upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-26 09:39:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
4778 commits 23 branches 209 tags 124 MiB
Commit graph

3267 commits

Author SHA1 Message Date
Wouter Wijngaards
c15eae814f - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. 
git-svn-id: file:///svn/unbound/trunk@4738 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-18 09:04:35 +00:00
Wouter Wijngaards
0e72e06886 - Print warning when control-use-cert is used with an IP-address 
in unbound-control, and that TLS is enabled.


git-svn-id: file:///svn/unbound/trunk@4737 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-18 08:40:30 +00:00
Wouter Wijngaards
abff4d1237 - unbound-control auth_zone_transfer _zone_ option starts the probe 
sequence for a master to transfer the zone from and transfers when
  a new zone version is available.


git-svn-id: file:///svn/unbound/trunk@4736 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 15:01:31 +00:00
Wouter Wijngaards
386f23334b - unbound-control auth_zone_reload _zone_ option rereads the zonefile. 
git-svn-id: file:///svn/unbound/trunk@4735 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 13:42:41 +00:00
Wouter Wijngaards
a523683d4c - trunk has 1.7.4. 
git-svn-id: file:///svn/unbound/trunk@4734 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 11:55:23 +00:00
Wouter Wijngaards
b25332e1f4 - tag for 1.7.3rc1. 
git-svn-id: file:///svn/unbound/trunk@4732 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 05:38:39 +00:00
Wouter Wijngaards
a6ec2c6fc7 - Fix nettle compile. 
git-svn-id: file:///svn/unbound/trunk@4731 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 12:08:09 +00:00
Wouter Wijngaards
9cb404ba5f - Fix that first control-interface determines if TLS is used. Warn 
when IP address interfaces are used without TLS.


git-svn-id: file:///svn/unbound/trunk@4730 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 08:14:43 +00:00
Wouter Wijngaards
12251022ec - #4103: Fix that auth-zone does not insist on SOA record first in 
file for url downloads.


git-svn-id: file:///svn/unbound/trunk@4729 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 07:09:01 +00:00
Ralph Dolmans
00a0cabf7f - Don't count CNAME response types received during qname minimisation as query 
restart.


git-svn-id: file:///svn/unbound/trunk@4728 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 13:09:14 +00:00
Wouter Wijngaards
d65accbb23 - remade dependencies in the Makefile. 
git-svn-id: file:///svn/unbound/trunk@4725 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 12:23:56 +00:00
Wouter Wijngaards
78767f2014 - Fix buffer size warning in unit test. 
git-svn-id: file:///svn/unbound/trunk@4724 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 11:01:14 +00:00
Wouter Wijngaards
23edc18cac - Rename tls-additional-ports to tls-additional-port, because every 
line adds one port.


git-svn-id: file:///svn/unbound/trunk@4721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 08:45:57 +00:00
Wouter Wijngaards
7fd32916e8 - #4102 for NSD, but for Unbound. Named unix pipes do not use 
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 07:43:52 +00:00
Wouter Wijngaards
3f837bc440 trunk is 1.7.3 in development. 
git-svn-id: file:///svn/unbound/trunk@4717 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-11 10:05:03 +00:00
Wouter Wijngaards
f0769bed93 note OpenBSD accept4. 
git-svn-id: file:///svn/unbound/trunk@4716 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-11 09:08:41 +00:00
Wouter Wijngaards
a1bfc07105 - Patch to fix openwrt for mac os build darwin detection in configure. 
git-svn-id: file:///svn/unbound/trunk@4713 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-06 05:31:12 +00:00
Wouter Wijngaards
a4a5bfaa2f - Fix crash if ratelimit taken into use with unbound-control 
instead of with unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4711 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-05 07:06:19 +00:00
Wouter Wijngaards
62ea384d19 accept4 also on OpenBSD 
git-svn-id: file:///svn/unbound/trunk@4710 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-05 06:59:05 +00:00
Wouter Wijngaards
7fae96eb1e Track bug.nr 4100 
git-svn-id: file:///svn/unbound/trunk@4708 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-04 12:50:32 +00:00
Wouter Wijngaards
d386641820 - Fix stub reprime when it becomes useless. 
git-svn-id: file:///svn/unbound/trunk@4707 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-04 12:28:33 +00:00
Wouter Wijngaards
7c5e38294a - tag for 1.7.2rc1 
git-svn-id: file:///svn/unbound/trunk@4705 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-04 10:40:47 +00:00
Wouter Wijngaards
1cadc5d677 - Fix deadlock caused by incoming notify for auth-zone. 
git-svn-id: file:///svn/unbound/trunk@4704 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-04 09:01:55 +00:00
Wouter Wijngaards
7509bf208e - Rename additional-tls-port to tls-additional-ports. 
The older name is accepted for backwards compatibility.


git-svn-id: file:///svn/unbound/trunk@4703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-01 08:02:04 +00:00
Wouter Wijngaards
8d1af17449 - Patch from Syzdek: Add ability to ignore RD bit and treat all 
requests as if the RD bit is set.


git-svn-id: file:///svn/unbound/trunk@4701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-30 09:33:21 +00:00
Wouter Wijngaards
0db1573d34 - Fix that fallback for windows port. 
git-svn-id: file:///svn/unbound/trunk@4700 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-29 07:52:31 +00:00
Wouter Wijngaards
b3c45a8edb - in compat/arc4random call getentropy_urandom when getentropy fails 
with ENOSYS.


git-svn-id: file:///svn/unbound/trunk@4699 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-29 07:48:58 +00:00
Wouter Wijngaards
1a0bd1a150 - tls-win-cert option that adds the system certificate store for 
authenticating DNS-over-TLS connections.  It can be used instead
  of the tls-cert-bundle option, or with it to add certificates.


git-svn-id: file:///svn/unbound/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 14:15:06 +00:00
Wouter Wijngaards
5a726fb61f - Add routine from getdns to add windows cert store to the SSL_CTX. 
git-svn-id: file:///svn/unbound/trunk@4697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 13:22:10 +00:00
Wouter Wijngaards
6792d2d036 - Fix windows tcp and tls spin on events. 
git-svn-id: file:///svn/unbound/trunk@4696 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 12:30:34 +00:00
Wouter Wijngaards
d32fb26adb - Fix close events for tcp only. 
git-svn-id: file:///svn/unbound/trunk@4695 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-25 10:41:24 +00:00
Wouter Wijngaards
d4ba7731ad - Fix that tcp sticky events are removed for closed fd on windows. 
git-svn-id: file:///svn/unbound/trunk@4694 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-25 10:02:06 +00:00
Wouter Wijngaards
b9607297e9 - For TCP and TLS connections that don't establish, perform address 
update in infra cache, so future selections can exclude them.


