upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-23 07:02:55 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
6923 commits 24 branches 209 tags 130 MiB
Commit graph

893 commits

Author SHA1 Message Date
W.C.A. Wijngaards
74e06cc4b3 - Fix #422: IPv6 fallback issues when IPv6 is not properly 
enabled/configured.
 2021-02-15 14:40:48 +01:00
W.C.A. Wijngaards
b7a633fdc0 Merge branch 'master' into zonemd 2021-02-04 16:08:11 +01:00
Willem Toorop
48ecf95108 Merge branch 'master' into features/padding 2021-01-22 10:29:50 +01:00
W.C.A. Wijngaards
cdb60adcdc Merge branch 'rpz' of https://github.com/magenbluten/unbound into magenbluten-rpz 
Conflict fixed for rpz.disabled check added.
 2021-01-14 12:11:29 +01:00
W.C.A. Wijngaards
ee2545d939 - For #391: fix indentation. 2021-01-08 09:53:52 +01:00
W.C.A. Wijngaards
3e03e2c26d - For #391: use struct timeval* start_time for callback information. 2021-01-08 09:47:46 +01:00
Wouter Wijngaards
48724de155
Merge pull request #391 from fhriley/reply_cb_start_time 
Add start_time to reply callbacks so modules can compute the response…
 2021-01-08 09:35:07 +01:00
Frank Riley
e3abd772f7 Add start_time to reply callbacks so modules can compute the response time. 2021-01-01 15:44:21 -07:00
Frank Riley
42d764eeda Add rpz_enable and rpz_disable commands to unbound-control. 2020-12-13 12:35:11 -07:00
W.C.A. Wijngaards
6bf1293bcd No need for mk_local_addr, can pass the sockaddr structure. 2020-12-09 11:56:35 +01:00
W.C.A. Wijngaards
bdfa65c6ab Import the patches from the files in the tarball in 
issue #365 https://github.com/NLnetLabs/unbound/files/5659923/patches.tar.gz
from iruzanov.  The merge conflicts are fixed, but no changes are made
to the patched code.
 2020-12-09 11:00:51 +01:00
W.C.A. Wijngaards
b2894e23a9 - Fix compile warnings in rpz initialization. 2020-11-27 10:11:14 +01:00
mb
f78aa90ff1 rpz: nsdname stubs 2020-11-26 11:33:49 +01:00
George Thessalonikefs
b0247b6e93 Merge branch 'master' into edns-string 2020-11-23 16:58:30 +01:00
W.C.A. Wijngaards
62152e0493 Fix writepid for retvalue 0. 2020-11-23 14:17:58 +01:00
W.C.A. Wijngaards
19f8f4d9f9 Further fix for CVE-2020-28935, so the chown is omitted when the pidfile 
fails due to a symlink.
 2020-11-23 13:48:04 +01:00
W.C.A. Wijngaards
ad38783297 - Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere 
with chown of pidfile.
 2020-11-23 13:42:11 +01:00
W.C.A. Wijngaards
9cc8aa1ddf - Option to toggle udp-connect, default is enabled. 2020-11-23 11:06:53 +01:00
Ralph Dolmans
946ed23f73 Merge branch 'master' into edns-string 2020-11-11 11:37:32 +01:00
W.C.A. Wijngaards
89087ae294 zonemd, unbound-control auth_zone_reload errors when ZONEMD fails. 2020-10-23 11:47:00 +02:00
W.C.A. Wijngaards
c72ca35f08 unbound-control auth_zone_reload sets zone to nonexpired and 
also updates the xfr soa values from the new zonefile contents.
 2020-10-23 11:44:28 +02:00
W.C.A. Wijngaards
fb5f3f076d zonemd, zonemds are checked when a zone is auth_zone_reload from file, 
or reload with unbound-control.
 2020-10-23 11:20:08 +02:00
W.C.A. Wijngaards
e09873e0c8 zonemd, zonemds are checked at start 2020-10-22 12:10:46 +02:00
W.C.A. Wijngaards
a3e2bfbb0c - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. 
This adds the option http-notls-downstream: yesno to change that,
  and the dohclient test code has the -n option.
 2020-10-19 10:24:03 +02:00
Ralph Dolmans
eb799026ff Replace edns-client-tag with edns-client-string option 2020-09-30 23:17:53 +02:00
W.C.A. Wijngaards
48a56751e9 - Fix #305: dnstap logging significantly affects unbound performance 
(regression in 1.11).
 2020-09-23 11:13:52 +02:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00
W.C.A. Wijngaards
82f2ee63c5 - Fix num.expired statistics output. 2020-09-09 11:44:44 +02:00
W.C.A. Wijngaards
47a5dc8cae - Refactor to use sock_strerr shorthand function. 2020-08-31 09:12:01 +02:00
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
W.C.A. Wijngaards
f6a527c25a - Similar to NSD PR#113, implement that interface names can be used, 
eg. something like interface: eth0 is resolved at server start and
  uses the IP addresses for that named interface.
 2020-08-27 14:53:33 +02:00
Ralph Dolmans
e6ebabc0cc - Fix stats double count issue (#289). 2020-08-20 17:54:28 +02:00
Ralph Dolmans
74ec8a758b
Merge pull request #272 from NLnetLabs/edns-client-tag 
Add EDNS client tag functionality
 2020-08-05 16:07:49 +02:00
Felipe Gasper
9bc30967d2 Make tvOS & watchOS checks verify truthiness as well as definedness. 2020-08-03 14:38:47 -04:00
Ralph Dolmans
16029281a8 Start of EDNS client tags implementation. 2020-07-23 17:17:44 +02:00
W.C.A. Wijngaards
2902ee133b - Fix unused variable warning for clang analyzer. 2020-07-16 15:41:25 +02:00
W.C.A. Wijngaards
4d009e19fc - Fix #259: Fix unbound-checkconf does not check view existence. 
unbound-checkconf checks access-control-view, access-control-tags,
  access-control-tag-actions and access-control-tag-datas.
- Fix offset of error printout for access-control-tag-datas.
