upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-26 00:22:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7401 commits 24 branches 209 tags 131 MiB
Commit graph

954 commits

Author SHA1 Message Date
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
5bbaf78c3f - Remove include that was there for debug purposes. 2022-09-02 10:11:23 +02:00
W.C.A. Wijngaards
57230d7f22 - Fix to log a verbose message at operational notice level if a 
thread is not responding, to stats requests. It is logged with
  thread identifiers.
 2022-09-01 15:14:20 +02:00
TCY16
5f309d0018 Add caching EDEs 2022-09-01 14:10:14 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
JINMEI Tatuya
fccb2eb2e8 prevent memory leak in case cache isn't reused 2022-07-22 14:33:21 -07:00
George Thessalonikefs
b816318106 - Fix #704: [FR] Statistics counter for number of outgoing UDP queries 
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
  command.
 2022-06-29 10:51:54 +02:00
George Thessalonikefs
c8e7539313 - Formatting. 2022-06-28 18:31:27 +02:00
George Thessalonikefs
12796d0af8 - Fix for cached 0 TTL records to not trigger prefetching when 
serve-expired-client-timeout is set.
 2022-06-28 17:05:28 +02:00
George Thessalonikefs
7c9177095f - Remove unused LDNS function check for GOST Engine unloading. 2022-06-20 16:27:15 +02:00
George Thessalonikefs
daf316ea1b - Fix #417: prefetch and ECS causing cache corruption when used 
together.
 2022-05-12 00:56:01 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
W.C.A. Wijngaards
722391baf1 - Fix #651: [FR] Better logging for refused queries. 2022-03-23 13:56:52 +01:00
W.C.A. Wijngaards
c084c27b39 - Fix check interface existence for support detection in remote lookup. 2022-02-25 15:24:40 +01:00
W.C.A. Wijngaards
4b772ed571 - Fix to detect that no IPv6 support means that IPv6 addresses are 
useless for delegation point lookups.
 2022-02-25 10:27:56 +01:00
W.C.A. Wijngaards
2b90181d3a - Fix #628: A rpz-passthru action is not ending RPZ zone processing. 2022-02-15 16:20:12 +01:00
W.C.A. Wijngaards
4c6b59fa47 - Fix #624: Unable to stop Unbound in Windows console (does not 
respond to CTRL+C command).
 2022-02-11 08:53:24 +01:00
gthess
11f2e7e6ae
Merge pull request #617 from NLnetLabs/update-host-notation 
Update stub/forward-host notation to accept port and tls-auth-name
 2022-02-02 11:56:27 +01:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
George Thessalonikefs
3086335724 - Introduce ratelimit-backoff and ip-ratelimit-backoff options for more 
aggressive rate limiting.
 2022-01-30 00:36:29 +01:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
Petr Mensik
c7f44b99e3 Change file mode before changing file owner 
Change mode first when configuring remote control unix socket. Some
security systems might strip capability of changing other user's system
even to process with effective uid 0. That is done on Fedora by SELinux
policy and systemd for example. SELinux audit then shows errors, because
unbound tries modifying permissions of not own file. Fix just by mode
change as first step, make it owned by unbound:unbound user as the last
step only.

Related: rhbz#1905441
 2022-01-07 12:08:32 +01:00
Tom Carpay
e899b4cefe Make explicit whether edns options are parsed from queries or responses 2021-11-15 13:40:51 +00:00
JINMEI Tatuya
5b2eda28e3 add keep-cache option to unbound-control reload to keep caches 2021-11-11 10:47:08 -08:00
TCY16
8205c87a96 complete renaming of the modules edns list 2021-11-08 11:50:29 +01:00
tcarpay
fa73142b79
Apply suggestions from code review 
Co-authored-by: Willem Toorop <willem@nlnetlabs.nl>
 2021-11-08 11:02:54 +01:00
Tom Carpay
cb48d9e4a1 Fix keepalive logic 2021-11-01 15:01:07 +00:00
Tom Carpay
5f8447830a Move option handling to parse-time 2021-11-01 13:48:31 +00:00
Tom Carpay
89d7476539 split edns_data.opt_list in opt_list_in and opt_list_out 
opt_list_in for parsed (incoming) edns options, and
opt_list_out for outgoing (to be encoded) edns options
 2021-11-01 12:48:40 +00:00
Tom Carpay
3925297d07 Remove apply_edns_options from worker and mesh... 
to be returned in message encoding later...
