upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-29 10:59:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6949 commits 23 branches 209 tags 124 MiB
Commit graph

1838 commits

Author SHA1 Message Date
W.C.A. Wijngaards
11d077c826 - Fix some lint type warnings. 2022-05-20 15:32:27 +02:00
George Thessalonikefs
7e506bb477 - Fix typos in config_set_option for the 'num-threads' and 
'ede-serve-expired' options.
 2022-05-18 19:56:26 +03:00
W.C.A. Wijngaards
e62b309959 - For #677: Added tls-system-cert to config parser and documentation. 
- Changelog note for #677.
 2022-05-12 16:30:19 +02:00
Wouter Wijngaards
2132e67b36
Merge pull request #677 from InfrastructureServices/use-system-cas 
Allow using system certificates not only on Windows
 2022-05-12 16:16:49 +02:00
Petr Mensik
0abfddd279 Allow using system certificates not only on Windows 
OpenSSL has a way to load default file. That file might contain usable
certificates to verify common connections. Allow similar trust as on
windows and leave it on openssl package to provide sane defaults.

Also provide use-system-cert alias, because it is not windows specific
anymore.
 2022-05-12 16:07:41 +02:00
W.C.A. Wijngaards
f0d91950ad - Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to 
host.
 2022-05-11 17:10:42 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
George Thessalonikefs
b8e7dfa01e - Various fixes for #632: variable initialisation, convert the qinfo 
to str once, accept trailing dot in the local-zone ipset option.
 2022-03-02 14:29:56 +01:00
Wouter Wijngaards
fbbb42c9d4
Merge pull request #631 from mollyim/boringssl-compat 
Replace OpenSSL's ERR_PACK with ERR_GET_REASON
 2022-02-18 09:37:34 +01:00
Oscar Mira
78aee89201 Replace OpenSSL's ERR_PACK with ERR_GET_REASON 2022-02-17 20:20:18 +01:00
W.C.A. Wijngaards
2b90181d3a - Fix #628: A rpz-passthru action is not ending RPZ zone processing. 2022-02-15 16:20:12 +01:00
W.C.A. Wijngaards
a0feea393a - Fix #618: enabling interface-automatic disables DNS-over-TLS. 
Adds the option to list interface-automatic-ports.
 2022-02-11 10:58:53 +01:00
W.C.A. Wijngaards
e656be63f9 - Fix header comment for doxygen for authextstrtoaddr. 2022-02-02 13:20:46 +01:00
gthess
11f2e7e6ae
Merge pull request #617 from NLnetLabs/update-host-notation 
Update stub/forward-host notation to accept port and tls-auth-name
 2022-02-02 11:56:27 +01:00
George Thessalonikefs
32c3bbd249 - Change aggressive-nsec default to yes. 2022-02-02 11:25:08 +01:00
gthess
358e3a5963
Merge pull request #616 from NLnetLabs/bugfix/ratelimit 
Update ratelimit logic
 2022-02-02 11:16:04 +01:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
W.C.A. Wijngaards
84df46289d - iana portlist update. 2022-01-31 10:53:22 +01:00
George Thessalonikefs
3086335724 - Introduce ratelimit-backoff and ip-ratelimit-backoff options for more 
aggressive rate limiting.
 2022-01-30 00:36:29 +01:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
George Thessalonikefs
c49e87e1b7 - Fix tls-* and ssl-* documented alternate syntax to also be available 
through remote-control and unbound-checkconf.
 2022-01-29 15:11:47 +01:00
George Thessalonikefs
f0c6d26155 - Better bookkeeping when reclaiming the TCP buffer. 2022-01-25 10:32:37 +01:00
George Thessalonikefs
c3c0186658 - Add serviced_query timer to send upstream queries outside of the mesh 
flow to prevent race conditions.
 2022-01-25 00:01:43 +01:00
W.C.A. Wijngaards
2996040c6c - Add rpz: for-downstream: yesno option, where the RPZ zone is 
authoritatively answered for, so the RPZ zone contents can be
  checked with DNS queries directed at the RPZ zone.
 2022-01-14 16:23:43 +01:00
W.C.A. Wijngaards
