upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7871 commits 23 branches 209 tags 123 MiB
Commit graph

4791 commits

Author SHA1 Message Date
Yorgos Thessalonikefs
716f3df385 Changelog entry for #1214: 
- Merge #1214: Use TCP_NODELAY on TLS sockets to speed up the TLS
  handshake.
 2025-01-10 13:54:49 +01:00
Yorgos Thessalonikefs
eb36c880de Changelog entry for #1174: 
- Merge #1174: Serve expired cache update fixes. Fixes a regression bug
  with serve-expired that appeared in 1.22.0 and would not allow the
  iterator to update the cache with not-yet-validated entries resulting
  in increased outgoing traffic.
 2024-12-31 16:30:35 +01:00
Yorgos Thessalonikefs
e57e537c85 - For #1207: [FR] Support for RESINFO RRType 261 (RFC9606), add 
LDNS_RR_TYPE_RESINFO similar to LDNS_RR_TYPE_TXT.
 2024-12-20 15:04:34 +01:00
Yorgos Thessalonikefs
71d821fde9 Changelog entry for #1204: 
- Merge #1204: ci: set persist-credentials: false for actions/checkout
  per zizmor suggestion.
 2024-12-13 13:43:29 +01:00
Yorgos Thessalonikefs
ded4c82ced - Fix typo in log_servfail.tdir test. 2024-12-03 16:03:05 +01:00
Yorgos Thessalonikefs
e82a691efe Changelog entry for #1187: 
- Merge #1187: Create the SSL_CTX for QUIC before chroot and privilege
  drop.
 2024-12-03 14:21:34 +01:00
Yorgos Thessalonikefs
b4a9c8bb05 - Safeguard alias loop while looking in the cache for expired answers. 2024-12-03 14:10:17 +01:00
Yorgos Thessalonikefs
be92752368 - Merge #1198: Fix log-servfail with serve expired and no useful cache 
contents.
 2024-12-03 14:05:12 +01:00
Yorgos Thessalonikefs
9de159b96b - For #1175, the default value of serve-expired-ttl is set to 86400 
(1 day) as suggested by RFC8767.
 2024-12-03 13:09:51 +01:00
Yorgos Thessalonikefs
bd2e66de1e Changelog entry for #1189, #1197: 
- Merge #1189: Fix the dname_str method to cause conversion errors
  when the domain name length is 255.
- Merge #1197: dname_str() fixes.
 2024-12-03 11:58:06 +01:00
Yorgos Thessalonikefs
9e3c50ec9e - For #1175, update serve-expired tests. 2024-11-22 16:14:02 +01:00
Yorgos Thessalonikefs
eefdbb341f - Fix #1175: serve-expired does not adhere to secure-by-default 
principle. The default value of serve-expired-client-timeout
  is set to 1800 as suggested by RFC8767.
 2024-11-22 15:32:34 +01:00
Yorgos Thessalonikefs
e75da7d954 - Fix comparison to help static analyzer. 2024-11-20 10:53:45 +01:00
Yorgos Thessalonikefs
9a3a1bc221 Changelog entry for #1169: 
- Merge #1169 from Sergey Kacheev, fix: lock-free counters for
  auth_zone up/down queries.
 2024-11-19 17:01:34 +01:00
W.C.A. Wijngaards
4cf7fae50c - Fix for #1183: release nsec3 hashes per test file. 2024-11-15 10:47:27 +01:00
W.C.A. Wijngaards
a2ac980737 - Fix #1183: the data being used is released in method 
nsec3_hash_test_entry.
 2024-11-15 10:37:35 +01:00
Yorgos Thessalonikefs
733d5f7161 - Complete fix for max-global-quota to 200. 2024-11-08 17:34:28 +01:00
Yorgos Thessalonikefs
fe288a9b06 - More descriptive text for 'harden-algo-downgrade'. 2024-11-08 13:56:04 +01:00
Yorgos Thessalonikefs
fd1a1d5fa0 - Increase the default of max-global-quota to 200 from 128 after 
operational feedback. Still keeping the possible amplification
  factor (CAMP related issues) in the hundreds.
 2024-11-06 16:28:37 +01:00
Yorgos Thessalonikefs
3c4b87636a Changelog entry for: 
- Fix SETEX check during Redis (re)initialization.
 2024-11-05 12:20:25 +01:00
W.C.A. Wijngaards
60fd77b8f9 - Fix to log redis timeout error string on failure. 2024-11-05 11:41:41 +01:00
W.C.A. Wijngaards
d5e91d181b - Fix for the serve expired DNSSEC information fix, it would not allow 
current delegation information be updated in cache. The fix allows
  current delegation and validation recursion information to be
  updated, but as a consequence no longer has certain expired
  information around for later dnssec valid expired responses.
 2024-11-05 10:39:27 +01:00
W.C.A. Wijngaards
7985d17b57 Changelog note for #1167 
- Merge #1167: Makefile.in: fix occasional parallel build failures
  around bison rule.
 2024-11-04 13:26:27 +01:00
W.C.A. Wijngaards
533c3b0514 - Fix redis that during a reload it does not fail if the redis 
server does not connect or does not respond. It still logs the
  errors and if the server is up checks expiration features.
 2024-11-04 10:14:26 +01:00
Yorgos Thessalonikefs
11b8157a98 Changelog entry for #1157: 
- Merge #1157 from Liang Zhu, Fix heap corruption when calling
  ub_ctx_delete in Windows.
