upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 08:39:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8126 commits 23 branches 209 tags 123 MiB
Commit graph

440 commits

Author SHA1 Message Date
Ralph Dolmans
c66e47c372 Initial RPZ commit - now with all files 2019-04-05 17:39:10 +02:00
Philipp Serr
b248654aab Support multiple python module instances 
This commit adds proper support for multiple instances of the python
module: When more than one instance is added to the module list, the
first instance loads the first script specified in the `python:`
configuration section. The second instance loads the second script,
and so on.

When there are more module instances in the module list than there are
scripts in the `python:` section, an error is raised during
initialization and unbound won't start. When more scripts than module
instances are provided, the surplus scripts are ignored.
 2019-03-02 14:32:48 +01:00
Wouter Wijngaards
68a57554a6 For TLS session keys, keep config options in order read from file to keep the first one as the first one. 
git-svn-id: file:///svn/unbound/trunk@5064 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 10:41:03 +00:00
Wouter Wijngaards
510606dd1c - Patch for TLS session resumption from Manabu Sonoda, 
enable with tls-session-ticket-keys in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:35:52 +00:00
Wouter Wijngaards
5d82b7c421 - Fixes for the patch, and man page entry. 
git-svn-id: file:///svn/unbound/trunk@5055 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 08:45:16 +00:00
Wouter Wijngaards
8ae9f26bce - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites 
options for unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5054 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 08:37:00 +00:00
Wouter Wijngaards
d81e2c654f - Add stream-wait-size: 4m config option to limit the maximum 
memory used by waiting tcp and tls stream replies.  This avoids
  a denial of service where these replies use up all of the memory.


git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 16:20:14 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
fd5e4e6019 - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, 
adds the option unknown-server-time-limit to unbound.conf that
  can be increased to avoid the problem.


git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 09:21:41 +00:00
Ralph Dolmans
6021341118 - Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options. 
git-svn-id: file:///svn/unbound/trunk@4951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:53:50 +00:00
Wouter Wijngaards
23505d30a5 - Fix #4190: Please create a "ANY" deny option, adds the option 
deny-any: yes in unbound.conf.  This responds with an empty message
  to queries of type ANY.


git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:07:37 +00:00
Wouter Wijngaards
5fec1c8b1f - Fix #4154: make ECS_MAX_TREESIZE configurable, with 
the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.


git-svn-id: file:///svn/unbound/trunk@4945 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-22 14:54:28 +00:00
Ralph Dolmans
6b5e7d78e3 - Change fast-server-num default to 3. 
git-svn-id: file:///svn/unbound/trunk@4941 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-22 09:36:36 +00:00
Ralph Dolmans
a8b2c64cbf More lint pleasing 
git-svn-id: file:///svn/unbound/trunk@4940 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-08 16:38:25 +00:00
Ralph Dolmans
02bd3e2ff1 - Add fast-server-permil and fast-server-num options. 
- Deprecate low-rtt and low-rtt-permil options.


git-svn-id: file:///svn/unbound/trunk@4938 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-08 16:03:46 +00:00
Wouter Wijngaards
fece182cf5 - Set default for so-reuseport to no for FreeBSD. It is enabled 
by default for Linux and DragonFlyBSD.  The setting can 
  be configured in unbound.conf to override the default.


git-svn-id: file:///svn/unbound/trunk@4932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-05 15:07:19 +00:00
Wouter Wijngaards
75b8b8c875 - Free memory leak in config strlist append. 
- make sure nsec3 comparison salt is initialized.


git-svn-id: file:///svn/unbound/trunk@4900 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 10:23:30 +00:00
Wouter Wijngaards
9a82526b91 - exit log routine is annotated as noreturn function. 
- free memory leaks in config strlist and str2list insert functions.
- do not move unused argv variable after getopt.
- Remove unused if clause in testcode.


git-svn-id: file:///svn/unbound/trunk@4896 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 08:58:21 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
Wouter Wijngaards
e0745813f4 - Set defaults to yes for a number of options to increase speed and 
resilience of the server.  The so-reuseport, harden-below-nxdomain,
  and minimal-responses options are enabled by default.  They used
  to be disabled by default, waiting to make sure they worked.  They
  are enabled by default now, and can be disabled explicitly by
  setting them to "no" in the unbound.conf config file.  The reuseport
  and minimal options increases speed of the server, and should be
  otherwise harmless.  The harden-below-nxdomain option works well
  together with the recently default enabled qname minimisation, this
  causes more fetches to use information from the cache.


git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-27 13:18:19 +00:00
Wouter Wijngaards
4daf8f5bdb - Fix only misc failure from log-servfail when val-log-level is not 
enabled.


git-svn-id: file:///svn/unbound/trunk@4869 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 14:31:37 +00:00
Wouter Wijngaards
01d8dc2240 - log-local-actions: yes option for unbound.conf that logs all the 
local zone actions, a patch from Saksham Manchanda (Secure64).


