- Added serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes#107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
names, for names that have a CNAME in local-data configuration.
It logs the original query name, not the target of the CNAME.
- Add local-zone type inform_redirect, which logs like type inform,
and redirects like type redirect.
git-svn-id: file:///svn/unbound/trunk@5099 be551aaa-1e26-0410-a405-d3ace91eadb9
as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
B root address.
git-svn-id: file:///svn/unbound/trunk@5083 be551aaa-1e26-0410-a405-d3ace91eadb9
memory used by waiting tcp and tls stream replies. This avoids
a denial of service where these replies use up all of the memory.
git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
adds the option unknown-server-time-limit to unbound.conf that
can be increased to avoid the problem.
git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
deny-any: yes in unbound.conf. This responds with an empty message
to queries of type ANY.
git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
resilience of the server. The so-reuseport, harden-below-nxdomain,
and minimal-responses options are enabled by default. They used
to be disabled by default, waiting to make sure they worked. They
are enabled by default now, and can be disabled explicitly by
setting them to "no" in the unbound.conf config file. The reuseport
and minimal options increases speed of the server, and should be
otherwise harmless. The harden-below-nxdomain option works well
together with the recently default enabled qname minimisation, this
causes more fetches to use information from the cache.
git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
certificate and key files, access can be restricted with file and
directory permissions. The option control-use-cert is no longer
used, and ignored if found in unbound.conf.
git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
authenticating DNS-over-TLS connections. It can be used instead
of the tls-cert-bundle option, or with it to add certificates.
git-svn-id: file:///svn/unbound/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
that uses a Redis server as the storage. This implementation
depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
And unbound should be built with both --enable-cachedb and
--with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
should exist). Patch from Jinmei Tatuya (Infoblox).
git-svn-id: file:///svn/unbound/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