git-svn-id: file:///svn/unbound/trunk@4693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-25 06:21:39 +00:00
Wouter Wijngaards
9ed59fdf34 setup when ssl upstream or a cert-bundle is configured. 
git-svn-id: file:///svn/unbound/trunk@4692 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-24 13:03:10 +00:00
Wouter Wijngaards
6b28c8ace2 - unbound-host initializes ssl (for potential DNS-over-TLS usage 
inside libunbound).


git-svn-id: file:///svn/unbound/trunk@4690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-24 12:30:13 +00:00
Wouter Wijngaards
55088951c0 - Fix that windows unbound service can use DNS-over-TLS. 
git-svn-id: file:///svn/unbound/trunk@4689 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-24 09:23:24 +00:00
Wouter Wijngaards
d532c9913c - Fix that libunbound can do DNS-over-TLS, when configured. 
git-svn-id: file:///svn/unbound/trunk@4687 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-24 08:57:37 +00:00
Wouter Wijngaards
261bf354b7 - Use accept4 to speed up incoming TCP (and TLS) connections, 
available on Linux and FreeBSD.


git-svn-id: file:///svn/unbound/trunk@4686 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-23 13:55:09 +00:00
Ralph Dolmans
50b6dc4b81 - Qname minimisation default changed to yes. 
git-svn-id: file:///svn/unbound/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-17 10:33:19 +00:00
Wouter Wijngaards
676644d8e8 - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand. 
git-svn-id: file:///svn/unbound/trunk@4683 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-15 07:30:53 +00:00
Wouter Wijngaards
f64a897cbc - Fix contrib/libunbound.pc for libssl libcrypto references, 
from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226914


git-svn-id: file:///svn/unbound/trunk@4682 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-11 11:52:19 +00:00
Wouter Wijngaards
8b209f8f68 - Fix mesh state assertion failure due to callback removal. 
git-svn-id: file:///svn/unbound/trunk@4681 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-07 11:29:12 +00:00
Wouter Wijngaards
16b6619dfa - Fix windows to not have sticky TLS events for TCP. 
- Fix read of DNS over TLS length and data in one read call.


git-svn-id: file:///svn/unbound/trunk@4680 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-07 08:31:17 +00:00
Wouter Wijngaards
8f886fc6dd - Fix function type cast warning in libunbound context callback type. 
git-svn-id: file:///svn/unbound/trunk@4676 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-03 14:12:19 +00:00
Wouter Wijngaards
581f975b38 - Fix gcc 8 buffer warning in testcode. 
git-svn-id: file:///svn/unbound/trunk@4675 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-03 14:09:33 +00:00
Wouter Wijngaards
d2c8bcf318 - Fix that configure --with-libhiredis also turns on cachedb. 
git-svn-id: file:///svn/unbound/trunk@4674 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-03 09:59:18 +00:00
Wouter Wijngaards
ef1ed6365c trunk has 1.7.2 in development 
git-svn-id: file:///svn/unbound/trunk@4673 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-03 07:59:09 +00:00
Wouter Wijngaards
6fefbb4115 - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 
git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-02 06:36:02 +00:00
Wouter Wijngaards
85bf0bd994 - Fix that unbound-control reload frees the rrset keys and returns 
the memory pages to the system.


git-svn-id: file:///svn/unbound/trunk@4669 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-01 14:00:06 +00:00
Wouter Wijngaards
bffb7c52d5 - Fix spelling error in man page and note defaults as no instead of 
off.


git-svn-id: file:///svn/unbound/trunk@4666 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-30 07:24:05 +00:00
Wouter Wijngaards
38c4d3d09d - tag for 1.7.1rc1 release. 
git-svn-id: file:///svn/unbound/trunk@4664 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-26 07:18:42 +00:00
Wouter Wijngaards
2951f21dab - Fix for crash in daemon_cleanup with dnstap during reload, 
from Saksham Manchanda.
- Also that for dnscrypt.


git-svn-id: file:///svn/unbound/trunk@4663 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-26 06:59:49 +00:00
Ralph Dolmans
d97a635084 - Fix memory leak when caching wildcard records for aggressive NSEC use 
git-svn-id: file:///svn/unbound/trunk@4662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-25 13:13:05 +00:00
Wouter Wijngaards
583411768d - Fix auth https for libev. 
git-svn-id: file:///svn/unbound/trunk@4660 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 15:13:18 +00:00
Wouter Wijngaards
a55df65bc9 - Fix contrib/fastrpz.patch for this release. 
git-svn-id: file:///svn/unbound/trunk@4659 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 14:26:21 +00:00
Ralph Dolmans
4d06c36342 - Added root-key-sentinel support 
git-svn-id: file:///svn/unbound/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
Wouter Wijngaards
ea6266f736 - list_auth_zones unbound-control command. 
git-svn-id: file:///svn/unbound/trunk@4650 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 14:42:30 +00:00
Wouter Wijngaards
2be0263dfa - Fix cname classification with qname minimisation enabled. 
git-svn-id: file:///svn/unbound/trunk@4648 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 13:14:39 +00:00
Wouter Wijngaards
deea985a20 - Attempt for auth zone fix; add of callback in mesh gets from 
callback does not skip callback of result.


git-svn-id: file:///svn/unbound/trunk@4647 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 12:51:00 +00:00
Wouter Wijngaards
0d18256828 - Fix sldns parse failure for CDS alternate delete syntax empty hex. 
git-svn-id: file:///svn/unbound/trunk@4646 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 10:35:35 +00:00
Wouter Wijngaards
abe18e41bc - auth zone http download stores exact copy of downloaded file, 
including comments in the file.


git-svn-id: file:///svn/unbound/trunk@4645 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 10:13:50 +00:00
Wouter Wijngaards
716282cc1a - Fix #4092: libunbound: use-caps-for-id lacks colon in 
config_set_option.


