upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7104 commits 23 branches 209 tags 123 MiB
Commit graph

85 commits

Author SHA1 Message Date
George Thessalonikefs
71db243b0d Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf 2022-12-13 14:35:01 +01:00
George Thessalonikefs
c61b2121b5 - Expose 'max-sent-count' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 13:57:07 +01:00
George Thessalonikefs
e9107907e5 - Clarify the use of MAX_SENT_COUNT in the iterator code. 2022-10-18 12:29:07 +02:00
Yorgos Thessalonikefs
f1d263a318
Leniency for target discovery when under load (for NRDelegation changes) (#764) 
* - Introduce leniency for target discovery when under load.

* - Allow for easier testing (to be reverted).

* - Happy compiler.

* - Precheck access to target_fetch_policy.

* - Do not mark a nameserver as resolved when one of A/AAAA is negative.

* - Update fetch_glue.rpl test for (possible) outstanding queries.

* - Update fetch_glue_cname.rpl test for possible outstanding queries.

* - Better fix for fetch_glue_cname.rpl.

* - Fix iter_emptydp_for_glue.rpl to match the referral.

* - Disabled the nxns tests for now (to be reverted).

* - Update iter_recurse.rpl for possible outstanding queries.

* Revert "- Disabled the nxns tests for now (to be reverted)."

This reverts commit 34a9c13a90.

* Revert "- Allow for easier testing (to be reverted)."

This reverts commit b6dfe35e1d.
 2022-10-04 22:21:08 +02:00
Minghang Chen
249efd4285 Introduce infra-cache-max-rtt option to config max retransmit timeout 
Added the option and let it default to 120 seconds so that it won't change
current behavior.

Related-to #717
 2022-07-16 01:46:18 -07:00
George Thessalonikefs
923eb7d474 - Allow fallback to the parent side when MAX_TARGET_NX is reached. 
This will also allow MAX_TARGET_NX more NXDOMAINs.
 2022-06-29 17:32:29 +02:00
Christian Allred
d19e12ab5d Merge branch 'master' of https://github.com/NLnetLabs/unbound into restart_conf 2022-04-18 12:16:40 -07:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
George Thessalonikefs
ea47c08e70 - Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC 
document.
 2022-01-26 14:35:22 +01:00
W.C.A. Wijngaards
829f3c932e - Fix for #41: change outbound retry to int to fix signed comparison 
warnings.
 2021-09-08 15:07:11 +02:00
W.C.A. Wijngaards
204edd229e Merge branch 'feature/configure-outbound_msg_retry' of git://github.com/countsudoku/unbound into countsudoku-feature/configure-outbound_msg_retry 2021-09-08 14:38:36 +02:00
George Thessalonikefs
8878680898 - Bump MAX_RESTART_COUNT to 11 from 8; in relation to #438. This allows 
longer CNAME chains in Unbound.
 2021-08-04 10:53:22 +02:00
W.C.A. Wijngaards
ecb8aed2f2 - Add that log-servfail prints an IP address and more information 
about one of the last failures for that query.
 2021-04-29 10:24:35 +02:00
Christian Allred
07c0d04a14 Use max-query-restarts in iterative resolver 2021-04-05 16:25:43 -07:00
W.C.A. Wijngaards
ba0f382eee - CVE-2020-12662 Unbound can be tricked into amplifying an incoming 
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.
 2020-05-19 10:27:27 +02:00
Ralph Dolmans
03a37d1ff6 - Keep track of number of timeouts. Use this counter to determine if capsforid 
fallback should be started.
 2020-04-06 18:00:06 +02:00
Moritz Schneider
79cc049096 Make outbound msg retry configurable 2019-06-12 19:01:28 +02:00
Wouter Wijngaards
fd5e4e6019 - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, 
adds the option unknown-server-time-limit to unbound.conf that
  can be increased to avoid the problem.


git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 09:21:41 +00:00
Ralph Dolmans
3f2d186694 - Make capsforid fallback QNAME minimisation aware. 
git-svn-id: file:///svn/unbound/trunk@4840 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 12:43:49 +00:00
Wouter Wijngaards
bea3b6b72d unit test for auth zone lookup 
git-svn-id: file:///svn/unbound/trunk@4469 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-30 15:44:49 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Ralph Dolmans
7b18274d7e - Added stats for queries that have been ratelimited by domain recursion. 
git-svn-id: file:///svn/unbound/trunk@4292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 12:52:33 +00:00
Ralph Dolmans
de731edc0d - Remove unused iter_env member (ip6arpa_dname) 
git-svn-id: file:///svn/unbound/trunk@4290 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 09:29:21 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Ralph Dolmans
5b63c08c72 - Use QTYPE=A for QNAME minimisation. 
- Keep track of number of time-outs when performing QNAME minimisation.
  Stop minimising when number of time-outs for a QNAME/QTYPE pair is
  more than three.



