`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
Enabling this option protects the Unbound resolver against bad
glue, that is unverified out of zone glue, by resolving them.
It uses the records as last resort if there is no other working
glue.
performed, so that with nonzero target-fetch-policy it fetches
forwarder addresses and uses them from cache. Also updated that
delegation point cache fill routines use CDflag for AAAA message
lookups, so that its negative lookup stops a recursion since the
cache uses the bit for disambiguation for dns64 but the recursion
uses CDflag for the AAAA target lookups, so the check correctly
stops a useless recursion by its cache lookup.
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
up to parent to not cause delegation invalidation because of an
expired child delegation that would never be updated. Most likely to
happen without qname-minimisation. Reported by Roland van Rijswijk-Deij.
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
DDoS attacks, reported by Xiang Li and Wei Xu from NISL Lab,
Tsinghua University. The fix stops query loops, by refusing to send
RD=0 queries to a forwarder, they still get answered from cache.
* - Introduce leniency for target discovery when under load.
* - Allow for easier testing (to be reverted).
* - Happy compiler.
* - Precheck access to target_fetch_policy.
* - Do not mark a nameserver as resolved when one of A/AAAA is negative.
* - Update fetch_glue.rpl test for (possible) outstanding queries.
* - Update fetch_glue_cname.rpl test for possible outstanding queries.
* - Better fix for fetch_glue_cname.rpl.
* - Fix iter_emptydp_for_glue.rpl to match the referral.
* - Disabled the nxns tests for now (to be reverted).
* - Update iter_recurse.rpl for possible outstanding queries.
* Revert "- Disabled the nxns tests for now (to be reverted)."
This reverts commit 34a9c13a90.
* Revert "- Allow for easier testing (to be reverted)."
This reverts commit b6dfe35e1d.