git-svn-id: file:///svn/unbound/trunk@4644 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 07:51:21 +00:00
Wouter Wijngaards
f5a59fea5d - makedist uses bz2 for expat code, instead of tar.gz. 
git-svn-id: file:///svn/unbound/trunk@4643 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 07:45:18 +00:00
Wouter Wijngaards
2e70e3a0d3 - Delete auth zone when removed from config. 
git-svn-id: file:///svn/unbound/trunk@4642 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 14:40:07 +00:00
Wouter Wijngaards
7ff459af13 - Fix #4091: Fix that reload of auth-zone does not merge the zonefile 
with the previous contents.


git-svn-id: file:///svn/unbound/trunk@4641 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 14:15:34 +00:00
Wouter Wijngaards
5bee11a6d3 - removed free from failed parse case. 
git-svn-id: file:///svn/unbound/trunk@4640 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 14:10:55 +00:00
Wouter Wijngaards
7444b3a8bf - man page documentation for dns-over-tls forward-addr '#' notation. 
git-svn-id: file:///svn/unbound/trunk@4638 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 11:50:41 +00:00
Wouter Wijngaards
f39e39ed47 - For addr with #authname and no @port notation, the default is 853. 
git-svn-id: file:///svn/unbound/trunk@4637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 14:23:14 +00:00
Wouter Wijngaards
1989c52ca0 Note bugfix and RFC support. 
- Fix #658: unbound using TLS in a forwarding configuration does not
  verify the server's certificate (RFC 8310 support).


git-svn-id: file:///svn/unbound/trunk@4636 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:45:27 +00:00
Wouter Wijngaards
d8df0ddef8 note RFC. 
git-svn-id: file:///svn/unbound/trunk@4635 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:44:04 +00:00
Wouter Wijngaards
7f6e3852b8 Note example use of tls authentication. 
git-svn-id: file:///svn/unbound/trunk@4634 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:32:39 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
913de80cbc - Fix auth-zone retry timer to be on schedule with retry timeout, 
with backoff.  Also time a refresh at the zone expiry.


git-svn-id: file:///svn/unbound/trunk@4630 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-18 06:43:02 +00:00
Wouter Wijngaards
e4c8085408 - unit test for allow-notify 
git-svn-id: file:///svn/unbound/trunk@4629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 14:58:43 +00:00
Wouter Wijngaards
1b055c6ca7 - allow-notify: config statement for auth-zones. 
git-svn-id: file:///svn/unbound/trunk@4628 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 13:23:35 +00:00
Wouter Wijngaards
630600e70d - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4627 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 12:18:34 +00:00
Wouter Wijngaards
2d6715878d - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 14:24:57 +00:00
Wouter Wijngaards
4691979679 - Fix auth zone target lookup iterator. 
- notify with prefix


git-svn-id: file:///svn/unbound/trunk@4624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 13:14:24 +00:00
Wouter Wijngaards
4e5af01354 - Fix memory free on fail for $INCLUDE in authzone. 
- Fix that an internal error to look up the wrong rr type for
  auth zone gets stopped, before trying to send there.
- auth zone notify work.


git-svn-id: file:///svn/unbound/trunk@4623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-13 13:04:26 +00:00
Wouter Wijngaards
b23b39bcfd - Fix for max include depth for authzones. 
git-svn-id: file:///svn/unbound/trunk@4622 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-13 06:25:30 +00:00
Wouter Wijngaards
ad9784c5e8 - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 14:57:38 +00:00
Ralph Dolmans
6ef9cafc0e - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics 
counters


git-svn-id: file:///svn/unbound/trunk@4616 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 11:39:23 +00:00
Wouter Wijngaards
e822adf725 - documentation for low-rtt and low-rtt-pct. 
git-svn-id: file:///svn/unbound/trunk@4614 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 07:34:26 +00:00
Wouter Wijngaards
d41cdb6ce8 - low-rtt and low-rtt-pct in unbound.conf enable the server selection 
of fast servers for some percentage of the time.


git-svn-id: file:///svn/unbound/trunk@4612 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 13:27:28 +00:00
Wouter Wijngaards
fbee729c5b - Accept both option names with and without colon for get_option 
and set_option.


git-svn-id: file:///svn/unbound/trunk@4611 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 10:42:48 +00:00
Wouter Wijngaards
89ad258515 - num.query.authzone.up and num.query.authzone.down statistics counters. 
- Fix downstream auth zone, only fallback when auth zone fails to
  answer and fallback is enabled.


git-svn-id: file:///svn/unbound/trunk@4610 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 10:15:06 +00:00
Wouter Wijngaards
0e5abca6b7 - Fix that flush_zone sets prefetch ttl expired, so that with 
serve-expired enabled it'll start prefetching those entries.


git-svn-id: file:///svn/unbound/trunk@4609 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 07:39:59 +00:00
Wouter Wijngaards
1f9caf5805 - ED448 support. 
git-svn-id: file:///svn/unbound/trunk@4607 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 14:44:17 +00:00
Wouter Wijngaards
c515215eea - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 
tls_choose_sigalg routine does not allow the ciphers for the pipe,
  so use TLSv1.2.


git-svn-id: file:///svn/unbound/trunk@4606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 13:43:05 +00:00
Wouter Wijngaards
0a06c5bfa2 - Fix above stub queries for type NS and useless delegation point. 
git-svn-id: file:///svn/unbound/trunk@4604 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 09:53:27 +00:00
Wouter Wijngaards
6f4451b761 - nitpick fixes in example.conf. 
git-svn-id: file:///svn/unbound/trunk@4603 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 08:30:25 +00:00
Wouter Wijngaards
2be98b581a - Combine write of tcp length and tcp query for dns over tls. 
git-svn-id: file:///svn/unbound/trunk@4601 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 08:10:25 +00:00
Wouter Wijngaards
4e0128f16a - Fix unable to resolve after new WLAN connection, due to auth-zone 
failing with a forwarder set.  Now, auth-zone is only used for
  answers (not referrals) when a forwarder is set.


git-svn-id: file:///svn/unbound/trunk@4600 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-03 12:22:35 +00:00
Wouter Wijngaards
3d1f9ae9d3 - Fix #4043: make test fails due to v6 presentation issue in macOS. 
git-svn-id: file:///svn/unbound/trunk@4599 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-03 07:47:02 +00:00
Ralph Dolmans
5fabe62e70 - Check "result" in dup_all(), by Florian Obser. 
git-svn-id: file:///svn/unbound/trunk@4598 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-29 08:02:26 +00:00
Ralph Dolmans
39f6488471 - Fix unbound-control get_option aggressive-nsec 
git-svn-id: file:///svn/unbound/trunk@4597 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-23 12:23:02 +00:00
Ralph Dolmans
e5c14bfd16 Changelog typo fix 
git-svn-id: file:///svn/unbound/trunk@4595 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-21 15:42:25 +00:00
Ralph Dolmans
9f0d521b88 - Do use cached NSEC records to generate negative answers for domains under 
DNSSEC Negative Trust Anchors.


