chroot auth-zone fix to remove chroot prefix. 
git-svn-id: file:///svn/unbound/trunk@4992 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 08:27:47 +00:00
Wouter Wijngaards
3330d5296c - Fix leak in chroot fix for auth-zone. 
git-svn-id: file:///svn/unbound/trunk@4989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-28 12:37:52 +00:00
Wouter Wijngaards
60da4369a4 - stat count SERVFAIL downstream auth-zone queries for expired zones. 
git-svn-id: file:///svn/unbound/trunk@4984 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:42:59 +00:00
Wouter Wijngaards
b04e84ab9e - auth-zone give SERVFAIL when expired, fallback activates when 
expired, and this is documented in the man page.


git-svn-id: file:///svn/unbound/trunk@4983 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:31:37 +00:00
Wouter Wijngaards
068c52d8f5 - Fix that empty zonefile means the zonefile is not set and not used. 
git-svn-id: file:///svn/unbound/trunk@4973 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:55:18 +00:00
Wouter Wijngaards
692caffe2c - auth zone zonefiles can be in a chroot, the chroot directory 
components are removed before use.


git-svn-id: file:///svn/unbound/trunk@4972 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:51:09 +00:00
Wouter Wijngaards
069b0b8c90 - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes 
option in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4960 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-19 09:36:27 +00:00
Wouter Wijngaards
23505d30a5 - Fix #4190: Please create a "ANY" deny option, adds the option 
deny-any: yes in unbound.conf.  This responds with an empty message
  to queries of type ANY.


git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:07:37 +00:00
Wouter Wijngaards
2d28fba3bf - Squelch log of failed to tcp initiate after TCP Fastopen failure. 
git-svn-id: file:///svn/unbound/trunk@4937 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-08 13:27:53 +00:00
Wouter Wijngaards
945452bff4 - Squelch EADDRNOTAVAIL errors when the interface goes away, 
this omits 'can't assign requested address' errors unless
  verbosity is set to a high value.


git-svn-id: file:///svn/unbound/trunk@4931 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-05 06:29:05 +00:00
Wouter Wijngaards
d967ceb98b Remove that fix, analyzer is for debug with assertions. 
- Fix clang analyzer for optimize compile analysis.


git-svn-id: file:///svn/unbound/trunk@4929 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-02 12:32:33 +00:00
Wouter Wijngaards
377d5b426a - Add SSL cleanup for tcp timeout. 
git-svn-id: file:///svn/unbound/trunk@4915 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-25 09:01:13 +00:00
Wouter Wijngaards
f82a128909 - Perform TLS SNI indication of the host that is being contacted 
for DNS over TLS service.  It sets the configured tls auth name.
  This is useful for hosts that apart from the DNS over TLS services
  also provide other (web) services.


git-svn-id: file:///svn/unbound/trunk@4914 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-25 08:31:42 +00:00
Wouter Wijngaards
9b6caf5a5b - Fix that with harden-below-nxdomain and qname minisation enabled 
some iterator states for nonresponsive domains can get into a
  state where they waited for an empty list.
- Stop UDP to TCP failover after timeouts that causes the ping count
  to be reset by the TCP time measurement (that exists for TLS),
  because that causes the UDP part to not be measured as timeout.


git-svn-id: file:///svn/unbound/trunk@4912 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-17 11:25:52 +00:00
Wouter Wijngaards
2e9d09b961 - initialize statistics totals for printout. 
- in authzone check that node exists before adding rrset.
	- in unbound-anchor, use readwrite memory BIO.
	- assertion in autotrust that packed rrset is formed correctly.


git-svn-id: file:///svn/unbound/trunk@4903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:20:41 +00:00
Ralph Dolmans
987c1c97e5 - More explicitly mention the type of ratelimit when applying ip-ratelimit. 
git-svn-id: file:///svn/unbound/trunk@4884 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-04 09:16:07 +00:00
Wouter Wijngaards
27472f1270 better locking. 
git-svn-id: file:///svn/unbound/trunk@4880 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-30 09:21:05 +00:00
Wouter Wijngaards
30a14c2716 - Fix that a local-zone with a local-zone-type that is transparent 
in a view with view-first, makes queries check for answers from the
  local-zones defined outside of views.


