same time, the client info is copied for attach_sub and add_sub
calls. That makes respip work on dns64 synthesized answers, and
also makes RPZ work with DNS64. The order for the modules is
module-config: "respip dns64 validator iterator".
* 'tls-use-system-policy-versions' is introduced to allow Unbound to use
any system available TLS version when serving TLS.
* Apply suggestions from code review
---------
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
- Cached messages that reach 0 TTL are considered expired. This prevents
Unbound itself from issuing replies with TTL 0 and possibly causing a
thundering herd at the last second. Upstream replies of TTL 0 still
get the usual pass-through but they are not considered for caching
from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
TTL value of the record to try and make some sense when replying
with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
high-order bit means the value is positive instead of 0.
- Fix NSEC3 code to not break on broken auth zones that include unsigned
out of zone (above apex) data. Could lead to hang while trying to
prove a wildcard answer.
Reported by Dmitrii Kuvaiskii from Amazon Web Services.
- Tests for NSEC3 auth zones with out of zone data.
- Auto-configure '-slabs' values to a power of 2 value close to num-threads
by default for multi-threaded environments.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
compiled with libevent. It makes saturation of the task queue more
resource intensive and less practical. Thanks to Shiming Liu,
Network and Information Security Lab, Tsinghua University for the
report.
* Fix calling WSAPoll.
* fast_reload: explicitly set tcp_wouldblock on Windows when there is no
command to read from the fast_reload thread.
* For poll(), also check for ENOMEM (Linux).
* Remove ifdefs for ENOMEM.
* Some systems return EAGAIN for poll.
* Fix calling WSAPoll.
* fast_reload: explicitly set tcp_wouldblock on Windows when there is no
command to read from the fast_reload thread.
* For poll(), also check for ENOMEM (Linux).
* Remove ifdefs for ENOMEM.
* Some systems return EAGAIN for poll.
* v1 EDER poc
* remove superfluous edns_list_get_option function
* create an EDER configurable
* Hackathon 114
* Fixes for version -04
* Generated configparser and configlexer are not versioned in master anymore
* Remove NOERROR DNS Error Reporting; not part of final RFC.
* Use assigned IANA EDNS0 Option Code for Report-Channel.
* Fix buffer protection and agent domain validity
* Use DNS Error Reporting instead of the eder nickname
* Update documentation.
* Fix typo.
* Bail out early if ede is not present.
* Forget previous EDNS options from upstream; this is what was
implicitly happening but not deterministacally.
* Don't report LDNS_EDE_OTHER and bail early if there is no reporting
agent.
* Only do DNS error reporting when a client asked for something that
went wrong.
* Add an error reporting agent in the parent that should be ignored.
* review feedback.
* fixup for fast reload
* Add 'num.dns_error_reports' to stats and test for it.
---------
Co-authored-by: TCY16 <tom@nlnetlabs.nl>
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
* Set version to 1.19.1 for point release.
* Initial work for Redis read-only replica support.
* Test for Redis replica.
* Documentation for the Redis replica timeouts.
* redis replica, rewrite set_timeout()
* clean merge.
* Add new options for fast reload.
* Apply suggestions from code review
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
* some more typos
---------
Co-authored-by: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
