upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-03 05:19:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7564 commits 23 branches 209 tags 124 MiB
Commit graph

4568 commits

Author SHA1 Message Date
W.C.A. Wijngaards
6afdc336ba - Fix test for new default. 2023-01-19 16:06:30 +01:00
W.C.A. Wijngaards
c9233f8429 - Set default for harden-unknown-additional to no. So that it does 
not hamper future protocol developments.
 2023-01-19 15:45:10 +01:00
W.C.A. Wijngaards
8df1e58209 - Add harden-unknown-additional option. Default on and it removes 
unknown records from the authority section and additional section.
  Thanks to Xiang Li, from NISL Lab, Tsinghua University.
 2023-01-19 14:59:18 +01:00
W.C.A. Wijngaards
d69f875261 - Set max-udp-size default to 1232. This is the same default value as 
the default value for edns-buffer-size. It restricts client edns
  buffer size choices, and makes unbound behave similar to other DNS
  resolvers. The new choice, down from 4096 means it is harder to get
  large responses from Unbound. Thanks to Xiang Li, from NISL Lab,
  Tsinghua University.
 2023-01-19 14:16:17 +01:00
W.C.A. Wijngaards
b12ab31ae3 - Fix not following cleared RD flags potentially enables amplification 
DDoS attacks, reported by Xiang Li and Wei Xu from NISL Lab,
  Tsinghua University. The fix stops query loops, by refusing to send
  RD=0 queries to a forwarder, they still get answered from cache.
 2023-01-18 13:18:47 +01:00
W.C.A. Wijngaards
90d42148de - Improve documentation for #826, describe the large collisions amount. 2023-01-13 11:22:47 +01:00
W.C.A. Wijngaards
469133e8df Changelog note and documentation for #826 
- Merge #826: Аdd a metric about the maximum number of collisions in
  lrushah.
 2023-01-13 11:01:46 +01:00
W.C.A. Wijngaards
aa621f1c04 Code repository continues with version 1.17.2. 2023-01-12 10:21:28 +01:00
W.C.A. Wijngaards
0fed35a4b7 - Fix python version detection in configure. 2023-01-09 15:10:00 +01:00
W.C.A. Wijngaards
4517dcd439 - Fix python module install path detection. 2023-01-09 15:03:38 +01:00
W.C.A. Wijngaards
c5c4f6d40b Changelog note for 1.17.1rc2 fix. 
- Fix wildcard in hyperlocal zone service degradation, reported
  by Sergey Kacheev. This fix is included in 1.17.1rc2.
 2023-01-06 13:23:02 +01:00
W.C.A. Wijngaards
ba6325f24f - Fix #823: Response change to NODATA for some ANY queries since 
1.12, tested on 1.16.1.
 2023-01-06 09:16:59 +01:00
W.C.A. Wijngaards
2025946247 Changelog note for tag for 1.17.1rc1. 
- Tag for 1.17.1 release.
 2023-01-05 11:06:07 +01:00
W.C.A. Wijngaards
70260273a4 - Update github workflows to use checkout v3. 2023-01-02 13:30:03 +01:00
W.C.A. Wijngaards
1224cd9d25 - Fix windows compile for libunbound subprocess reap comm point closes. 2023-01-02 13:06:39 +01:00
George Thessalonikefs
0682d4371e - Merge #569 from JINMEI Tatuya: add keep-cache option to 
'unbound-control reload' to keep caches.
 2022-12-14 16:40:00 +01:00
George Thessalonikefs
af2ef61c49 - Merge #461 from Christian Allred: Add max-query-restarts option. 2022-12-13 15:54:51 +01:00
George Thessalonikefs
67cf625608 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-12-13 13:59:42 +01:00
George Thessalonikefs
c61b2121b5 - Expose 'max-sent-count' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 13:57:07 +01:00
George Thessalonikefs
859d0f2dfe - Expose 'statistics-inhibit-zero' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 10:47:37 +01:00
W.C.A. Wijngaards
1a2e6aabac - Fix to wrap Makefile scripts directory in quotes for uninstall. 2022-12-13 09:03:52 +01:00
W.C.A. Wijngaards
726aa5b0f5 Changelog note for #808 
- Merge #808: Wrap Makefile script's directory variables in quotes.
 2022-12-13 08:53:44 +01:00
W.C.A. Wijngaards
6b8642b662 Fix date. 2022-12-01 13:05:02 +01:00
W.C.A. Wijngaards
5c041c0ba9 - Fix #773: When used with systemd-networkd, unbound does not start 
until systemd-networkd-wait-online.service times out.
 2022-12-01 13:04:05 +01:00
George Thessalonikefs
d7a9def160 - Clear documentation for interactivity between the subnet module and 
the serve-expired and prefetch configuration options.
 2022-11-30 14:45:36 +01:00
George Thessalonikefs
ef8111ece7 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-11-30 14:34:00 +01:00
George Thessalonikefs
90f6cb1158 - Add SVCB and HTTPS to the types removed by 'unbound-control flush'. 2022-11-30 14:33:16 +01:00
W.C.A. Wijngaards
effbf99281 - Fix #782: Segmentation fault in stats.c:404. 2022-11-30 10:18:27 +01:00
Philip Homburg
81861aee05 Changelog entry for #720 2022-11-29 16:20:52 +01:00
W.C.A. Wijngaards
6f7da59b77 - Fix for the ignore of tcp events for closed comm points, preserve 
the use after free protection features.
