upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-28 02:29:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5318 commits 23 branches 209 tags 124 MiB
Commit graph

211 commits

Author SHA1 Message Date
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
056176ec9a Merge branch 'master' into rpz 2020-01-30 15:57:34 +01:00
Ralph Dolmans
882741bf55 - Fix memory leak in do_auth_zone_transfer on success 2020-01-30 15:45:54 +01:00
Ralph Dolmans
4f5b934688 - Fix small memory leak in error condition remote.c 
- Fix double free in error condition view.c
 2020-01-30 14:56:48 +01:00
Ralph Dolmans
3609287344 - Fix RPZ stats RPZ_NO_OVERRIDE_ACTION check 2020-01-30 14:05:56 +01:00
Alexander Berkes
396d4223d9 Added unbound-control view_local_datas_remove command 2020-01-29 02:28:00 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
981fedea0e - Fix NULL Pointer Dereference via Control Port, 
reported by X41 D-Sec.
 2019-11-20 14:37:13 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
Ralph Dolmans
268580f348 Added RPZ log name and stats 2019-06-03 15:46:39 +02:00
Wouter Wijngaards
20d57ec58b - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2. 
git-svn-id: file:///svn/unbound/trunk@5106 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-07 08:34:28 +00:00
Wouter Wijngaards
510606dd1c - Patch for TLS session resumption from Manabu Sonoda, 
enable with tls-session-ticket-keys in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:35:52 +00:00
Wouter Wijngaards
8b18d1a0a4 - unbound-control stats has mem.streamwait that counts TCP and TLS 
waiting result buffers.


git-svn-id: file:///svn/unbound/trunk@5050 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 13:20:06 +00:00
Wouter Wijngaards
470806b097 - Add unbound-control view_local_datas command, like local_datas. 
git-svn-id: file:///svn/unbound/trunk@4977 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-26 13:37:23 +00:00
Wouter Wijngaards
692caffe2c - auth zone zonefiles can be in a chroot, the chroot directory 
components are removed before use.


git-svn-id: file:///svn/unbound/trunk@4972 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:51:09 +00:00
Wouter Wijngaards
2e9d09b961 - initialize statistics totals for printout. 
- in authzone check that node exists before adding rrset.
	- in unbound-anchor, use readwrite memory BIO.
	- assertion in autotrust that packed rrset is formed correctly.


git-svn-id: file:///svn/unbound/trunk@4903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:20:41 +00:00
Wouter Wijngaards
87c8dd5434 - Fix initialisation in remote.c 
git-svn-id: file:///svn/unbound/trunk@4894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-11 14:11:50 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
Wouter Wijngaards
00ba747be7 - #4146: num.query.subnet and num.query.subnet_cache counters. 
git-svn-id: file:///svn/unbound/trunk@4867 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 14:14:28 +00:00
Wouter Wijngaards
41e5a66b73 Fixup 
git-svn-id: file:///svn/unbound/trunk@4785 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 12:30:53 +00:00
Wouter Wijngaards
cc5ab744c5 - Print error if SSL name verification configured but not available 
in the ssl library.


git-svn-id: file:///svn/unbound/trunk@4784 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 12:26:32 +00:00
Wouter Wijngaards
755233c720 - num.queries.tls counter for queries over TLS. 
git-svn-id: file:///svn/unbound/trunk@4759 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-28 08:15:47 +00:00
Wouter Wijngaards
8c044a616b - Fix windows unbound-control no cert bad file descriptor error. 
git-svn-id: file:///svn/unbound/trunk@4746 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-19 13:13:35 +00:00
Wouter Wijngaards
c15eae814f - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. 
git-svn-id: file:///svn/unbound/trunk@4738 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-18 09:04:35 +00:00
Wouter Wijngaards
abff4d1237 - unbound-control auth_zone_transfer _zone_ option starts the probe 
sequence for a master to transfer the zone from and transfers when
  a new zone version is available.


git-svn-id: file:///svn/unbound/trunk@4736 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 15:01:31 +00:00
Wouter Wijngaards
386f23334b - unbound-control auth_zone_reload _zone_ option rereads the zonefile. 
git-svn-id: file:///svn/unbound/trunk@4735 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 13:42:41 +00:00
Wouter Wijngaards
9cb404ba5f - Fix that first control-interface determines if TLS is used. Warn 
when IP address interfaces are used without TLS.


