upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-03 20:29:28 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
8143 commits 25 branches 209 tags 134 MiB
Commit graph

8143 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yorgos Thessalonikefs
74cc49e6c4 - Introduce the 'log-thread-id' configuration option to manage logging 
the system-wide Linux thread ID for easier debugging with system
  tools.
 2026-01-23 17:15:14 +01:00
Yorgos Thessalonikefs
d414ebf0c7 - On Linux systems log the system-wide unique thread ID instead of 
Unbound's internal thread counter.
 2026-01-23 17:08:55 +01:00
Yorgos Thessalonikefs
024c921dbf - Fix #1366: Infra cache does not work correctly for NAT64, by
Some checks failed
ci / build (push) Has been cancelled
Details 
moving the NAT64 synthesis from the iterator when selecting a target
  address, to the delegation point itself when adding target
  addresses.
 2025-11-01 15:10:27 +01:00
Yorgos Thessalonikefs
1a808e2978 - Fix typo; spotted by T3rm1.
Some checks failed
ci / build (push) Has been cancelled
Details
2025-10-28 14:42:20 +01:00
Yorgos Thessalonikefs
56ded934de - Fix #1165, document the possible circular dependency when using
Some checks are pending
ci / build (push) Waiting to run
Details 
host names instead of IP addresses for name servers in stub/forward
  zones and log a warning when spotted in the configuration.
 2025-10-27 14:01:10 +01:00
Yorgos Thessalonikefs
98952f11d1 Changelog entry for #1331:
Some checks are pending
ci / build (push) Waiting to run
Details 
- Merge #1331 from Jitka Plesníková: Replace deprecated $function by
  new $action, for SWIG.
 2025-10-27 09:59:35 +01:00
Yorgos Thessalonikefs
cb4b3de62f
Merge pull request #1331 from jplesnik/master 
Replace deprecated $function by new $action
 2025-10-27 09:57:59 +01:00
Yorgos Thessalonikefs
c8dcfc0853 - For #1364, use OPENSSL_VERSION_TEXT instead of OPENSSL_VERSION_NUMBER
Some checks failed
ci / build (push) Has been cancelled
Details 
for part of the configure script. OPENSSL_VERSION_TEXT is more
  consistent across versions.
 2025-10-24 15:43:22 +02:00
Yorgos Thessalonikefs
2bb28fdf12 - Fix unused attribute warning in redis.c when threads are not 
supported.
 2025-10-24 14:44:58 +02:00
Yorgos Thessalonikefs
6ad26909dd - Note Havard Eidnes for his suggestions on the mailing list. 2025-10-24 14:26:08 +02:00
Yorgos Thessalonikefs
9602973c86 - unbound.conf man page updates to include a preview of the section 
clauses and some reformatting around the use of "clause", "option"
  and "attributes".
 2025-10-24 14:23:53 +02:00
Yorgos Thessalonikefs
713b1783d4 - Tag for 1.24.1 release.
Some checks failed
ci / build (push) Has been cancelled
Details 
The repository continues with version 1.24.2.
 2025-10-22 12:49:29 +02:00
Yorgos Thessalonikefs
e06b7eb3f1 Merge branch 'branch-1.24.1' 2025-10-22 12:44:59 +02:00
Yorgos Thessalonikefs
a33f0638e1 - Fix CVE-2025-11411 (possible domain hijacking attack), reported by Yuxiao Wu, 
Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University.
 2025-10-22 10:54:57 +02:00
Yorgos Thessalonikefs
bbeee42e25 - Set version to 1.24.1. 2025-10-22 10:50:18 +02:00
Yorgos Thessalonikefs
1cb9595a42 - Update the unbound.conf online man page link and some text
Some checks failed
ci / build (push) Has been cancelled
Details 
reformatting in README.md.
 2025-10-20 14:34:40 +02:00
Wouter Wijngaards
aa21e38b3a
Fix for analysis and ports workflows iOS, Windows (#1361)
Some checks failed
ci / build (push) Has been cancelled
Details 
* - Remove SDK_VERSION and only run failed jobs, echo windows config.log

* Use commented out to fix syntax of ci.

* - Turn off succeeded tests, only link libssp for cross compile, use
no-shared for openssl ios.

