upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8126 commits 23 branches 209 tags 123 MiB
Commit graph

440 commits

Author SHA1 Message Date
W.C.A. Wijngaards
77f15428c9 - Add #835: [FR] Ability to use Redis unix sockets. 2023-01-23 10:09:28 +01:00
W.C.A. Wijngaards
c9233f8429 - Set default for harden-unknown-additional to no. So that it does 
not hamper future protocol developments.
 2023-01-19 15:45:10 +01:00
W.C.A. Wijngaards
8df1e58209 - Add harden-unknown-additional option. Default on and it removes 
unknown records from the authority section and additional section.
  Thanks to Xiang Li, from NISL Lab, Tsinghua University.
 2023-01-19 14:59:18 +01:00
W.C.A. Wijngaards
d69f875261 - Set max-udp-size default to 1232. This is the same default value as 
the default value for edns-buffer-size. It restricts client edns
  buffer size choices, and makes unbound behave similar to other DNS
  resolvers. The new choice, down from 4096 means it is harder to get
  large responses from Unbound. Thanks to Xiang Li, from NISL Lab,
  Tsinghua University.
 2023-01-19 14:16:17 +01:00
George Thessalonikefs
df411b3f28 - Updates for #461 (Add max-query-restarts option). 2022-12-13 15:29:22 +01:00
George Thessalonikefs
71db243b0d Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf 2022-12-13 14:35:01 +01:00
George Thessalonikefs
c61b2121b5 - Expose 'max-sent-count' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 13:57:07 +01:00
George Thessalonikefs
859d0f2dfe - Expose 'statistics-inhibit-zero' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 10:47:37 +01:00
Willem Toorop
8df26b132b Merge branch 'master' into devel/merge-master-into-downstream-cookies 2022-11-07 17:09:20 +00:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
Willem Toorop
75f3fbdd65 Downstream DNS Cookies a la RFC7873 and RFC9018 
Create server cookies for clients that send client cookies.
Needs to be turned on in the config file with:

	answer-cookie: yes

A cookie-secret can be configured for anycast setups.
Also adds an access control list that will allow queries with
either a valid cookie or over a stateful transport.
 2022-09-28 10:28:19 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
ef57f8bd51 - Fix #734 [FR] enable unbound-checkconf to detect more (basic) 
errors.
 2022-08-05 14:41:05 +02:00
Minghang Chen
249efd4285 Introduce infra-cache-max-rtt option to config max retransmit timeout 
Added the option and let it default to 120 seconds so that it won't change
current behavior.

Related-to #717
 2022-07-16 01:46:18 -07:00
George Thessalonikefs
7e506bb477 - Fix typos in config_set_option for the 'num-threads' and 
'ede-serve-expired' options.
 2022-05-18 19:56:26 +03:00
W.C.A. Wijngaards
e62b309959 - For #677: Added tls-system-cert to config parser and documentation. 
- Changelog note for #677.
 2022-05-12 16:30:19 +02:00
Petr Mensik
0abfddd279 Allow using system certificates not only on Windows 
OpenSSL has a way to load default file. That file might contain usable
certificates to verify common connections. Allow similar trust as on
windows and leave it on openssl package to provide sane defaults.

Also provide use-system-cert alias, because it is not windows specific
anymore.
 2022-05-12 16:07:41 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
Christian Allred
d19e12ab5d Merge branch 'master' of https://github.com/NLnetLabs/unbound into restart_conf 2022-04-18 12:16:40 -07:00
W.C.A. Wijngaards
a0feea393a - Fix #618: enabling interface-automatic disables DNS-over-TLS. 
Adds the option to list interface-automatic-ports.
 2022-02-11 10:58:53 +01:00
George Thessalonikefs
32c3bbd249 - Change aggressive-nsec default to yes. 2022-02-02 11:25:08 +01:00
George Thessalonikefs
3086335724 - Introduce ratelimit-backoff and ip-ratelimit-backoff options for more 
aggressive rate limiting.
