upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 16:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
8126 commits 23 branches 209 tags 123 MiB
Commit graph

486 commits

Author SHA1 Message Date
W.C.A. Wijngaards
6f507eb036 Merge branch 'master' into rpz-triggers 2021-03-12 09:04:54 +01:00
Wouter Wijngaards
209dc32624
Merge pull request #367 from NLnetLabs/dnstap-log-local-addr 
DNSTAP log local address
 2021-02-25 11:58:36 +01:00
W.C.A. Wijngaards
f5339ec7e5 Merge branch 'master' into dnstap-log-local-addr 2021-02-18 13:12:09 +01:00
W.C.A. Wijngaards
2d27203718 Merge branch 'master' into zonemd 2021-02-18 11:11:50 +01:00
W.C.A. Wijngaards
74e06cc4b3 - Fix #422: IPv6 fallback issues when IPv6 is not properly 
enabled/configured.
 2021-02-15 14:40:48 +01:00
W.C.A. Wijngaards
b7a633fdc0 Merge branch 'master' into zonemd 2021-02-04 16:08:11 +01:00
Willem Toorop
48ecf95108 Merge branch 'master' into features/padding 2021-01-22 10:29:50 +01:00
W.C.A. Wijngaards
cdb60adcdc Merge branch 'rpz' of https://github.com/magenbluten/unbound into magenbluten-rpz 
Conflict fixed for rpz.disabled check added.
 2021-01-14 12:11:29 +01:00
W.C.A. Wijngaards
ee2545d939 - For #391: fix indentation. 2021-01-08 09:53:52 +01:00
W.C.A. Wijngaards
3e03e2c26d - For #391: use struct timeval* start_time for callback information. 2021-01-08 09:47:46 +01:00
Frank Riley
e3abd772f7 Add start_time to reply callbacks so modules can compute the response time. 2021-01-01 15:44:21 -07:00
W.C.A. Wijngaards
6bf1293bcd No need for mk_local_addr, can pass the sockaddr structure. 2020-12-09 11:56:35 +01:00
W.C.A. Wijngaards
bdfa65c6ab Import the patches from the files in the tarball in 
issue #365 https://github.com/NLnetLabs/unbound/files/5659923/patches.tar.gz
from iruzanov.  The merge conflicts are fixed, but no changes are made
to the patched code.
 2020-12-09 11:00:51 +01:00
W.C.A. Wijngaards
b2894e23a9 - Fix compile warnings in rpz initialization. 2020-11-27 10:11:14 +01:00
mb
f78aa90ff1 rpz: nsdname stubs 2020-11-26 11:33:49 +01:00
W.C.A. Wijngaards
9cc8aa1ddf - Option to toggle udp-connect, default is enabled. 2020-11-23 11:06:53 +01:00
W.C.A. Wijngaards
e09873e0c8 zonemd, zonemds are checked at start 2020-10-22 12:10:46 +02:00
W.C.A. Wijngaards
a3e2bfbb0c - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. 
This adds the option http-notls-downstream: yesno to change that,
  and the dohclient test code has the -n option.
 2020-10-19 10:24:03 +02:00
W.C.A. Wijngaards
48a56751e9 - Fix #305: dnstap logging significantly affects unbound performance 
(regression in 1.11).
 2020-09-23 11:13:52 +02:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00
Ralph Dolmans
e6ebabc0cc - Fix stats double count issue (#289). 2020-08-20 17:54:28 +02:00
Ralph Dolmans
8fc2320b5c - Add mem.http.query_buffer and mem.http.response_buffer stats 
- Add configurable limits for http-query-buffer-size and
  http-response-buffer-size
- Make http endpoint, max_streams, and TCP_NODELAY for HTTP sockets
  configurable.
 2020-05-12 18:12:19 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
Willem Toorop
4f78b37c61 Down- and upstream padding a la RFC7830 & RFC8467 2020-04-02 18:34:03 +02:00
Yaroslav K
cfddbcb5be add setting IP DiffServ Codepoint (DSCP, previously TOS) on sockets 2020-03-23 19:37:43 +00:00
W.C.A. Wijngaards
b63032b4dd dnstap io, fixup fptr_wlist for unbound_dnstap_socket tool. 2020-02-28 08:55:10 +01:00
W.C.A. Wijngaards
58fdcf06e8 Merge branch 'master' into framestreams 2020-02-05 14:25:47 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
W.C.A. Wijngaards
9115eb88ed Merge branch 'master' into framestreams 2020-02-04 09:40:00 +01:00
Ralph Dolmans
4fc622031d - Reformat rpz disabled stats counter 2020-02-03 16:52:25 +01:00
W.C.A. Wijngaards
8dd683768b Merge branch 'master' into framestreams 2020-01-30 16:22:12 +01:00
W.C.A. Wijngaards
fa49fc77e3 fix dnstap io for lock checks, log identity (numworkers+1), and add locks 
around protected area modification in the message queue.
 2020-01-30 13:39:31 +01:00
W.C.A. Wijngaards
1e4165d25b dnstap io, without threads, logs from the main event loop. 2020-01-28 15:51:39 +01:00
W.C.A. Wijngaards
efc79beb2d iothread work. 2020-01-21 17:01:25 +01:00
W.C.A. Wijngaards
57ad169605 the framestream queue. 2020-01-21 14:50:37 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
a8db52120b - Fix the relationship between serve-expired and prefetch options, 
patch from Saksham Manchanda from Secure64.
 2020-01-10 10:04:50 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
d8809c672a - Fix Weak Entropy Used For Nettle, 
reported by X41 D-Sec.
 2019-11-20 11:28:53 +01:00
W.C.A. Wijngaards
79a6e9fbe2 - Fixes to please lint checks. 2019-11-19 12:10:03 +01:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
Ralph Dolmans
0987a82877 Add statistics support for disabled (action override) response IP RPZ 
triggers.
 2019-08-07 14:09:48 +02:00
W.C.A. Wijngaards
fa506e3cda - Check repinfo in worker_handle_request, if null, drop it. 2019-08-01 16:57:36 +02:00
Ralph Dolmans
1c5d081853 - Add RPZ response IP override option, logging, and statistics 2019-08-01 14:31:37 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
Ralph Dolmans
d323e1bda8 - Fix for possible assertion failure when answering respip CNAME from cache. 2019-07-05 16:52:03 +02:00
W.C.A. Wijngaards
af6c5dea43 - Fix another spoolbuf storage code point, in prefetch. 2019-06-12 08:32:45 +02:00
Ralph Dolmans
268580f348 Added RPZ log name and stats 2019-06-03 15:46:39 +02:00
Ralph Dolmans
c66e47c372 Initial RPZ commit - now with all files 2019-04-05 17:39:10 +02:00
Wouter Wijngaards
937523285a - Move goto label in answer_from_cache to the end of the function 
where it is more visible.