 2024-11-01 16:27:06 +01:00
Yorgos Thessalonikefs
d34fb3ed77 Changelog entry for #1170: 
- Merge #1170 from Melroy van den Berg, Fix chroot manpage
  description.
 2024-11-01 16:12:07 +01:00
Yorgos Thessalonikefs
8a6a4bd7f3 - Add test case for #1159. 
- Some clean up for stat_values.test.
 2024-11-01 15:57:52 +01:00
Yorgos Thessalonikefs
d23523e528 - Merge #1159: Stats for discard-timeout and wait-limit. 2024-11-01 15:54:24 +01:00
Yorgos Thessalonikefs
f5580f0a63 - Fix #1163: Typos in unbound.conf documentation. 2024-10-25 21:25:16 +02:00
W.C.A. Wijngaards
0e2b2743d8 Add changelog entry for tag for 1.22.0rc1. 2024-10-17 10:57:07 +02:00
W.C.A. Wijngaards
018be1d089 - Tag for 1.22.0 release. This did not contain the 1154 fix 
from 16 oct. The code repository continues with
  version 1.22.1 in development.
 2024-10-17 10:48:58 +02:00
W.C.A. Wijngaards
9a63db344e - Fix #1154: Tag Incorrectly Applying for Other Interfaces 
Using the Same IP. This fix is not for 1.22.0.
 2024-10-16 15:56:33 +02:00
W.C.A. Wijngaards
0076736fc4 - Fix for dnstap with dnscrypt and dnstap without dnsoverquic. 2024-10-16 11:52:49 +02:00
Yorgos Thessalonikefs
f8e45ed696 - Fix for dnsoverquic and dnstap to use the correct dnstap 
environment.
 2024-10-16 11:02:31 +02:00
W.C.A. Wijngaards
2a28c7389c - Fix dnsoverquic to extend the number of streams when one is closed. 2024-10-14 13:53:55 +02:00
W.C.A. Wijngaards
114edf2c38 - Fix to display warning if quic-port is set but dnsoverquic is not 
enabled when compiled.
 2024-10-14 11:34:26 +02:00
W.C.A. Wijngaards
e0c93e300b - Fix contrib/aaaa-filter-iterator.patch for change in call 
signature for cache_fill_missing.
 2024-10-11 11:42:30 +02:00
W.C.A. Wijngaards
bd1813b126 - Fix harden-unverified-glue for AAAA cache_fill_missing lookups. 2024-10-11 09:03:11 +02:00
W.C.A. Wijngaards
1b7e14dc39 - Fix to disable detection of quic configured ports when quic is 
not compiled in.
 2024-10-11 08:51:14 +02:00
W.C.A. Wijngaards
8b7782e8fc - Fix add reallocarray to alloc stats unit test, and disable 
override of strdup in unbound-host, and the result of config
  get option is freed properly.
 2024-10-10 10:43:23 +02:00
W.C.A. Wijngaards
e0201435a4 - Fix cookie_file test sporadic fails for time change during 
the test.
 2024-10-10 09:45:48 +02:00
W.C.A. Wijngaards
66fb3ff670 - Fix for dnstap compile of doqclient with doq disabled. 2024-10-09 15:52:33 +02:00
W.C.A. Wijngaards
36461ea73d Changelog entry and unit test for fix of NSEC TTL and prefetch ttl. 
- Fix to limit NSEC TTL for messages from cachedb. Fix to limit the
  prefetch ttl for messages after a CNAME with short TTL.
 2024-10-09 15:29:23 +02:00
W.C.A. Wijngaards
a4d8c0c43b Changelog note for #871 
- Merge #871: DNS over QUIC. This adds `quic-port: 853` and
  `quic-size: 8m` that enable dnsoverquic, and the counters
  `num.query.quic` and `mem.quic` in the statistics output.
  The feature needs to be enabled by compiling with libngtcp2,
  with `--with-libngtcp2=path` and libngtcp2 needs openssl+quic,
  pass that with `--with-ssl=path` to compile unbound as well.
 2024-10-09 10:35:45 +02:00
W.C.A. Wijngaards
dcf7afd722 - Fix #1128: Cannot override tcp-upstream and tls-upstream with 
forward-tcp-upstream and forward-tls-upstream.
 2024-10-08 15:29:03 +02:00
W.C.A. Wijngaards
e67171612b - Fix #1149: unbound-control-setup hangs sometimes depending on 
the openssl version.
 2024-10-08 11:54:07 +02:00
Yorgos Thessalonikefs
a1b25f0296 - The fix for CVE-2024-8508 was part of 1.21.1, a security point release 
on 1.21.0. The code repository continues with this fix and the version
  number 1.22.0.
 2024-10-03 18:19:01 +02:00
W.C.A. Wijngaards
5bb3b9cc83 - Fix unbound dnstap socket test program analyzer warnings about 
unused variable assignments and variable initialization.
 2024-09-30 16:36:01 +02:00
W.C.A. Wijngaards
3a1b79f6a1 - Fix negative cache NSEC3 parameter compares for zero length NSEC3 
salt.
 2024-09-30 09:25:51 +02:00
W.C.A. Wijngaards
84eeb9b97c - Fix #1144: [FR] log timestamps in ISO8601 format with timezone. 
This adds the option `log-time-iso: yes` that logs in ISO8601
  format.
 2024-09-25 11:16:46 +02:00