git-svn-id: file:///svn/unbound/trunk@4864 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 07:10:09 +00:00
Wouter Wijngaards
4fe427ded2 - log-servfail: yes prints log lines that say why queries are 
returning SERVFAIL to clients.


git-svn-id: file:///svn/unbound/trunk@4863 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 15:22:05 +00:00
Wouter Wijngaards
b0daf867c2 and the error looks good. 
git-svn-id: file:///svn/unbound/trunk@4860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 14:17:48 +00:00
Wouter Wijngaards
586b811b87 - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). 
This limits the number of simultaneous TCP client connections
  from a nominated netblock.
And a simple test for TCP connection limit.


git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 11:57:42 +00:00
Wouter Wijngaards
3dbdde7fed - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options 
and implement option in client responses.


git-svn-id: file:///svn/unbound/trunk@4804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:18:34 +00:00
Wouter Wijngaards
007123ee2c - Sort out test runs when the build directory isn't the project 
root directory.
- Add config tcp-idle-timeout (default 30s). This applies to
  client connections only; the timeout on TCP connections upstream
  is unaffected.


git-svn-id: file:///svn/unbound/trunk@4802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:15:12 +00:00
Wouter Wijngaards
2beae211ee - dns64-ignore-aaaa: config option to list domain names for which the 
existing AAAA is ignored and dns64 processing is used on the A
  record.


git-svn-id: file:///svn/unbound/trunk@4762 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-29 12:58:52 +00:00
Wouter Wijngaards
c15eae814f - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. 
git-svn-id: file:///svn/unbound/trunk@4738 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-18 09:04:35 +00:00
Wouter Wijngaards
9cb404ba5f - Fix that first control-interface determines if TLS is used. Warn 
when IP address interfaces are used without TLS.


git-svn-id: file:///svn/unbound/trunk@4730 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 08:14:43 +00:00
Wouter Wijngaards
23edc18cac - Rename tls-additional-ports to tls-additional-port, because every 
line adds one port.


git-svn-id: file:///svn/unbound/trunk@4721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 08:45:57 +00:00
Wouter Wijngaards
7fd32916e8 - #4102 for NSD, but for Unbound. Named unix pipes do not use 
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 07:43:52 +00:00
Wouter Wijngaards
7509bf208e - Rename additional-tls-port to tls-additional-ports. 
The older name is accepted for backwards compatibility.


git-svn-id: file:///svn/unbound/trunk@4703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-01 08:02:04 +00:00
Wouter Wijngaards
1a0bd1a150 - tls-win-cert option that adds the system certificate store for 
authenticating DNS-over-TLS connections.  It can be used instead
  of the tls-cert-bundle option, or with it to add certificates.


git-svn-id: file:///svn/unbound/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 14:15:06 +00:00
Wouter Wijngaards
5a726fb61f - Add routine from getdns to add windows cert store to the SSL_CTX. 
git-svn-id: file:///svn/unbound/trunk@4697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 13:22:10 +00:00
Ralph Dolmans
50b6dc4b81 - Qname minimisation default changed to yes. 
git-svn-id: file:///svn/unbound/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-17 10:33:19 +00:00
Wouter Wijngaards
676644d8e8 - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand. 
git-svn-id: file:///svn/unbound/trunk@4683 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-15 07:30:53 +00:00
Ralph Dolmans
4d06c36342 - Added root-key-sentinel support 
git-svn-id: file:///svn/unbound/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
Wouter Wijngaards
716282cc1a - Fix #4092: libunbound: use-caps-for-id lacks colon in 
config_set_option.


git-svn-id: file:///svn/unbound/trunk@4644 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 07:51:21 +00:00
Wouter Wijngaards
f39e39ed47 - For addr with #authname and no @port notation, the default is 853. 
git-svn-id: file:///svn/unbound/trunk@4637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 14:23:14 +00:00
Wouter Wijngaards
1b055c6ca7 - allow-notify: config statement for auth-zones. 
git-svn-id: file:///svn/unbound/trunk@4628 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 13:23:35 +00:00
Wouter Wijngaards
d91f09896d get_option and set_option for low-rtt and low-rtt-pct. 
git-svn-id: file:///svn/unbound/trunk@4613 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 13:39:29 +00:00
Wouter Wijngaards
d41cdb6ce8 - low-rtt and low-rtt-pct in unbound.conf enable the server selection 
of fast servers for some percentage of the time.


git-svn-id: file:///svn/unbound/trunk@4612 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 13:27:28 +00:00
Wouter Wijngaards
fbee729c5b - Accept both option names with and without colon for get_option 
and set_option.


git-svn-id: file:///svn/unbound/trunk@4611 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 10:42:48 +00:00
Ralph Dolmans
39f6488471 - Fix unbound-control get_option aggressive-nsec 
git-svn-id: file:///svn/unbound/trunk@4597 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-23 12:23:02 +00:00
Wouter Wijngaards
1d2d33d01a - Create additional tls service interfaces by opening them on other 
portnumbers and listing the portnumbers as additional-tls-port: nr.