git-svn-id: file:///svn/unbound/trunk@5145 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-03 05:32:28 +00:00
Wouter Wijngaards
3949bf2c82 - Print query name with ip_ratelimit exceeded log lines. 
git-svn-id: file:///svn/unbound/trunk@5115 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 10:40:41 +00:00
Wouter Wijngaards
fe97f25b75 - Fix that log-replies prints the correct name for local-alias 
names, for names that have a CNAME in local-data configuration.
  It logs the original query name, not the target of the CNAME.
- Add local-zone type inform_redirect, which logs like type inform,
  and redirects like type redirect.


git-svn-id: file:///svn/unbound/trunk@5099 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 09:51:27 +00:00
Wouter Wijngaards
11d98df304 - Fix syntax in comment of local alias processing. 
git-svn-id: file:///svn/unbound/trunk@5029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-08 13:29:38 +00:00
Wouter Wijngaards
21d03697ca - ip-ratelimit-factor of 1 allows all traffic through, instead of the 
previous blocking everything.


git-svn-id: file:///svn/unbound/trunk@5015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 09:38:50 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
c9955f9fdf - Fix #4152: Logs shows wrong time when using log-time-ascii: yes. 
git-svn-id: file:///svn/unbound/trunk@4957 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 13:52:13 +00:00
Wouter Wijngaards
225a6d9c6e - Fix seed for random backup code to use explicit zero when wiped. 
git-svn-id: file:///svn/unbound/trunk@4895 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 07:49:51 +00:00
Wouter Wijngaards
194dc32059 explain ip-ratelimit-factor causes the log line and it is a per-query log line. 
git-svn-id: file:///svn/unbound/trunk@4885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-04 09:26:51 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
George Thessalonikefs
0171d06aa2 - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This 
gives access to reply information for the client's communication
  point when the callback is called before the mesh state (modules).
  Changes to C and Python's inplace_callback signatures were also
  necessary.


