upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6929 commits 23 branches 209 tags 123 MiB
Commit graph

6929 commits

This branch
This branch
All branches
Author SHA1 Message Date
W.C.A. Wijngaards
d10562c823 Merge branch 'master' of github.com:NLnetLabs/unbound 2022-01-26 16:41:04 +01:00
W.C.A. Wijngaards
54ea2948da - Test for NSID in SERVFAIL response due to DNSSEC bogus. 2022-01-26 16:40:04 +01:00
George Thessalonikefs
ea47c08e70 - Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC 
document.
 2022-01-26 14:35:22 +01:00
George Thessalonikefs
79e755e1dd Changelog note for #612: 
- Merge PR #612: TCP race condition.
 2022-01-25 17:29:52 +01:00
gthess
ddc3c754b0
Merge pull request #612 from NLnetLabs/tcp-race-condition 
TCP race condition
 2022-01-25 17:26:30 +01:00
George Thessalonikefs
5c85615515 - Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in 
serviced_udp_callback.
 2022-01-25 17:15:37 +01:00
George Thessalonikefs
f0c6d26155 - Better bookkeeping when reclaiming the TCP buffer. 2022-01-25 10:32:37 +01:00
George Thessalonikefs
4573629fc4 - Mark waiting_tcp and serviced_query as being in the 
cb_and_decommission stage to signal later code about their state;
  prevents premature item deletion.
 2022-01-25 09:46:16 +01:00
W.C.A. Wijngaards
70f13e54bf Changelog note for #610 
- Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
 2022-01-25 09:02:55 +01:00
W.C.A. Wijngaards
12a1053dfa - Fix #610: Undefine-shift in sldns_str2wire_hip_buf. 2022-01-25 08:57:49 +01:00
George Thessalonikefs
c3c0186658 - Add serviced_query timer to send upstream queries outside of the mesh 
flow to prevent race conditions.
 2022-01-25 00:01:43 +01:00
George Thessalonikefs
8e76eb95a0 - For dnstap, do not wakeupnow right there. Instead zero the timer to 
force the wakeup callback asap.
 2022-01-19 15:32:02 +01:00
W.C.A. Wijngaards
c7ae3ef156 - For #602: Allow the module-config "subnetcache validator cachedb 
iterator".
 2022-01-14 16:30:25 +01:00
W.C.A. Wijngaards
2996040c6c - Add rpz: for-downstream: yesno option, where the RPZ zone is 
authoritatively answered for, so the RPZ zone contents can be
  checked with DNS queries directed at the RPZ zone.
 2022-01-14 16:23:43 +01:00
George Thessalonikefs
3c8a79eed8 Changelog note for #605: 
- Merge PR #605: Fix EDNS to upstream where the same option could be
  attached more than once.
 2022-01-14 15:38:15 +01:00
gthess
f00d96a21b
Merge pull request #605 from NLnetLabs/sq-region 
Fix EDNS to upstream where the same option could be attached more than once
 2022-01-14 15:33:22 +01:00
George Thessalonikefs
773d1f2911 - Make sure callback changes for EDNS are not lost. 2022-01-14 15:18:43 +01:00
George Thessalonikefs
de1e91fc7f - Fix EDNS to upstream where the same option could be attached more than 
once.
- Add a region to serviced_query for allocations.
 2022-01-14 13:55:34 +01:00
Florian Obser
ff35659d5a Use OpenSSL 1.1 API to access DSA and RSA internals 
In LibreSSL 3.5, DSA and RSA internals will become opaque, so they can
no longer be accessed directly and the libunbound build will break. The
required API, DSA_set0_pqg(), DSA_set0_key() as well as RSA_set0_key(),
has been available since LibreSSL 2.7, so this change should not affect
any users.

From Theo Buehler.
 2022-01-11 15:34:25 +01:00
George Thessalonikefs
a97604737b - Fix prematurely terminated TCP queries when a reply has the same ID. 2022-01-11 10:00:45 +01:00
W.C.A. Wijngaards
d52d94c6db Changelog note for #600 
- Merge #600 from pemensik: Change file mode before changing file
  owner.
 2022-01-07 13:23:18 +01:00
Wouter Wijngaards
370a855f08
Merge pull request #600 from InfrastructureServices/remote-unix-chmod 
Change file mode before changing file owner
 2022-01-07 13:23:03 +01:00
Petr Mensik
c7f44b99e3 Change file mode before changing file owner 
Change mode first when configuring remote control unix socket. Some
security systems might strip capability of changing other user's system
even to process with effective uid 0. That is done on Fedora by SELinux
policy and systemd for example. SELinux audit then shows errors, because
unbound tries modifying permissions of not own file. Fix just by mode
change as first step, make it owned by unbound:unbound user as the last
step only.