 2022-11-28 10:04:52 +01:00
George Thessalonikefs
896f7a8306 - Ignore expired error responses. 2022-11-22 17:44:55 +01:00
W.C.A. Wijngaards
f72116883b - Fix #779: [doc] Missing documention in ub_resolve_event() for 
callback parameter was_ratelimited.
 2022-11-11 11:28:15 +01:00
George Thessalonikefs
4e305e644b - Complementary fix for distutils.sysconfig deprecation in Python 3.10 
to commit 62c5039ab9.
 2022-11-09 11:41:28 +01:00
W.C.A. Wijngaards
89d9b25090 - iana portlist update. 2022-11-08 15:24:24 +01:00
W.C.A. Wijngaards
dda1d9544c - Fix #775: libunbound: subprocess reap causes parent process reap 
to hang.
 2022-11-08 15:04:05 +01:00
W.C.A. Wijngaards
52a9e6268e - Fix to make sure to not read again after a tcp comm point is closed. 2022-11-08 13:23:44 +01:00
W.C.A. Wijngaards
8367b24bc5 - Fix to ignore tcp events for closed comm points. 2022-11-08 12:02:48 +01:00
George Thessalonikefs
f531faf163 Changelog entry for #767 
- Merge #767 from jonathangray: consistently use IPv4/IPv6 in
    unbound.conf.5.
 2022-10-21 15:49:56 +02:00
W.C.A. Wijngaards
17e5dd6131 - Fix that cachedb does not store failures in the external cache. 2022-10-21 10:11:47 +02:00
George Thessalonikefs
e9107907e5 - Clarify the use of MAX_SENT_COUNT in the iterator code. 2022-10-18 12:29:07 +02:00
W.C.A. Wijngaards
ba8642aeb7 - testcode/dohclient sets log identity to its name. 2022-10-17 16:00:43 +02:00
W.C.A. Wijngaards
5ffa4d7232 - In unit test, print python script name list correctly. 2022-10-14 16:49:57 +02:00
W.C.A. Wijngaards
2571d00535 Changelog note for #768 
- Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
  extension.
 2022-10-14 16:22:17 +02:00
W.C.A. Wijngaards
5ac1bc13cb - Tag for 1.17.0 release. The code repository continues with 1.17.1. 2022-10-13 09:34:44 +02:00
W.C.A. Wijngaards
f5e1ef650d Merge branch 'branch-1.17.0' 2022-10-13 09:32:22 +02:00
George Thessalonikefs
d25e0cd9b0 - Fix PROXYv2 header read for TCP connections when no proxied addresses 
are provided.
 2022-10-11 17:39:30 +02:00
W.C.A. Wijngaards
97d1cff315 Changelog note for tag for 1.17.0rc1 release. 2022-10-07 13:29:33 +02:00
George Thessalonikefs
a4631a3ecf - Fix unit test to properly test the reuse_write_wait_pop function. 2022-10-07 11:29:46 +02:00
George Thessalonikefs
2569b12b9c - Fix to stop possible loops in the tcp reuse code (write_wait list 
and tcp_wait list). Based on analysis and patch from Prad Seniappan
  and Karthik Umashankar.
 2022-10-07 11:25:36 +02:00
W.C.A. Wijngaards
bf1cce6f9b - Fix proxy length debug output printout typecasts. 2022-10-06 15:53:21 +02:00
W.C.A. Wijngaards
b043bc5eb4 - Fix to stop responses with TC flag from resulting in partial 
responses. It retries to fetch the data elsewhere, or fails the
  query and in depth fix removes the TC flag from the cached item.
 2022-10-06 10:01:09 +02:00
George Thessalonikefs
d122617dd4 - Fix checkconf test for dnscrypt and proxy port. 2022-10-05 22:03:01 +02:00
W.C.A. Wijngaards
6b8181acb7 - Fix dnscrypt compile for proxy protocol code changes. 2022-10-05 14:09:12 +02:00
George Thessalonikefs
f609a45354 - Make ede.tdir test more predictable by using static data. 2022-10-05 02:44:50 +02:00
George Thessalonikefs
60db1111c0 - Use DEBUG_TDIR from environment in mini_tdir.sh for debugging. 
- Fix string comparison in mini_tdir.sh.
 2022-10-05 01:13:29 +02:00
George Thessalonikefs
40b2b3a6f3 Changelog entry for #764 
- Merge #764: Leniency for target discovery when under load (for
  NRDelegation changes).
 2022-10-04 22:24:18 +02:00
W.C.A. Wijngaards
f0614a57f8 - Fix to clean up after the acl_interface unit test. 2022-10-04 16:59:10 +02:00
W.C.A. Wijngaards
bf7a2884fb - Fix static analysis report to remove dead code from the 
rpz_callback_from_iterator_module function.
 2022-10-04 09:08:11 +02:00
W.C.A. Wijngaards
c0eaadfc42 - Fix to close errno block in comm_point_tcp_handle_read outside of 
ifdef.
 2022-10-03 16:21:39 +02:00
George Thessalonikefs
22e43aa631 Changelog entry for #760 
- Merge #760: PROXYv2 downstream support. (New proxy-protocol-port
  configuration option).
