upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-27 18:20:02 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6863 commits 23 branches 209 tags 124 MiB
Commit graph

4502 commits

Author SHA1 Message Date
W.C.A. Wijngaards
c29b0e0a96 - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan. 2022-02-03 09:03:09 +01:00
W.C.A. Wijngaards
50a312b8da - Update contrib/aaaa-filter-iterator.patch with diff for current 
software version.
 2022-02-02 15:35:19 +01:00
W.C.A. Wijngaards
893fb4d54b - Fix docker splint test to use more portable uname. 2022-02-02 14:47:57 +01:00
W.C.A. Wijngaards
6bad577781 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-02-02 14:11:55 +01:00
W.C.A. Wijngaards
2642319ea6 - please clang analyzer for loop in test code. 2022-02-02 14:11:36 +01:00
George Thessalonikefs
d123e1c919 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-02-02 14:05:35 +01:00
George Thessalonikefs
c53171d942 - Changelog entry clarification. 2022-02-02 14:05:31 +01:00
W.C.A. Wijngaards
e656be63f9 - Fix header comment for doxygen for authextstrtoaddr. 2022-02-02 13:20:46 +01:00
W.C.A. Wijngaards
ee3c478239 - Update version number in repo to 1.15.0 for upcoming release, 
since it changes the aggressive-nsec default and the ratelimit change.
 2022-02-02 13:09:51 +01:00
George Thessalonikefs
b1feb9fb1e - Update stream_ssl.tdir test to also use the new forward-host notation. 2022-02-02 12:55:29 +01:00
George Thessalonikefs
819008cf7e - Merge PR #617: Update stub/forward-host notation to accept port and 
tls-auth-name.
 2022-02-02 11:57:36 +01:00
gthess
11f2e7e6ae
Merge pull request #617 from NLnetLabs/update-host-notation 
Update stub/forward-host notation to accept port and tls-auth-name
 2022-02-02 11:56:27 +01:00
gthess
414a37ed2b
Don't accidentaly introduce a troff macro 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2022-02-02 11:53:38 +01:00
George Thessalonikefs
32c3bbd249 - Change aggressive-nsec default to yes. 2022-02-02 11:25:08 +01:00
George Thessalonikefs
c6b413069d Changelog entry for #616 
- Merge PR #616: Update ratelimit logic. It also introduces
  ratelimit-backoff and ip-ratelimit-backoff configuration options.
 2022-02-02 11:18:14 +01:00
gthess
358e3a5963
Merge pull request #616 from NLnetLabs/bugfix/ratelimit 
Update ratelimit logic
 2022-02-02 11:16:04 +01:00
George Thessalonikefs
506d24c7a6 Changelog entry for #532 
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
 2022-02-02 10:48:56 +01:00
George Thessalonikefs
a5e9221933 Changelog note for #603: 
- Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
  internals.
 2022-02-01 18:00:46 +01:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
George Thessalonikefs
10d9804149 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-01-31 11:28:30 +01:00
George Thessalonikefs
a60bbd12ed -Fix review comment for use-after-free when failing to send UDP out. 2022-01-31 11:27:35 +01:00
W.C.A. Wijngaards
84df46289d - iana portlist update. 2022-01-31 10:53:22 +01:00
George Thessalonikefs
52283194eb - Update unbound.conf manpage and example.conf file for ratelimit 
options.
 2022-01-30 01:04:15 +01:00
George Thessalonikefs
3086335724 - Introduce ratelimit-backoff and ip-ratelimit-backoff options for more 
aggressive rate limiting.
 2022-01-30 00:36:29 +01:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
George Thessalonikefs
888eb224a6 - Better cleanup on failed DoT/DoH listening socket creation. 2022-01-29 15:14:56 +01:00
George Thessalonikefs
c49e87e1b7 - Fix tls-* and ssl-* documented alternate syntax to also be available 
through remote-control and unbound-checkconf.