 2022-01-30 00:36:29 +01:00
George Thessalonikefs
c49e87e1b7 - Fix tls-* and ssl-* documented alternate syntax to also be available 
through remote-control and unbound-checkconf.
 2022-01-29 15:11:47 +01:00
W.C.A. Wijngaards
829f3c932e - Fix for #41: change outbound retry to int to fix signed comparison 
warnings.
 2021-09-08 15:07:11 +02:00
W.C.A. Wijngaards
750f46d1aa - Small fixes for #41: changelog, conflicts resolved, 
processQueryResponse takes an iterator env argument like other
  functions in the iterator, no colon in string for set_option,
  and some whitespace style, to make it similar to the rest.
 2021-09-08 14:52:56 +02:00
W.C.A. Wijngaards
204edd229e Merge branch 'feature/configure-outbound_msg_retry' of git://github.com/countsudoku/unbound into countsudoku-feature/configure-outbound_msg_retry 2021-09-08 14:38:36 +02:00
Artem Egorenkov
d9153cb35b Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux 2021-07-20 14:46:43 +02:00
George Thessalonikefs
ca4d68c64c - Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. 2021-07-16 14:32:18 +02:00
gthess
45be341267
Merge pull request #486 from fobser/val-max-restart 
Make VAL_MAX_RESTART_COUNT configurable.
 2021-06-09 12:09:27 +02:00
W.C.A. Wijngaards
11b3ebc386 - Move the NSEC3 max iterations count in line with the 150 value 
used by BIND, Knot and PowerDNS. This sets the default value
  for it in the configuration to 150 for all key sizes.
 2021-05-25 14:35:19 +02:00
Florian Obser
d4314cad33 Make VAL_MAX_RESTART_COUNT configurable. 
unbound tries very hard (up to 6 authoritative servers) to find a
validating answer. This is not always desirable, for example on high
latency links.
 2021-05-08 16:56:32 +02:00
André Cruz
e07f973938
Allow configuration of TCP timeout while waiting for response 
This allows us to configure how long Unbound will wait for a response
on a TCP connection.
 2021-04-28 16:20:46 +01:00
André Cruz
75875d4d1c
Allow configuration of persistent TCP connections 
Added 2 new options to configure previously hardcoded
values: max-reuse-tcp-queries and tcp-reuse-timeout. These
allow fine-grained control over how unbound uses persistent
TCP connections to authority servers.
 2021-04-21 13:50:45 +01:00
Christian Allred
41fa45c99e Add max-query-restarts config parameter 2021-04-05 15:41:53 -07:00
W.C.A. Wijngaards
a9e15f36d8 - Fix unit test for added ulimit checks. 2021-02-24 15:30:12 +01:00
W.C.A. Wijngaards
b7a633fdc0 Merge branch 'master' into zonemd 2021-02-04 16:08:11 +01:00
W.C.A. Wijngaards
cb55b5906a - Fix empty clause warning in config_file nsid parse. 2021-01-28 09:11:46 +01:00
George Thessalonikefs
f5b7169729 Merge branch 'orig_ttl' of https://github.com/rijswijk/unbound into rijswijk-orig_ttl 2021-01-25 17:39:24 +01:00
Roland van Rijswijk-Deij
c4c849d878 Rebase on master 2021-01-22 16:44:56 +00:00
Willem Toorop
48ecf95108 Merge branch 'master' into features/padding 2021-01-22 10:29:50 +01:00
Willem Toorop
a152c7f907 Merge branch 'master' into features/nsid 2021-01-19 14:21:18 +01:00
W.C.A. Wijngaards
c125fe67bc - Fix #404: DNS query with small edns bufsize fail. 2021-01-18 08:29:52 +01:00
Willem Toorop
ddb751751c NSID for Unbound 2020-12-01 15:19:17 +01:00
George Thessalonikefs
b0247b6e93 Merge branch 'master' into edns-string 2020-11-23 16:58:30 +01:00
W.C.A. Wijngaards
9cc8aa1ddf - Option to toggle udp-connect, default is enabled. 2020-11-23 11:06:53 +01:00
Ralph Dolmans
946ed23f73 Merge branch 'master' into edns-string 2020-11-11 11:37:32 +01:00
W.C.A. Wijngaards
2b9569c7fe zonemd, fix config_get_option for zonemd-permissive-mode and unit test 
for zonemd-permissive-mode.