 2022-10-03 15:34:22 +02:00
W.C.A. Wijngaards
7d96a7e3fe - Fix windows compile, the identifier interface is defined in headers. 2022-10-03 15:03:50 +02:00
W.C.A. Wijngaards
9842fbf760 - Fix test tdir skip report printout. 2022-10-03 10:26:30 +02:00
W.C.A. Wijngaards
a102fb1df8 - Fix to remove erroneous TC flag from TCP upstream. 2022-10-03 09:53:41 +02:00
George Thessalonikefs
5b98816751 - Better output for skipped tdir tests. 2022-09-26 15:51:28 +02:00
W.C.A. Wijngaards
e93c75a5d4 - Fix doxygen warning in respip.h. 2022-09-21 15:23:04 +02:00
W.C.A. Wijngaards
8e18f11965 - This patch was released in 1.16.3, the code repository continues 
with the previous features and fixes for 1.17.0.
 2022-09-21 12:16:13 +02:00
W.C.A. Wijngaards
e3871ca907 Merge branch 'branch-1.16.3' 2022-09-21 12:11:26 +02:00
W.C.A. Wijngaards
137719522a - Patch for CVE-2022-3204 Non-Responsive Delegation Attack. 2022-09-21 11:10:38 +02:00
George Thessalonikefs
99e12ae4b5 - Remove unused testcode/mini_tpkg.sh file. 2022-09-20 14:47:24 +02:00
George Thessalonikefs
9b1647ebae - Convert tdir tests to use the new skip_test functionality. 2022-09-20 14:45:20 +02:00
George Thessalonikefs
307805b64f Changelog entry for #753: 
- Merge #753: ACL per interface. (New interface-* configuration
  options).
 2022-09-20 11:36:01 +02:00
W.C.A. Wijngaards
007db2c327 - Fix to check pthread_t size after pthread has been detected. 2022-09-02 10:21:00 +02:00
W.C.A. Wijngaards
5bbaf78c3f - Remove include that was there for debug purposes. 2022-09-02 10:11:23 +02:00
W.C.A. Wijngaards
57230d7f22 - Fix to log a verbose message at operational notice level if a 
thread is not responding, to stats requests. It is logged with
  thread identifiers.
 2022-09-01 15:14:20 +02:00
W.C.A. Wijngaards
d66e1cccf8 - Fix to set out of file descriptor warning to operational verbosity. 2022-09-01 14:01:56 +02:00
W.C.A. Wijngaards
2450b4653a - Slow down log frequency of write wait failures. 2022-09-01 14:00:29 +02:00
W.C.A. Wijngaards
eb3378396f - Fix to update config tests to fix checking if nonblocking sockets 
work on OpenBSD.
 2022-09-01 09:16:05 +02:00
W.C.A. Wijngaards
1f5cc25974 - Fix for wait for udp send to stop when packet is successfully sent. 2022-08-31 16:45:15 +02:00
W.C.A. Wijngaards
ec5812a748 - Fix to wait for blocked write on UDP sockets, with a timeout if it 
takes too long the packet is dropped.
 2022-08-31 11:54:11 +02:00
W.C.A. Wijngaards
10a5a5880a - Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive 
operations, so that instruction reordering does not cause mistakenly
  blocking socket operations.
 2022-08-31 10:11:25 +02:00
W.C.A. Wijngaards
2fa1c17cd9 - Fix to avoid process wide fcntl calls mixed with nonblocking 
operations after a blocked write.
 2022-08-31 10:09:39 +02:00
W.C.A. Wijngaards
e6f878ee71 - Fix #741: systemd socket activation fails on IPv6. 2022-08-22 09:12:08 +02:00
W.C.A. Wijngaards
dc6c04b243 - Fix to log accept error ENFILE and EMFILE errno, but slowly, once 
per 10 seconds. Also log accept failures when no slow down is used.
 2022-08-12 09:54:29 +02:00
W.C.A. Wijngaards
ef57f8bd51 - Fix #734 [FR] enable unbound-checkconf to detect more (basic) 
errors.
 2022-08-05 14:41:05 +02:00
W.C.A. Wijngaards
fbe8e3b0b2 - Fix ratelimit inconsistency, for ip-ratelimits the value is the 
amount allowed, like for ratelimits.
 2022-08-04 11:33:37 +02:00
W.C.A. Wijngaards
1c164ab442 Changelog note for #730 
- Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due
  to unsupported IPV6_USER_MTU socket option being set.
 2022-08-02 16:12:31 +02:00
W.C.A. Wijngaards
07b073ddb3 - Fix unittest for edns subnet change. 2022-08-02 14:43:57 +02:00
W.C.A. Wijngaards
0f08cc6d55 - Fix edns subnet so that scope 0 answers only match sourcemask 0 
queries for answers from cache if from a query with sourcemask 0.
 2022-08-02 14:13:55 +02:00
W.C.A. Wijngaards
cd22fdc28d - Fix #728: alloc_reg_obtain() core dump. Stop double 
alloc_reg_release when serviced_create fails.