git-svn-id: file:///svn/unbound/trunk@4593 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-21 14:34:17 +00:00
Wouter Wijngaards
78031b37fc - iana port update. 
git-svn-id: file:///svn/unbound/trunk@4592 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-19 13:19:53 +00:00
Wouter Wijngaards
e1e629e592 - corrected a minor typo in the changelog. 
- move htobe64/be64toh portability code to cachedb.c.


git-svn-id: file:///svn/unbound/trunk@4591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-16 06:46:56 +00:00
Wouter Wijngaards
1d2d33d01a - Create additional tls service interfaces by opening them on other 
portnumbers and listing the portnumbers as additional-tls-port: nr.


git-svn-id: file:///svn/unbound/trunk@4588 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 14:19:02 +00:00
Wouter Wijngaards
59935375a3 - Fix #3817: core dump happens in libunbound delete, when queued 
servfail hits deleted message queue.


git-svn-id: file:///svn/unbound/trunk@4587 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 13:32:19 +00:00
Wouter Wijngaards
e784758a21 - Add --with-libhiredis, unbound support for a new cached backend 
that uses a Redis server as the storage.  This implementation
  depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
  And unbound should be built with both --enable-cachedb and
  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
  should exist).  Patch from Jinmei Tatuya (Infoblox).


git-svn-id: file:///svn/unbound/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 12:33:51 +00:00
Wouter Wijngaards
f7fe1a1093 1.7.1 in development 
git-svn-id: file:///svn/unbound/trunk@4585 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 10:19:14 +00:00
Wouter Wijngaards
d111aaf64f - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually 
flushed with serve-expired on.


git-svn-id: file:///svn/unbound/trunk@4582 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-13 12:52:11 +00:00
Wouter Wijngaards
54e15f5ace - Fix typo in documentation. 
git-svn-id: file:///svn/unbound/trunk@4580 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-13 08:12:38 +00:00
Wouter Wijngaards
d1a76b55bc - Check IXFR start serial. 
git-svn-id: file:///svn/unbound/trunk@4579 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-12 14:34:24 +00:00
Wouter Wijngaards
a48abc2f8b - Fix #3727: Protocol name is TLS, options have been renamed but 
documentation is not consistent.


git-svn-id: file:///svn/unbound/trunk@4578 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-12 12:35:53 +00:00
Wouter Wijngaards
3a7d4d7c8d - tag 1.7.0rc3. 
git-svn-id: file:///svn/unbound/trunk@4576 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-12 09:22:16 +00:00
Wouter Wijngaards
5e6c2e37ca - Added documentation for aggressive-nsec: yes. 
git-svn-id: file:///svn/unbound/trunk@4575 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-12 08:21:44 +00:00
Wouter Wijngaards
b8c60d092f configure --disable-swig-version-check stops the swig version check. 
git-svn-id: file:///svn/unbound/trunk@4574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-09 08:01:11 +00:00
Wouter Wijngaards
b57c76ed05 - Fix #3598: Fix swig build issue on rhel6 based system. 
git-svn-id: file:///svn/unbound/trunk@4573 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-09 08:00:40 +00:00
Wouter Wijngaards
8da3f91a1d 1.7.0rc2 
git-svn-id: file:///svn/unbound/trunk@4571 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-08 13:37:34 +00:00
Wouter Wijngaards
fdedd3aa38 - note when tag 1.7.0rc1 happened in the changelog. 
git-svn-id: file:///svn/unbound/trunk@4570 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:57:33 +00:00
Wouter Wijngaards
3b25c475f5 - Attempt to remove warning about trailing whitespace. 
git-svn-id: file:///svn/unbound/trunk@4568 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:52:18 +00:00
Wouter Wijngaards
babe659a64 - patch suggested by Debian lintian: allow to -> allow one to, from 
A. Schulze.


git-svn-id: file:///svn/unbound/trunk@4567 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:40:09 +00:00
Wouter Wijngaards
980711e658 - patch to log creates keytag queries, from A. Schulze. 
git-svn-id: file:///svn/unbound/trunk@4566 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:39:10 +00:00
Wouter Wijngaards
3a69cf5c69 - Fixed contrib/fastrpz.patch, even though this already applied 
cleanly for me, now also for others.


git-svn-id: file:///svn/unbound/trunk@4565 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:32:14 +00:00
Wouter Wijngaards
5c8819f1ac - Fix for windows compile. 
git-svn-id: file:///svn/unbound/trunk@4563 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-06 09:18:53 +00:00
Wouter Wijngaards
f6f2ab1e4a - svn trunk contains 1.7.0, this is the number for the next release. 
git-svn-id: file:///svn/unbound/trunk@4561 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-06 09:07:22 +00:00
Wouter Wijngaards
1a7540c80a - Reverted fix for #3512, this may not be the best way forward; 
although it could be changed at a later time, to stay similar to
  other implementations.


git-svn-id: file:///svn/unbound/trunk@4560 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-06 08:22:33 +00:00
Wouter Wijngaards
5919273709 - Fix #3582: Squelch address already in use log when reuseaddr option 
causes same port to be used twice for tcp connections.


git-svn-id: file:///svn/unbound/trunk@4559 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-05 15:45:34 +00:00
Wouter Wijngaards
4a3a6d1294 - iana port update. 
git-svn-id: file:///svn/unbound/trunk@4558 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-05 14:38:30 +00:00
Wouter Wijngaards
d754cd3de4 - Fix to check define of DSA for when openssl is without deprecated. 
git-svn-id: file:///svn/unbound/trunk@4556 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-05 14:28:21 +00:00
Wouter Wijngaards
9f88892190 - Fix nettle compile. 
git-svn-id: file:///svn/unbound/trunk@4555 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-27 13:03:54 +00:00
Wouter Wijngaards
1df2544e07 - Fix compile with staticexe and python module. 
git-svn-id: file:///svn/unbound/trunk@4554 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-27 10:53:49 +00:00
Wouter Wijngaards
0e390bca00 - Fix compile without threads, and remove unused variable. 
git-svn-id: file:///svn/unbound/trunk@4553 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-27 10:36:12 +00:00
Wouter Wijngaards
8de66ab4b8 - Fixup contrib/fastrpz.patch so that it applies. 
git-svn-id: file:///svn/unbound/trunk@4552 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-27 10:18:28 +00:00
Ralph Dolmans
24fc3242fc - Save wildcard RRset from answer with original owner for use in aggressive 
NSEC.