git-svn-id: file:///svn/unbound/trunk@4870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-22 10:51:13 +00:00
Wouter Wijngaards
586b811b87 - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). 
This limits the number of simultaneous TCP client connections
  from a nominated netblock.
And a simple test for TCP connection limit.


git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 11:57:42 +00:00
George Thessalonikefs
749d1b9ebc - Expose if a query (or a subquery) was ratelimited (not src IP 
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Tidy pylib tests.


git-svn-id: file:///svn/unbound/trunk@4828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 14:00:46 +00:00
Wouter Wijngaards
3dbdde7fed - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options 
and implement option in client responses.


git-svn-id: file:///svn/unbound/trunk@4804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:18:34 +00:00
Wouter Wijngaards
6da37e5ecd - Error if EDNS Keepalive received over UDP. 
implement and add test.


git-svn-id: file:///svn/unbound/trunk@4803 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:16:25 +00:00
Wouter Wijngaards
007123ee2c - Sort out test runs when the build directory isn't the project 
root directory.
- Add config tcp-idle-timeout (default 30s). This applies to
  client connections only; the timeout on TCP connections upstream
  is unaffected.


git-svn-id: file:///svn/unbound/trunk@4802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:15:12 +00:00
Wouter Wijngaards
8d1af17449 - Patch from Syzdek: Add ability to ignore RD bit and treat all 
requests as if the RD bit is set.


git-svn-id: file:///svn/unbound/trunk@4701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-30 09:33:21 +00:00
Ralph Dolmans
4d06c36342 - Added root-key-sentinel support 
git-svn-id: file:///svn/unbound/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
e4c8085408 - unit test for allow-notify 
git-svn-id: file:///svn/unbound/trunk@4629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 14:58:43 +00:00
Wouter Wijngaards
2d6715878d - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 14:24:57 +00:00
Wouter Wijngaards
85994fb61c Fix doxygen 
git-svn-id: file:///svn/unbound/trunk@4620 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 15:06:02 +00:00
Wouter Wijngaards
ad9784c5e8 - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 14:57:38 +00:00
Wouter Wijngaards
3b25c475f5 - Attempt to remove warning about trailing whitespace. 
git-svn-id: file:///svn/unbound/trunk@4568 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:52:18 +00:00
Wouter Wijngaards
c834b5eecd pickup worker events, and free them. 
exponential backoff for continuously failing zones.


git-svn-id: file:///svn/unbound/trunk@4479 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 12:33:19 +00:00
Wouter Wijngaards
657753aac2 auth zone for downstream 
git-svn-id: file:///svn/unbound/trunk@4474 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 08:30:32 +00:00
Ralph Dolmans
b2943670ca - Copy query and correctly set flags on REFUSED answers when cache snooping is 
not allowed.


git-svn-id: file:///svn/unbound/trunk@4436 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-04 15:16:19 +00:00
Ralph Dolmans
d016f85110 - Fix #1949: [dnscrypt] make provider name mismatch more obvious. 
git-svn-id: file:///svn/unbound/trunk@4387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-25 10:13:35 +00:00
Wouter Wijngaards
6f88df1fc8 authzone work. 
git-svn-id: file:///svn/unbound/trunk@4380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-19 15:11:20 +00:00
Wouter Wijngaards
bdb6a5501a - authzone work, probe timer setup. 
git-svn-id: file:///svn/unbound/trunk@4378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-19 09:03:36 +00:00
Wouter Wijngaards
c49226613b - Fix #1435: Please allow UDP to be disabled separately upstream and 
downstream.


git-svn-id: file:///svn/unbound/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:42:24 +00:00
Wouter Wijngaards
f5a2cb3593 - zero qinfo in handle_request, this zeroes local_alias and also the 
qname member.