 2022-08-01 16:45:41 +02:00
W.C.A. Wijngaards
5ae48f85c0 - The code repo continues with 1.16.3. 2022-08-01 15:17:10 +02:00
W.C.A. Wijngaards
cbed768b8f - Tests for ghost domain fixes. 2022-08-01 13:26:22 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
W.C.A. Wijngaards
f993ffbb07 Changelog note for #718 
- Merge #718: Introduce infra-cache-max-rtt option to config max
  retransmit timeout.
 2022-07-19 15:19:12 +02:00
George Thessalonikefs
309e23515e - Update documentation for 'outbound-msg-retry:'. 2022-07-19 12:47:01 +02:00
W.C.A. Wijngaards
12cd495d55 - iana portlist update. 2022-07-15 09:20:25 +02:00
W.C.A. Wijngaards
33bd49af81 - Merge PR 714: Avoid treat normal hosts as unresponsive servers. 
And fixup the lock code.
 2022-07-15 08:51:31 +02:00
George Thessalonikefs
9e4a17baaf - For windows crosscompile, fix setting the IPV6_MTU socket option 
equivalent (IPV6_USER_MTU); allows cross compiling with latest
  cross-compiler versions.
 2022-07-12 17:17:59 +02:00
W.C.A. Wijngaards
2abd6f7d58 - Fix dname count in sldns parse type descriptor for SVCB and HTTPS. 2022-07-12 13:29:51 +02:00
W.C.A. Wijngaards
7696398231 - Fix verbose EDE error printout. 2022-07-11 13:13:51 +02:00
W.C.A. Wijngaards
a45ced7739 - This became 1.16.1 on 11 July 2022. 
The code repo continues with version 1.16.2 under development.
 2022-07-11 11:34:54 +02:00
W.C.A. Wijngaards
903538c76e - Tag for 1.16.1rc1 release. 2022-07-04 13:48:56 +02:00
George Thessalonikefs
d447d60fc6 Merge branch 'crrodriguez-IP_BIND_ADDRESS_NO_PORT' 2022-07-04 12:49:00 +02:00
George Thessalonikefs
eda0c0c194 - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for 
one loop pass'.
 2022-07-04 09:34:45 +02:00
George Thessalonikefs
309b1d368b - Reintroduce documentation and more EDE support for 
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
 2022-07-04 00:06:26 +02:00
George Thessalonikefs
c513119bba - Improve val_sigcrypt.c::algo_needs_missing for one loop pass. 2022-07-03 23:32:18 +02:00
George Thessalonikefs
a30286502c - Fix for correct openssl error when adding windows CA certificates to 
the openssl trust store.
 2022-07-03 22:41:39 +02:00
George Thessalonikefs
317bab9f1d For #660: formatting, less verbose logging, add EDE information. 2022-07-03 22:32:56 +02:00
George Thessalonikefs
2fba248ebe Changelog entry for #660 
- Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
 2022-07-03 22:28:17 +02:00
George Thessalonikefs
24cb764d61 - Add missing changelog entries from PR #706. 2022-07-03 22:21:56 +02:00
George Thessalonikefs
cb28bdcdb0 Changelog entry for #671: 
- Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS
  mode on openssl3.
 2022-07-03 22:08:47 +02:00
Yorgos Thessalonikefs
b0ce31b4e4
Merge pull request #706 from NLnetLabs/nxns-fallback 
NXNS fallback
 2022-07-01 16:24:33 +02:00
George Thessalonikefs
923eb7d474 - Allow fallback to the parent side when MAX_TARGET_NX is reached. 
This will also allow MAX_TARGET_NX more NXDOMAINs.
 2022-06-29 17:32:29 +02:00
George Thessalonikefs
58b21e4fca - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. 2022-06-29 17:26:09 +02:00
W.C.A. Wijngaards
c8add463c4 - Fix compile warning for windows compile. 2022-06-29 12:00:44 +02:00
W.C.A. Wijngaards
203f606c38 - Fix detection of libz on windows compile with static option. 2022-06-29 11:41:20 +02:00
George Thessalonikefs
b816318106 - Fix #704: [FR] Statistics counter for number of outgoing UDP queries 
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
  command.
 2022-06-29 10:51:54 +02:00
George Thessalonikefs
1ceb031b58 - Add debug option to the mini_tdir.sh test code. 2022-06-29 10:47:18 +02:00
George Thessalonikefs
352e1b28a1 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-06-29 10:44:43 +02:00
W.C.A. Wijngaards
80dbc7dd2c - iana portlist update. 2022-06-29 09:38:31 +02:00
George Thessalonikefs
12796d0af8 - Fix for cached 0 TTL records to not trigger prefetching when 
serve-expired-client-timeout is set.
 2022-06-28 17:05:28 +02:00
W.C.A. Wijngaards
b057d2127a - Fix test program dohclient close to use portability routine. 2022-06-28 09:23:43 +02:00
George Thessalonikefs
9177867d07 - Show the output of the exact .rpl run that failed with 'make test'. 2022-06-28 00:22:30 +02:00
tcarpay
9e6b838d0b
Update changelog with #705 change 2022-06-23 17:21:17 +02:00
Philip Homburg
3bade62c8a Fix use after free issue with edns options (https://github.com/NLnetLabs/unbound/issues/663) 2022-06-22 15:00:28 +02:00
Philip Homburg
c806b5a2df Merge branch 'zone-parsers-blank-line-issue' 2022-06-21 15:32:35 +02:00
Philip Homburg
7f67f7118c Change log entry for lines with blanks issue 2022-06-21 15:30:04 +02:00
George Thessalonikefs
7c9177095f - Remove unused LDNS function check for GOST Engine unloading. 2022-06-20 16:27:15 +02:00
George Thessalonikefs
233cb5c218 - Note in the unbound.conf text that NOTIFY is allowed from the url: 
addresses for auth and rpz zones.