git-svn-id: file:///svn/unbound/trunk@4550 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-22 15:12:31 +00:00
Wouter Wijngaards
cd955fa34d - more robust cachedump rrset routine. 
git-svn-id: file:///svn/unbound/trunk@4549 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 15:25:19 +00:00
Wouter Wijngaards
6905e41b57 - Fix validation for CNAME loops. When it detects a cname loop, 
by finding the cname, cname in the existing list, it returns
  the partial result with the validation result up to then.


git-svn-id: file:///svn/unbound/trunk@4547 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 14:04:02 +00:00
Wouter Wijngaards
b89db70821 - Fix #3512: unbound incorrectly reports SERVFAIL for CAA query 
when there is a CNAME loop.


git-svn-id: file:///svn/unbound/trunk@4544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 13:13:58 +00:00
Wouter Wijngaards
3d57bf0a3b - Fix for more maintainable code in localzone. 
git-svn-id: file:///svn/unbound/trunk@4542 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-19 13:21:57 +00:00
Wouter Wijngaards
ec21a197ac bug ref nr. 
git-svn-id: file:///svn/unbound/trunk@4541 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-19 12:14:43 +00:00
Wouter Wijngaards
ccf1ff8f02 - local-zone noview can be used to break out of the view to the 
global local zone contents, for queries for that zone.


git-svn-id: file:///svn/unbound/trunk@4540 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-19 12:13:23 +00:00
Wouter Wijngaards
76eee77b08 - Fix #3505: Documentation for default local zones references 
wrong RFC.


git-svn-id: file:///svn/unbound/trunk@4539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-19 08:43:23 +00:00
Wouter Wijngaards
5b7942d197 - Fixes for clang static analyzer, the missing ; in 
edns-subnet/addrtree.c after the assert made clang analyzer
  produce a failure to analyze it.


git-svn-id: file:///svn/unbound/trunk@4538 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-16 10:31:48 +00:00
Ralph Dolmans
a5df3a131e - Aggressive NSEC tests 
git-svn-id: file:///svn/unbound/trunk@4537 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 14:40:29 +00:00
Wouter Wijngaards
b32284af57 - iana port update. 
git-svn-id: file:///svn/unbound/trunk@4533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:31 +00:00
Wouter Wijngaards
54bd1fdd62 - tls-cert-bundle option in unbound.conf enables TLS authentication. 
git-svn-id: file:///svn/unbound/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:09 +00:00
Wouter Wijngaards
da961fd840 - Unit test for auth zone https url download. 
git-svn-id: file:///svn/unbound/trunk@4531 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-12 15:40:05 +00:00
Ralph Dolmans
0648475a66 - Processed aggressive NSEC code review remarks Wouter 
git-svn-id: file:///svn/unbound/trunk@4529 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-12 12:14:01 +00:00
Ralph Dolmans
eff62cecac - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test) 
git-svn-id: file:///svn/unbound/trunk@4528 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-12 11:39:03 +00:00
Wouter Wijngaards
d19f3c8c07 - auth zone url config. 
git-svn-id: file:///svn/unbound/trunk@4525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 16:11:27 +00:00
Ralph Dolmans
77f78152ee - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: file:///svn/unbound/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00
Wouter Wijngaards
48bd83f3b4 - iana port update. 
git-svn-id: file:///svn/unbound/trunk@4519 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 10:14:34 +00:00
Wouter Wijngaards
a1b7abfb9f - auth-zone provides a way to configure RFC7706 from unbound.conf, 
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
  fallback-enabled: yes and masters or a zonefile with data.


git-svn-id: file:///svn/unbound/trunk@4510 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-05 14:21:46 +00:00
Wouter Wijngaards
bf6f33ceaf - Fix #3451: dnstap not building when you have a separate build dir. 
And removed protoc warning, set dnstap.proto syntax to proto2.


git-svn-id: file:///svn/unbound/trunk@4508 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-05 12:14:51 +00:00
Wouter Wijngaards
632ea0d02e - lock subnet new item before insertion to please checklocks, 
no modification of critical regions outside of lock region.


git-svn-id: file:///svn/unbound/trunk@4497 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 10:52:44 +00:00
Wouter Wijngaards
cb28d35bd2 - Fix lock race condition in dns cache dname synthesis. 
git-svn-id: file:///svn/unbound/trunk@4495 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 10:33:19 +00:00
Wouter Wijngaards
004609b5a7 - unit test with valgrind 
git-svn-id: file:///svn/unbound/trunk@4494 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 09:52:52 +00:00
Wouter Wijngaards
30891d6fff - Fix unfreed locks in log and arc4random at exit of unbound. 
git-svn-id: file:///svn/unbound/trunk@4491 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 09:27:16 +00:00
Wouter Wijngaards
8605797002 - fix unaligned structure making a false positive in checklock 
unitialised memory.


git-svn-id: file:///svn/unbound/trunk@4490 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-01 15:55:48 +00:00
Ralph Dolmans
b9f4ff6e9f - Use NSEC with longest ce to prove wildcard absence. 
- Only use *.ce to prove wildcard absence, no longer names.


git-svn-id: file:///svn/unbound/trunk@4460 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-29 13:46:57 +00:00
Wouter Wijngaards
ec179380f4 - ltrace.conf file for libunbound in contrib. 
git-svn-id: file:///svn/unbound/trunk@4449 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-25 09:31:49 +00:00
Wouter Wijngaards
7eddb38162 - Print fatal errors about remote control setup before log init, 
so that it is printed to console.


git-svn-id: file:///svn/unbound/trunk@4448 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-23 15:59:18 +00:00
Wouter Wijngaards
c54dfcade9 - Fix that unbound-checkconf -f flag works with auto-trust-anchor-file 
for startup scripts to get the full pathname(s) of anchor file(s).


git-svn-id: file:///svn/unbound/trunk@4447 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-23 14:20:17 +00:00
Wouter Wijngaards
859ca7db68 - Fix #3397: Fix that when the cache contains an unsigned DNAME in 
the middle of a cname chain, a result without the DNAME could
  be returned.