git-svn-id: file:///svn/unbound/trunk@4588 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 14:19:02 +00:00
Wouter Wijngaards
54bd1fdd62 - tls-cert-bundle option in unbound.conf enables TLS authentication. 
git-svn-id: file:///svn/unbound/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:09 +00:00
Ralph Dolmans
77f78152ee - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: file:///svn/unbound/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00
Wouter Wijngaards
b37bc47eaa - Work on local root zone code. 
git-svn-id: file:///svn/unbound/trunk@4376 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 15:16:31 +00:00
Wouter Wijngaards
52e2331dd4 - [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert 
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
  from Manu Bretelle.
	This option allows handling multiple cert/key pairs while only
	distributing some of them.
	In order to reliably match a client magic with a given key without
	strong assumption as to how those were generated, we need both key and
	cert. Likewise, in order to know which ES version should be used.
	On the other hand, when rotating a cert, it can be desirable to only
	serve the new cert but still be able to handle clients that are still
	using the old certs's public key.
	The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
	publish the cert as part of the DNS's provider_name's TXT answer.



git-svn-id: file:///svn/unbound/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 07:34:49 +00:00
Ralph Dolmans
ac9b95ca0c - Set trust-anchor-signaling default to yes 
git-svn-id: file:///svn/unbound/trunk@4360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 10:17:25 +00:00
Wouter Wijngaards
ee8f07a686 - Fix #1440: [dnscrypt] client nonce cache. 
git-svn-id: file:///svn/unbound/trunk@4351 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:55:08 +00:00
Wouter Wijngaards
c49226613b - Fix #1435: Please allow UDP to be disabled separately upstream and 
downstream.


git-svn-id: file:///svn/unbound/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:42:24 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Wouter Wijngaards
a17400b45e dnscrypt cache size configuration option. 
git-svn-id: file:///svn/unbound/trunk@4328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 11:58:29 +00:00
Wouter Wijngaards
ae67923bab - Fix #1398: make cachedb secret configurable. 
git-svn-id: file:///svn/unbound/trunk@4295 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-08 09:04:51 +00:00
Wouter Wijngaards
c52c07c086 - Fix #1350: make cachedb backend configurable (from JINMEI Tatuya). 
git-svn-id: file:///svn/unbound/trunk@4275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-17 08:21:19 +00:00
Wouter Wijngaards
ca8d0a0e92 - Fix #1279: Memory leak on reload when python module is enabled. 
git-svn-id: file:///svn/unbound/trunk@4220 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-13 07:10:58 +00:00
Ralph Dolmans
998793998d - Added domain name based ECS whitelist. 
git-svn-id: file:///svn/unbound/trunk@4217 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-08 14:44:55 +00:00
Ralph Dolmans
486edb10db - Fix #1269: inconsistent use of built-in local zones with views. 
- Add defaults for new local-zone trees added to views using unbound-control.


git-svn-id: file:///svn/unbound/trunk@4199 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-30 13:04:19 +00:00
George Thessalonikefs
491b0a26e4 - Implemented opportunistic IPsec support module (ipsecmod). 
- Some whitespace fixup.


git-svn-id: file:///svn/unbound/trunk@4158 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 12:39:24 +00:00
Ralph Dolmans
a511d5d95e - Implemented trust anchor signaling using key tag query. 
git-svn-id: file:///svn/unbound/trunk@4134 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 12:58:13 +00:00
Wouter Wijngaards
7925a98141 variables get_option and set_option also for dnscrypt. 
git-svn-id: file:///svn/unbound/trunk@4130 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-24 09:00:45 +00:00
Wouter Wijngaards
461c8c97db - unbound-checkconf -o allows query of dnstap config variables. 
Also unbound-control get_option.


git-svn-id: file:///svn/unbound/trunk@4129 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-24 08:30:32 +00:00
Wouter Wijngaards
16428ccbd2 - Fix #1250: inconsistent indentation in services/listen_dnsport.c. 
git-svn-id: file:///svn/unbound/trunk@4113 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-13 07:17:05 +00:00
Ralph Dolmans
a2bc93547f - Generalise inplace callback (de)registration 
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event


git-svn-id: file:///svn/unbound/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-06 13:13:06 +00:00
Ralph Dolmans
d30ae35c62 - Do not add current time twice to TTL before ECS cache store. 
- Do not touch rrset cache after ECS cache message generation.
- Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.


git-svn-id: file:///svn/unbound/trunk@4086 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-03 09:36:18 +00:00
Ralph Dolmans
b0fd814975 - Merge EDNS Client subnet implementation from feature branch into main branch, 
using new EDNS processing framework.


git-svn-id: file:///svn/unbound/trunk@4074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-21 12:08:17 +00:00
Wouter Wijngaards
7c9584e408 - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then 
enabled in the config file from Manu Bretelle.


git-svn-id: file:///svn/unbound/trunk@4065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-20 14:55:31 +00:00
Wouter Wijngaards
6c456aa15e - Add trustanchor.unbound CH TXT that gets a response with a number 
of TXT RRs with a string like "example.com. 2345 1234" with
  the trust anchors and their keytags.


