Dynamic library module is now only a thin wrapper that loads dynamic
libraries and forwards all function calls directly to the loaded module.
This meant adding get_mem and clear, and get_mem calls have been added
in the expected places.
Documentation has also been added to the example.conf and the
unbound.conf manpage.
names, for names that have a CNAME in local-data configuration.
It logs the original query name, not the target of the CNAME.
- Add local-zone type inform_redirect, which logs like type inform,
and redirects like type redirect.
git-svn-id: file:///svn/unbound/trunk@5099 be551aaa-1e26-0410-a405-d3ace91eadb9
as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
B root address.
git-svn-id: file:///svn/unbound/trunk@5083 be551aaa-1e26-0410-a405-d3ace91eadb9
memory used by waiting tcp and tls stream replies. This avoids
a denial of service where these replies use up all of the memory.
git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
adds the option unknown-server-time-limit to unbound.conf that
can be increased to avoid the problem.
git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
deny-any: yes in unbound.conf. This responds with an empty message
to queries of type ANY.
git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
resilience of the server. The so-reuseport, harden-below-nxdomain,
and minimal-responses options are enabled by default. They used
to be disabled by default, waiting to make sure they worked. They
are enabled by default now, and can be disabled explicitly by
setting them to "no" in the unbound.conf config file. The reuseport
and minimal options increases speed of the server, and should be
otherwise harmless. The harden-below-nxdomain option works well
together with the recently default enabled qname minimisation, this
causes more fetches to use information from the cache.
git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
certificate and key files, access can be restricted with file and
directory permissions. The option control-use-cert is no longer
used, and ignored if found in unbound.conf.
git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
authenticating DNS-over-TLS connections. It can be used instead
of the tls-cert-bundle option, or with it to add certificates.
git-svn-id: file:///svn/unbound/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
that uses a Redis server as the storage. This implementation
depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
And unbound should be built with both --enable-cachedb and
--with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
should exist). Patch from Jinmei Tatuya (Infoblox).
git-svn-id: file:///svn/unbound/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
fallback-enabled: yes and masters or a zonefile with data.
git-svn-id: file:///svn/unbound/trunk@4510 be551aaa-1e26-0410-a405-d3ace91eadb9
also recognized and means the same. Also for tls-port,
tls-service-key, tls-service-pem, stub-tls-upstream and
forward-tls-upstream.
git-svn-id: file:///svn/unbound/trunk@4444 be551aaa-1e26-0410-a405-d3ace91eadb9
