upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
3279 commits 23 branches 209 tags 123 MiB
Commit graph

2253 commits

Author SHA1 Message Date
Wouter Wijngaards
59d4acf6e5 - Document that local-zone nodefault matches exactly and transparent 
can be used to release a subzone.


git-svn-id: file:///svn/unbound/trunk@3468 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-04 07:10:26 +00:00
Wouter Wijngaards
0d38ea6b3a - Fix mktime in unbound-anchor not using UTC. 
git-svn-id: file:///svn/unbound/trunk@3467 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 15:00:56 +00:00
Wouter Wijngaards
771e7295ac - Fix 5011 anchor update timer after reload. 
git-svn-id: file:///svn/unbound/trunk@3466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 11:56:37 +00:00
Wouter Wijngaards
bc58e8cb15 - Document in the manual more text about configuring locally served 
zones.


git-svn-id: file:///svn/unbound/trunk@3465 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 10:34:29 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
8a6817d1c9 - please afl-gcc (llvm) for uninitialised variable warning. 
git-svn-id: file:///svn/unbound/trunk@3461 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 08:51:51 +00:00
Wouter Wijngaards
9eb54a9a89 - iana portlist update. 
git-svn-id: file:///svn/unbound/trunk@3459 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-24 11:54:08 +00:00
Wouter Wijngaards
d889832892 - Fix #690: Reload fails when so-reuseport is yes after changing 
git-svn-id: file:///svn/unbound/trunk@3456 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-24 07:02:14 +00:00
Wouter Wijngaards
eed106b5e0 - iana portlist update. 
git-svn-id: file:///svn/unbound/trunk@3455 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-21 14:52:53 +00:00
Wouter Wijngaards
583b376217 - Fix configure to detect SSL_CTX_set_ecdh_auto. 
git-svn-id: file:///svn/unbound/trunk@3453 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-21 14:30:49 +00:00
Wouter Wijngaards
78c8224655 - Enable ECDHE for servers. Where available, use 
SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to
  enable ECDHE.  Otherwise, manually offer curve p256.
  Client connections should automatically use ECDHE when available.
  (thanks Daniel Kahn Gillmor)


git-svn-id: file:///svn/unbound/trunk@3452 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-20 06:56:01 +00:00
Willem Toorop
fa20564699 SSL_CTX_use_certificate_chain_file() should be used instead of the 
SSL_CTX_use_certificate_file() function in order to allow the use of
complete certificate chains even when no trusted CA storage is used or
when the CA issuing the certificate shall not be added to the trusted
CA storage.

Thanks Daniel Kahn Gillmore


git-svn-id: file:///svn/unbound/trunk@3451 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-18 12:34:37 +00:00
Wouter Wijngaards
da83146bce - makedist produces sha1 and sha256 files for created binaries too. 
git-svn-id: file:///svn/unbound/trunk@3448 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-13 07:53:53 +00:00
Wouter Wijngaards
f66a15d894 - Fix #681: Setting forwarders with unbound-control forward 
implicitly turns on forward-first.


git-svn-id: file:///svn/unbound/trunk@3447 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-09 09:45:08 +00:00
Wouter Wijngaards
240c882954 trunk has 1.5.5 in development. 
git-svn-id: file:///svn/unbound/trunk@3446 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-09 09:40:12 +00:00
Wouter Wijngaards
a6bc6b5137 - Fix alloc with log for allocation size checks. 
git-svn-id: file:///svn/unbound/trunk@3442 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-29 10:19:42 +00:00
Wouter Wijngaards
41507d016c - iana portlist update. 
git-svn-id: file:///svn/unbound/trunk@3440 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-29 07:09:04 +00:00
Wouter Wijngaards
c29276ba71 - iana portlist update. 
git-svn-id: file:///svn/unbound/trunk@3436 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-26 07:33:03 +00:00
Wouter Wijngaards
cb90782087 - Fix #677 Fix DNAME responses from cache that failed internal chain 
test.


git-svn-id: file:///svn/unbound/trunk@3435 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-26 07:27:32 +00:00
Wouter Wijngaards
0884d263ef - Fix #677 Fix CNAME corresponding to a DNAME was checked incorrectly 
and was therefore always synthesized (thanks to Valentin Dietrich).


git-svn-id: file:///svn/unbound/trunk@3434 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-22 09:23:43 +00:00
Wouter Wijngaards
6e65f728cc - RFC 7553 RR type URI support, is now enabled by default. 
git-svn-id: file:///svn/unbound/trunk@3433 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-04 12:30:29 +00:00
Wouter Wijngaards
4dae17108b - Fix #674: Do not free pointers given by getenv. 
git-svn-id: file:///svn/unbound/trunk@3432 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-02 07:31:43 +00:00
Wouter Wijngaards
94a6478e05 - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: file:///svn/unbound/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
Wouter Wijngaards
4b0c7880e4 - Fix that unparseable error responses are ratelimited. 
git-svn-id: file:///svn/unbound/trunk@3429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 09:27:42 +00:00
Wouter Wijngaards
5f9d2314a1 - Document that ratelimit works with unbound-control set_option. 
git-svn-id: file:///svn/unbound/trunk@3428 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-26 09:18:21 +00:00
Wouter Wijngaards
bd89f4e7d5 - documentation proposes ratelimit of 1000 (closer to what upstream 
servers expect from us).