git-svn-id: file:///svn/unbound/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:17:58 +00:00
Wouter Wijngaards
cae9809e11 - Response actions based on IP address from Jinmei Tatuya (Infoblox). 
git-svn-id: file:///svn/unbound/trunk@4035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-07 14:58:51 +00:00
Wouter Wijngaards
35ae8ef313 - Patch from Luiz Fernando Softov for Stats Shared Memory. 
- unbound-control stats_shm command prints stats using shared memory,
  which uses less cpu.


git-svn-id: file:///svn/unbound/trunk@4020 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-23 12:05:05 +00:00
Wouter Wijngaards
3a1ffe4c69 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: file:///svn/unbound/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
Wouter Wijngaards
9b4b0de746 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
Wouter Wijngaards
cd7db58ce3 - configure --enable-systemd and lets unbound use systemd sockets if 
you enable use-systemd: yes in unbound.conf.
  Also there are contrib/unbound.socket and contrib/unbound.service:
  systemd files for unbound, install them in /usr/lib/systemd/system.
  Contributed by Sami Kerola and Pavel Odintsov.



git-svn-id: file:///svn/unbound/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-03 13:43:29 +00:00
Ralph Dolmans
efe248c46a - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: file:///svn/unbound/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
Wouter Wijngaards
c22f958152 Free log_identity config string. 
git-svn-id: file:///svn/unbound/trunk@3918 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 13:19:12 +00:00
Wouter Wijngaards
680e14cb65 - log-identity: config option to set sys log identity, patch from 
"Robin H. Johnson" <robbat2@gentoo.org>


git-svn-id: file:///svn/unbound/trunk@3917 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 08:51:40 +00:00
Wouter Wijngaards
a9a65800b8 - serve-expired config option: serve expired responses with TTL 0. 
git-svn-id: file:///svn/unbound/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:43:20 +00:00
Ralph Dolmans
840142397d - Free view config elements. 
git-svn-id: file:///svn/unbound/trunk@3881 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-12 10:09:42 +00:00
Ralph Dolmans
9c0944ec1e - Added qname-minimisation-strict config option. 
git-svn-id: file:///svn/unbound/trunk@3878 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-11 11:32:50 +00:00
Ralph Dolmans
b587c7f72d Added views functionality. 
git-svn-id: file:///svn/unbound/trunk@3876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:36:25 +00:00
Wouter Wijngaards
42f14e7c4d - Fix #802: workaround for function parameters that are "unused" 
without log_assert.


git-svn-id: file:///svn/unbound/trunk@3823 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-22 07:05:52 +00:00
Wouter Wijngaards
a2555b39d7 and fixup delete rest of list on parse failure. 
git-svn-id: file:///svn/unbound/trunk@3762 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 15:01:48 +00:00
Wouter Wijngaards
0e97374466 - access-control-tag-action and access-control-tag-data config 
directives.
- make depend


git-svn-id: file:///svn/unbound/trunk@3759 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 13:47:24 +00:00
Wouter Wijngaards
65bcb9b0ca - local-zone-override config directive. 
git-svn-id: file:///svn/unbound/trunk@3758 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 10:00:25 +00:00
Wouter Wijngaards
415fc52b08 - access-control-tag config directive. 
git-svn-id: file:///svn/unbound/trunk@3754 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:33:59 +00:00
Wouter Wijngaards
7fcec8102f - disable-dnssec-lame-check config option from Charles Walker. 
git-svn-id: file:///svn/unbound/trunk@3725 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-24 12:17:42 +00:00
Wouter Wijngaards
ab2435a1b9 code improvement. 
git-svn-id: file:///svn/unbound/trunk@3712 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-21 15:02:00 +00:00
Wouter Wijngaards
dc6cd053da more please lint. 
git-svn-id: file:///svn/unbound/trunk@3710 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-21 10:07:45 +00:00
Wouter Wijngaards
46d476b0c2 define-tag and local-zone-tag configuration. 
git-svn-id: file:///svn/unbound/trunk@3708 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-21 09:49:02 +00:00
Wouter Wijngaards
9f8b2bb468 - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for 
binding to an IP address while the interface or address is down.


git-svn-id: file:///svn/unbound/trunk@3673 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-15 09:35:48 +00:00
Wouter Wijngaards
36d3966e60 - ub_ctx_set_stub() function for libunbound to config stub zones. 
git-svn-id: file:///svn/unbound/trunk@3632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-23 10:43:10 +00:00
Wouter Wijngaards
785697de82 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: file:///svn/unbound/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
Wouter Wijngaards
5d0ad681a2 - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: file:///svn/unbound/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
Wouter Wijngaards
bb7b4db353 Fixup #724 in unbound-checkconf and fname_after_chroot calls. 
git-svn-id: file:///svn/unbound/trunk@3558 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 09:12:30 +00:00
Ralph Dolmans
a05bf09811 Implemented qname minimisation 
git-svn-id: file:///svn/unbound/trunk@3554 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-30 16:10:26 +00:00
Wouter Wijngaards
c3a45dde15 - Default for ssl-port is port 853, the temporary port assignment 
for secure domain name system traffic.
  If you used to rely on the older default of port 443, you have
  to put a clause in unbound.conf for that.  The new value is likely
  going to be the standardised port number for this traffic.


