upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
3798 commits 23 branches 209 tags 123 MiB
Commit graph

125 commits

Author SHA1 Message Date
Wouter Wijngaards
3a1ffe4c69 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: file:///svn/unbound/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
Wouter Wijngaards
9b4b0de746 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
Wouter Wijngaards
cd7db58ce3 - configure --enable-systemd and lets unbound use systemd sockets if 
you enable use-systemd: yes in unbound.conf.
  Also there are contrib/unbound.socket and contrib/unbound.service:
  systemd files for unbound, install them in /usr/lib/systemd/system.
  Contributed by Sami Kerola and Pavel Odintsov.



git-svn-id: file:///svn/unbound/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-03 13:43:29 +00:00
Wouter Wijngaards
b7a314a7dc - Fix #1170: document that 'inform' local-zone uses local-data. 
git-svn-id: file:///svn/unbound/trunk@3944 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-05 12:59:08 +00:00
Ralph Dolmans
efe248c46a - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: file:///svn/unbound/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
Wouter Wijngaards
680e14cb65 - log-identity: config option to set sys log identity, patch from 
"Robin H. Johnson" <robbat2@gentoo.org>


git-svn-id: file:///svn/unbound/trunk@3917 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 08:51:40 +00:00
Wouter Wijngaards
a9a65800b8 - serve-expired config option: serve expired responses with TTL 0. 
git-svn-id: file:///svn/unbound/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:43:20 +00:00
Wouter Wijngaards
4621d209ca - Fix #1130: whitespace in example.conf.in more consistent. 
git-svn-id: file:///svn/unbound/trunk@3894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-19 07:15:41 +00:00
Ralph Dolmans
9c0944ec1e - Added qname-minimisation-strict config option. 
git-svn-id: file:///svn/unbound/trunk@3878 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-11 11:32:50 +00:00
Ralph Dolmans
b587c7f72d Added views functionality. 
git-svn-id: file:///svn/unbound/trunk@3876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:36:25 +00:00
Wouter Wijngaards
ab4be7357f - nicer ratelimit-below-domain explanation. 
git-svn-id: file:///svn/unbound/trunk@3825 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-26 13:37:30 +00:00
Wouter Wijngaards
3cbc01e51f caps-whitelist entry. 
git-svn-id: file:///svn/unbound/trunk@3818 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-18 07:53:49 +00:00
Wouter Wijngaards
17023457a9 - access-control-tag-data implemented. verbose(4) prints tag debug. 
git-svn-id: file:///svn/unbound/trunk@3811 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-07 10:20:05 +00:00
Wouter Wijngaards
fe80669639 More docs for enabling the netblock option. 
git-svn-id: file:///svn/unbound/trunk@3805 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 15:00:30 +00:00
Wouter Wijngaards
3e54a83820 - Document always_transparent, always_refuse, always_nxdomain types. 
git-svn-id: file:///svn/unbound/trunk@3802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-30 07:36:36 +00:00
Wouter Wijngaards
5d2dc481ef - document directory immediate fix and allow EXECUTABLE syntax in it 
on windows.


git-svn-id: file:///svn/unbound/trunk@3779 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-10 13:37:14 +00:00
Wouter Wijngaards
0e97374466 - access-control-tag-action and access-control-tag-data config 
directives.
- make depend