git-svn-id: file:///svn/unbound/trunk@4446 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 14:30:16 +00:00
Wouter Wijngaards
df6fbb82be - Fix #3397: Fix that cachedb could return a partial CNAME chain. 
git-svn-id: file:///svn/unbound/trunk@4445 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 13:54:20 +00:00
Wouter Wijngaards
4b4b1eec8b - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is 
also recognized and means the same.  Also for tls-port,
  tls-service-key, tls-service-pem, stub-tls-upstream and
  forward-tls-upstream.


git-svn-id: file:///svn/unbound/trunk@4444 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 08:35:44 +00:00
Wouter Wijngaards
d759fdd457 - make depend: code dependencies updated in Makefile. 
git-svn-id: file:///svn/unbound/trunk@4443 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-19 09:52:40 +00:00
Wouter Wijngaards
fa57a0fbac - iana port update. 
git-svn-id: file:///svn/unbound/trunk@4442 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-19 09:51:50 +00:00
Wouter Wijngaards
2a6250e3fb - patch for CVE-2017-15105: vulnerability in the processing of 
wildcard synthesized NSEC records.


git-svn-id: file:///svn/unbound/trunk@4441 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-19 09:50:35 +00:00
Wouter Wijngaards
be26349e37 - trunk has 1.6.9 with fix and previous commits. 
git-svn-id: file:///svn/unbound/trunk@4440 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-19 09:49:32 +00:00
Ralph Dolmans
b2943670ca - Copy query and correctly set flags on REFUSED answers when cache snooping is 
not allowed.


git-svn-id: file:///svn/unbound/trunk@4436 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-04 15:16:19 +00:00
Ralph Dolmans
0df528cc9e - Fix queries being leaked above stub when refetching glue. 
git-svn-id: file:///svn/unbound/trunk@4434 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-03 16:54:22 +00:00
Wouter Wijngaards
44eb7bfd25 - Remove clang optimizer disable, 
Fix that expiration date checks don't fail with clang -O2.


git-svn-id: file:///svn/unbound/trunk@4431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 10:48:00 +00:00
Wouter Wijngaards
6cb75924d9 - Fix that DS queries with referral replies are answered straight 
away, without a repeat query picking the DS from cache.
  The correct reply should have been an answer, the reply is fixed
  by the scrubber to have the answer in the answer section.


git-svn-id: file:///svn/unbound/trunk@4430 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 09:48:22 +00:00
Wouter Wijngaards
cb98f5896f - Also disable -flto for clang, to make incep-expi signature check 
work.


git-svn-id: file:///svn/unbound/trunk@4429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-15 12:54:02 +00:00
Wouter Wijngaards
dfba6bf690 - iana port update. 
git-svn-id: file:///svn/unbound/trunk@4428 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-15 12:42:45 +00:00
Wouter Wijngaards
06b80629bc - Fix timestamp failure because of clang optimizer failure, by 
disabling -O2 when the compiler --version is clang.


git-svn-id: file:///svn/unbound/trunk@4427 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-15 10:25:41 +00:00
Wouter Wijngaards
30da6bde6f - authzone work, transfer connect. 
git-svn-id: file:///svn/unbound/trunk@4420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-12 15:39:45 +00:00
Ralph Dolmans
d918602521 - Fix qname-minimisation documentation (A QTYPE, not NS) 
git-svn-id: file:///svn/unbound/trunk@4419 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-12 09:23:13 +00:00
Ralph Dolmans
e2aef3fa43 - Check whether --with-libunbound-only is set when using --with-nettle or 
--with-nss. 


git-svn-id: file:///svn/unbound/trunk@4418 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-07 10:51:22 +00:00
Wouter Wijngaards
2f69cd1765 - Fix link failure on OmniOS. 
git-svn-id: file:///svn/unbound/trunk@4414 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-04 08:28:16 +00:00
Wouter Wijngaards
d88bb99957 - auth zone work. probe hostname lookup. 
git-svn-id: file:///svn/unbound/trunk@4411 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-01 14:02:28 +00:00
Wouter Wijngaards
aeeb123b1e - Fix #3299 - forward CNAME daisy chain is not working 
git-svn-id: file:///svn/unbound/trunk@4409 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-30 08:34:20 +00:00
Wouter Wijngaards
975a7b1fc0 - auth xfer work on probe timer and lookup. 
git-svn-id: file:///svn/unbound/trunk@4405 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-14 15:58:24 +00:00
Wouter Wijngaards
52aeaf4924 - Fix #2882: Unbound behaviour changes (wrong) when domain-insecure is 
set for stub zone.  It no longer searches for DNSSEC information.


git-svn-id: file:///svn/unbound/trunk@4404 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-14 10:01:44 +00:00
Wouter Wijngaards
6c2fa12f10 no AAAA shortcuts. 
git-svn-id: file:///svn/unbound/trunk@4403 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-13 14:15:10 +00:00
Wouter Wijngaards
f3304d408c - Fix qname minimisation to send AAAA queries at zonecut like type A. 
git-svn-id: file:///svn/unbound/trunk@4402 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-13 12:11:38 +00:00
Wouter Wijngaards
05e3539856 - Fix #2801: Install libunbound.pc. 
git-svn-id: file:///svn/unbound/trunk@4401 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-13 10:25:01 +00:00
Wouter Wijngaards
62fff935da - Fix #2492: Documentation libunbound. 
git-svn-id: file:///svn/unbound/trunk@4399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-07 08:05:12 +00:00
Wouter Wijngaards
35bd34f8e6 - Fix #2141 - for libsodium detect lack of entropy in chroot, print 
a message and exit.


git-svn-id: file:///svn/unbound/trunk@4398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-03 15:08:14 +00:00
Wouter Wijngaards
02fdb4c879 - Fix #2034 - Autoconf and -flto. 
git-svn-id: file:///svn/unbound/trunk@4397 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-03 10:52:25 +00:00
Wouter Wijngaards
621b1c57a3 - Fix #2362: TLS1.3/openssl-1.1.1 not working. 
git-svn-id: file:///svn/unbound/trunk@4396 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-03 07:40:36 +00:00
Wouter Wijngaards
10b8997cc5 - make ip-transparent option work on OpenBSD. 
git-svn-id: file:///svn/unbound/trunk@4393 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-02 09:34:19 +00:00
Wouter Wijngaards
d41209512e - Fix #1913: ub_ctx_config is under circumstances thread-safe. 
git-svn-id: file:///svn/unbound/trunk@4392 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-02 08:23:52 +00:00
Wouter Wijngaards
8cf7e424e2 - iana port update. 
git-svn-id: file:///svn/unbound/trunk@4391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-31 13:18:04 +00:00
Wouter Wijngaards
cba64aaaa4 - lexer output. 
git-svn-id: file:///svn/unbound/trunk@4390 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-31 10:07:01 +00:00
Wouter Wijngaards
31b331ca67 - Document that errno is left informative on libunbound config read 
fail.