git-svn-id: file:///svn/unbound/trunk@3502 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-09 07:55:21 +00:00
Wouter Wijngaards
e65fdc31aa - Change default of harden-algo-downgrade to off. This is lenient 
for algorithm rollover.


git-svn-id: file:///svn/unbound/trunk@3478 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-24 15:05:10 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
94a6478e05 - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: file:///svn/unbound/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
ff898bfdd6 - Synthesize ANY responses from cache. Does not search exhaustively, 
but MX,A,AAAA,SOA,NS also CNAME.
- Fix leaked dns64prefix configuration string.


git-svn-id: file:///svn/unbound/trunk@3405 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-17 14:58:07 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
55412b2645 - Fix that get_option for cache-sizes does not print double newline. 
git-svn-id: file:///svn/unbound/trunk@3395 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 13:43:44 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
e3994c1273 Fixed like Maciej did. 
git-svn-id: file:///svn/unbound/trunk@3376 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-23 20:42:47 +00:00
Wouter Wijngaards
bd404f5fd3 - Fix segfault on user not found at startup (from Maciej Soltysiak). 
git-svn-id: file:///svn/unbound/trunk@3375 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-23 20:20:15 +00:00
Wouter Wijngaards
77088b12ff - Add ip-transparent config option for bind to non-local addresses. 
git-svn-id: file:///svn/unbound/trunk@3369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-19 09:50:35 +00:00
Wouter Wijngaards
0f9fda81e6 please lint. 
git-svn-id: file:///svn/unbound/trunk@3366 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-17 09:38:47 +00:00
Wouter Wijngaards
63b5d109f8 - Use reallocarray for integer overflow protection, patch submitted 
by Loganaden Velvindron.


git-svn-id: file:///svn/unbound/trunk@3365 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-17 08:24:24 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
a226533c8b - Fix #647 crash in 1.5.2 because pwd.db no longer accessible after 
reload.


git-svn-id: file:///svn/unbound/trunk@3341 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-20 14:48:04 +00:00
Wouter Wijngaards
3ef33154e5 - infra-cache-min-rtt patch from Florian Riehm, for expected long 
uplink roundtrip times.


git-svn-id: file:///svn/unbound/trunk@3328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-02 08:46:22 +00:00
Wouter Wijngaards
79044dc6cf - windows port fixes, no AF_LOCAL, no chown, no chmod(grp). 
git-svn-id: file:///svn/unbound/trunk@3319 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-23 15:23:58 +00:00
Wouter Wijngaards
047de3e1ee - coded the default of control-use-cert, to yes. 
git-svn-id: file:///svn/unbound/trunk@3309 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:54:38 +00:00
Wouter Wijngaards
a3f0a34efb - Fixup that patch and uid lookup (only for daemon). 
git-svn-id: file:///svn/unbound/trunk@3306 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:37:45 +00:00
Wouter Wijngaards
df73be98bd - patch for remote control over local sockets, from Dag-Erling 
Smorgrav, Ilya Bakulin.  Use control-interface: /path/sock and
  control-use-cert: no.


git-svn-id: file:///svn/unbound/trunk@3304 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:12:59 +00:00
Wouter Wijngaards
f1bcc1032f More casts. 
git-svn-id: file:///svn/unbound/trunk@3244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 09:23:12 +00:00
Wouter Wijngaards
722d446905 And more casts. 
git-svn-id: file:///svn/unbound/trunk@3243 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 08:46:08 +00:00
Wouter Wijngaards
339a6be27d More unsigned chasts for toupper/tolower/ctype 
git-svn-id: file:///svn/unbound/trunk@3242 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 08:35:00 +00:00
Wouter Wijngaards
8ccba42b1f - dnstap support, with a patch from Farsight Security, written by 
Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
  It is BSD licensed (see dnstap/dnstap.c).
  Building with --enable-dnstap needs pkg-config with this patch.
- Noted dnstap in doc/README and doc/CREDITS.


git-svn-id: file:///svn/unbound/trunk@3206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-05 07:57:52 +00:00
Wouter Wijngaards
3468dce5c2 - Code cleanup patch from Dag-Erling Smorgrav, with compiler issue 
fixes from FreeBSD's copy of Unbound, he notes:
  Generate unbound-control-setup.sh at build time so it respects
  prefix and sysconfdir from the configure script.  Also fix the
  umask to match the comment, and the comment to match the umask.
  Add const and static where needed.  Use unions instead of
  playing pointer poker.  Move declarations that are needed in
  multiple source files into a shared header.  Move sldns_bgetc()
  from parse.c to buffer.c where it belongs.  Introduce a new
  header file, worker.h, which declares the callbacks that
  all workers must define.  Remove those declarations from
  libworker.h.	Include the correct headers in the correct places.
  Fix a few dummy callbacks that don't match their prototype.
  Fix some casts.  Hide the sbrk madness behind #ifdef HAVE_SBRK.
  Remove a useless printf which breaks reproducible builds.
  Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're
  no longer used.  Add unbound-control-setup.sh to the list of
  generated files.