392c1f0f54 - Fix #596: unset the RA bit when a query is blocked by an unbound 
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
  signal that a domain is externally blocked to clients when it
  is blocked with NXDOMAIN by unsetting RA.
 2022-01-04 13:40:07 +01:00
W.C.A. Wijngaards
4efbee08b5 - Fix compile warning for if_nametoindex on windows 64bit. 2021-12-03 10:44:47 +01:00
gthess
43615e98b5
Merge pull request #522 from sibeream/net_help_RESOURCE_LEAK 
- memory management violations fixed
 2021-12-01 03:59:32 +01:00
gthess
806a75808d
Merge pull request #562 from NLnetLabs/bugfix/reset-keepalive-per-tcp-session 
Reset keepalive per new tcp session
 2021-12-01 03:57:04 +01:00
gthess
ba9356af99
Merge pull request #555 from fobser/if_nametoindex 
Allow interface names as scope-id in IPv6 link-local addresses.
 2021-12-01 03:54:45 +01:00
W.C.A. Wijngaards
88da8ce174 - iana portlist update. 2021-11-30 15:05:27 +01:00
Wouter Wijngaards
9645228f03
Merge pull request #570 from rex4539/typos 
Fix typos
 2021-11-29 11:39:48 +01:00
tcarpay
c47e98a659
Merge pull request #563 from NLnetLabs/bugfix/general-edns-options3 
Better positioning of general EDNS option handling: revisited V2
 2021-11-15 15:14:51 +01:00
Tom Carpay
ff030fa332 Clarify KEEPALIVE EDNS0 option operation 2021-11-15 14:00:31 +00:00
Tom Carpay
e899b4cefe Make explicit whether edns options are parsed from queries or responses 2021-11-15 13:40:51 +00:00
Tom Carpay
b47dc528aa add missing return code 2021-11-15 12:33:08 +00:00
Dimitris Apostolou
c21d6af617
Fix typos 2021-11-13 16:56:15 +02:00
tcarpay
a0df340b1e
Update util/data/msgparse.c 
Co-authored-by: gthess <george@nlnetlabs.nl>
 2021-11-08 12:28:03 +01:00
TCY16
8205c87a96 complete renaming of the modules edns list 2021-11-08 11:50:29 +01:00
tcarpay
fa73142b79
Apply suggestions from code review 
Co-authored-by: Willem Toorop <willem@nlnetlabs.nl>
 2021-11-08 11:02:54 +01:00
George Thessalonikefs
24eded6ef9 - Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event. 2021-11-05 11:21:30 +01:00
George Thessalonikefs
431b749d7a - Fix for #558: fix loop in comm_point->tcp_free when a comm_point is reclaimed 
more than once during callbacks.
 2021-11-05 11:19:08 +01:00
Willem Toorop
53a1677828 Reset keepalive per new tcp session 2021-11-01 21:06:07 +01:00
Tom Carpay
cb48d9e4a1 Fix keepalive logic 2021-11-01 15:01:07 +00:00
Tom Carpay
5f8447830a Move option handling to parse-time 2021-11-01 13:48:31 +00:00
Tom Carpay
89d7476539 split edns_data.opt_list in opt_list_in and opt_list_out 
opt_list_in for parsed (incoming) edns options, and
opt_list_out for outgoing (to be encoded) edns options
 2021-11-01 12:48:40 +00:00
Tom Carpay
3ebfa9fc97 Outgoing module options go to opt_list_modules_out 
And opt_list_modules_out is reset in case of failure
BEWARE! No options from modules will be encoded in the responses now!
 2021-10-27 14:01:56 +00:00
Tom Carpay
3e6eeb504d Modules have their own outgoing ends options list 
But nothing happens with it yet
 2021-10-27 13:48:49 +00:00
Florian Obser
8756f1e4c7 Allow interface names as scope-id in IPv6 link-local addresses. 
For example, this makes
forward-zone:
    name: "."
    forward-addr: fe80::20d:b9ff:fe46:c7f4%vio0
    forward-first: yes

work instead of fe80::20d:b9ff:fe46:c7f4%1.
 2021-10-24 16:06:55 +02:00
W.C.A. Wijngaards
ecb0b44ba8 - Fix to protect custom regional create against small values. 2021-10-11 17:23:30 +02:00
W.C.A. Wijngaards
9f26f397a9 - Fix crosscompile windows to use libssp when it exists. 
- For the windows compile script disable gost.
- Fix that on windows, use BIO_set_callback_ex instead of deprecated
 2021-09-21 13:51:34 +02:00