git-svn-id: file:///svn/unbound/trunk@3427 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-21 12:06:41 +00:00
Wouter Wijngaards
bf25a42b67 - iana portlist update. 
git-svn-id: file:///svn/unbound/trunk@3426 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-21 07:29:42 +00:00
Wouter Wijngaards
b5f391d845 - DLV is going to be decommissioned. Advice to stop using it, and 
put text in the example configuration and man page to that effect.


git-svn-id: file:///svn/unbound/trunk@3424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-20 06:24:06 +00:00
Wouter Wijngaards
bfd78a8c23 - Change syntax of particular validator error to be easier for 
machine parse, swap rrset and ip adres info so it looks like:
  validation failure <www.example.nl. TXT IN>: signature crypto
  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>


git-svn-id: file:///svn/unbound/trunk@3422 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-10 12:04:22 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
b8eb1713e0 - Unit test for type ANY synthesis. 
git-svn-id: file:///svn/unbound/trunk@3419 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-30 10:27:27 +00:00
Wouter Wijngaards
ddff09a710 - iana portlist update. 
git-svn-id: file:///svn/unbound/trunk@3408 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-22 08:19:12 +00:00
Wouter Wijngaards
7efd7aba85 - Removed contrib/unbound_unixsock.diff, because it has been 
integrated, use control-interface: /path in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3407 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-22 08:03:34 +00:00
Wouter Wijngaards
ff898bfdd6 - Synthesize ANY responses from cache. Does not search exhaustively, 
but MX,A,AAAA,SOA,NS also CNAME.
- Fix leaked dns64prefix configuration string.


git-svn-id: file:///svn/unbound/trunk@3405 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-17 14:58:07 +00:00
Wouter Wijngaards
863b12ffd4 #664: Fix issue with Python 3 mapping of FILE* using file_py3.i from ldns. 
git-svn-id: file:///svn/unbound/trunk@3403 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:41:14 +00:00
Wouter Wijngaards
da612901d7 #664: libunbound-Python: libldns is not used anymore. 
git-svn-id: file:///svn/unbound/trunk@3402 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:38:38 +00:00
Wouter Wijngaards
f5442e9c5b #664: libunbound examples: produce sorted output. 
git-svn-id: file:///svn/unbound/trunk@3401 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:37:12 +00:00
Wouter Wijngaards
9e6fa9f687 - Fix bug#664: libunbound python3 related fixes (from Tomas Hozza) 
Use print_function also for Python2.


git-svn-id: file:///svn/unbound/trunk@3400 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:35:55 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
e25ac1c2eb - Add local-zone type inform_deny, that logs query and drops answer. 
git-svn-id: file:///svn/unbound/trunk@3398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 08:23:06 +00:00
Wouter Wijngaards
69d2fd7818 - Fix#663: ssl handshake fails when using unix socket because dh size 
is too small.


git-svn-id: file:///svn/unbound/trunk@3396 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 13:56:12 +00:00
Wouter Wijngaards
55412b2645 - Fix that get_option for cache-sizes does not print double newline. 
git-svn-id: file:///svn/unbound/trunk@3395 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 13:43:44 +00:00
Wouter Wijngaards
85192d4569 - unbound-control ratelimit_list lists high rate domains. 
git-svn-id: file:///svn/unbound/trunk@3393 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 12:13:59 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
e0631733a6 - Fix crash in dnstap: Do not try to log TCP responses after timeout. 
git-svn-id: file:///svn/unbound/trunk@3390 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-08 19:58:06 +00:00
Wouter Wijngaards
53008d7969 - unbound-control list_insecure command shows the negative trust 
anchors currently configured, patch from Jelte Jansen.


git-svn-id: file:///svn/unbound/trunk@3389 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 13:50:09 +00:00
Wouter Wijngaards
08b8c34940 typo fix. 
(svn:NO TEST)


git-svn-id: file:///svn/unbound/trunk@3388 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 12:10:37 +00:00
Wouter Wijngaards
32f808fcfa - Unbound exits with a fatal error when the auto-trust-anchor-file 
fails to be writable.  This is seconds after startup.  You can
  load a readonly auto-trust-anchor-file with trust-anchor-file.
  The file has to be writable to notice the trust anchor change,
  without it, a trust anchor change will be unnoticed and the system
  will then become unoperable.


git-svn-id: file:///svn/unbound/trunk@3387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 12:03:05 +00:00
Wouter Wijngaards
11b13d5928 - Libunbound skips dos-line-endings from etc/hosts. 
git-svn-id: file:///svn/unbound/trunk@3384 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 07:51:43 +00:00
Wouter Wijngaards
40c0bbf371 - Fix #660: Fix interface-automatic broken in the presence of 
asymmetric routing.


git-svn-id: file:///svn/unbound/trunk@3383 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-02 10:02:01 +00:00