upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8126 commits 23 branches 209 tags 123 MiB
Commit graph

359 commits

Author SHA1 Message Date
Yorgos Thessalonikefs
35f6fd47fb - Test for nonstring attribute in configure and add 
nonstring attribute annotations.
 2025-09-26 16:23:55 +02:00
Yorgos Thessalonikefs
e2bf773089 Merge branch 'features/no-ttl-zero-cacherep' 2025-09-19 14:56:04 +02:00
Yorgos Thessalonikefs
bc61034f60
code review: use proper roundrobin index 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-09-17 12:19:20 +02:00
Yorgos Thessalonikefs
2dd821c257 - Too many quotes for the EDE message debug printout. 2025-09-17 11:27:16 +02:00
Yorgos Thessalonikefs
c3a8d5251f - Small debug output improvement when attaching an EDE. 2025-09-15 12:06:49 +02:00
Yorgos Thessalonikefs
73e408f1d0 A few changes for TTL processing: 
- Cached messages that reach 0 TTL are considered expired. This prevents
  Unbound itself from issuing replies with TTL 0 and possibly causing a
  thundering herd at the last second. Upstream replies of TTL 0 still
  get the usual pass-through but they are not considered for caching
  from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
  TTL value of the record to try and make some sense when replying
  with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
  high-order bit means the value is positive instead of 0.
 2025-09-15 10:03:35 +02:00
Yorgos Thessalonikefs
d521135f66 Merge branch 'master' into features/no-ttl-zero-cacherep 2025-09-12 15:24:06 +02:00
W.C.A. Wijngaards
752a3f7f52 - Fix to whitespace in dname_str. 2025-08-07 16:19:10 +02:00
W.C.A. Wijngaards
08d59c9a78 - Fix dname_str for printout of long names. Thanks to Jan Komissar 
for the fix.
 2025-08-07 09:45:02 +02:00
Jose Luis Duran
41c55ffac1
Fix typos (#1299) 2025-07-02 10:50:49 +02:00
Yorgos Thessalonikefs
9201c75013 - Fix for consistent use of local zone CNAME alias for configured auth 
zones. Now it also applies to downstream configured auth zones.
 2025-06-17 15:03:29 +02:00
W.C.A. Wijngaards
e4cf7aeccf - Fix header return value description for skip_pkt_rrs and 
parse_edns_from_query_pkt.
 2025-06-12 12:17:01 +02:00
W.C.A. Wijngaards
a8aa1dbbe1 - Fix conditional expressions with parentheses for bitwise and. 2025-06-11 16:42:43 +02:00
W.C.A. Wijngaards
565bce670c - Fix comment for the dname_remove_label_limit_len function. 2025-06-05 11:11:32 +02:00
Yorgos Thessalonikefs
9152c914af - Fix #1282: log-destaddr fail on long ipv6 addresses. 2025-05-13 11:02:58 +02:00
Yorgos Thessalonikefs
4e23523d1a
Fix auth nsec3 code (#1280) 
- Fix NSEC3 code to not break on broken auth zones that include unsigned
  out of zone (above apex) data. Could lead to hang while trying to
  prove a wildcard answer.
  Reported by Dmitrii Kuvaiskii from Amazon Web Services.

- Tests for NSEC3 auth zones with out of zone data.
 2025-05-12 14:26:47 +02:00
W.C.A. Wijngaards
16ee7cf944 - Fix for print of connection type in log-replies for dot and doh. 2025-04-10 09:33:51 +02:00
Yorgos Thessalonikefs
9de159b96b - For #1175, the default value of serve-expired-ttl is set to 86400 
(1 day) as suggested by RFC8767.
 2024-12-03 13:09:51 +01:00
Yorgos Thessalonikefs
f46acec35f - For #1189, homogenize the input buffer size for dname_str(). 2024-12-02 11:53:56 +01:00
Yorgos Thessalonikefs
1cd2fb3b9d - For #1189, add unit tests for dname_str() and debug check the input 
buffer size.
 2024-12-02 10:03:35 +01:00
wenxuan70
06fb30d0a0 Fix the dname_str method to cause conversion errors when the domain name length is 255 2024-11-24 17:53:23 +08:00
W.C.A. Wijngaards
50fcf71f04 - ttl-zero-cacherep, Responses in the last second of their cache TTL, 
get an extra second. That makes the TTL not 0, since they are from
  cache and can be cached by the client.
 2024-11-11 15:43:10 +01:00
Yorgos Thessalonikefs
490585bf29 Merge branch 'release-1.21.1' 2024-10-03 18:14:01 +02:00
Yorgos Thessalonikefs
b7c61d7cc2 - Fix CVE-2024-8508, unbounded name compression could lead to denial of 
service.
 2024-10-03 17:41:20 +02:00
Yorgos Thessalonikefs
2e398d51ba
Fix cache update when serve expired is used (#1143) 
- Fix cache update when serve expired is used in order to not evict
  still usable expired records. Modules are forbidden to update the
  cache if their answer is DNSSEC unchecked or bogus and a valid
  (expired) entry already exists. Bogus replies from the validator are
  also discarded in favor of existing (expired) valid replies.