 2020-10-23 14:38:57 +02:00
W.C.A. Wijngaards
165b048e07 zonemd, zonemd-permissive-mode: yes logs the failure but does not block 
the zone after a ZONEMD verification failure.
 2020-10-23 14:33:04 +02:00
W.C.A. Wijngaards
37354c8927 Merge branch 'master' into infra-keep-probing 2020-10-21 10:13:10 +02:00
W.C.A. Wijngaards
a3e2bfbb0c - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. 
This adds the option http-notls-downstream: yesno to change that,
  and the dohclient test code has the -n option.
 2020-10-19 10:24:03 +02:00
W.C.A. Wijngaards
46607e7c0c - Fix that http settings have colon in set_option, for 
http-endpoint, http-max-streams, http-query-buffer-size,
  http-response-buffer-size, and http-nodelay.
 2020-10-19 09:06:33 +02:00
Ralph Dolmans
eb799026ff Replace edns-client-tag with edns-client-string option 2020-09-30 23:17:53 +02:00
Ralph Dolmans
b6d04f500b - DNS Flag Day 2020: change edns-buffer-size default to 1232. 2020-09-29 14:07:38 +02:00
Ralph Dolmans
7da369e85a - Add edns-client-tag-opcode option 2020-09-23 12:09:48 +02:00
Ralph Dolmans
9e9810ab8b - Fix edns-client-tags get_option typo 2020-09-23 10:05:39 +02:00
Ralph Dolmans
ea90f50ca8 Merge branch 'master' into doh 2020-09-18 12:05:53 +02:00
W.C.A. Wijngaards
2541ccbb1b - Fix that prefer-ip4 and prefer-ip6 can be get and set with 
unbound-control, with libunbound and the unbound-checkconf option
  output function.
 2020-09-18 09:56:38 +02:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00
W.C.A. Wijngaards
f6a527c25a - Similar to NSD PR#113, implement that interface names can be used, 
eg. something like interface: eth0 is resolved at server start and
  uses the IP addresses for that named interface.
 2020-08-27 14:53:33 +02:00
W.C.A. Wijngaards
2fade6f970 Merge branch 'master' into dlv-removal 2020-08-06 14:20:42 +02:00
W.C.A. Wijngaards
c0c722cd97 DLV removal 2020-08-04 09:05:09 +02:00
Ubuntu
f95dce8e34 Rebase on master 2020-07-29 16:02:16 +00:00
Ralph Dolmans
64806a0d14 Add edns-client-tag configuration option 2020-07-24 14:52:04 +02:00
W.C.A. Wijngaards
3d1383bed3 Merge branch 'master' into infra-keep-probing 2020-07-16 16:00:06 +02:00
Ubuntu
b5b79e3a36 Add feature to serve original TTLs rather than decrementing ones 2020-07-15 15:15:45 +00:00
Ralph Dolmans
9cebc13150 - Add option to send DNSTAP messages over bidirectional frame streams 2020-07-13 17:28:50 +02:00
Ralph Dolmans
740da89578 Merge branch 'master' into doh 2020-06-24 14:18:47 +02:00
W.C.A. Wijngaards
4fe2122890 Merge branch 'master' into infra-keep-probing 
Remade yacc and lex files.