git-svn-id: file:///svn/unbound/trunk@3137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-28 08:07:12 +00:00
Wouter Wijngaards
1773696a7e review fixes. 
git-svn-id: file:///svn/unbound/trunk@3134 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-20 11:39:41 +00:00
Wouter Wijngaards
bdc57e5be5 - Feature, unblock-lan-zones: yesno that you can use to make unbound 
perform 10.0.0.0/8 and other reverse lookups normally, for use if
  unbound is running service for localhost on localhost.


git-svn-id: file:///svn/unbound/trunk@3133 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-20 10:38:32 +00:00
Wouter Wijngaards
18feb613ae - Fix print filename of encompassing config file on read failure. 
git-svn-id: file:///svn/unbound/trunk@3099 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-03-24 13:13:42 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
d8e5a83392 - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: file:///svn/unbound/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00
Wouter Wijngaards
361cc1f511 - made lint clean. 
git-svn-id: file:///svn/unbound/trunk@3050 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 13:23:45 +00:00
Wouter Wijngaards
60511959ab - so-reuseport: yesno option to distribute queries evenly over 
threads on Linux (Thanks Robert Edmonds).


git-svn-id: file:///svn/unbound/trunk@3049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 11:43:38 +00:00
Wouter Wijngaards
79ced4b48e include time.h 
git-svn-id: file:///svn/unbound/trunk@3025 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 13:57:49 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
50934d4ce7 more time_t. 
git-svn-id: file:///svn/unbound/trunk@2951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-09-10 08:46:33 +00:00
Wouter Wijngaards
f1fd2b53eb - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: file:///svn/unbound/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
Wouter Wijngaards
b2274bedd9 - max include of 100.000 files (depth and globbed at one time). 
This is to preserve system memory in bug cases, or endless cases.


git-svn-id: file:///svn/unbound/trunk@2928 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-07-26 13:11:53 +00:00
Wouter Wijngaards
b709a9a449 - get_option and set_option support for log-time-ascii, python-script 
val-sig-skew-min and val-sig-skew-max.  log-time-ascii takes effect
  immediately.  The others are mostly useful for libunbound users.


git-svn-id: file:///svn/unbound/trunk@2911 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-06-14 08:03:52 +00:00
Wouter Wijngaards
4af730847c - get_option, set_option, unbound-checkconf -o and libunbound 
getoption and setoption support cache-min-ttl and cache-max-ttl.


git-svn-id: file:///svn/unbound/trunk@2910 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-06-13 08:26:41 +00:00
Wouter Wijngaards
d68e0595b4 please lint. 
git-svn-id: file:///svn/unbound/trunk@2902 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-05-16 08:25:50 +00:00
Wouter Wijngaards
ff1dbe4fcc - Implement max-udp-size config option, default 4096 (thanks 
Daisuke Higashi).


git-svn-id: file:///svn/unbound/trunk@2893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 11:55:46 +00:00
Wouter Wijngaards
06a5fdb3f6 - Fix snprintf return value usage, fixed libunbound_get_option. 
git-svn-id: file:///svn/unbound/trunk@2888 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-19 11:34:36 +00:00
Matthijs Mekking
5361b081d3 review, found nothing, except for layout and typo 
git-svn-id: file:///svn/unbound/trunk@2785 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-12-03 14:28:06 +00:00
Wouter Wijngaards
9c4bbfd37d - include: directive in config file accepts wildcards. Patch from 
Paul Wouters.  Suggested use: include: "/etc/unbound.d/conf.d/*"


git-svn-id: file:///svn/unbound/trunk@2765 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-09-27 08:52:37 +00:00
Wouter Wijngaards
15aacbe89b code review. 
git-svn-id: file:///svn/unbound/trunk@2688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-18 14:22:29 +00:00
Wouter Wijngaards
cf147df593 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and 
minimal-responses features.


git-svn-id: file:///svn/unbound/trunk@2658 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-04-10 09:16:39 +00:00
Wouter Wijngaards
1736d8078a - forward-first option. Tries without forward if a query fails. 
Also stub-first option that is similar.


git-svn-id: file:///svn/unbound/trunk@2637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-01 13:16:40 +00:00
Wouter Wijngaards
d7172c55ed - Fix bug#434: on windows check registry for config file location 
for unbound-control.exe, and unbound-checkconf.exe.