 2021-11-01 10:44:55 +00:00
Tom Carpay
3ebfa9fc97 Outgoing module options go to opt_list_modules_out 
And opt_list_modules_out is reset in case of failure
BEWARE! No options from modules will be encoded in the responses now!
 2021-10-27 14:01:56 +00:00
Tom Carpay
3e6eeb504d Modules have their own outgoing ends options list 
But nothing happens with it yet
 2021-10-27 13:48:49 +00:00
W.C.A. Wijngaards
09afdb7669 - Fix chaos replies to have truncation for short message lengths, 
or long reply strings.
 2021-10-11 17:00:20 +02:00
W.C.A. Wijngaards
a64cbe958d - Fix lock debug code for gcc sanitizer reports. 2021-09-10 15:11:30 +02:00
Thomas du Boÿs
ebb4987146 Fix subnetcache statistics 2021-09-03 10:37:07 +02:00
W.C.A. Wijngaards
c93a7fb38a - Fix the stream wait stream_wait_count_lock and http2 buffer locks 
setup and desetup from race condition.
 2021-08-25 13:37:50 +02:00
W.C.A. Wijngaards
a9de6879b8 Merge branch 'master' into rpz-triggers 2021-08-18 09:53:35 +02:00
W.C.A. Wijngaards
f232562430 Merge branch 'master' into rpz-triggers 2021-08-05 13:37:22 +02:00
Tomasz Ziolkowski
ae45f46b9e Add (stub|forward)-tcp-upstream options which enable using tcp transport only for specified stub/forward zones 2021-08-05 08:44:18 +02:00
W.C.A. Wijngaards
c639dc956a - Fix sign comparison warning on FreeBSD. 2021-08-03 14:13:37 +02:00
W.C.A. Wijngaards
b6abcb1508 - For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and 
SSL_get_peer_certificate.
- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
 2021-07-30 13:54:43 +02:00
W.C.A. Wijngaards
f693cbc90b Revert "- With hide-version unbound also omits the version from http headers." 
This reverts commit 9d4644b125.
 2021-07-16 14:02:55 +02:00
W.C.A. Wijngaards
9d4644b125 - With hide-version unbound also omits the version from http headers. 2021-07-16 13:45:41 +02:00
W.C.A. Wijngaards
2a8d1a6d10 - review fix to remove duplicate error printout. 2021-07-16 10:53:53 +02:00
W.C.A. Wijngaards
9e712e8a0b - Fix unbound-control local_data and local_datas to print detailed 
syntax errors.
 2021-07-16 10:51:27 +02:00
W.C.A. Wijngaards
355526da7d - rpz-triggers, the added soa for client ip modified answers is affected 
by the minimal-responses config option.
 2021-05-14 16:34:38 +02:00
W.C.A. Wijngaards
50dcadd495 - rpz-triggers, for clientip modified answers the rpz SOA is added to the 
additional section with the serial number and name of the rpz zone that
  was applied.
 2021-05-14 15:34:48 +02:00
W.C.A. Wijngaards
32d82fac9b Merge branch 'master' into rpz-triggers 2021-05-14 08:47:56 +02:00
Stuart Henderson
cde6284a03
ifdef RLIMIT_AS in recently added check 
Some OS still don't have RLIMIT_AS
 2021-05-08 15:12:39 +00:00
W.C.A. Wijngaards
07fda669e4 - Fix #485: Unbound occasionally reports broken stats. 2021-05-07 11:13:44 +02:00
George Thessalonikefs
e9a5f5ab3f - Add more logging for out-of-memory cases. 2021-05-04 15:39:06 +02:00
André Cruz
e07f973938
Allow configuration of TCP timeout while waiting for response 
This allows us to configure how long Unbound will wait for a response
on a TCP connection.