 2020-06-24 13:21:14 +02:00
W.C.A. Wijngaards
edcef18274 Merge branch 'master' of git://github.com/PMunch/unbound into PMunch-master 
Fixed conflicts in Makefile.in and configparser.y
 2020-05-15 14:52:53 +02:00
Ralph Dolmans
8fc2320b5c - Add mem.http.query_buffer and mem.http.response_buffer stats 
- Add configurable limits for http-query-buffer-size and
  http-response-buffer-size
- Make http endpoint, max_streams, and TCP_NODELAY for HTTP sockets
  configurable.
 2020-05-12 18:12:19 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
W.C.A. Wijngaards
055f5e68a3 Add infra-keep-probing: yes option. Hosts that are down are probed more 
frequently.
 2020-04-22 16:29:06 +02:00
George Thessalonikefs
226d66ca92 - Change default value for 'rrset-roundrobin' to yes. 2020-04-21 12:58:48 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
Willem Toorop
2c8a91c2f9 pad-queries default yes 2020-04-14 08:52:51 +02:00
Willem Toorop
551e476a17 Merge branch 'master' into features/padding 2020-04-02 18:54:18 +02:00
Willem Toorop
4f78b37c61 Down- and upstream padding a la RFC7830 & RFC8467 2020-04-02 18:34:03 +02:00
Talkabout
c25eb2c4c8 implemented review feedback 
renamed option from 'redis-set-ttl' to 'redis-expire-records'
 2020-03-31 23:10:45 +02:00
Talkabout
b130a8b459 added option 'redis-set-ttl' to define whether ttl should be added to redis records 
added check for redis command 'setex' when initializing redis connection
updated documentation
minor improvements to previous changes
 2020-03-31 12:47:13 +02:00
W.C.A. Wijngaards
7459b1dceb - Fixes for #200 : example.conf note and set_value for ip-dscp. 2020-03-24 09:36:27 +01:00
Yaroslav K
c0118410a2 add ip-dscp configuration option for setting IP DiffServ codepoint (DSCP, previously TOS) on sockets 2020-03-23 19:37:43 +00:00
Ralph Dolmans
4504dd3737 - Log warning when using outgoing-port-permit and outgoing-port-avoid 
while explicit port randomisation is disabled.
 2020-03-19 17:34:46 +01:00
W.C.A. Wijngaards
6d1b4e050d dnstap io, dnstap tls default is yes, and man page documentation. 2020-02-14 10:01:37 +01:00
W.C.A. Wijngaards
78e6060858 dnstap io, example.conf example, config_file entries for tcp and tls. 2020-02-14 09:03:09 +01:00
George Thessalonikefs
adda4f6ace - Fix use after free on log-identity after a reload; Fixes #163. 2020-02-10 13:56:22 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
PMunch
b7e8dc1182
Merge branch 'master' into master 2020-01-28 13:18:01 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
Florian Obser
0a499ec2ee Fix typo to let serve-expired-ttl work with ub_ctx_set_option(). 2019-12-10 18:03:24 +01:00
PMunch
f177dc974c Add support for multiple dynamic modules 
Allows the use of multiple dynamic modules. Simply add more "dynlib"
entries to the "modules-config" and the same amount of "dynlib-file"
entries in the dynlib configuration block.
 2019-10-21 15:59:53 +02:00
PMunch
1762437121 Add dynamic library support 2019-10-21 09:34:51 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
W.C.A. Wijngaards
78b2f1cc20 - Fix python dict reference and double free in config. 2019-06-18 17:25:08 +02:00
W.C.A. Wijngaards
63b2628a18 Merge branch 'dev/all-merged/master' of git://github.com/episource/unbound into episource-dev/all-merged/master 2019-06-18 17:07:57 +02:00
Moritz Schneider
79cc049096 Make outbound msg retry configurable 2019-06-12 19:01:28 +02:00
Ralph Dolmans
bc83e0b016 fix double free issue 2019-06-04 12:38:44 +02:00
Kevin Chu
56af87e2f3 edit config parser to support ipset 2019-05-03 17:45:34 +08:00
Kevin Chu
1a48bdebb5 Add support for ipset 2019-05-02 19:43:30 +08:00