upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7104 commits 23 branches 209 tags 123 MiB
Commit graph

274 commits

Author SHA1 Message Date
George Thessalonikefs
c61b2121b5 - Expose 'max-sent-count' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 13:57:07 +01:00
George Thessalonikefs
859d0f2dfe - Expose 'statistics-inhibit-zero' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 10:47:37 +01:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
George Thessalonikefs
aec33b3d63 Documentation for interface-* options. 2022-09-11 20:21:32 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
Wouter Wijngaards
ef9bb0213b
Merge pull request #718 from hunts/make_rtt_max_timeout_configurable 
Introduce infra-cache-max-rtt option to config max retransmit timeout
 2022-07-19 15:15:34 +02:00
George Thessalonikefs
309e23515e - Update documentation for 'outbound-msg-retry:'. 2022-07-19 12:47:01 +02:00
Minghang Chen
249efd4285 Introduce infra-cache-max-rtt option to config max retransmit timeout 
Added the option and let it default to 120 seconds so that it won't change
current behavior.

Related-to #717
 2022-07-16 01:46:18 -07:00
George Thessalonikefs
233cb5c218 - Note in the unbound.conf text that NOTIFY is allowed from the url: 
addresses for auth and rpz zones.
 2022-06-14 17:59:56 +02:00
W.C.A. Wijngaards
e62b309959 - For #677: Added tls-system-cert to config parser and documentation. 
- Changelog note for #677.
 2022-05-12 16:30:19 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
W.C.A. Wijngaards
a0feea393a - Fix #618: enabling interface-automatic disables DNS-over-TLS. 
Adds the option to list interface-automatic-ports.
 2022-02-11 10:58:53 +01:00
George Thessalonikefs
32c3bbd249 - Change aggressive-nsec default to yes. 2022-02-02 11:25:08 +01:00
George Thessalonikefs
52283194eb - Update unbound.conf manpage and example.conf file for ratelimit 
options.
 2022-01-30 01:04:15 +01:00
W.C.A. Wijngaards
2996040c6c - Add rpz: for-downstream: yesno option, where the RPZ zone is 
authoritatively answered for, so the RPZ zone contents can be
  checked with DNS queries directed at the RPZ zone.
 2022-01-14 16:23:43 +01:00
W.C.A. Wijngaards
392c1f0f54 - Fix #596: unset the RA bit when a query is blocked by an unbound 
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
  signal that a domain is externally blocked to clients when it
  is blocked with NXDOMAIN by unsetting RA.
 2022-01-04 13:40:07 +01:00
George Thessalonikefs
983c716feb - Add missing configure flags for optional features in the 
documentation.
- Fix Unbound capitalization in the documentation.
 2021-12-13 12:46:08 +01:00
W.C.A. Wijngaards
ce39d5ad17 - Fix to add example.conf note for outbound-msg-retry. 2021-10-04 09:19:27 +02:00
W.C.A. Wijngaards
89510f4a0c - Implement RFC8375: Special-Use Domain 'home.arpa.'. 2021-09-27 15:09:01 +02:00
W.C.A. Wijngaards
a9de6879b8 Merge branch 'master' into rpz-triggers 2021-08-18 09:53:35 +02:00
W.C.A. Wijngaards
6bee3e77fc Changelog note for #519 and example.conf edit 
- Merge #519: Support for selective enabling tcp-upstream for
  stub/forward zones.
- For #519: note stub-tcp-upstream and forward-tcp-upstream in
  the example configuration file.
 2021-08-12 15:05:51 +02:00
W.C.A. Wijngaards
f232562430 Merge branch 'master' into rpz-triggers 2021-08-05 13:37:22 +02:00
George Thessalonikefs
ca4d68c64c - Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. 2021-07-16 14:32:18 +02:00
George Thessalonikefs
d02e956da0 - Changelog entry for #486: Make VAL_MAX_RESTART_COUNT configurable. 
- Generetated lexer and parser for #486; updated example.conf.
 2021-06-09 12:32:58 +02:00
W.C.A. Wijngaards
cf0aad9fb6 Merge branch 'master' into rpz-triggers 2021-05-28 15:00:55 +02:00
W.C.A. Wijngaards
ea4f1ee8a6 - zonemd-check: yesno option, default no, enables the processing 
of ZONEMD records for that zone.
 2021-05-27 14:20:53 +02:00
W.C.A. Wijngaards
11b3ebc386 - Move the NSEC3 max iterations count in line with the 150 value 
used by BIND, Knot and PowerDNS. This sets the default value
  for it in the configuration to 150 for all key sizes.
 2021-05-25 14:35:19 +02:00
W.C.A. Wijngaards
32d82fac9b Merge branch 'master' into rpz-triggers 2021-05-14 08:47:56 +02:00
Wouter Wijngaards
09b924f35b
Merge pull request #478 from edevil/tcp_auth_query_timeout 
Allow configuration of TCP timeout while waiting for response
 2021-05-04 10:24:42 +02:00
W.C.A. Wijngaards
728a3cd7a6 Changelog note and improved comment. 
- Fix #481: Fix comment in configuration file.
 2021-05-03 13:07:12 +02:00
Paul Menzel
3f230f4aaf doc/example.conf.in: Clarify comment for auto-trust-anchor-file 
Remove `And enable:` as it refers to the uncommented option.