* - Remove iPhone armv7s, and iPhoneSimulator i386 from ios ci.
  The lib system does not provide symbols for it on the new macos
  runner.
- Fix to exclude libssp for windows compiles.
 2025-10-15 16:12:39 +02:00
W.C.A. Wijngaards
964848b94a - Fix unbound.conf man page entry for root-hints to say it can 
be used without strongly recommending it.
 2025-10-15 15:40:47 +02:00
Yorgos Thessalonikefs
a4dd321fd8 - Remove extra gpg instructions from makedist.sh output. 2025-10-15 14:59:48 +02:00
Yorgos Thessalonikefs
d23a28a693 - ci: don't fail fast for the analysis_port workflow.
Some checks are pending
ci / build (push) Waiting to run
Details
2025-10-15 14:10:20 +02:00
W.C.A. Wijngaards
5423c0a8e9 Update ios ci with older sdk version to use. 2025-10-15 13:41:36 +02:00
W.C.A. Wijngaards
6a5385f291 - Fix to update openssl version in ios ci. 2025-10-15 12:25:44 +02:00
W.C.A. Wijngaards
16f3478048 - Add extended dns error code for invalid query type to definition 
list.
 2025-10-15 11:39:58 +02:00
W.C.A. Wijngaards
c8860a5fb6 - Fix to reply with SERVFAIL when the wait-limit is exceeded. 2025-10-15 11:36:29 +02:00
W.C.A. Wijngaards
735c96aac7 - Fix to drop UDP for discard-timeout, but not stream connections. 2025-10-15 11:04:22 +02:00
W.C.A. Wijngaards
a75ea01a15 - Fix #1358 Enabling FIPS in OpenSSL causes unit test to fail.
Some checks failed
ci / build (push) Has been cancelled
Details
2025-10-10 09:17:08 +02:00
Yorgos Thessalonikefs
21f02a0865 - Note clearly that 'wait-limit: 0' disables all wait limits. 
- 'wait-limit-cookie: 0' can now disable cookie validated wait
  limits.
 2025-10-03 16:44:44 +02:00
Yorgos Thessalonikefs
e017d66fc1 - Note 'respip' and 'dns64' module order in the unbound.conf 
man page.
 2025-10-03 11:27:26 +02:00
W.C.A. Wijngaards
adaf5dab49 - Fix that https is set up as enabled when the port is listed in 
interface-automatic-ports. Also for the set up of quic it is
  enabled when listed there.
 2025-10-02 10:16:06 +02:00
W.C.A. Wijngaards
feeebc95f8 - Fix for #1344: Fix that respip and dns64 can be enabled at the 
same time, the client info is copied for attach_sub and add_sub
  calls. That makes respip work on dns64 synthesized answers, and
  also makes RPZ work with DNS64. The order for the modules is
  module-config: "respip dns64 validator iterator".
 2025-09-30 11:28:15 +02:00
W.C.A. Wijngaards
187aa52859 - Fix #1344: module conf 'respip dns64 validator cachedb iterator' 
is not known to work.
 2025-09-29 16:11:50 +02:00
W.C.A. Wijngaards
f1fea8dc46 - Fix #1353: auth-zone can not use empty label for $ORIGIN when 
http download.
 2025-09-29 14:24:31 +02:00
Yorgos Thessalonikefs
0c01257d1d Changelog entry for #1351: 
- Merge #1351: ac_cv_func_malloc_0_nonnull for malloc(0) check.
 2025-09-29 13:14:07 +02:00
W.C.A. Wijngaards
50a11ebcc8 - Rebuild configure script from its sources. 2025-09-29 13:13:15 +02:00
Yorgos Thessalonikefs
1e2dc657a1
ac_cv_func_malloc_0_nonnull for malloc(0) check (#1351) 
- For #1339, use the standard variable ac_cv_func_malloc_0_nonnull for
  the malloc(0) check during configure; patch from Helmut Grohne.
 2025-09-29 13:12:27 +02:00
Yorgos Thessalonikefs
843124852f Changelog entry for #1349: 
- Merge #1349: Fix #1346: [FR] Please allow back TLS 1.2.
 2025-09-29 12:10:34 +02:00
W.C.A. Wijngaards
5e2fdff8e5 - Fix fr_atomic_copy_cfg. 2025-09-29 12:08:30 +02:00
Yorgos Thessalonikefs
499a3a7a61
Fix #1346: [FR] Please allow back TLS 1.2. (#1349) 
* 'tls-use-system-policy-versions' is introduced to allow Unbound to use
  any system available TLS version when serving TLS.

* Apply suggestions from code review

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-09-29 12:03:56 +02:00
W.C.A. Wijngaards
2024c1d050 - Neaten up the change in acx_nlnetlabs.m4 to version 49. 2025-09-29 11:40:14 +02:00
W.C.A. Wijngaards
6cd595a816 - Fix modstack_call_init to use the original string when it has 
changed, to call modstack_config with. And skip the changed name
  in the string correctly. Thanks to Jan Komissar.
 2025-09-29 11:31:50 +02:00
W.C.A. Wijngaards
74cf81e9a7 - Rebuild configure script from its sources. 2025-09-29 10:02:54 +02:00
Yorgos Thessalonikefs
35f6fd47fb - Test for nonstring attribute in configure and add 
nonstring attribute annotations.
 2025-09-26 16:23:55 +02:00
Alex Band
270e099aab
Update Mastodon shield 2025-09-25 21:39:39 +02:00
Yorgos Thessalonikefs
64645e1401 - Avoid calling mesh_detect_cycle_found() when there is no mesh state 
to begin with.
 2025-09-24 14:30:24 +02:00
Yorgos Thessalonikefs
421d317a64 - For #1350, same CAP_NET_ADMIN change for unbound_portable.service.in 
as well.
 2025-09-23 17:42:41 +02:00
Yorgos Thessalonikefs
0b8ed987de Changelog entry for #1350: 
- Merge #1350 from Maryse47: unbound.service.in: allow CAP_NET_ADMIN.
 2025-09-23 17:37:59 +02:00
Yorgos Thessalonikefs
9511797487
Merge pull request #1350 from Maryse47/patch-1 
unbound.service.in: allow CAP_NET_ADMIN and drop CAP_NET_RAW (redundant now).
 2025-09-23 17:37:09 +02:00
Yorgos Thessalonikefs
0b7bb75152 - For #1352, align with the current Python<3 code. 2025-09-23 17:31:55 +02:00
Yorgos Thessalonikefs
88c688ec10 Changelog entry for #1352: 
- Merge #1352 from Petr Vaganov: pythonmod: fix HANDLE_LEAK on
  pythonmod_init.
 2025-09-23 17:15:16 +02:00
Maryse47
81fd1dc71c
unbound.service.in: drop CAP_NET_RAW 
CAP_NET_RAW is unnecessary after CAP_NET_ADMIN was added
 2025-09-23 17:13:31 +02:00