git-svn-id: file:///svn/unbound/trunk@2635 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-27 13:20:29 +00:00
Wouter Wijngaards
71e85ee6fb use the ++. 
git-svn-id: file:///svn/unbound/trunk@2597 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-26 10:46:14 +00:00
Wouter Wijngaards
b54efa5c69 - applied patch to support outgoing-interface with ub_ctx_set_option. 
git-svn-id: file:///svn/unbound/trunk@2596 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-26 10:37:10 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
8f5596f643 ssl_port setting, so that the dnssec-trigger server can be on one host machine. 
git-svn-id: file:///svn/unbound/trunk@2539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-08 10:56:42 +00:00
Wouter Wijngaards
aa0536dcb5 - dns over ssl support, ssl-service-pem and ssl-service-key files 
can be given and then TCP queries are serviced wrapped in SSL.


git-svn-id: file:///svn/unbound/trunk@2530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-31 14:48:48 +00:00
Wouter Wijngaards
2479955f9f - lame-ttl and lame-size options no longer exist, it is integrated 
with the host info.  They are ignored (with verbose warning) if
  encountered to keep the config file backwards compatible.



git-svn-id: file:///svn/unbound/trunk@2527 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-27 08:33:02 +00:00
Wouter Wijngaards
05e118b7d5 tcp upstream option. 
git-svn-id: file:///svn/unbound/trunk@2480 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 13:58:40 +00:00
Wouter Wijngaards
8def9c1043 - log-queries: yesno option, default is no, prints querylog. 
git-svn-id: file:///svn/unbound/trunk@2429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-16 13:15:57 +00:00
Wouter Wijngaards
a11fbf9ca0 - unbound-control has version number in the header, 
UBCT[version]_space_ is the header sent by the client now.
- Unbound control port number is registered with IANA:
  ub-dns-control  8953/tcp    unbound dns nameserver control
  This is the new default for the control-port config setting.


git-svn-id: file:///svn/unbound/trunk@2424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-10 10:11:38 +00:00
Wouter Wijngaards
ca38a8bd55 - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers. 
git-svn-id: file:///svn/unbound/trunk@2414 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 11:20:14 +00:00
Wouter Wijngaards
f7b911b120 - add get and set option for harden-below-nxdomain feature. 
git-svn-id: file:///svn/unbound/trunk@2377 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-17 12:31:28 +00:00
Wouter Wijngaards
78cc3d8ae1 harden-below-nxdomain option taken from draft-vixie-dnsext-resimprove. 
Default off (for now), as some older software that gives nxdomain for ENT
would be incompatible.  But that would only happen in the reverse tree, and
such software (nonDNSSEC) may go out of style, so in the future a default yes
could be possible.



git-svn-id: file:///svn/unbound/trunk@2347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-18 08:49:15 +00:00
Wouter Wijngaards
8c5b3d3c8f - so-sndbuf option for very busy servers, a bit like so-rcvbuf. 
git-svn-id: file:///svn/unbound/trunk@2344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-15 14:30:34 +00:00
Wouter Wijngaards
2e149c4ced Fix name of rrset printed that fails validation. 
git-svn-id: file:///svn/unbound/trunk@2209 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-09 11:58:57 +00:00
Wouter Wijngaards
67c16277ee - Changed the defaults for num-queries-per-thread/outgoing-range. 
For builtin-select: 512/960, for libevent 1024/4096 and for
         windows 24/48 (because of win api).  This makes the ratio this way
         to improve resilience under heavy load.  For high performance, use
         libevent and possibly higher numbers.


git-svn-id: file:///svn/unbound/trunk@2191 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-12 13:59:39 +00:00
Wouter Wijngaards
f042f0dd5d - Neat function prototypes, unshadowed local declarations. 
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
Wouter Wijngaards
52894339df unbound-control get_option domain-insecure works. 
git-svn-id: file:///svn/unbound/trunk@2098 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-27 09:16:23 +00:00
Wouter Wijngaards
5e9b6092d0 Fixup unbound-host. 
git-svn-id: file:///svn/unbound/trunk@2056 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-22 09:23:30 +00:00
Wouter Wijngaards
147d47eee7 Move includes to code files. 
git-svn-id: file:///svn/unbound/trunk@2035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-12 15:17:48 +00:00
Wouter Wijngaards
2bda842014 Lint. 
git-svn-id: file:///svn/unbound/trunk@1992 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-23 16:23:12 +00:00
Wouter Wijngaards
6003dcc291 neater code 
git-svn-id: file:///svn/unbound/trunk@1991 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-23 16:11:00 +00:00
Wouter Wijngaards
423b4d8893 get and set option more accessible. 
git-svn-id: file:///svn/unbound/trunk@1990 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-23 13:53:10 +00:00
Wouter Wijngaards
e8e24d3810 reopen and move of get_option to util. 
git-svn-id: file:///svn/unbound/trunk@1989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-18 16:40:22 +00:00
Wouter Wijngaards
bcd1ac7599 prefetch-key feature. 
git-svn-id: file:///svn/unbound/trunk@1956 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-13 13:33:18 +00:00
Wouter Wijngaards
43d228c5bc Doc fix and work on prefetch feature. 
git-svn-id: file:///svn/unbound/trunk@1951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-07 14:38:18 +00:00
Wouter Wijngaards
eb6253aa6c review comments. updated ldns tarball with 1.6.2. 
git-svn-id: file:///svn/unbound/trunk@1898 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-11 16:18:38 +00:00
Wouter Wijngaards
5b66f07e38 edns-buffer-size option. 
git-svn-id: file:///svn/unbound/trunk@1881 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-29 10:37:44 +00:00
Wouter Wijngaards
f42d27e1a2 - Made new validator error string available from libunbound for 
applications.  It is in result->why_bogus, a zero-terminated string.
	  unbound-host prints it by default if a result is bogus.
	  Also the errinf is public in module_qstate (for other modules).
	Binary API different. bumped library ABI version.


