upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
4778 commits 23 branches 209 tags 123 MiB
Commit graph

174 commits

Author SHA1 Message Date
Wouter Wijngaards
23505d30a5 - Fix #4190: Please create a "ANY" deny option, adds the option 
deny-any: yes in unbound.conf.  This responds with an empty message
  to queries of type ANY.


git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:07:37 +00:00
Ralph Dolmans
987c1c97e5 - More explicitly mention the type of ratelimit when applying ip-ratelimit. 
git-svn-id: file:///svn/unbound/trunk@4884 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-04 09:16:07 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
Wouter Wijngaards
efe5c8e6be - Fix #4144: dns64 module caches wrong (negative) information. 
git-svn-id: file:///svn/unbound/trunk@4850 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-10 08:03:17 +00:00
Wouter Wijngaards
f8e585f308 nicer code, in function. 
git-svn-id: file:///svn/unbound/trunk@4790 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 15:07:09 +00:00
Wouter Wijngaards
5bda4f9822 Fixup cache size test for msg cache. 
git-svn-id: file:///svn/unbound/trunk@4789 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:56:02 +00:00
Wouter Wijngaards
d2d7b987fa brackets added. 
git-svn-id: file:///svn/unbound/trunk@4788 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:44:20 +00:00
Wouter Wijngaards
7579216922 - Resize ratelimit and ip-ratelimit caches if changed on reload. 
git-svn-id: file:///svn/unbound/trunk@4787 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:42:38 +00:00
Wouter Wijngaards
330c6e1cb0 - Fix that ratelimit and ip-ratelimit are applied after reload of 
git-svn-id: file:///svn/unbound/trunk@4786 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:27:44 +00:00
Wouter Wijngaards
a4a5bfaa2f - Fix crash if ratelimit taken into use with unbound-control 
instead of with unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4711 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-05 07:06:19 +00:00
Ralph Dolmans
d97a635084 - Fix memory leak when caching wildcard records for aggressive NSEC use 
git-svn-id: file:///svn/unbound/trunk@4662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-25 13:13:05 +00:00
Wouter Wijngaards
3a287a70cd Test and fix. 
git-svn-id: file:///svn/unbound/trunk@4583 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-13 13:14:56 +00:00
Wouter Wijngaards
d111aaf64f - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually 
flushed with serve-expired on.


git-svn-id: file:///svn/unbound/trunk@4582 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-13 12:52:11 +00:00
Wouter Wijngaards
3b25c475f5 - Attempt to remove warning about trailing whitespace. 
git-svn-id: file:///svn/unbound/trunk@4568 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:52:18 +00:00
Ralph Dolmans
24fc3242fc - Save wildcard RRset from answer with original owner for use in aggressive 
NSEC.


git-svn-id: file:///svn/unbound/trunk@4550 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-22 15:12:31 +00:00
Ralph Dolmans
77f78152ee - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: file:///svn/unbound/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00
Wouter Wijngaards
cb28d35bd2 - Fix lock race condition in dns cache dname synthesis. 
git-svn-id: file:///svn/unbound/trunk@4495 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 10:33:19 +00:00
Wouter Wijngaards
859ca7db68 - Fix #3397: Fix that when the cache contains an unsigned DNAME in 
the middle of a cname chain, a result without the DNAME could
  be returned.


git-svn-id: file:///svn/unbound/trunk@4446 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 14:30:16 +00:00
Wouter Wijngaards
df6fbb82be - Fix #3397: Fix that cachedb could return a partial CNAME chain. 
git-svn-id: file:///svn/unbound/trunk@4445 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 13:54:20 +00:00
Wouter Wijngaards
7afdc695fe - Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff. 
git-svn-id: file:///svn/unbound/trunk@4355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-19 11:54:58 +00:00
Wouter Wijngaards
55d8fe2837 - use a cachedb answer even if it's "expired" when serve-expired is yes 
(patch from Jinmei Tatuya).
- trigger refetching of the answer in that case (this will bypass
  cachedb lookup)
- allow storing a 0-TTL answer from cachedb in the in-memory message
  cache when serve-expired is yes


git-svn-id: file:///svn/unbound/trunk@4353 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-19 09:08:29 +00:00
Wouter Wijngaards
6a5e7be380 - Fix #1418: [ip ratelimit] initialize slabhash using 
ip-ratelimit-slabs.