 2021-04-28 16:20:46 +01:00
André Cruz
75875d4d1c
Allow configuration of persistent TCP connections 
Added 2 new options to configure previously hardcoded
values: max-reuse-tcp-queries and tcp-reuse-timeout. These
allow fine-grained control over how unbound uses persistent
TCP connections to authority servers.
 2021-04-21 13:50:45 +01:00
W.C.A. Wijngaards
b366441157 Merge branch 'master' into rpz-triggers 2021-04-14 09:39:41 +02:00
George Thessalonikefs
13e445d50b - Remove unused functions worker_handle_reply and 
libworker_handle_reply.
 2021-04-13 14:54:26 +02:00
W.C.A. Wijngaards
6f507eb036 Merge branch 'master' into rpz-triggers 2021-03-12 09:04:54 +01:00
W.C.A. Wijngaards
6cd77933a3 - Fix: Resolve interface names on control-interface too. 2021-02-26 13:54:10 +01:00
Wouter Wijngaards
209dc32624
Merge pull request #367 from NLnetLabs/dnstap-log-local-addr 
DNSTAP log local address
 2021-02-25 11:58:36 +01:00
W.C.A. Wijngaards
d3497f6bd1 - On startup of unbound it checks if rlimits on memory size look 
sufficient for the configured cache size, and logs warning if not.
 2021-02-24 14:14:33 +01:00
W.C.A. Wijngaards
f5339ec7e5 Merge branch 'master' into dnstap-log-local-addr 2021-02-18 13:12:09 +01:00
W.C.A. Wijngaards
2d27203718 Merge branch 'master' into zonemd 2021-02-18 11:11:50 +01:00
W.C.A. Wijngaards
74e06cc4b3 - Fix #422: IPv6 fallback issues when IPv6 is not properly 
enabled/configured.
 2021-02-15 14:40:48 +01:00
W.C.A. Wijngaards
b7a633fdc0 Merge branch 'master' into zonemd 2021-02-04 16:08:11 +01:00
Willem Toorop
48ecf95108 Merge branch 'master' into features/padding 2021-01-22 10:29:50 +01:00
W.C.A. Wijngaards
cdb60adcdc Merge branch 'rpz' of https://github.com/magenbluten/unbound into magenbluten-rpz 
Conflict fixed for rpz.disabled check added.
 2021-01-14 12:11:29 +01:00
W.C.A. Wijngaards
ee2545d939 - For #391: fix indentation. 2021-01-08 09:53:52 +01:00
W.C.A. Wijngaards
3e03e2c26d - For #391: use struct timeval* start_time for callback information. 2021-01-08 09:47:46 +01:00
Wouter Wijngaards
48724de155
Merge pull request #391 from fhriley/reply_cb_start_time 
Add start_time to reply callbacks so modules can compute the response…
 2021-01-08 09:35:07 +01:00
Frank Riley
e3abd772f7 Add start_time to reply callbacks so modules can compute the response time. 2021-01-01 15:44:21 -07:00
Frank Riley
42d764eeda Add rpz_enable and rpz_disable commands to unbound-control. 2020-12-13 12:35:11 -07:00
W.C.A. Wijngaards
6bf1293bcd No need for mk_local_addr, can pass the sockaddr structure. 2020-12-09 11:56:35 +01:00
W.C.A. Wijngaards
bdfa65c6ab Import the patches from the files in the tarball in 
issue #365 https://github.com/NLnetLabs/unbound/files/5659923/patches.tar.gz
from iruzanov.  The merge conflicts are fixed, but no changes are made
to the patched code.
 2020-12-09 11:00:51 +01:00
W.C.A. Wijngaards
b2894e23a9 - Fix compile warnings in rpz initialization. 2020-11-27 10:11:14 +01:00
mb
f78aa90ff1 rpz: nsdname stubs 2020-11-26 11:33:49 +01:00
George Thessalonikefs
b0247b6e93 Merge branch 'master' into edns-string 2020-11-23 16:58:30 +01:00
W.C.A. Wijngaards
62152e0493 Fix writepid for retvalue 0. 2020-11-23 14:17:58 +01:00
W.C.A. Wijngaards
19f8f4d9f9 Further fix for CVE-2020-28935, so the chown is omitted when the pidfile 
fails due to a symlink.