 2022-06-14 17:59:56 +02:00
George Thessalonikefs
e6a0afae73 Changelog entry for #688 
- Merge PR #688: Rpz url notify issue.
 2022-06-14 17:56:23 +02:00
George Thessalonikefs
459b73018f - Fix for edns client subnet to respect not looking in its cache when 
instructed to do so (e.g., prefetch).
 2022-06-03 16:11:35 +02:00
W.C.A. Wijngaards
97b7224885 - makedist.sh picks up 32bit libssp-0.dll when 32bit compile. 2022-06-03 15:18:27 +02:00
W.C.A. Wijngaards
a3ab0921b0 Continue with 1.16.1 under development. 2022-06-02 13:56:52 +02:00
W.C.A. Wijngaards
edc1d07718 - Version is set to 1.16.0 for release. Release tag 1.16.0rc1. 2022-05-27 16:09:28 +02:00
W.C.A. Wijngaards
2d61706171 - Fix #684: [FTBS] configure script error with libmnl on openSUSE 15.3 (and possibly other distributions) 2022-05-27 09:10:16 +02:00
W.C.A. Wijngaards
11d077c826 - Fix some lint type warnings. 2022-05-20 15:32:27 +02:00
W.C.A. Wijngaards
d19d7b81ec - Fix ede test to not use default pidfile, and use local interface. 2022-05-20 15:14:11 +02:00
W.C.A. Wijngaards
714200ad0e - Fix to silence test for ede error output to the console from the 
test setup script.
 2022-05-20 09:08:29 +02:00
George Thessalonikefs
7e506bb477 - Fix typos in config_set_option for the 'num-threads' and 
'ede-serve-expired' options.
 2022-05-18 19:56:26 +03:00
George Thessalonikefs
f73e548934 - Fix #678: [FR] modify behaviour of unbound-control rpz_enable zone, 
by updating unbound-control's documentation.
 2022-05-15 22:53:17 +03:00
W.C.A. Wijngaards
e62b309959 - For #677: Added tls-system-cert to config parser and documentation. 
- Changelog note for #677.
 2022-05-12 16:30:19 +02:00
George Thessalonikefs
daf316ea1b - Fix #417: prefetch and ECS causing cache corruption when used 
together.
 2022-05-12 00:56:01 +02:00
W.C.A. Wijngaards
f0d91950ad - Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to 
host.
 2022-05-11 17:10:42 +02:00
George Thessalonikefs
77149fc2aa - Fix Python build in non-source directory; based on patch by 
Michael Tokarev.
 2022-05-10 15:57:17 +02:00
tcarpay
47ce372f13
Changelog entry for #604: Add the basic EDE (RFC8914) cases 2022-05-06 12:53:49 +02:00
W.C.A. Wijngaards
b61b0af5d6 - Fix #670: SERVFAIL problems with unbound 1.15.0 running on 
OpenBSD 7.1.
 2022-04-28 14:51:47 +02:00
W.C.A. Wijngaards
1289c53c1a - Fix zonemd unsupported algo check to set reason to NULL before the 
check routine, but after malformed checks, to get the correct NULL
  output when the digest matches.
 2022-04-08 11:19:40 +02:00
W.C.A. Wijngaards
d02e83ae2b - Fix zonemd unsupported algo check to print unsupported reason before 
zeroing it.
 2022-04-08 11:10:11 +02:00
W.C.A. Wijngaards
8f2847ba69 - Fix zonemd unsupported algo check reason to not copy to next record, 
and check for success for debug printout.
 2022-04-08 10:54:57 +02:00
W.C.A. Wijngaards
730a03e9bd - Fix zonemd unsupported algo check. 2022-04-08 09:36:01 +02:00
W.C.A. Wijngaards
e4ca71e85b - Fix zonemd check to allow unsupported algorithms to load. 
If there are only unsupported algorithms, or unsupported schemes,
  and no failed or successful other ZONEMD records, or malformed
  or bad ZONEMD records, the unsupported records allow the zone load.
 2022-04-08 09:29:37 +02:00
W.C.A. Wijngaards
8f8a8a341a - Fix spelling error in comment in sldns_str2wire_svcparam_key_lookup. 2022-03-25 16:07:23 +01:00
W.C.A. Wijngaards
722391baf1 - Fix #651: [FR] Better logging for refused queries. 2022-03-23 13:56:52 +01:00
George Thessalonikefs
1e23c4a376 Merge PR #648 from eaglegai: fix -q doesn't work when use with 
'unbound-control stats_shm'
 2022-03-18 16:03:35 +02:00
W.C.A. Wijngaards
9484ddee2e - Fix to describe auth-zone and other configuration at the local-zone 
configuration option, to allow for more broadly view of the options.
