upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6976 commits 23 branches 209 tags 123 MiB
Commit graph

241 commits

Author SHA1 Message Date
George Thessalonikefs
b816318106 - Fix #704: [FR] Statistics counter for number of outgoing UDP queries 
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
  command.
 2022-06-29 10:51:54 +02:00
gthess
11f2e7e6ae
Merge pull request #617 from NLnetLabs/update-host-notation 
Update stub/forward-host notation to accept port and tls-auth-name
 2022-02-02 11:56:27 +01:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
George Thessalonikefs
3086335724 - Introduce ratelimit-backoff and ip-ratelimit-backoff options for more 
aggressive rate limiting.
 2022-01-30 00:36:29 +01:00
Petr Mensik
c7f44b99e3 Change file mode before changing file owner 
Change mode first when configuring remote control unix socket. Some
security systems might strip capability of changing other user's system
even to process with effective uid 0. That is done on Fedora by SELinux
policy and systemd for example. SELinux audit then shows errors, because
unbound tries modifying permissions of not own file. Fix just by mode
change as first step, make it owned by unbound:unbound user as the last
step only.

Related: rhbz#1905441
 2022-01-07 12:08:32 +01:00
Thomas du Boÿs
ebb4987146 Fix subnetcache statistics 2021-09-03 10:37:07 +02:00
W.C.A. Wijngaards
b6abcb1508 - For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and 
SSL_get_peer_certificate.
- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
 2021-07-30 13:54:43 +02:00
W.C.A. Wijngaards
2a8d1a6d10 - review fix to remove duplicate error printout. 2021-07-16 10:53:53 +02:00
W.C.A. Wijngaards
9e712e8a0b - Fix unbound-control local_data and local_datas to print detailed 
syntax errors.
 2021-07-16 10:51:27 +02:00
W.C.A. Wijngaards
07fda669e4 - Fix #485: Unbound occasionally reports broken stats. 2021-05-07 11:13:44 +02:00
W.C.A. Wijngaards
6cd77933a3 - Fix: Resolve interface names on control-interface too. 2021-02-26 13:54:10 +01:00
W.C.A. Wijngaards
b7a633fdc0 Merge branch 'master' into zonemd 2021-02-04 16:08:11 +01:00
Frank Riley
42d764eeda Add rpz_enable and rpz_disable commands to unbound-control. 2020-12-13 12:35:11 -07:00
W.C.A. Wijngaards
89087ae294 zonemd, unbound-control auth_zone_reload errors when ZONEMD fails. 2020-10-23 11:47:00 +02:00
W.C.A. Wijngaards
c72ca35f08 unbound-control auth_zone_reload sets zone to nonexpired and 
also updates the xfr soa values from the new zonefile contents.
 2020-10-23 11:44:28 +02:00
W.C.A. Wijngaards
fb5f3f076d zonemd, zonemds are checked when a zone is auth_zone_reload from file, 
or reload with unbound-control.
 2020-10-23 11:20:08 +02:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00
W.C.A. Wijngaards
47a5dc8cae - Refactor to use sock_strerr shorthand function. 2020-08-31 09:12:01 +02:00
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
Ralph Dolmans
740da89578 Merge branch 'master' into doh 2020-06-24 14:18:47 +02:00
W.C.A. Wijngaards
edcef18274 Merge branch 'master' of git://github.com/PMunch/unbound into PMunch-master 
Fixed conflicts in Makefile.in and configparser.y
 2020-05-15 14:52:53 +02:00
Ralph Dolmans
8fc2320b5c - Add mem.http.query_buffer and mem.http.response_buffer stats 
- Add configurable limits for http-query-buffer-size and
  http-response-buffer-size
- Make http endpoint, max_streams, and TCP_NODELAY for HTTP sockets
  configurable.
 2020-05-12 18:12:19 +02:00
Ralph Dolmans
723980fe77 - Add query.num.https counter 2020-05-08 12:14:17 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
Ralph Dolmans
51593d47ac Make unbound-control error returned on missing domain name more user friendly. 2020-03-27 11:27:12 +01:00
Yaroslav K
cfddbcb5be add setting IP DiffServ Codepoint (DSCP, previously TOS) on sockets 2020-03-23 19:37:43 +00:00
W.C.A. Wijngaards
348e246b66 - Fix #169: Fix warning for daemon/remote.c output may be truncated 
from snprintf.
 2020-02-27 15:08:10 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
056176ec9a Merge branch 'master' into rpz 2020-01-30 15:57:34 +01:00
Ralph Dolmans
882741bf55 - Fix memory leak in do_auth_zone_transfer on success 2020-01-30 15:45:54 +01:00
Ralph Dolmans
4f5b934688 - Fix small memory leak in error condition remote.c 
- Fix double free in error condition view.c
 2020-01-30 14:56:48 +01:00
Ralph Dolmans
3609287344 - Fix RPZ stats RPZ_NO_OVERRIDE_ACTION check 2020-01-30 14:05:56 +01:00
Alexander Berkes
396d4223d9 Added unbound-control view_local_datas_remove command 2020-01-29 02:28:00 +01:00
PMunch
b7e8dc1182
Merge branch 'master' into master 2020-01-28 13:18:01 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
981fedea0e - Fix NULL Pointer Dereference via Control Port, 
reported by X41 D-Sec.
 2019-11-20 14:37:13 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
PMunch
8eeb910e3d Improve dynlib module and add documentation 
Dynamic library module is now only a thin wrapper that loads dynamic
libraries and forwards all function calls directly to the loaded module.
This meant adding get_mem and clear, and get_mem calls have been added
in the expected places.

Documentation has also been added to the example.conf and the
unbound.conf manpage.
 2019-10-21 14:20:33 +02:00
Ralph Dolmans
268580f348 Added RPZ log name and stats 2019-06-03 15:46:39 +02:00
Wouter Wijngaards
20d57ec58b - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2. 
git-svn-id: file:///svn/unbound/trunk@5106 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-07 08:34:28 +00:00
Wouter Wijngaards
510606dd1c - Patch for TLS session resumption from Manabu Sonoda, 
enable with tls-session-ticket-keys in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:35:52 +00:00
Wouter Wijngaards
8b18d1a0a4 - unbound-control stats has mem.streamwait that counts TCP and TLS 
waiting result buffers.


git-svn-id: file:///svn/unbound/trunk@5050 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 13:20:06 +00:00
Wouter Wijngaards
470806b097 - Add unbound-control view_local_datas command, like local_datas. 
git-svn-id: file:///svn/unbound/trunk@4977 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-26 13:37:23 +00:00
Wouter Wijngaards
692caffe2c - auth zone zonefiles can be in a chroot, the chroot directory 
components are removed before use.


git-svn-id: file:///svn/unbound/trunk@4972 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:51:09 +00:00
Wouter Wijngaards
2e9d09b961 - initialize statistics totals for printout. 
- in authzone check that node exists before adding rrset.
	- in unbound-anchor, use readwrite memory BIO.
	- assertion in autotrust that packed rrset is formed correctly.


git-svn-id: file:///svn/unbound/trunk@4903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:20:41 +00:00
Wouter Wijngaards
87c8dd5434 - Fix initialisation in remote.c 
git-svn-id: file:///svn/unbound/trunk@4894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-11 14:11:50 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
Wouter Wijngaards
00ba747be7 - #4146: num.query.subnet and num.query.subnet_cache counters. 
git-svn-id: file:///svn/unbound/trunk@4867 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 14:14:28 +00:00