upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8126 commits 23 branches 209 tags 123 MiB
Commit graph

14 commits

Author SHA1 Message Date
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
W.C.A. Wijngaards
6afdc336ba - Fix test for new default. 2023-01-19 16:06:30 +01:00
W.C.A. Wijngaards
8df1e58209 - Add harden-unknown-additional option. Default on and it removes 
unknown records from the authority section and additional section.
  Thanks to Xiang Li, from NISL Lab, Tsinghua University.
 2023-01-19 14:59:18 +01:00
George Thessalonikefs
a269db3828 - Explicitly use 'rrset-roundrobin: no' for test cases. 2020-04-22 19:27:20 +02:00
Ralph Dolmans
50b6dc4b81 - Qname minimisation default changed to yes. 
git-svn-id: file:///svn/unbound/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-17 10:33:19 +00:00
Ralph Dolmans
ac9b95ca0c - Set trust-anchor-signaling default to yes 
git-svn-id: file:///svn/unbound/trunk@4360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 10:17:25 +00:00
Wouter Wijngaards
05215e8e7d - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and 
DS records.  NSEC3 is not disabled.
- fake-sha1 test option; print warning if used.  To make unit tests.


git-svn-id: file:///svn/unbound/trunk@4043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-09 13:18:08 +00:00
Ralph Dolmans
4f487cf746 Add DSA support for OpenSSL 1.1 
git-svn-id: file:///svn/unbound/trunk@3954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-07 12:58:47 +00:00
Wouter Wijngaards
27182d614b - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled 
with the undocumented switch 'fake-dsa'.  It logs a warning.


git-svn-id: file:///svn/unbound/trunk@3909 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-26 07:38:00 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
c653b8424b Fixup for problems with do-ip6: no and only ipv6 addresses. 
git-svn-id: file:///svn/unbound/trunk@1353 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-17 12:47:34 +00:00
Wouter Wijngaards
1e4e8cb68a - Fixup rrset security updates overwriting 2181 trust status. 
This makes validated to be insecure data just as worthless as
	  nonvalidated data, and 2181 rules prevent cache overwrites to them.
	- Fix assertion fail on bogus key handling.
	- dnssec lameness detection works on first query at trust apex.
	- NS queries get proper cache and dnssec lameness treatment.
	- fixup compilation without pthreads on linux.
	- NS queries are done after every referral.
	  validator is used on those NS records (if anchors enabled).




git-svn-id: file:///svn/unbound/trunk@1185 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-12 10:13:57 +00:00
Wouter Wijngaards
3aea7c2630 Fixup tests. 
git-svn-id: file:///svn/unbound/trunk@673 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-10 09:33:27 +00:00
Wouter Wijngaards
e384cdaf70 any with DNAME record (test for synthesis of CNAME). 
git-svn-id: file:///svn/unbound/trunk@592 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-09-05 09:54:18 +00:00