 2020-11-23 13:48:04 +01:00
W.C.A. Wijngaards
ad38783297 - Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere 
with chown of pidfile.
 2020-11-23 13:42:11 +01:00
W.C.A. Wijngaards
9cc8aa1ddf - Option to toggle udp-connect, default is enabled. 2020-11-23 11:06:53 +01:00
Ralph Dolmans
946ed23f73 Merge branch 'master' into edns-string 2020-11-11 11:37:32 +01:00
W.C.A. Wijngaards
89087ae294 zonemd, unbound-control auth_zone_reload errors when ZONEMD fails. 2020-10-23 11:47:00 +02:00
W.C.A. Wijngaards
c72ca35f08 unbound-control auth_zone_reload sets zone to nonexpired and 
also updates the xfr soa values from the new zonefile contents.
 2020-10-23 11:44:28 +02:00
W.C.A. Wijngaards
fb5f3f076d zonemd, zonemds are checked when a zone is auth_zone_reload from file, 
or reload with unbound-control.
 2020-10-23 11:20:08 +02:00
W.C.A. Wijngaards
e09873e0c8 zonemd, zonemds are checked at start 2020-10-22 12:10:46 +02:00
W.C.A. Wijngaards
a3e2bfbb0c - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. 
This adds the option http-notls-downstream: yesno to change that,
  and the dohclient test code has the -n option.
 2020-10-19 10:24:03 +02:00
Ralph Dolmans
eb799026ff Replace edns-client-tag with edns-client-string option 2020-09-30 23:17:53 +02:00
W.C.A. Wijngaards
48a56751e9 - Fix #305: dnstap logging significantly affects unbound performance 
(regression in 1.11).
 2020-09-23 11:13:52 +02:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00
W.C.A. Wijngaards
82f2ee63c5 - Fix num.expired statistics output. 2020-09-09 11:44:44 +02:00
W.C.A. Wijngaards
47a5dc8cae - Refactor to use sock_strerr shorthand function. 2020-08-31 09:12:01 +02:00
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
W.C.A. Wijngaards
f6a527c25a - Similar to NSD PR#113, implement that interface names can be used, 
eg. something like interface: eth0 is resolved at server start and
  uses the IP addresses for that named interface.
 2020-08-27 14:53:33 +02:00
Ralph Dolmans
e6ebabc0cc - Fix stats double count issue (#289). 2020-08-20 17:54:28 +02:00
Ralph Dolmans
74ec8a758b
Merge pull request #272 from NLnetLabs/edns-client-tag 
Add EDNS client tag functionality
 2020-08-05 16:07:49 +02:00
Felipe Gasper
9bc30967d2 Make tvOS & watchOS checks verify truthiness as well as definedness. 2020-08-03 14:38:47 -04:00
Ralph Dolmans
16029281a8 Start of EDNS client tags implementation. 2020-07-23 17:17:44 +02:00
W.C.A. Wijngaards
2902ee133b - Fix unused variable warning for clang analyzer. 2020-07-16 15:41:25 +02:00
W.C.A. Wijngaards
4d009e19fc - Fix #259: Fix unbound-checkconf does not check view existence. 
unbound-checkconf checks access-control-view, access-control-tags,
  access-control-tag-actions and access-control-tag-datas.
- Fix offset of error printout for access-control-tag-datas.
 2020-07-07 09:00:04 +02:00
Ralph Dolmans
740da89578 Merge branch 'master' into doh 2020-06-24 14:18:47 +02:00
W.C.A. Wijngaards
edcef18274 Merge branch 'master' of git://github.com/PMunch/unbound into PMunch-master 
Fixed conflicts in Makefile.in and configparser.y
 2020-05-15 14:52:53 +02:00