 2022-03-17 14:24:37 +01:00
W.C.A. Wijngaards
402135b41a - Fix to ensure uniform handling of spaces and tabs when parsing RRs. 2022-03-16 09:54:53 +01:00
W.C.A. Wijngaards
b0dbfa37f9 Changelog note for #644, move commands together for library binary. 2022-03-09 09:43:07 +01:00
W.C.A. Wijngaards
62c5039ab9 - Fix configure for python to use sysutils, because distutils is 
deprecated. It uses sysutils when available, distutils otherwise.
 2022-03-07 14:02:31 +01:00
W.C.A. Wijngaards
b202b0874c - Fix for #637: fix integer overflow checks in sldns_str2period. 2022-03-03 16:24:46 +01:00
W.C.A. Wijngaards
debe5c665f - Fix #637: Integer Overflow in sldns_str2period function. 2022-03-03 14:19:59 +01:00
W.C.A. Wijngaards
f81420d77f - Fix compile warnings for printf ll format on mingw compile. 2022-03-02 14:34:36 +01:00
George Thessalonikefs
b8e7dfa01e - Various fixes for #632: variable initialisation, convert the qinfo 
to str once, accept trailing dot in the local-zone ipset option.
 2022-03-02 14:29:56 +01:00
George Thessalonikefs
f7ca447368 Changelog entry for #632 
- Merge PR #632 from scottrw93: Match cnames in ipset.
 2022-03-02 13:22:17 +01:00
W.C.A. Wijngaards
99a3f5ee85 - Fix pythonmod for change in iter_dp_is_useless function prototype. 2022-03-01 10:27:24 +01:00
W.C.A. Wijngaards
7749d98a14 - Fix for edns client subnet option add fix in removal code, from review. 2022-02-28 14:51:35 +01:00
W.C.A. Wijngaards
8e8ccfe3c3 - Fix edns client subnet to add the option based on the option list, 
so that it is not state dependent, after the state fix of #605 for
  double EDNS options.
 2022-02-28 14:39:48 +01:00
George Thessalonikefs
ad158ed5cc Changelog entry for #623: 
- Merge #623 from rex4539: Fix typos.
 2022-02-28 12:37:59 +01:00
George Thessalonikefs
82adcfb971 - Fix #630: Unify the RPZ log messages. 2022-02-28 12:07:25 +01:00
W.C.A. Wijngaards
6e64356175 - Fix for #633: updated fix with new text. 2022-02-28 09:56:30 +01:00
W.C.A. Wijngaards
e11cf2d964 - Fix #633: Document unix domain socket support for unbound-control. 2022-02-28 09:39:33 +01:00
W.C.A. Wijngaards
c084c27b39 - Fix check interface existence for support detection in remote lookup. 2022-02-25 15:24:40 +01:00
W.C.A. Wijngaards
2c3225e6c7 - update Makefile dependencies. 2022-02-25 10:29:33 +01:00
W.C.A. Wijngaards
4b772ed571 - Fix to detect that no IPv6 support means that IPv6 addresses are 
useless for delegation point lookups.
 2022-02-25 10:27:56 +01:00
W.C.A. Wijngaards
c4d8104db3 Changelog note for #631. 
- Merge #631 from mollyim: Replace OpenSSL's ERR_PACK with
  ERR_GET_REASON.
 2022-02-18 09:37:44 +01:00
W.C.A. Wijngaards
a746d9693a - Fix that address not available is squelched from the logs for 
udp connect failures. It is visible on verbosity 4 and more.
 2022-02-18 09:03:56 +01:00
W.C.A. Wijngaards
6de5310728 - Fix for #628: fix rpz-passthru for qname trigger by localzone type. 2022-02-16 09:51:25 +01:00
W.C.A. Wijngaards
2b90181d3a - Fix #628: A rpz-passthru action is not ending RPZ zone processing. 2022-02-15 16:20:12 +01:00
W.C.A. Wijngaards
91a5cc9a08 - Remove debug info from #618 fix. 2022-02-11 16:34:24 +01:00
W.C.A. Wijngaards
a0feea393a - Fix #618: enabling interface-automatic disables DNS-over-TLS. 
Adds the option to list interface-automatic-ports.
 2022-02-11 10:58:53 +01:00
W.C.A. Wijngaards
4c6b59fa47 - Fix #624: Unable to stop Unbound in Windows console (does not 
respond to CTRL+C command).
 2022-02-11 08:53:24 +01:00
W.C.A. Wijngaards
ed4ce7b398 Release 1.15.0 on 10 feb 2022. 
The repository continues with version 1.15.1.
And Changelog note.
 2022-02-10 09:54:51 +01:00
W.C.A. Wijngaards
58ac43c754 Note 1.15.0rc1 tag creation in Changelog. 
- Tag for 1.15.0rc1 created.
 2022-02-07 11:31:41 +01:00
W.C.A. Wijngaards
5f724da8c5 - Fix that TCP interface does not use TLS when TLS is also configured. 2022-02-07 09:31:10 +01:00
W.C.A. Wijngaards
c44fe07a07 - Fix #412: cache invalidation issue with CNAME+A. 2022-02-04 14:27:01 +01:00
W.C.A. Wijngaards
c29b0e0a96 - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan. 2022-02-03 09:03:09 +01:00
W.C.A. Wijngaards
50a312b8da - Update contrib/aaaa-filter-iterator.patch with diff for current 
software version.