 2020-07-07 09:00:04 +02:00
Ralph Dolmans
740da89578 Merge branch 'master' into doh 2020-06-24 14:18:47 +02:00
W.C.A. Wijngaards
edcef18274 Merge branch 'master' of git://github.com/PMunch/unbound into PMunch-master 
Fixed conflicts in Makefile.in and configparser.y
 2020-05-15 14:52:53 +02:00
Ralph Dolmans
8fc2320b5c - Add mem.http.query_buffer and mem.http.response_buffer stats 
- Add configurable limits for http-query-buffer-size and
  http-response-buffer-size
- Make http endpoint, max_streams, and TCP_NODELAY for HTTP sockets
  configurable.
 2020-05-12 18:12:19 +02:00
Ralph Dolmans
723980fe77 - Add query.num.https counter 2020-05-08 12:14:17 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
Willem Toorop
4f78b37c61 Down- and upstream padding a la RFC7830 & RFC8467 2020-04-02 18:34:03 +02:00
Ralph Dolmans
51593d47ac Make unbound-control error returned on missing domain name more user friendly. 2020-03-27 11:27:12 +01:00
Yaroslav K
cfddbcb5be add setting IP DiffServ Codepoint (DSCP, previously TOS) on sockets 2020-03-23 19:37:43 +00:00
Jeffrey Walton
20dbd6339e
Sync with upstream 2020-03-17 06:32:13 -04:00
Ralph Dolmans
90040b24ce - Fix link error when OpenSSL is configured with no-engine, thanks noloader. 2020-03-02 14:06:10 +01:00
W.C.A. Wijngaards
614ed2717b Merge branch 'master' into framestreams 
Fixed bison and flex conflicts by regenerating the files.
 2020-02-28 14:31:24 +01:00
W.C.A. Wijngaards
b63032b4dd dnstap io, fixup fptr_wlist for unbound_dnstap_socket tool. 2020-02-28 08:55:10 +01:00
W.C.A. Wijngaards
348e246b66 - Fix #169: Fix warning for daemon/remote.c output may be truncated 
from snprintf.
 2020-02-27 15:08:10 +01:00
W.C.A. Wijngaards
4d3524f496 dnstap io, test for TLS and reconnect for that. And fix unused parameters 
for dt_create and fix check of socket path when using IP address.
 2020-02-14 14:44:02 +01:00
W.C.A. Wijngaards
e5e72eb398 Merge branch 'master' into framestreams 2020-02-12 11:58:01 +01:00
George Thessalonikefs
adda4f6ace - Fix use after free on log-identity after a reload; Fixes #163. 2020-02-10 13:56:22 +01:00
W.C.A. Wijngaards
58fdcf06e8 Merge branch 'master' into framestreams 2020-02-05 14:25:47 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
W.C.A. Wijngaards
9115eb88ed Merge branch 'master' into framestreams 2020-02-04 09:40:00 +01:00
Ralph Dolmans
4fc622031d - Reformat rpz disabled stats counter 2020-02-03 16:52:25 +01:00
W.C.A. Wijngaards
8dd683768b Merge branch 'master' into framestreams 2020-01-30 16:22:12 +01:00
Ralph Dolmans
056176ec9a Merge branch 'master' into rpz 2020-01-30 15:57:34 +01:00
W.C.A. Wijngaards
b1d8b549e0 Merge branch 'master' into framestreams 2020-01-30 15:49:24 +01:00
Ralph Dolmans
882741bf55 - Fix memory leak in do_auth_zone_transfer on success 2020-01-30 15:45:54 +01:00
Ralph Dolmans
4f5b934688 - Fix small memory leak in error condition remote.c 
- Fix double free in error condition view.c
 2020-01-30 14:56:48 +01:00
Ralph Dolmans
3609287344 - Fix RPZ stats RPZ_NO_OVERRIDE_ACTION check 2020-01-30 14:05:56 +01:00
W.C.A. Wijngaards
fa49fc77e3 fix dnstap io for lock checks, log identity (numworkers+1), and add locks 
around protected area modification in the message queue.
 2020-01-30 13:39:31 +01:00
W.C.A. Wijngaards
af252929e8 Merge branch 'master' into framestreams 2020-01-29 16:10:16 +01:00
Alexander Berkes
396d4223d9 Added unbound-control view_local_datas_remove command 2020-01-29 02:28:00 +01:00
W.C.A. Wijngaards
1e4165d25b dnstap io, without threads, logs from the main event loop. 2020-01-28 15:51:39 +01:00
PMunch
b7e8dc1182
Merge branch 'master' into master 2020-01-28 13:18:01 +01:00
W.C.A. Wijngaards
efc79beb2d iothread work. 2020-01-21 17:01:25 +01:00
W.C.A. Wijngaards
57ad169605 the framestream queue. 2020-01-21 14:50:37 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
a8db52120b - Fix the relationship between serve-expired and prefetch options, 
patch from Saksham Manchanda from Secure64.
 2020-01-10 10:04:50 +01:00
Ralph Dolmans
ae4f6a259b Proccess more review feedback 2019-12-23 16:02:43 +01:00
W.C.A. Wijngaards
216747bb17 - Fix lock type for memory purify log lock deletion. 2019-12-04 09:44:31 +01:00
W.C.A. Wijngaards
da4d6ffee3 - Fix Bad Randomness in Seed, reported by X41 D-Sec. 2019-11-20 14:40:50 +01:00
W.C.A. Wijngaards
981fedea0e - Fix NULL Pointer Dereference via Control Port, 
reported by X41 D-Sec.
 2019-11-20 14:37:13 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
d8809c672a - Fix Weak Entropy Used For Nettle, 
reported by X41 D-Sec.
 2019-11-20 11:28:53 +01:00
W.C.A. Wijngaards
79a6e9fbe2 - Fixes to please lint checks. 2019-11-19 12:10:03 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
PMunch
8eeb910e3d Improve dynlib module and add documentation 
Dynamic library module is now only a thin wrapper that loads dynamic
libraries and forwards all function calls directly to the loaded module.
This meant adding get_mem and clear, and get_mem calls have been added
in the expected places.