Fixes: 01dd4a35 ("- Added explicit note on unbound-anchor usage:")
 2021-05-03 12:57:39 +02:00
André Cruz
e07f973938
Allow configuration of TCP timeout while waiting for response 
This allows us to configure how long Unbound will wait for a response
on a TCP connection.
 2021-04-28 16:20:46 +01:00
André Cruz
75875d4d1c
Allow configuration of persistent TCP connections 
Added 2 new options to configure previously hardcoded
values: max-reuse-tcp-queries and tcp-reuse-timeout. These
allow fine-grained control over how unbound uses persistent
TCP connections to authority servers.
 2021-04-21 13:50:45 +01:00
W.C.A. Wijngaards
6f507eb036 Merge branch 'master' into rpz-triggers 2021-03-12 09:04:54 +01:00
W.C.A. Wijngaards
eb82c368e0 - man page contents, list new triggers and actions. 2021-03-12 08:54:00 +01:00
W.C.A. Wijngaards
b7a633fdc0 Merge branch 'master' into zonemd 2021-02-04 16:08:11 +01:00
George Thessalonikefs
b7acaaa9b8 - Update example.con.in and add a testcase for PR #275. 2021-01-25 19:26:19 +01:00
Willem Toorop
48ecf95108 Merge branch 'master' into features/padding 2021-01-22 10:29:50 +01:00
Willem Toorop
7ba51fce24 example.conf.in entry for nsid 2021-01-19 16:18:36 +01:00
W.C.A. Wijngaards
c125fe67bc - Fix #404: DNS query with small edns bufsize fail. 2021-01-18 08:29:52 +01:00
W.C.A. Wijngaards
d1b92a6ce2 - Fix so local zone types always_nodata and always_deny can be used 
from the config file.
 2021-01-12 13:39:07 +01:00
W.C.A. Wijngaards
3322f631e5 - Fix #397: [Feature request] add new type always_null to local-zone 
similar to always_nxdomain.
 2021-01-12 13:35:05 +01:00
W.C.A. Wijngaards
9cc8aa1ddf - Option to toggle udp-connect, default is enabled. 2020-11-23 11:06:53 +01:00
W.C.A. Wijngaards
94ac072f9b zonemd, zonemd-reject-absence config for an auth-zone rejects the zone if 
no ZONEMD is present.
 2020-10-26 15:37:43 +01:00
W.C.A. Wijngaards
165b048e07 zonemd, zonemd-permissive-mode: yes logs the failure but does not block 
the zone after a ZONEMD verification failure.
 2020-10-23 14:33:04 +02:00
W.C.A. Wijngaards
37354c8927 Merge branch 'master' into infra-keep-probing 2020-10-21 10:13:10 +02:00
W.C.A. Wijngaards
a3e2bfbb0c - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. 
This adds the option http-notls-downstream: yesno to change that,
  and the dohclient test code has the -n option.
 2020-10-19 10:24:03 +02:00
Ralph Dolmans
b6d04f500b - DNS Flag Day 2020: change edns-buffer-size default to 1232. 2020-09-29 14:07:38 +02:00
Ralph Dolmans
eb8ec9c18b - Use inclusive language in configuration 2020-09-23 14:35:51 +02:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00