 2022-02-02 15:35:19 +01:00
W.C.A. Wijngaards
893fb4d54b - Fix docker splint test to use more portable uname. 2022-02-02 14:47:57 +01:00
W.C.A. Wijngaards
6bad577781 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-02-02 14:11:55 +01:00
W.C.A. Wijngaards
2642319ea6 - please clang analyzer for loop in test code. 2022-02-02 14:11:36 +01:00
George Thessalonikefs
d123e1c919 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-02-02 14:05:35 +01:00
George Thessalonikefs
c53171d942 - Changelog entry clarification. 2022-02-02 14:05:31 +01:00
W.C.A. Wijngaards
e656be63f9 - Fix header comment for doxygen for authextstrtoaddr. 2022-02-02 13:20:46 +01:00
W.C.A. Wijngaards
ee3c478239 - Update version number in repo to 1.15.0 for upcoming release, 
since it changes the aggressive-nsec default and the ratelimit change.
 2022-02-02 13:09:51 +01:00
George Thessalonikefs
b1feb9fb1e - Update stream_ssl.tdir test to also use the new forward-host notation. 2022-02-02 12:55:29 +01:00
George Thessalonikefs
819008cf7e - Merge PR #617: Update stub/forward-host notation to accept port and 
tls-auth-name.
 2022-02-02 11:57:36 +01:00
George Thessalonikefs
32c3bbd249 - Change aggressive-nsec default to yes. 2022-02-02 11:25:08 +01:00
George Thessalonikefs
c6b413069d Changelog entry for #616 
- Merge PR #616: Update ratelimit logic. It also introduces
  ratelimit-backoff and ip-ratelimit-backoff configuration options.
 2022-02-02 11:18:14 +01:00
George Thessalonikefs
506d24c7a6 Changelog entry for #532 
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
 2022-02-02 10:48:56 +01:00
George Thessalonikefs
a5e9221933 Changelog note for #603: 
- Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
  internals.
 2022-02-01 18:00:46 +01:00
George Thessalonikefs
10d9804149 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-01-31 11:28:30 +01:00
George Thessalonikefs
a60bbd12ed -Fix review comment for use-after-free when failing to send UDP out. 2022-01-31 11:27:35 +01:00
W.C.A. Wijngaards
84df46289d - iana portlist update. 2022-01-31 10:53:22 +01:00
George Thessalonikefs
888eb224a6 - Better cleanup on failed DoT/DoH listening socket creation. 2022-01-29 15:14:56 +01:00
George Thessalonikefs
c49e87e1b7 - Fix tls-* and ssl-* documented alternate syntax to also be available 
through remote-control and unbound-checkconf.
 2022-01-29 15:11:47 +01:00
W.C.A. Wijngaards
d10562c823 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-01-26 16:41:04 +01:00
W.C.A. Wijngaards
54ea2948da - Test for NSID in SERVFAIL response due to DNSSEC bogus. 2022-01-26 16:40:04 +01:00
George Thessalonikefs
ea47c08e70 - Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC 
document.
 2022-01-26 14:35:22 +01:00
George Thessalonikefs
79e755e1dd Changelog note for #612: 
- Merge PR #612: TCP race condition.
 2022-01-25 17:29:52 +01:00
George Thessalonikefs
5c85615515 - Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in 
serviced_udp_callback.
 2022-01-25 17:15:37 +01:00
W.C.A. Wijngaards
70f13e54bf Changelog note for #610 
- Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
 2022-01-25 09:02:55 +01:00
George Thessalonikefs
8e76eb95a0 - For dnstap, do not wakeupnow right there. Instead zero the timer to 
force the wakeup callback asap.
 2022-01-19 15:32:02 +01:00
W.C.A. Wijngaards
c7ae3ef156 - For #602: Allow the module-config "subnetcache validator cachedb 
iterator".
 2022-01-14 16:30:25 +01:00
W.C.A. Wijngaards
2996040c6c - Add rpz: for-downstream: yesno option, where the RPZ zone is 
authoritatively answered for, so the RPZ zone contents can be
  checked with DNS queries directed at the RPZ zone.
 2022-01-14 16:23:43 +01:00
George Thessalonikefs
3c8a79eed8 Changelog note for #605: 
- Merge PR #605: Fix EDNS to upstream where the same option could be
  attached more than once.
 2022-01-14 15:38:15 +01:00
George Thessalonikefs
a97604737b - Fix prematurely terminated TCP queries when a reply has the same ID. 2022-01-11 10:00:45 +01:00
W.C.A. Wijngaards
d52d94c6db Changelog note for #600 
- Merge #600 from pemensik: Change file mode before changing file
  owner.
 2022-01-07 13:23:18 +01:00
W.C.A. Wijngaards
33ef79d433 - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip 
triggered operation.
 2022-01-05 16:48:35 +01:00
W.C.A. Wijngaards
eccfe3e1f5 - Fix #598: Fix unbound-checkconf fatal error: module conf 
'respip dns64 validator iterator' is not known to work.
 2022-01-05 16:14:47 +01:00
W.C.A. Wijngaards
adcbb6ced7 - Fix for #596: add unit test for nsip trigger and signal unset RA. 2022-01-05 14:31:42 +01:00
W.C.A. Wijngaards
c678c696a1 - Fix for #596: add unit test for nsdname trigger and signal unset RA. 2022-01-05 14:13:52 +01:00
W.C.A. Wijngaards
313bceb983 - Fix unit tests for rpz now that the AA flag returns successfully from 
the iterator loop.