git-svn-id: file:///svn/unbound/trunk@3759 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 13:47:24 +00:00
Wouter Wijngaards
65bcb9b0ca - local-zone-override config directive. 
git-svn-id: file:///svn/unbound/trunk@3758 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 10:00:25 +00:00
Wouter Wijngaards
44889af074 move define-tags before access-control-tag in example config 
git-svn-id: file:///svn/unbound/trunk@3757 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:53:18 +00:00
Wouter Wijngaards
c6e54c4b1f better example config 
git-svn-id: file:///svn/unbound/trunk@3755 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:41:23 +00:00
Wouter Wijngaards
415fc52b08 - access-control-tag config directive. 
git-svn-id: file:///svn/unbound/trunk@3754 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:33:59 +00:00
Wouter Wijngaards
1618b3c040 - re-documented localzone tags in example.conf. 
git-svn-id: file:///svn/unbound/trunk@3751 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-02 15:07:10 +00:00
Wouter Wijngaards
d98cd61ec9 - un-document localzone tags. 
git-svn-id: file:///svn/unbound/trunk@3747 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-02 12:13:30 +00:00
Wouter Wijngaards
7fcec8102f - disable-dnssec-lame-check config option from Charles Walker. 
git-svn-id: file:///svn/unbound/trunk@3725 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-24 12:17:42 +00:00
Wouter Wijngaards
46d476b0c2 define-tag and local-zone-tag configuration. 
git-svn-id: file:///svn/unbound/trunk@3708 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-21 09:49:02 +00:00
Wouter Wijngaards
a7e6f630d7 - Document permit-small-holddown for 5011 debug. 
git-svn-id: file:///svn/unbound/trunk@3695 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-24 08:10:40 +00:00
Wouter Wijngaards
575fe62425 And documentation. 
git-svn-id: file:///svn/unbound/trunk@3674 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-15 09:42:56 +00:00
Wouter Wijngaards
85de673b6b - ip-transparent option for FreeBSD with IP_BINDANY socket option. 
git-svn-id: file:///svn/unbound/trunk@3623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-15 08:17:54 +00:00
Wouter Wijngaards
785697de82 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: file:///svn/unbound/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
Wouter Wijngaards
5cb0a1d8ed - Support RFC7686: handle ".onion" Special-Use Domain. It is blocked 
by default, and can be unblocked with "nodefault" localzone config.


git-svn-id: file:///svn/unbound/trunk@3593 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 14:02:45 +00:00
Wouter Wijngaards
5d0ad681a2 - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: file:///svn/unbound/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
Wouter Wijngaards
3b0a763367 - Removed unneeded whitespace from example.conf. 
git-svn-id: file:///svn/unbound/trunk@3574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-04 08:01:37 +00:00
Ralph Dolmans
014142d7bf Qname minimisation review fixes 
git-svn-id: file:///svn/unbound/trunk@3561 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 13:14:00 +00:00
Wouter Wijngaards
ac32f19928 - Change example.conf: ftp.internic.net to https://www.internic.net 
git-svn-id: file:///svn/unbound/trunk@3529 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-06 09:00:01 +00:00
Wouter Wijngaards
f24c3229ea - Fix #714: Document config to block private-address for IPv4 
mapped IPv6 addresses.


git-svn-id: file:///svn/unbound/trunk@3513 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-23 07:13:45 +00:00
Wouter Wijngaards
c3a45dde15 - Default for ssl-port is port 853, the temporary port assignment 
for secure domain name system traffic.
  If you used to rely on the older default of port 443, you have
  to put a clause in unbound.conf for that.  The new value is likely
  going to be the standardised port number for this traffic.


git-svn-id: file:///svn/unbound/trunk@3502 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-09 07:55:21 +00:00
Wouter Wijngaards
e65fdc31aa - Change default of harden-algo-downgrade to off. This is lenient 
for algorithm rollover.


git-svn-id: file:///svn/unbound/trunk@3478 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-24 15:05:10 +00:00
Wouter Wijngaards
bc58e8cb15 - Document in the manual more text about configuring locally served 
zones.


git-svn-id: file:///svn/unbound/trunk@3465 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 10:34:29 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
94a6478e05 - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: file:///svn/unbound/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
Wouter Wijngaards
bd89f4e7d5 - documentation proposes ratelimit of 1000 (closer to what upstream 
servers expect from us).


git-svn-id: file:///svn/unbound/trunk@3427 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-21 12:06:41 +00:00
Wouter Wijngaards
b5f391d845 - DLV is going to be decommissioned. Advice to stop using it, and 
put text in the example configuration and man page to that effect.


git-svn-id: file:///svn/unbound/trunk@3424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-20 06:24:06 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
e25ac1c2eb - Add local-zone type inform_deny, that logs query and drops answer. 
git-svn-id: file:///svn/unbound/trunk@3398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 08:23:06 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
77088b12ff - Add ip-transparent config option for bind to non-local addresses. 
git-svn-id: file:///svn/unbound/trunk@3369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-19 09:50:35 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
29db65b4a8 - Fix #643: doc/example.conf.in: unnecessary whitespace. 
git-svn-id: file:///svn/unbound/trunk@3335 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-13 11:02:46 +00:00
Wouter Wijngaards
3ef33154e5 - infra-cache-min-rtt patch from Florian Riehm, for expected long 
uplink roundtrip times.


git-svn-id: file:///svn/unbound/trunk@3328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-02 08:46:22 +00:00