git-svn-id: file:///svn/unbound/trunk@4389 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-31 08:18:18 +00:00
Ralph Dolmans
e13088d911 - Fix #2031: Double included headers 
git-svn-id: file:///svn/unbound/trunk@4388 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-25 13:30:32 +00:00
Ralph Dolmans
d016f85110 - Fix #1949: [dnscrypt] make provider name mismatch more obvious. 
git-svn-id: file:///svn/unbound/trunk@4387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-25 10:13:35 +00:00
Ralph Dolmans
bcadc2b45c - Fixed libunbound manual typo. 
git-svn-id: file:///svn/unbound/trunk@4386 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-25 08:38:24 +00:00
Ralph Dolmans
afb2d5f105 - Update B root ipv4 address. 
git-svn-id: file:///svn/unbound/trunk@4385 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-24 14:50:20 +00:00
Wouter Wijngaards
bdb6a5501a - authzone work, probe timer setup. 
git-svn-id: file:///svn/unbound/trunk@4378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-19 09:03:36 +00:00
Wouter Wijngaards
7bf7524d22 - lint for recent authzone commit. 
git-svn-id: file:///svn/unbound/trunk@4377 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-18 06:43:51 +00:00
Wouter Wijngaards
b37bc47eaa - Work on local root zone code. 
git-svn-id: file:///svn/unbound/trunk@4376 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 15:16:31 +00:00
Wouter Wijngaards
c5c2cb13d4 - Better documentation for cache-max-negative-ttl. 
git-svn-id: file:///svn/unbound/trunk@4375 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 12:53:21 +00:00
Wouter Wijngaards
52e2331dd4 - [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert 
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
  from Manu Bretelle.
	This option allows handling multiple cert/key pairs while only
	distributing some of them.
	In order to reliably match a client magic with a given key without
	strong assumption as to how those were generated, we need both key and
	cert. Likewise, in order to know which ES version should be used.
	On the other hand, when rotating a cert, it can be desirable to only
	serve the new cert but still be able to handle clients that are still
	using the old certs's public key.
	The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
	publish the cert as part of the DNS's provider_name's TXT answer.



git-svn-id: file:///svn/unbound/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 07:34:49 +00:00
Wouter Wijngaards
5ad3bbb27f - Fix #1749: With harden-referral-path: performance drops, due to 
circular dependency in NS and DS lookups.


git-svn-id: file:///svn/unbound/trunk@4372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 07:22:58 +00:00
Wouter Wijngaards
a253d276d7 - trunk has version 1.6.8. 
git-svn-id: file:///svn/unbound/trunk@4371 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-10 07:38:56 +00:00
Wouter Wijngaards
effb5c4203 - tag 1.6.7 
git-svn-id: file:///svn/unbound/trunk@4369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-10 07:10:35 +00:00
Wouter Wijngaards
64f4a0d800 - Fix spelling in unbound-control man page. 
git-svn-id: file:///svn/unbound/trunk@4368 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-06 07:00:10 +00:00
Wouter Wijngaards
5ef3663385 - tag 1.6.7rc1 
git-svn-id: file:///svn/unbound/trunk@4366 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 14:31:39 +00:00
Ralph Dolmans
9a727c3c1a - Use RCODE from A response on DNS64 synthesized answer. 
git-svn-id: file:///svn/unbound/trunk@4365 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 13:55:04 +00:00
Wouter Wijngaards
d506659635 - Fix some more crpls in testdata for different signaling default. 
git-svn-id: file:///svn/unbound/trunk@4363 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 10:44:16 +00:00
Wouter Wijngaards
9247e8522b - Fix trust-anchor-signaling works in libunbound. 
git-svn-id: file:///svn/unbound/trunk@4362 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 10:37:34 +00:00
Ralph Dolmans
ac9b95ca0c - Set trust-anchor-signaling default to yes 
git-svn-id: file:///svn/unbound/trunk@4360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 10:17:25 +00:00
Wouter Wijngaards
bbe5c6acf0 - Fix param unused warning for windows exportsymbol compile. 
git-svn-id: file:///svn/unbound/trunk@4359 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-02 12:24:48 +00:00
Ralph Dolmans
5e4faec554 - Fix #1450: Generate again patch contrib/aaaa-filter-iterator.patch (by Danilo 
G. Baio). 


git-svn-id: file:///svn/unbound/trunk@4358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-25 12:49:47 +00:00
Ralph Dolmans
207beff489 - Log name of looping module 
git-svn-id: file:///svn/unbound/trunk@4357 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-21 08:19:47 +00:00
Wouter Wijngaards
60beab1e8d Spelling fixes are from Josh Soref. 
git-svn-id: file:///svn/unbound/trunk@4356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-20 07:01:52 +00:00
Wouter Wijngaards
7afdc695fe - Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff. 
git-svn-id: file:///svn/unbound/trunk@4355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-19 11:54:58 +00:00
Wouter Wijngaards
55d8fe2837 - use a cachedb answer even if it's "expired" when serve-expired is yes 
(patch from Jinmei Tatuya).
- trigger refetching of the answer in that case (this will bypass
  cachedb lookup)
- allow storing a 0-TTL answer from cachedb in the in-memory message
  cache when serve-expired is yes


git-svn-id: file:///svn/unbound/trunk@4353 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-19 09:08:29 +00:00
Ralph Dolmans
3427b992f7 - Fix #1400: allowing use of global cache on ECS-forwarding unless 
always-forward.


git-svn-id: file:///svn/unbound/trunk@4352 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 09:09:10 +00:00
Wouter Wijngaards
ee8f07a686 - Fix #1440: [dnscrypt] client nonce cache. 
git-svn-id: file:///svn/unbound/trunk@4351 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:55:08 +00:00
Wouter Wijngaards
c49226613b - Fix #1435: Please allow UDP to be disabled separately upstream and 
downstream.