git-svn-id: file:///svn/unbound/trunk@4730 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 08:14:43 +00:00
Wouter Wijngaards
d6ed0e868f remove unreachable point for portablity 
git-svn-id: file:///svn/unbound/trunk@4727 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 13:02:52 +00:00
Wouter Wijngaards
21af42a281 Continue to read also when signals are sent. 
git-svn-id: file:///svn/unbound/trunk@4723 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 10:50:51 +00:00
Wouter Wijngaards
4df697b4b7 Accurate printout in status output. 
git-svn-id: file:///svn/unbound/trunk@4719 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 08:05:03 +00:00
Wouter Wijngaards
7fd32916e8 - #4102 for NSD, but for Unbound. Named unix pipes do not use 
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 07:43:52 +00:00
Wouter Wijngaards
ea6266f736 - list_auth_zones unbound-control command. 
git-svn-id: file:///svn/unbound/trunk@4650 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 14:42:30 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Ralph Dolmans
6ef9cafc0e - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics 
counters


git-svn-id: file:///svn/unbound/trunk@4616 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 11:39:23 +00:00
Wouter Wijngaards
89ad258515 - num.query.authzone.up and num.query.authzone.down statistics counters. 
- Fix downstream auth zone, only fallback when auth zone fails to
  answer and fallback is enabled.


git-svn-id: file:///svn/unbound/trunk@4610 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 10:15:06 +00:00
Wouter Wijngaards
0e5abca6b7 - Fix that flush_zone sets prefetch ttl expired, so that with 
serve-expired enabled it'll start prefetching those entries.


git-svn-id: file:///svn/unbound/trunk@4609 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 07:39:59 +00:00
Wouter Wijngaards
c515215eea - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 
tls_choose_sigalg routine does not allow the ciphers for the pipe,
  so use TLSv1.2.


git-svn-id: file:///svn/unbound/trunk@4606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 13:43:05 +00:00
Wouter Wijngaards
ee8f07a686 - Fix #1440: [dnscrypt] client nonce cache. 
git-svn-id: file:///svn/unbound/trunk@4351 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:55:08 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Wouter Wijngaards
425dec3037 - Fix #1417: [dnscrypt] shared secret cache counters, and works when 
dnscrypt is not enabled.


git-svn-id: file:///svn/unbound/trunk@4326 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 08:06:17 +00:00
Ralph Dolmans
7b18274d7e - Added stats for queries that have been ratelimited by domain recursion. 
git-svn-id: file:///svn/unbound/trunk@4292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 12:52:33 +00:00
Wouter Wijngaards
abb6cfdebd - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), 
config.sub(2016-09-05).
- annotate case statement fallthrough for gcc 7.1.1.
- flex output from flex 2.6.1.
- snprintf of thread number does not warn about truncated string.


git-svn-id: file:///svn/unbound/trunk@4278 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:04:18 +00:00
Wouter Wijngaards
522bff52fe - Fix 1332: Bump verbosity of failed chown'ing of the control socket. 
git-svn-id: file:///svn/unbound/trunk@4262 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-05 06:59:45 +00:00
Wouter Wijngaards
08a3461810 - enhancement for hardened-tls for DNS over TLS. Removed duplicated 
security settings.


git-svn-id: file:///svn/unbound/trunk@4255 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-29 11:45:43 +00:00
Wouter Wijngaards
5573d7508b - unbound-control dump_infra prints port number for address if not 53. 
git-svn-id: file:///svn/unbound/trunk@4248 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-26 12:31:49 +00:00
Wouter Wijngaards
311264b960 - Fix lintian typo. 
git-svn-id: file:///svn/unbound/trunk@4239 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-20 13:34:01 +00:00
Ralph Dolmans
486edb10db - Fix #1269: inconsistent use of built-in local zones with views. 
- Add defaults for new local-zone trees added to views using unbound-control.


git-svn-id: file:///svn/unbound/trunk@4199 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-30 13:04:19 +00:00
Wouter Wijngaards
92d625b648 - better module memory lookup, fix of unbound-control shm names for 
module memory printout of statistics.


git-svn-id: file:///svn/unbound/trunk@4161 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 14:16:59 +00:00
George Thessalonikefs
491b0a26e4 - Implemented opportunistic IPsec support module (ipsecmod). 
- Some whitespace fixup.


git-svn-id: file:///svn/unbound/trunk@4158 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 12:39:24 +00:00