- serve-expired-ttl-reset should try to keep expired records in the
  cache in case they are reset.
 2024-09-24 16:47:04 +02:00
W.C.A. Wijngaards
1e0cf1e86b - Merge patch to fix for glue that is outside of zone, with 
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
  Enabling this option protects the Unbound resolver against bad
  glue, that is unverified out of zone glue, by resolving them.
  It uses the records as last resort if there is no other working
  glue.
 2024-08-23 08:56:48 +02:00
Wouter Wijngaards
ad21dbd1c2
Cookie secret file (#1090) 
* - cookie-secret-file, define struct.

* - cookie-secret-file, add config option, create, read and delete struct.

* - cookie-secret-file, check cookie secrets for cookie validation.

* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
  activate_cookie_secret and print_cookie_secrets.

* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
  staging cookies get a fresh cookie and spelling in error message.

* - cookie-secret-file, remove unused variable from cookie file unit test.

* Remove unshare and faketime dependencies for cookie_file test; documentation nits.

---------

Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
 2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards
5bea29b01c - For #1110: Test for fallthrough attribute in configure and add 
fallthrough attribute annotations.
 2024-07-23 09:47:42 +02:00
Yorgos Thessalonikefs
6f030e9672
Proper parent identification for dynamically entered local zones (#1076) 
- Fix #1059: Intermittent DNS blocking failure with local-zone and
  always_nxdomain. Addition of local_zones dynamically via
  unbound-control was not finding the zone's parent correctly.
 2024-05-24 15:21:40 +02:00
Yorgos Thessalonikefs
025881d0e9 - Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for 
negative answers overriding 'cache-min-ttl'.
 2024-03-12 11:24:59 +01:00
W.C.A. Wijngaards
ccbe31c21f - Fix trim of EDE text from large udp responses from spinning cpu. 2024-02-22 16:22:31 +01:00
dyunwei
eb7eb5ce68 Fix NLnetLabs#981: dump_cache truncates large records. 2024-01-09 14:17:31 +08:00
W.C.A. Wijngaards
3d1bc143af - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. 2023-12-05 10:05:51 +01:00
W.C.A. Wijngaards
39df4f0923 - disable-edns-do, queriers receive no EDNS in response if the 
disable-edns-do option is enabled and they set the DO flag. And unit test
  for that.
 2023-10-04 13:54:05 +02:00
W.C.A. Wijngaards
63616a5fce - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. 2023-09-07 11:29:53 +02:00
W.C.A. Wijngaards
1c85901cc4 - Fix out of bounds read in parse_edns_options_from_query, it would read 
8 bytes after a client option of length 8, and then ignore them to
  recreate a 24 byte response. The fixup does not read out of bounds,
  and puts zeroes in the buffer at that point, that then are ignored.
 2023-08-16 16:58:49 +02:00
W.C.A. Wijngaards
2b1028bdad - Fix possibly unaligned memory access. 2023-08-16 10:06:06 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
4ccb613396 Merge branch 'master' into features/downstream-cookies 2023-08-05 20:37:48 +02:00
George Thessalonikefs
b6e2f4dbf8 - For #762: Formatting. 2023-08-04 19:03:23 +02:00
George Thessalonikefs
702f485587 - For #762: relocate EDNS cookie code to util/edns and introduce unit 
tests.
 2023-08-04 14:26:08 +02:00
George Thessalonikefs
6e47c1e05b - For #762: remove relocated code. 2023-08-02 15:51:05 +02:00
George Thessalonikefs
5b55a46550 - For #762: relocate RFC 1982 serial number arithmetic functions to their own 
file in util/rfc_1982.[ch].
 2023-08-01 17:26:14 +02:00
George Thessalonikefs
8aec671860 - More braces and formatting for Fix for EDNS EDE size calculation to 
avoid future bugs.
 2023-08-01 15:15:33 +02:00
W.C.A. Wijngaards
990b12bc8e - Fix for EDNS EDE size calculation. 2023-08-01 15:08:50 +02:00
George Thessalonikefs
08e11284fb - For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options 
altogether) before giving up on attaching EDE options.
 2023-08-01 09:55:28 +02:00
George Thessalonikefs
dcd0191d7e Merge branch 'master' of https://github.com/natalie-reece/unbound into natalie-reece-master 2023-07-31 09:57:21 +02:00
George Thessalonikefs
f5a2a58ce3 Review for #759: 
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
  0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
 2023-07-17 17:26:31 +02:00
George Thessalonikefs
15b8d8b96a Merge branch 'master' into features/ede-caching 2023-07-13 11:25:59 +02:00
Natalie Reece
67e52ea9c5 Exclude EDE before other EDNS options when there isn't enough space 2023-07-11 17:01:26 -06:00