git-svn-id: file:///svn/unbound/trunk@4330 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 12:02:14 +00:00
Wouter Wijngaards
abb6cfdebd - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), 
config.sub(2016-09-05).
- annotate case statement fallthrough for gcc 7.1.1.
- flex output from flex 2.6.1.
- snprintf of thread number does not warn about truncated string.


git-svn-id: file:///svn/unbound/trunk@4278 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:04:18 +00:00
Ralph Dolmans
71d2d60b85 - Fix #1277: disable domain ratelimit by setting value to 0. 
git-svn-id: file:///svn/unbound/trunk@4235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-16 13:22:43 +00:00
Wouter Wijngaards
c4869780d1 - Fix #1278: Incomplete wildcard proof. 
git-svn-id: file:///svn/unbound/trunk@4218 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-12 10:11:28 +00:00
Wouter Wijngaards
893159454f - Adjust servfail by iterator to not store in cache when serve-expired 
is enabled, to avoid overwriting useful information there.


git-svn-id: file:///svn/unbound/trunk@4153 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-12 12:16:41 +00:00
Ralph Dolmans
d30ae35c62 - Do not add current time twice to TTL before ECS cache store. 
- Do not touch rrset cache after ECS cache message generation.
- Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.


git-svn-id: file:///svn/unbound/trunk@4086 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-03 09:36:18 +00:00
Ralph Dolmans
b0fd814975 - Merge EDNS Client subnet implementation from feature branch into main branch, 
using new EDNS processing framework.


git-svn-id: file:///svn/unbound/trunk@4074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-21 12:08:17 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Wouter Wijngaards
3a1ffe4c69 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: file:///svn/unbound/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
Ralph Dolmans
9581c39dcc - QNAME minimisation uses QTYPE=A, therefore always check cache for 
this type in harden-below-nxdomain functionality.


git-svn-id: file:///svn/unbound/trunk@3932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-22 10:50:53 +00:00
Wouter Wijngaards
4cd296a3f3 - Fixup query_info local_alias init. 
git-svn-id: file:///svn/unbound/trunk@3899 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 14:55:57 +00:00
Ralph Dolmans
5d061f13f9 - Validate QNAME minimised NXDOMAIN responses. 
- If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
   harden-below-nxdomain.



git-svn-id: file:///svn/unbound/trunk@3682 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-18 15:44:41 +00:00
Wouter Wijngaards
2ceed35ca8 - Added assert on rrset cache correctness. 
git-svn-id: file:///svn/unbound/trunk@3545 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-20 08:08:11 +00:00
Wouter Wijngaards
b8d7976f57 - ANY responses include DNAME records if present, as per Evan Hunt's 
remark in dnsop.


git-svn-id: file:///svn/unbound/trunk@3504 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-14 08:02:14 +00:00
Wouter Wijngaards
cb90782087 - Fix #677 Fix DNAME responses from cache that failed internal chain 
test.


git-svn-id: file:///svn/unbound/trunk@3435 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-26 07:27:32 +00:00
Wouter Wijngaards
ddda275d7b please lint. 
git-svn-id: file:///svn/unbound/trunk@3411 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-23 14:04:46 +00:00
Wouter Wijngaards
ff898bfdd6 - Synthesize ANY responses from cache. Does not search exhaustively, 
but MX,A,AAAA,SOA,NS also CNAME.
- Fix leaked dns64prefix configuration string.


git-svn-id: file:///svn/unbound/trunk@3405 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-17 14:58:07 +00:00
Wouter Wijngaards
c03ff186ec fixes for undeclared function. 
git-svn-id: file:///svn/unbound/trunk@3394 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 12:19:30 +00:00
Wouter Wijngaards
85192d4569 - unbound-control ratelimit_list lists high rate domains. 
git-svn-id: file:///svn/unbound/trunk@3393 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 12:13:59 +00:00
Wouter Wijngaards
bc658e0361 Fixes. 
git-svn-id: file:///svn/unbound/trunk@3392 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 10:57:25 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
06fa21b0da Fixup rrset unlock in case of allocation failure. 
git-svn-id: file:///svn/unbound/trunk@3381 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 13:15:55 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
6feb8fb6a5 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: file:///svn/unbound/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
Wouter Wijngaards
b781f2d48d - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: file:///svn/unbound/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
Wouter Wijngaards
eb5e9a89c4 - Fix #558: failed prefetch lookup does not remove cached response 
but delays next prefetch (in lieu of caching a SERVFAIL).


git-svn-id: file:///svn/unbound/trunk@3111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 13:56:16 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00