git-svn-id: file:///svn/unbound/trunk@4317 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 07:31:45 +00:00
Wouter Wijngaards
1624efa939 - Fix #1414: fix segfault on parse failure and log_replies. 
git-svn-id: file:///svn/unbound/trunk@4316 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 07:28:29 +00:00
Wouter Wijngaards
4f9236ae55 - Fix #1394: mix of serve-expired and response-ip could cause a crash. 
git-svn-id: file:///svn/unbound/trunk@4289 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 07:13:12 +00:00
Wouter Wijngaards
8b2397542e - Fix assertion for low buffer size and big edns payload when worker 
overrides udpsize.


git-svn-id: file:///svn/unbound/trunk@4195 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-29 07:32:45 +00:00
Ralph Dolmans
657948dd0c - Added mesh_add_sub to add detached mesh entries. 
- Use mesh_add_sub for key tag signaling queries.


git-svn-id: file:///svn/unbound/trunk@4144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-02 13:17:56 +00:00
Ralph Dolmans
89c2383c71 - Fix #1252: more indentation inconsistencies. 
git-svn-id: file:///svn/unbound/trunk@4125 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-18 09:00:52 +00:00
Ralph Dolmans
8fedcffc02 - Display ECS module memory usage. 
git-svn-id: file:///svn/unbound/trunk@4106 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-11 13:10:30 +00:00
Wouter Wijngaards
897635b32b - Fix #1217: Add metrics to unbound-control interface showing 
crypted, cert request, plaintext and malformed queries (from
  Manu Bretelle).


git-svn-id: file:///svn/unbound/trunk@4084 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-03 09:03:32 +00:00
Wouter Wijngaards
7c9584e408 - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then 
enabled in the config file from Manu Bretelle.


git-svn-id: file:///svn/unbound/trunk@4065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-20 14:55:31 +00:00
Wouter Wijngaards
984c6c33bc prettier size_t and defines. 
git-svn-id: file:///svn/unbound/trunk@4062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:43:25 +00:00
Wouter Wijngaards
84be084384 Fixup array reference 
git-svn-id: file:///svn/unbound/trunk@4061 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:24:14 +00:00
Wouter Wijngaards
77b328475a one less include and make depend 
git-svn-id: file:///svn/unbound/trunk@4059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:15:04 +00:00
Wouter Wijngaards
f374268521 - trustanchor tags are sorted. reusable routine to fetch taglist. 
git-svn-id: file:///svn/unbound/trunk@4056 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:04:18 +00:00
Wouter Wijngaards
2042facc8b fixup 
git-svn-id: file:///svn/unbound/trunk@4054 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:29:59 +00:00
Wouter Wijngaards
df947d4056 fix doxygen annotation 
git-svn-id: file:///svn/unbound/trunk@4053 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:28:19 +00:00
Wouter Wijngaards
3d6783e38c remove debug print out 
git-svn-id: file:///svn/unbound/trunk@4052 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:27:08 +00:00
Wouter Wijngaards
6c456aa15e - Add trustanchor.unbound CH TXT that gets a response with a number 
of TXT RRs with a string like "example.com. 2345 1234" with
  the trust anchors and their keytags.


git-svn-id: file:///svn/unbound/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:17:58 +00:00
Wouter Wijngaards
cae9809e11 - Response actions based on IP address from Jinmei Tatuya (Infoblox). 
git-svn-id: file:///svn/unbound/trunk@4035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-07 14:58:51 +00:00
Wouter Wijngaards
35ae8ef313 - Patch from Luiz Fernando Softov for Stats Shared Memory. 
- unbound-control stats_shm command prints stats using shared memory,
  which uses less cpu.


git-svn-id: file:///svn/unbound/trunk@4020 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-23 12:05:05 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Wouter Wijngaards
ef80a99397 - Fix to also block meta types 128 through to 248 with formerr. 
git-svn-id: file:///svn/unbound/trunk@3985 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-12 08:12:39 +00:00
Wouter Wijngaards
e5431ca7e5 - Fix #1201: Fix missing unlock in answer_from_cache error condition. 
git-svn-id: file:///svn/unbound/trunk@3983 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-06 15:50:39 +00:00
Wouter Wijngaards
3a1ffe4c69 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: file:///svn/unbound/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
Wouter Wijngaards
9b4b0de746 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
Wouter Wijngaards
a3441215f1 and ratelimit the formerr. 
git-svn-id: file:///svn/unbound/trunk@3979 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 10:22:13 +00:00
Wouter Wijngaards
5adb2dc4cf - Fix to return formerr for queries for meta-types, to avoid 
packet amplification if this meta-type is sent on to upstream.