git-svn-id: file:///svn/unbound/trunk@1874 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 17:05:53 +00:00
Wouter Wijngaards
d59a8baec2 so-rcvbuf option. 
git-svn-id: file:///svn/unbound/trunk@1851 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-25 08:54:50 +00:00
Wouter Wijngaards
e46441787c source IP from python and doxygen fixes. 
git-svn-id: file:///svn/unbound/trunk@1813 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-03 14:51:38 +00:00
Wouter Wijngaards
b422db1c80 clean up on exit because otherwise re-lex may not be possible 
git-svn-id: file:///svn/unbound/trunk@1786 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 15:37:02 +00:00
Wouter Wijngaards
6770898042 yylex_destroy configure. 
git-svn-id: file:///svn/unbound/trunk@1779 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 12:10:24 +00:00
Wouter Wijngaards
7d90b75ce8 autotrust options 
git-svn-id: file:///svn/unbound/trunk@1776 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 08:46:33 +00:00
Wouter Wijngaards
4e176a0aa6 less memory leaks. 
git-svn-id: file:///svn/unbound/trunk@1773 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-24 15:56:45 +00:00
Wouter Wijngaards
0deef63323 autotrust state table updates. 
git-svn-id: file:///svn/unbound/trunk@1767 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-19 15:30:20 +00:00
Wouter Wijngaards
3251765048 autotrust work 
git-svn-id: file:///svn/unbound/trunk@1758 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-12 15:26:47 +00:00
Wouter Wijngaards
72aa0bad92 Log option for bogus only. 
git-svn-id: file:///svn/unbound/trunk@1734 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-07-20 14:22:29 +00:00
Wouter Wijngaards
a0d67a87f0 setup.exe can be created from crosscompile. 
git-svn-id: file:///svn/unbound/trunk@1723 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-07-15 11:50:13 +00:00
Wouter Wijngaards
aec8f4644f strict aliasing warning in config_file code. 
git-svn-id: file:///svn/unbound/trunk@1676 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-19 07:45:45 +00:00
Wouter Wijngaards
6a152952bf more capacity for winsock handler. 
git-svn-id: file:///svn/unbound/trunk@1604 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-17 08:35:15 +00:00
Wouter Wijngaards
768c4b2643 min-ttl option and tests for min-ttl and max-ttl. 
git-svn-id: file:///svn/unbound/trunk@1598 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-14 10:10:11 +00:00
Wouter Wijngaards
1e1ac9900a signature clock skew code. 
git-svn-id: file:///svn/unbound/trunk@1590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-06 14:09:33 +00:00
Wouter Wijngaards
7dcca025f4 python work 
git-svn-id: file:///svn/unbound/trunk@1561 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-26 15:47:45 +00:00
Wouter Wijngaards
0799d77798 python contribution from Zdenek Vasicek and Marek Vavrusa (BSD licensed). 
git-svn-id: file:///svn/unbound/trunk@1556 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-25 14:47:47 +00:00
Wouter Wijngaards
97a73402fc inverse trust anchor. 
git-svn-id: file:///svn/unbound/trunk@1533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-18 14:02:46 +00:00
Wouter Wijngaards
254e6ec34f Windows work. 
git-svn-id: file:///svn/unbound/trunk@1516 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-10 16:14:09 +00:00
Wouter Wijngaards
63d3cb7ff4 log-time-ascii option 
git-svn-id: file:///svn/unbound/trunk@1465 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-06 12:51:45 +00:00
Wouter Wijngaards
c1ae463da5 chrooted include file fix 
git-svn-id: file:///svn/unbound/trunk@1411 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-06 15:47:15 +00:00
Wouter Wijngaards
d469081eda Fixup warning on FreeBSD (hopefully). 
git-svn-id: file:///svn/unbound/trunk@1337 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-07 09:35:25 +00:00
Wouter Wijngaards
515b892024 write-strings warnings fixed. 
git-svn-id: file:///svn/unbound/trunk@1330 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-04 14:53:50 +00:00
Wouter Wijngaards
6cebdd2baf unwanted reply threshold like in the draft. 
git-svn-id: file:///svn/unbound/trunk@1321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-22 14:36:46 +00:00
Wouter Wijngaards
00f301d35f Ask more nameservers if choice is limited. 
Lowered bogus-ttl to help validation-failure recovery times.



git-svn-id: file:///svn/unbound/trunk@1313 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-20 14:24:35 +00:00