 2022-01-05 13:39:06 +01:00
W.C.A. Wijngaards
6b2e96430e - Fix for #596: fix that rpz return message is returned and not just 
the rcode from the iterator return path. This fixes signal unset RA
  after a CNAME.
 2022-01-05 13:35:18 +01:00
W.C.A. Wijngaards
ceef84e022 - Fix that RPZ does not set RD flag on replies, it should be copied 
from the query.
 2022-01-04 13:49:31 +01:00
W.C.A. Wijngaards
95644c9309 - Fix #596: only unset RA when NXDOMAIN is signalled. 2022-01-04 13:48:29 +01:00
W.C.A. Wijngaards
cbdc138df7 - Fix to add test for rpz-signal-nxdomain-ra. 2022-01-04 13:41:27 +01:00
W.C.A. Wijngaards
392c1f0f54 - Fix #596: unset the RA bit when a query is blocked by an unbound 
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
  signal that a domain is externally blocked to clients when it
  is blocked with NXDOMAIN by unsetting RA.
 2022-01-04 13:40:07 +01:00
George Thessalonikefs
4e492725e1 - contrib/aaaa-filter-iterator.patch file renewed diff content to 
apply cleanly to the current coderepo for the current code version.
 2021-12-22 15:02:44 +01:00
George Thessalonikefs
65113ac775 - Fix #591: Unbound-anchor manpage links to non-existent license file. 2021-12-20 11:35:31 +01:00
George Thessalonikefs
983c716feb - Add missing configure flags for optional features in the 
documentation.
- Fix Unbound capitalization in the documentation.
 2021-12-13 12:46:08 +01:00
W.C.A. Wijngaards
83c712ca60 - Fix to pick up other class local zone information before unlock. 2021-12-13 10:00:53 +01:00
George Thessalonikefs
2c1a5203a5 - Allow local-data for classes other than IN to inherit a configured 
local-zone's type if possible, instead of defaulting to type
  transparent as per the implicit rule.
 2021-12-10 17:35:36 +01:00
W.C.A. Wijngaards
778b50f113 - Add code similar to fix for ldns for tab between strings, for 
consistency, the test case was not broken.
 2021-12-10 09:12:58 +01:00
W.C.A. Wijngaards
d29ab10a34 Continue with version 1.14.1 2021-12-09 10:22:39 +01:00
W.C.A. Wijngaards
c6c54f9de4 - Fix validator debug output about DS support, print correct algorithm. 2021-12-06 13:12:44 +01:00
W.C.A. Wijngaards
c7afaef10c Changelog note for #581 2021-12-06 09:04:50 +01:00
W.C.A. Wijngaards
4efbee08b5 - Fix compile warning for if_nametoindex on windows 64bit. 2021-12-03 10:44:47 +01:00
W.C.A. Wijngaards
919c8c9527 - Fix doc/unbound.doxygen to remove obsolete tag warning. 2021-12-01 17:13:11 +01:00
W.C.A. Wijngaards
5d63ad6474 - configure is set to 1.14.0, and release branch. 2021-12-01 10:08:54 +01:00
George Thessalonikefs
31bac7d5ca - Fix #574: Review fixes for size allocation. 2021-12-01 04:31:58 +01:00
George Thessalonikefs
3dbda3aac3 - Fix #454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared. 2021-12-01 04:26:36 +01:00
George Thessalonikefs
7c0cb7198b Changelog note for #530: 
- Merge PR #530 from Shchelk: Fix: dereferencing a null pointer.
 2021-12-01 04:03:27 +01:00
George Thessalonikefs
2add585015 Changelog note for #522: 
- Merge PR #522 from sibeream: memory management violations fixed.
 2021-12-01 04:00:24 +01:00
George Thessalonikefs
05c198ebd6 Changelog note for #562: 
- Merge PR #562 from Willem: Reset keepalive per new tcp session.
 2021-12-01 03:58:01 +01:00
George Thessalonikefs
173a8bb2b6 Changelog note for #555: 
- Merge PR #555 from fobser: Allow interface names as scope-id in
      IPv6 link-local addresses.
 2021-12-01 03:55:53 +01:00
George Thessalonikefs
dc162f7fee Changelog note for #493: 
- Merge PR #493 from Jaap: Fix generation of libunbound.pc.
 2021-12-01 03:51:12 +01:00
George Thessalonikefs
178be45fb3 Changelog note for #511: 
- Merge PR #511 from yan12125: Reduce unnecessary linking.
 2021-12-01 03:48:51 +01:00
W.C.A. Wijngaards
88da8ce174 - iana portlist update. 2021-11-30 15:05:27 +01:00
W.C.A. Wijngaards
2cee189e53 - Fix to remove git tracking and ci information from release tarballs. 2021-11-30 13:38:39 +01:00
W.C.A. Wijngaards
8648db9583 - Fix #574: Review fix for spelling. 2021-11-29 16:11:32 +01:00
W.C.A. Wijngaards
b5dbb0282e - Fix #576: [FR] UB_* error codes in unbound.h 2021-11-29 16:10:45 +01:00
W.C.A. Wijngaards
b48d6760fc - Fix #574: Review fixes for it. 2021-11-29 15:13:14 +01:00