git-svn-id: file:///svn/unbound/trunk@3978 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 08:14:34 +00:00
George Thessalonikefs
3ac8cf0380 please lint again. 
git-svn-id: file:///svn/unbound/trunk@3951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 14:41:14 +00:00
George Thessalonikefs
9323fa7688 please lint again. 
git-svn-id: file:///svn/unbound/trunk@3950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 14:33:08 +00:00
George Thessalonikefs
7b948b0647 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
Wouter Wijngaards
a6e3ed1025 - patch from Dag-Erling Smorgrav that removes code that relies 
on sbrk().


git-svn-id: file:///svn/unbound/trunk@3934 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-22 15:50:07 +00:00
Ralph Dolmans
11031a7d36 pass ssl_upstream as int to (lib)worker_send_query 
git-svn-id: file:///svn/unbound/trunk@3924 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 14:02:22 +00:00
Ralph Dolmans
efe248c46a - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: file:///svn/unbound/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
Wouter Wijngaards
96961081b0 - Patch for server.num.zero_ttl stats for count of expired replies, 
from Pavel Odintsov.


git-svn-id: file:///svn/unbound/trunk@3910 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-28 15:08:32 +00:00
Wouter Wijngaards
a4fae019de Fixup prefetch only when needed 
git-svn-id: file:///svn/unbound/trunk@3904 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:53:13 +00:00
Wouter Wijngaards
a9a65800b8 - serve-expired config option: serve expired responses with TTL 0. 
git-svn-id: file:///svn/unbound/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:43:20 +00:00
Wouter Wijngaards
503df095b2 - Patch that resolves CNAMEs entered in local-data conf statements that 
point to data on the internet, from Jinmei Tatuya (Infoblox).


git-svn-id: file:///svn/unbound/trunk@3885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-18 13:18:20 +00:00
Ralph Dolmans
b587c7f72d Added views functionality. 
git-svn-id: file:///svn/unbound/trunk@3876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:36:25 +00:00
Wouter Wijngaards
35e1120341 Fixup position before flip. 
git-svn-id: file:///svn/unbound/trunk@3842 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-01 14:51:46 +00:00
Wouter Wijngaards
0143885a41 - Fix #826: Fix refuse_non_local could result in a broken response. 
git-svn-id: file:///svn/unbound/trunk@3841 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-01 14:34:45 +00:00
Wouter Wijngaards
17023457a9 - access-control-tag-data implemented. verbose(4) prints tag debug. 
git-svn-id: file:///svn/unbound/trunk@3811 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-07 10:20:05 +00:00
Ralph Dolmans
54b820773c - Possibility to specify local-zone types for an acl/tag pair 
- Possibility to specify (override) local-zone types for a source address block


git-svn-id: file:///svn/unbound/trunk@3797 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-24 19:08:58 +00:00
Ralph Dolmans
ff091efe7b - Lookup localzones by taglist from acl. 
git-svn-id: file:///svn/unbound/trunk@3764 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-07 08:36:19 +00:00
Wouter Wijngaards
6137af9c86 please dox. 
git-svn-id: file:///svn/unbound/trunk@3743 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:56:27 +00:00
Wouter Wijngaards
031caba9c0 - and also generic edns options for upstream messages (and replies). 
after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID),
  to insert use edns_opt_append(edns, region, code, len, bindata) on
  the opt_list passed to send_query, or in edns_opt_inplace_reply.


git-svn-id: file:///svn/unbound/trunk@3742 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:55:22 +00:00
Wouter Wijngaards
40dd2acfd9 - generic edns option parse and store code. 
git-svn-id: file:///svn/unbound/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00
Wouter Wijngaards
5d0ad681a2 - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: file:///svn/unbound/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
Wouter Wijngaards
55f5a55f5f But RFC wants empty EDNS in formerr. 
git-svn-id: file:///svn/unbound/trunk@3547 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-20 10:32:18 +00:00
Wouter Wijngaards
2262975cab - Fix that malformed EDNS query gets a response without malformed EDNS. 
git-svn-id: file:///svn/unbound/trunk@3546 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-20 09:09:55 +00:00
Wouter Wijngaards
cb90782087 - Fix #677 Fix DNAME responses from cache that failed internal chain 
test.