 2022-01-29 15:11:47 +01:00
W.C.A. Wijngaards
d10562c823 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-01-26 16:41:04 +01:00
W.C.A. Wijngaards
54ea2948da - Test for NSID in SERVFAIL response due to DNSSEC bogus. 2022-01-26 16:40:04 +01:00
George Thessalonikefs
ea47c08e70 - Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC 
document.
 2022-01-26 14:35:22 +01:00
George Thessalonikefs
79e755e1dd Changelog note for #612: 
- Merge PR #612: TCP race condition.
 2022-01-25 17:29:52 +01:00
George Thessalonikefs
5c85615515 - Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in 
serviced_udp_callback.
 2022-01-25 17:15:37 +01:00
W.C.A. Wijngaards
70f13e54bf Changelog note for #610 
- Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
 2022-01-25 09:02:55 +01:00
George Thessalonikefs
8e76eb95a0 - For dnstap, do not wakeupnow right there. Instead zero the timer to 
force the wakeup callback asap.
 2022-01-19 15:32:02 +01:00
W.C.A. Wijngaards
c7ae3ef156 - For #602: Allow the module-config "subnetcache validator cachedb 
iterator".
 2022-01-14 16:30:25 +01:00
W.C.A. Wijngaards
2996040c6c - Add rpz: for-downstream: yesno option, where the RPZ zone is 
authoritatively answered for, so the RPZ zone contents can be
  checked with DNS queries directed at the RPZ zone.
 2022-01-14 16:23:43 +01:00
George Thessalonikefs
3c8a79eed8 Changelog note for #605: 
- Merge PR #605: Fix EDNS to upstream where the same option could be
  attached more than once.
 2022-01-14 15:38:15 +01:00
George Thessalonikefs
a97604737b - Fix prematurely terminated TCP queries when a reply has the same ID. 2022-01-11 10:00:45 +01:00
W.C.A. Wijngaards
d52d94c6db Changelog note for #600 
- Merge #600 from pemensik: Change file mode before changing file
  owner.
 2022-01-07 13:23:18 +01:00
W.C.A. Wijngaards
33ef79d433 - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip 
triggered operation.
 2022-01-05 16:48:35 +01:00
W.C.A. Wijngaards
eccfe3e1f5 - Fix #598: Fix unbound-checkconf fatal error: module conf 
'respip dns64 validator iterator' is not known to work.
 2022-01-05 16:14:47 +01:00
W.C.A. Wijngaards
adcbb6ced7 - Fix for #596: add unit test for nsip trigger and signal unset RA. 2022-01-05 14:31:42 +01:00
W.C.A. Wijngaards
c678c696a1 - Fix for #596: add unit test for nsdname trigger and signal unset RA. 2022-01-05 14:13:52 +01:00
W.C.A. Wijngaards
313bceb983 - Fix unit tests for rpz now that the AA flag returns successfully from 
the iterator loop.
 2022-01-05 13:39:06 +01:00
W.C.A. Wijngaards
6b2e96430e - Fix for #596: fix that rpz return message is returned and not just 
the rcode from the iterator return path. This fixes signal unset RA
  after a CNAME.
 2022-01-05 13:35:18 +01:00
W.C.A. Wijngaards
ceef84e022 - Fix that RPZ does not set RD flag on replies, it should be copied 
from the query.
 2022-01-04 13:49:31 +01:00
W.C.A. Wijngaards
95644c9309 - Fix #596: only unset RA when NXDOMAIN is signalled. 2022-01-04 13:48:29 +01:00
W.C.A. Wijngaards
cbdc138df7 - Fix to add test for rpz-signal-nxdomain-ra. 2022-01-04 13:41:27 +01:00
W.C.A. Wijngaards
392c1f0f54 - Fix #596: unset the RA bit when a query is blocked by an unbound 
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
  signal that a domain is externally blocked to clients when it
  is blocked with NXDOMAIN by unsetting RA.
 2022-01-04 13:40:07 +01:00
George Thessalonikefs
4e492725e1 - contrib/aaaa-filter-iterator.patch file renewed diff content to 
apply cleanly to the current coderepo for the current code version.
 2021-12-22 15:02:44 +01:00