upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-30 11:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
7020 commits 23 branches 209 tags 124 MiB
Commit graph

1302 commits

Author SHA1 Message Date
W.C.A. Wijngaards
e6f878ee71 - Fix #741: systemd socket activation fails on IPv6. 2022-08-22 09:12:08 +02:00
W.C.A. Wijngaards
fbe8e3b0b2 - Fix ratelimit inconsistency, for ip-ratelimits the value is the 
amount allowed, like for ratelimits.
 2022-08-04 11:33:37 +02:00
Luis Dallos
7d3c6f1c43 Fix startup failure on Windows 8.1 due to unsupported IPV6_USER_MTU socket option being set 
Newer mingw-w64 (starting from 8.0.1) introduces support for `IPV6_USER_MTU` socket
option [1], which is not supported on Windows 8.1 and older [2]. As there is no way
to avoid this socket option from being picked at compile time when targeting older
versions of Windows, check for `setsockopt(..., IPV6_USER_MTU, ...)` failures at
runtime in order to avoid startup failure on those versions of Windows where the
`IPV6_USER_MTU` socket option is unsupported.

[1]: mirror/mingw-w64@e30bff4
[2]: `WSAGetLastError()` returns `WSAENOPROTOOPT` (`Bad protocol option`) error code
 2022-08-01 23:03:24 -04:00
W.C.A. Wijngaards
cd22fdc28d - Fix #728: alloc_reg_obtain() core dump. Stop double 
alloc_reg_release when serviced_create fails.
 2022-08-01 16:45:41 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
George Thessalonikefs
efdd70c7b5 - Cleanup some comments and TODO text. 2022-07-23 19:55:15 +02:00
W.C.A. Wijngaards
33bd49af81 - Merge PR 714: Avoid treat normal hosts as unresponsive servers. 
And fixup the lock code.
 2022-07-15 08:51:31 +02:00
Hunts Chen
88bf803297 Avoid treat normal hosts as unresponsive servers 
This is a fix for issue #713

When infra-keep-probing is on, all hosts with expired entries were treated as
unresponsive servers and thus causing problems (see #713).

