- free memory leaks in config strlist and str2list insert functions.
- do not move unused argv variable after getopt.
- Remove unused if clause in testcode.
git-svn-id: file:///svn/unbound/trunk@4896 be551aaa-1e26-0410-a405-d3ace91eadb9
resilience of the server. The so-reuseport, harden-below-nxdomain,
and minimal-responses options are enabled by default. They used
to be disabled by default, waiting to make sure they worked. They
are enabled by default now, and can be disabled explicitly by
setting them to "no" in the unbound.conf config file. The reuseport
and minimal options increases speed of the server, and should be
otherwise harmless. The harden-below-nxdomain option works well
together with the recently default enabled qname minimisation, this
causes more fetches to use information from the cache.
git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
This limits the number of simultaneous TCP client connections
from a nominated netblock.
And a simple test for TCP connection limit.
git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
root directory.
- Add config tcp-idle-timeout (default 30s). This applies to
client connections only; the timeout on TCP connections upstream
is unaffected.
git-svn-id: file:///svn/unbound/trunk@4802 be551aaa-1e26-0410-a405-d3ace91eadb9
certificate and key files, access can be restricted with file and
directory permissions. The option control-use-cert is no longer
used, and ignored if found in unbound.conf.
git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
authenticating DNS-over-TLS connections. It can be used instead
of the tls-cert-bundle option, or with it to add certificates.
git-svn-id: file:///svn/unbound/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
from Manu Bretelle.
This option allows handling multiple cert/key pairs while only
distributing some of them.
In order to reliably match a client magic with a given key without
strong assumption as to how those were generated, we need both key and
cert. Likewise, in order to know which ES version should be used.
On the other hand, when rotating a cert, it can be desirable to only
serve the new cert but still be able to handle clients that are still
using the old certs's public key.
The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
publish the cert as part of the DNS's provider_name's TXT answer.
git-svn-id: file:///svn/unbound/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
- Add defaults for new local-zone trees added to views using unbound-control.
git-svn-id: file:///svn/unbound/trunk@4199 be551aaa-1e26-0410-a405-d3ace91eadb9
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event
git-svn-id: file:///svn/unbound/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9
- Do not touch rrset cache after ECS cache message generation.
- Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.
git-svn-id: file:///svn/unbound/trunk@4086 be551aaa-1e26-0410-a405-d3ace91eadb9