git-svn-id: file:///svn/unbound/trunk@4879 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-30 09:06:07 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
George Thessalonikefs
0171d06aa2 - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This 
gives access to reply information for the client's communication
  point when the callback is called before the mesh state (modules).
  Changes to C and Python's inplace_callback signatures were also
  necessary.


git-svn-id: file:///svn/unbound/trunk@4870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-22 10:51:13 +00:00
Wouter Wijngaards
01d8dc2240 - log-local-actions: yes option for unbound.conf that logs all the 
local zone actions, a patch from Saksham Manchanda (Secure64).


git-svn-id: file:///svn/unbound/trunk@4864 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 07:10:09 +00:00
Wouter Wijngaards
4fe427ded2 - log-servfail: yes prints log lines that say why queries are 
returning SERVFAIL to clients.


git-svn-id: file:///svn/unbound/trunk@4863 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 15:22:05 +00:00
Wouter Wijngaards
b0daf867c2 and the error looks good. 
git-svn-id: file:///svn/unbound/trunk@4860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 14:17:48 +00:00
Wouter Wijngaards
8385c462ed - print servfail info to log as error. 
git-svn-id: file:///svn/unbound/trunk@4859 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 13:29:27 +00:00
Wouter Wijngaards
1958d9fbd5 - Fix segfault in auth-zone read and reorder of RRSIGs. 
git-svn-id: file:///svn/unbound/trunk@4853 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-15 09:26:13 +00:00
Wouter Wijngaards
efe5c8e6be - Fix #4144: dns64 module caches wrong (negative) information. 
git-svn-id: file:///svn/unbound/trunk@4850 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-10 08:03:17 +00:00
Wouter Wijngaards
586b811b87 - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). 
This limits the number of simultaneous TCP client connections
  from a nominated netblock.
And a simple test for TCP connection limit.


git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 11:57:42 +00:00
George Thessalonikefs
749d1b9ebc - Expose if a query (or a subquery) was ratelimited (not src IP 
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Tidy pylib tests.


git-svn-id: file:///svn/unbound/trunk@4828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 14:00:46 +00:00
Wouter Wijngaards
62f69f9b40 - Fix to remove systemd sockaddr function check, that is not 
always present.  Make socket activation more lenient.  But not
  different when socket activation is not used.


git-svn-id: file:///svn/unbound/trunk@4824 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-01 13:49:27 +00:00
Wouter Wijngaards
cc538f4f9f - Please doxygen so it passes. 
git-svn-id: file:///svn/unbound/trunk@4813 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 08:10:20 +00:00
Wouter Wijngaards
b7abbd1d72 - Fix mesh.c incompatible pointer pass. 
- yacc and lex.


git-svn-id: file:///svn/unbound/trunk@4808 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:23:58 +00:00
Wouter Wijngaards
3dbdde7fed - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options 
and implement option in client responses.


git-svn-id: file:///svn/unbound/trunk@4804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:18:34 +00:00
Wouter Wijngaards
007123ee2c - Sort out test runs when the build directory isn't the project 
root directory.
- Add config tcp-idle-timeout (default 30s). This applies to
  client connections only; the timeout on TCP connections upstream
  is unaffected.


git-svn-id: file:///svn/unbound/trunk@4802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:15:12 +00:00
Wouter Wijngaards
f8e585f308 nicer code, in function. 
git-svn-id: file:///svn/unbound/trunk@4790 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 15:07:09 +00:00
Wouter Wijngaards
5bda4f9822 Fixup cache size test for msg cache. 
git-svn-id: file:///svn/unbound/trunk@4789 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:56:02 +00:00
Wouter Wijngaards
d2d7b987fa brackets added. 
git-svn-id: file:///svn/unbound/trunk@4788 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:44:20 +00:00
Wouter Wijngaards
7579216922 - Resize ratelimit and ip-ratelimit caches if changed on reload. 
git-svn-id: file:///svn/unbound/trunk@4787 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:42:38 +00:00
Wouter Wijngaards
330c6e1cb0 - Fix that ratelimit and ip-ratelimit are applied after reload of 
git-svn-id: file:///svn/unbound/trunk@4786 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:27:44 +00:00
Wouter Wijngaards
cabc120f22 for outgoing UDP sockets. 
git-svn-id: file:///svn/unbound/trunk@4782 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-16 10:30:44 +00:00