Related: rhbz#1905441
 2022-01-07 12:08:32 +01:00
Alex Band
9bbbca5de9
Update documentation links 2022-01-07 10:21:50 +01:00
W.C.A. Wijngaards
33ef79d433 - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip 
triggered operation.
 2022-01-05 16:48:35 +01:00
W.C.A. Wijngaards
eccfe3e1f5 - Fix #598: Fix unbound-checkconf fatal error: module conf 
'respip dns64 validator iterator' is not known to work.
 2022-01-05 16:14:47 +01:00
W.C.A. Wijngaards
adcbb6ced7 - Fix for #596: add unit test for nsip trigger and signal unset RA. 2022-01-05 14:31:42 +01:00
W.C.A. Wijngaards
c678c696a1 - Fix for #596: add unit test for nsdname trigger and signal unset RA. 2022-01-05 14:13:52 +01:00
W.C.A. Wijngaards
313bceb983 - Fix unit tests for rpz now that the AA flag returns successfully from 
the iterator loop.
 2022-01-05 13:39:06 +01:00
W.C.A. Wijngaards
6b2e96430e - Fix for #596: fix that rpz return message is returned and not just 
the rcode from the iterator return path. This fixes signal unset RA
  after a CNAME.
 2022-01-05 13:35:18 +01:00
W.C.A. Wijngaards
ceef84e022 - Fix that RPZ does not set RD flag on replies, it should be copied 
from the query.
 2022-01-04 13:49:31 +01:00
W.C.A. Wijngaards
95644c9309 - Fix #596: only unset RA when NXDOMAIN is signalled. 2022-01-04 13:48:29 +01:00
W.C.A. Wijngaards
cbdc138df7 - Fix to add test for rpz-signal-nxdomain-ra. 2022-01-04 13:41:27 +01:00
W.C.A. Wijngaards
392c1f0f54 - Fix #596: unset the RA bit when a query is blocked by an unbound 
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
  signal that a domain is externally blocked to clients when it
  is blocked with NXDOMAIN by unsetting RA.
 2022-01-04 13:40:07 +01:00
George Thessalonikefs
4e492725e1 - contrib/aaaa-filter-iterator.patch file renewed diff content to 
apply cleanly to the current coderepo for the current code version.
 2021-12-22 15:02:44 +01:00
George Thessalonikefs
65113ac775 - Fix #591: Unbound-anchor manpage links to non-existent license file. 2021-12-20 11:35:31 +01:00
George Thessalonikefs
983c716feb - Add missing configure flags for optional features in the 
documentation.
- Fix Unbound capitalization in the documentation.
 2021-12-13 12:46:08 +01:00
W.C.A. Wijngaards
83c712ca60 - Fix to pick up other class local zone information before unlock. 2021-12-13 10:00:53 +01:00
George Thessalonikefs
2c1a5203a5 - Allow local-data for classes other than IN to inherit a configured 
local-zone's type if possible, instead of defaulting to type
  transparent as per the implicit rule.
 2021-12-10 17:35:36 +01:00
W.C.A. Wijngaards
778b50f113 - Add code similar to fix for ldns for tab between strings, for 
consistency, the test case was not broken.
 2021-12-10 09:12:58 +01:00
W.C.A. Wijngaards
d29ab10a34 Continue with version 1.14.1 2021-12-09 10:22:39 +01:00
W.C.A. Wijngaards
c6c54f9de4 - Fix validator debug output about DS support, print correct algorithm. 2021-12-06 13:12:44 +01:00
W.C.A. Wijngaards
c7afaef10c Changelog note for #581 2021-12-06 09:04:50 +01:00
Wouter Wijngaards
9d1eb66f19
Merge pull request #581 from fobser/warnings 
Fix -Wmissing-prototypes and -Wshadow warnings in rpz
 2021-12-06 09:04:32 +01:00
Florian Obser
ef076c0e15 Fix -Wshadow 2021-12-03 18:30:08 +01:00
Florian Obser
56cf526c68 Fix -Wmissing-prototypes by declaring functions static. 2021-12-03 18:29:04 +01:00
W.C.A. Wijngaards
4efbee08b5 - Fix compile warning for if_nametoindex on windows 64bit. 2021-12-03 10:44:47 +01:00
W.C.A. Wijngaards
919c8c9527 - Fix doc/unbound.doxygen to remove obsolete tag warning. 2021-12-01 17:13:11 +01:00
W.C.A. Wijngaards
5d63ad6474 - configure is set to 1.14.0, and release branch. 2021-12-01 10:08:54 +01:00
George Thessalonikefs
31bac7d5ca - Fix #574: Review fixes for size allocation. 2021-12-01 04:31:58 +01:00