git-svn-id: file:///svn/unbound/trunk@3782 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-13 13:06:35 +00:00
Wouter Wijngaards
3d60a6f446 - Fix #761: DNSSEC LAME false positive resolving nic.club. 
git-svn-id: file:///svn/unbound/trunk@3720 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-18 14:09:12 +00:00
Wouter Wijngaards
6062e896b9 note RFC number. 
git-svn-id: file:///svn/unbound/trunk@3691 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:35:58 +00:00
Ralph Dolmans
6362a12bd7 - Limit number of QNAME minimisation iterations. 
git-svn-id: file:///svn/unbound/trunk@3681 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-17 14:44:41 +00:00
Ralph Dolmans
a05bf09811 Implemented qname minimisation 
git-svn-id: file:///svn/unbound/trunk@3554 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-30 16:10:26 +00:00
Wouter Wijngaards
0735cf0e53 - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution 
failures.


git-svn-id: file:///svn/unbound/trunk@3494 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-28 07:21:48 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
7e50976476 - store caps_response with best response in case downgrade response 
happens to be the last one.


git-svn-id: file:///svn/unbound/trunk@3348 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-04 09:31:26 +00:00
Wouter Wijngaards
f7039d8a59 - Fix CVE-2014-8602: denial of service by making resolver chase 
endless series of delegations.


git-svn-id: file:///svn/unbound/trunk@3289 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-12-08 15:09:18 +00:00
Wouter Wijngaards
bc7f906590 - Fix caps-for-id fallback, and added fallback attempt when servers 
drop 0x20 perturbed queries.


git-svn-id: file:///svn/unbound/trunk@3146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-24 08:24:28 +00:00
Wouter Wijngaards
1a6515778d Remove unused define from iterator.h 
git-svn-id: file:///svn/unbound/trunk@3142 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-02 10:03:21 +00:00
Wouter Wijngaards
cddec24dd2 - Change MAX_SENT_COUNT from 16 to 32 to resolve some cases easier. 
git-svn-id: file:///svn/unbound/trunk@3127 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-06 12:37:37 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
fa3337d42a - new approach to NS fetches for DS lookup that works with 
cornercases, and is more robust and considers forwarders.


git-svn-id: file:///svn/unbound/trunk@2646 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-21 15:01:01 +00:00
Wouter Wijngaards
0d5441bd8a - fix to locate nameservers for DS lookup with NS fetches. 
git-svn-id: file:///svn/unbound/trunk@2645 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-19 15:44:21 +00:00
Wouter Wijngaards
8e1cb52458 - iter_hints is now thread-owned in module env, and thus threadsafe. 
git-svn-id: file:///svn/unbound/trunk@2629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 09:55:50 +00:00
Wouter Wijngaards
f82a0847eb - max sent count. EDNS1480 only for rtt < 5000. No promiscuous 
fetch if sentcount > 3, stop query if sentcount > 16.  Count is
reset when referral or CNAME happens.  This makes unbound better
at managing large NS sets, they are explored when there is continued
interest (in the form of queries).


git-svn-id: file:///svn/unbound/trunk@2499 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 14:11:12 +00:00
Wouter Wijngaards
46eeced066 - Fix operation in ipv6 only (do-ip4: no) mode. 
git-svn-id: file:///svn/unbound/trunk@2487 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-07 14:34:10 +00:00
Wouter Wijngaards
2bdb094f7b - Fix bug where fallback_tcp causes wrong roundtrip and edns 
observation to be noted in cache.  Fix bug where EDNSprobe halted
  exponential backoff if EDNS status unknown.
- new unresponsive host method, exponentially increasing block backoff.
- iana portlist updated.


git-svn-id: file:///svn/unbound/trunk@2303 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-21 15:11:39 +00:00
Wouter Wijngaards
f042f0dd5d - Neat function prototypes, unshadowed local declarations. 
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
Wouter Wijngaards
cb3b649707 - Max referral count from 30 to 130, because 128 one character domains 
is valid DNS.


git-svn-id: file:///svn/unbound/trunk@2152 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-15 10:50:20 +00:00
Wouter Wijngaards
d7fec82eaa - Fix to use one pointer less for iterator query state store_parent_NS. 
git-svn-id: file:///svn/unbound/trunk@2150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-15 09:47:11 +00:00
Wouter Wijngaards
b014aac438 fix 
git-svn-id: file:///svn/unbound/trunk@2146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-11 14:24:25 +00:00
Wouter Wijngaards
6d77834955 parent-child misconfigured data lookup. 
git-svn-id: file:///svn/unbound/trunk@2119 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-28 14:15:29 +00:00
Wouter Wijngaards
7276cf7dd0 - Fix dnssec-missing detection that was turned off by server selection. 
git-svn-id: file:///svn/unbound/trunk@2107 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-04 08:39:04 +00:00