git-svn-id: file:///svn/unbound/trunk@3435 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-26 07:27:32 +00:00
Wouter Wijngaards
66b8f636cf fix doxygen comment. 
git-svn-id: file:///svn/unbound/trunk@3430 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 09:32:14 +00:00
Wouter Wijngaards
4b0c7880e4 - Fix that unparseable error responses are ratelimited. 
git-svn-id: file:///svn/unbound/trunk@3429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 09:27:42 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
1b44c9393e - local-zone: example.com inform makes unbound log a message with 
client IP for queries in that zone.  Eg. for finding infected hosts.


git-svn-id: file:///svn/unbound/trunk@3292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-12-09 11:29:17 +00:00
Wouter Wijngaards
b781f2d48d - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: file:///svn/unbound/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
Wouter Wijngaards
8ccba42b1f - dnstap support, with a patch from Farsight Security, written by 
Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
  It is BSD licensed (see dnstap/dnstap.c).
  Building with --enable-dnstap needs pkg-config with this patch.
- Noted dnstap in doc/README and doc/CREDITS.


git-svn-id: file:///svn/unbound/trunk@3206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-05 07:57:52 +00:00
Wouter Wijngaards
06bfd7bd22 - Fix bug in fix for log locks that caused deadlock in signal handler. 
git-svn-id: file:///svn/unbound/trunk@3182 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-12 17:34:37 +00:00
Wouter Wijngaards
bc7f906590 - Fix caps-for-id fallback, and added fallback attempt when servers 
drop 0x20 perturbed queries.


git-svn-id: file:///svn/unbound/trunk@3146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-24 08:24:28 +00:00
Wouter Wijngaards
3468dce5c2 - Code cleanup patch from Dag-Erling Smorgrav, with compiler issue 
fixes from FreeBSD's copy of Unbound, he notes:
  Generate unbound-control-setup.sh at build time so it respects
  prefix and sysconfdir from the configure script.  Also fix the
  umask to match the comment, and the comment to match the umask.
  Add const and static where needed.  Use unions instead of
  playing pointer poker.  Move declarations that are needed in
  multiple source files into a shared header.  Move sldns_bgetc()
  from parse.c to buffer.c where it belongs.  Introduce a new
  header file, worker.h, which declares the callbacks that
  all workers must define.  Remove those declarations from
  libworker.h.	Include the correct headers in the correct places.
  Fix a few dummy callbacks that don't match their prototype.
  Fix some casts.  Hide the sbrk madness behind #ifdef HAVE_SBRK.
  Remove a useless printf which breaks reproducible builds.
  Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're
  no longer used.  Add unbound-control-setup.sh to the list of
  generated files.



git-svn-id: file:///svn/unbound/trunk@3137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-28 08:07:12 +00:00
Wouter Wijngaards
330b3219a0 - unbound-control stats prints num.query.tcpout with number of TCP 
outgoing queries made in the previous statistics interval.


git-svn-id: file:///svn/unbound/trunk@3108 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 09:13:58 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
d8e5a83392 - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: file:///svn/unbound/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
b9efb261da - Fix bug#536: acl_deny_non_local and refuse_non_local added. 
git-svn-id: file:///svn/unbound/trunk@3015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-12 10:08:54 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
253d425ca8 - unbound-event.h is installed if configured --with-libevent. It 
contains low-level library calls, that use libevent's event_base
  and an ldns_buffer for the wire return packet to perform async
  resolution in the client's eventloop.


git-svn-id: file:///svn/unbound/trunk@2970 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-09-26 08:34:14 +00:00
Wouter Wijngaards
68e58ee194 - Fix#524: max-udp-size not effective to non-EDNS0 queries, from 
Daisuke HIGASHI.


git-svn-id: file:///svn/unbound/trunk@2955 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-09-16 09:07:08 +00:00
Wouter Wijngaards
f1fd2b53eb - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: file:///svn/unbound/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
Wouter Wijngaards
ff1dbe4fcc - Implement max-udp-size config option, default 4096 (thanks 
Daisuke Higashi).


git-svn-id: file:///svn/unbound/trunk@2893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 11:55:46 +00:00