Documentation has also been added to the example.conf and the
unbound.conf manpage.
 2019-10-21 14:20:33 +02:00
Maryse47
ce0e9bef45 Consistently use /dev/urandom instead of /dev/random in scripts and docs 
Unbound code call /dev/urandom (see below)  but various docs and scripts
mention /dev/random which may be confusing.

https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/arc4random.c#L107
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_linux.c#L251
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_osx.c
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_solaris.c#L116
 2019-09-19 17:40:49 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
W.C.A. Wijngaards
0532cdd357 - (for later release): -V prints if TCP fastopen is available. 2019-08-15 17:04:38 +02:00
W.C.A. Wijngaards
8cb3656b3e - Fix warning for unused variable for compilation without systemd. 2019-08-14 16:08:19 +02:00
George Thessalonikefs
a90f173875 - Fix #59, when compiled with systemd support check that we can properly 
communicate with systemd through the `NOTIFY_SOCKET`.
 2019-08-14 15:51:28 +02:00
George Thessalonikefs
008813f0a2 - Introduce -V option to print the version number and build options. 
Previously reported build options like linked libs and linked modules
  are now moved from `-h` to `-V` as well for consistency.
- PACKAGE_BUGREPORT now also includes link to GitHub issues.
 2019-08-12 17:52:43 +02:00
Ralph Dolmans
0987a82877 Add statistics support for disabled (action override) response IP RPZ 
triggers.
 2019-08-07 14:09:48 +02:00
W.C.A. Wijngaards
fa506e3cda - Check repinfo in worker_handle_request, if null, drop it. 2019-08-01 16:57:36 +02:00
W.C.A. Wijngaards
df0c844eed - Fix to timeval_add for remaining second in microseconds. 2019-08-01 16:48:41 +02:00
Ralph Dolmans
1c5d081853 - Add RPZ response IP override option, logging, and statistics 2019-08-01 14:31:37 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
Ralph Dolmans
d323e1bda8 - Fix for possible assertion failure when answering respip CNAME from cache. 2019-07-05 16:52:03 +02:00
W.C.A. Wijngaards
af6c5dea43 - Fix another spoolbuf storage code point, in prefetch. 2019-06-12 08:32:45 +02:00
Ralph Dolmans
268580f348 Added RPZ log name and stats 2019-06-03 15:46:39 +02:00
Ralph Dolmans
c66e47c372 Initial RPZ commit - now with all files 2019-04-05 17:39:10 +02:00
Wouter Wijngaards
937523285a - Move goto label in answer_from_cache to the end of the function 
where it is more visible.


git-svn-id: file:///svn/unbound/trunk@5145 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-03 05:32:28 +00:00
Wouter Wijngaards
b75c37252c - Fix that tls-session-ticket-keys: "" on its own in unbound.conf 
disables the tls session ticker key calls into the OpenSSL API.


git-svn-id: file:///svn/unbound/trunk@5140 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-25 08:47:14 +00:00