This commit change that, so that normal hosts with expired entries are treated
as unknown servers.
 2022-07-14 10:16:13 -07:00
George Thessalonikefs
9e4a17baaf - For windows crosscompile, fix setting the IPV6_MTU socket option 
equivalent (IPV6_USER_MTU); allows cross compiling with latest
  cross-compiler versions.
 2022-07-12 17:17:59 +02:00
George Thessalonikefs
e5f66b4902 - For #668: relocate and make code more portable. 2022-07-04 12:46:17 +02:00
George Thessalonikefs
0f4c4c1163 Merge branch 'IP_BIND_ADDRESS_NO_PORT' of https://github.com/crrodriguez/unbound into crrodriguez-IP_BIND_ADDRESS_NO_PORT 2022-07-04 11:15:58 +02:00
George Thessalonikefs
b816318106 - Fix #704: [FR] Statistics counter for number of outgoing UDP queries 
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
  command.
 2022-06-29 10:51:54 +02:00
Philip Homburg
3bade62c8a Fix use after free issue with edns options (https://github.com/NLnetLabs/unbound/issues/663) 2022-06-22 15:00:28 +02:00
George Thessalonikefs
187bc72633 - Add testcase for allowing NOTIFY on URL addresses. 2022-06-14 17:44:37 +02:00
Philip Homburg
16dd802c2e Add url 'master' to allow notify list 2022-05-31 15:10:38 +02:00
Philip Homburg
6dad2d2fc6 allow-notify doesn't work for url on rpz zones (https://github.com/NLnetLabs/unbound/issues/679) 2022-05-31 15:10:38 +02:00
W.C.A. Wijngaards
11d077c826 - Fix some lint type warnings. 2022-05-20 15:32:27 +02:00
George Thessalonikefs
daf316ea1b - Fix #417: prefetch and ECS causing cache corruption when used 
together.
 2022-05-12 00:56:01 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
Cristian Rodríguez
6a4ea692d4 Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets 
When bound to a local address the kernel does not know if the socket
will listen() or connect() and must reserve a port inmediately after
bind() effectively limiting the random port range to ~32k.
when IP_BIND_ADDRESS_NO_PORT is set, the kernel delays source port
allocation until the time the complete 4-tuple is known allowing
a much larger number of combinations
 2022-04-23 23:08:45 +00:00
W.C.A. Wijngaards
1289c53c1a - Fix zonemd unsupported algo check to set reason to NULL before the 
check routine, but after malformed checks, to get the correct NULL
  output when the digest matches.
 2022-04-08 11:19:40 +02:00
W.C.A. Wijngaards
d02e83ae2b - Fix zonemd unsupported algo check to print unsupported reason before 
zeroing it.
 2022-04-08 11:10:11 +02:00
W.C.A. Wijngaards
8f2847ba69 - Fix zonemd unsupported algo check reason to not copy to next record, 
and check for success for debug printout.
 2022-04-08 10:54:57 +02:00
W.C.A. Wijngaards
730a03e9bd - Fix zonemd unsupported algo check. 2022-04-08 09:36:01 +02:00
W.C.A. Wijngaards
e4ca71e85b - Fix zonemd check to allow unsupported algorithms to load. 
If there are only unsupported algorithms, or unsupported schemes,
  and no failed or successful other ZONEMD records, or malformed
  or bad ZONEMD records, the unsupported records allow the zone load.
 2022-04-08 09:29:37 +02:00
W.C.A. Wijngaards
debe5c665f - Fix #637: Integer Overflow in sldns_str2period function. 2022-03-03 14:19:59 +01:00
gthess
6e79237dc8
Merge pull request #623 from rex4539/typos 
Fix typos
 2022-02-28 12:36:11 +01:00
George Thessalonikefs
82adcfb971 - Fix #630: Unify the RPZ log messages. 2022-02-28 12:07:25 +01:00
Dimitris Apostolou
c7be51a11b
Fix typos 2022-02-18 15:51:03 +02:00
W.C.A. Wijngaards
a746d9693a - Fix that address not available is squelched from the logs for 
udp connect failures. It is visible on verbosity 4 and more.
 2022-02-18 09:03:56 +01:00
W.C.A. Wijngaards
6de5310728 - Fix for #628: fix rpz-passthru for qname trigger by localzone type. 2022-02-16 09:51:25 +01:00
W.C.A. Wijngaards
2b90181d3a - Fix #628: A rpz-passthru action is not ending RPZ zone processing. 2022-02-15 16:20:12 +01:00
W.C.A. Wijngaards
a0feea393a - Fix #618: enabling interface-automatic disables DNS-over-TLS. 
Adds the option to list interface-automatic-ports.
 2022-02-11 10:58:53 +01:00
W.C.A. Wijngaards
5f724da8c5 - Fix that TCP interface does not use TLS when TLS is also configured. 2022-02-07 09:31:10 +01:00
gthess
358e3a5963
Merge pull request #616 from NLnetLabs/bugfix/ratelimit 
Update ratelimit logic
 2022-02-02 11:16:04 +01:00
George Thessalonikefs
a60bbd12ed -Fix review comment for use-after-free when failing to send UDP out. 2022-01-31 11:27:35 +01:00
George Thessalonikefs
3086335724 - Introduce ratelimit-backoff and ip-ratelimit-backoff options for more 
aggressive rate limiting.
 2022-01-30 00:36:29 +01:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
George Thessalonikefs
888eb224a6 - Better cleanup on failed DoT/DoH listening socket creation. 2022-01-29 15:14:56 +01:00
gthess
ddc3c754b0
Merge pull request #612 from NLnetLabs/tcp-race-condition 
TCP race condition
 2022-01-25 17:26:30 +01:00
George Thessalonikefs
5c85615515 - Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in 
serviced_udp_callback.
 2022-01-25 17:15:37 +01:00
George Thessalonikefs
4573629fc4 - Mark waiting_tcp and serviced_query as being in the 
cb_and_decommission stage to signal later code about their state;
  prevents premature item deletion.
 2022-01-25 09:46:16 +01:00
George Thessalonikefs
c3c0186658 - Add serviced_query timer to send upstream queries outside of the mesh 
flow to prevent race conditions.
 2022-01-25 00:01:43 +01:00
George Thessalonikefs
773d1f2911 - Make sure callback changes for EDNS are not lost. 2022-01-14 15:18:43 +01:00
George Thessalonikefs
de1e91fc7f - Fix EDNS to upstream where the same option could be attached more than 
once.
- Add a region to serviced_query for allocations.
 2022-01-14 13:55:34 +01:00
George Thessalonikefs
a97604737b - Fix prematurely terminated TCP queries when a reply has the same ID. 2022-01-11 10:00:45 +01:00
W.C.A. Wijngaards
33ef79d433 - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip 
triggered operation.
 2022-01-05 16:48:35 +01:00
W.C.A. Wijngaards
ceef84e022 - Fix that RPZ does not set RD flag on replies, it should be copied 
from the query.
 2022-01-04 13:49:31 +01:00
W.C.A. Wijngaards
95644c9309 - Fix #596: only unset RA when NXDOMAIN is signalled. 2022-01-04 13:48:29 +01:00
W.C.A. Wijngaards
392c1f0f54 - Fix #596: unset the RA bit when a query is blocked by an unbound 
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
  signal that a domain is externally blocked to clients when it
  is blocked with NXDOMAIN by unsetting RA.
 2022-01-04 13:40:07 +01:00