git-svn-id: file:///svn/unbound/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:42:24 +00:00
Wouter Wijngaards
3ede03449c - Fix that looping modules always stop the query, and don't pass 
control.


git-svn-id: file:///svn/unbound/trunk@4348 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 07:54:24 +00:00
Wouter Wijngaards
60318b18f7 - tag 1.6.6rc2, became 1.6.6 on 18 sep. trunk 1.6.7 in development. 
git-svn-id: file:///svn/unbound/trunk@4347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 07:49:41 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Wouter Wijngaards
ce1f757ce0 - Fix unbound-host to report error for DNSSEC state of failed lookups. 
git-svn-id: file:///svn/unbound/trunk@4343 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:11:43 +00:00
Wouter Wijngaards
b01f0db381 - tag 1.6.6rc2 
git-svn-id: file:///svn/unbound/trunk@4341 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-13 06:57:39 +00:00
Wouter Wijngaards
0b7d3bfd30 - Add dns64 for client-subnet in unbound-checkconf. 
git-svn-id: file:///svn/unbound/trunk@4340 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-12 05:43:46 +00:00
Wouter Wijngaards
edd22eb36c - Fix #1434: Fix windows openssl 1.1.0 linking. 
git-svn-id: file:///svn/unbound/trunk@4338 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-05 08:28:39 +00:00
Ralph Dolmans
eb25148123 - Fix #1412: QNAME minimisation strict mode not honored 
git-svn-id: file:///svn/unbound/trunk@4337 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-04 15:15:27 +00:00
Wouter Wijngaards
0fcc88689d - makedist fix for windows binaries, with openssl 1.1.0 windres fix, 
and expat 2.2.4 install target fix.


git-svn-id: file:///svn/unbound/trunk@4336 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-04 14:02:15 +00:00
Wouter Wijngaards
03d62b2e43 note tag 1.6.6rc1 
git-svn-id: file:///svn/unbound/trunk@4335 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-04 12:55:25 +00:00
Wouter Wijngaards
08ceb2a737 - Recommend 1472 buffer size in unbound.conf 
git-svn-id: file:///svn/unbound/trunk@4332 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-01 14:54:37 +00:00
Wouter Wijngaards
6a5e7be380 - Fix #1418: [ip ratelimit] initialize slabhash using 
ip-ratelimit-slabs.


git-svn-id: file:///svn/unbound/trunk@4330 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 12:02:14 +00:00
Wouter Wijngaards
a17400b45e dnscrypt cache size configuration option. 
git-svn-id: file:///svn/unbound/trunk@4328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 11:58:29 +00:00
Wouter Wijngaards
a1153ba1f7 - make depend 
git-svn-id: file:///svn/unbound/trunk@4327 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 08:08:45 +00:00
Wouter Wijngaards
425dec3037 - Fix #1417: [dnscrypt] shared secret cache counters, and works when 
dnscrypt is not enabled.


git-svn-id: file:///svn/unbound/trunk@4326 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 08:06:17 +00:00
Wouter Wijngaards
a270aa3c53 - but reverted that, tests fails with that escape. 
git-svn-id: file:///svn/unbound/trunk@4325 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 07:48:09 +00:00
Wouter Wijngaards
8a6d68e5d2 - For #1417: escape ; in dnscrypt tests. 
git-svn-id: file:///svn/unbound/trunk@4324 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 07:43:54 +00:00
Wouter Wijngaards
79c45131d1 - Fix #1424: cachedb:testframe is not thread safe. 
git-svn-id: file:///svn/unbound/trunk@4323 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 07:35:08 +00:00
Wouter Wijngaards
fe18bbcb1f - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. 
git-svn-id: file:///svn/unbound/trunk@4322 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-30 13:13:43 +00:00
Wouter Wijngaards
7a322130d6 - updated contrib/fastrpz.patch to apply with configparser changes. 
git-svn-id: file:///svn/unbound/trunk@4321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-30 11:12:03 +00:00
Wouter Wijngaards
2f270e6fbb - fixup WKS test on buildhost without servicebyname. 
git-svn-id: file:///svn/unbound/trunk@4319 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 08:56:22 +00:00
Wouter Wijngaards
cfcf5437f4 - new keys and certs for dnscrypt tests. 
git-svn-id: file:///svn/unbound/trunk@4318 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 08:48:19 +00:00
Wouter Wijngaards
f5a2cb3593 - zero qinfo in handle_request, this zeroes local_alias and also the 
qname member.


git-svn-id: file:///svn/unbound/trunk@4317 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 07:31:45 +00:00
Wouter Wijngaards
1624efa939 - Fix #1414: fix segfault on parse failure and log_replies. 
git-svn-id: file:///svn/unbound/trunk@4316 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 07:28:29 +00:00
Wouter Wijngaards
3c3f1b42bb - Fix WKS records on kvm autobuild host, with default protobyname 
entries for udp and tcp.


git-svn-id: file:///svn/unbound/trunk@4314 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-28 13:00:45 +00:00
Wouter Wijngaards
9a44fc5142 - Small fixes for the shared secret cache patch. 
git-svn-id: file:///svn/unbound/trunk@4313 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-28 11:05:51 +00:00
Wouter Wijngaards
e3cc298ffd - Fix #1415: [dnscrypt] shared secret cache, patch from 
Manu Bretelle.


git-svn-id: file:///svn/unbound/trunk@4312 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-28 10:55:41 +00:00
Wouter Wijngaards
cd46a535cd - iana portlist update 
git-svn-id: file:///svn/unbound/trunk@4311 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-28 08:29:00 +00:00
Wouter Wijngaards
80f310e2a4 - Fix #1415: patch to free dnscrypt environment on reload. 
git-svn-id: file:///svn/unbound/trunk@4310 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-28 07:49:42 +00:00
Wouter Wijngaards
ffc2f687cf - Fix to reclaim tcp handler when it is closed due to dnscrypt buffer 
allocation failure.


git-svn-id: file:///svn/unbound/trunk@4309 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-22 13:40:44 +00:00
Wouter Wijngaards
e5b8a37a20 - make depend 
git-svn-id: file:///svn/unbound/trunk@4308 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-22 07:44:41 +00:00
Wouter Wijngaards
3dc206c721 - Fix #1407: Add ECS options check to unbound-checkconf. 
git-svn-id: file:///svn/unbound/trunk@4307 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-22 07:43:59 +00:00