upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-22 15:50:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
4209 commits 23 branches 209 tags 123 MiB
Commit graph

272 commits

Author SHA1 Message Date
Ralph Dolmans
7e8d3423cd Please lint 
git-svn-id: file:///svn/unbound/trunk@4435 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-03 17:05:48 +00:00
Ralph Dolmans
0df528cc9e - Fix queries being leaked above stub when refetching glue. 
git-svn-id: file:///svn/unbound/trunk@4434 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-03 16:54:22 +00:00
Wouter Wijngaards
6c2fa12f10 no AAAA shortcuts. 
git-svn-id: file:///svn/unbound/trunk@4403 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-13 14:15:10 +00:00
Wouter Wijngaards
f3304d408c - Fix qname minimisation to send AAAA queries at zonecut like type A. 
git-svn-id: file:///svn/unbound/trunk@4402 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-13 12:11:38 +00:00
Wouter Wijngaards
5ad3bbb27f - Fix #1749: With harden-referral-path: performance drops, due to 
circular dependency in NS and DS lookups.


git-svn-id: file:///svn/unbound/trunk@4372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 07:22:58 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Ralph Dolmans
eb25148123 - Fix #1412: QNAME minimisation strict mode not honored 
git-svn-id: file:///svn/unbound/trunk@4337 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-04 15:15:27 +00:00
Ralph Dolmans
7b18274d7e - Added stats for queries that have been ratelimited by domain recursion. 
git-svn-id: file:///svn/unbound/trunk@4292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 12:52:33 +00:00
Wouter Wijngaards
7bb1d8a8d1 - Fix query for refetch_glue of stub leaking to internet. 
git-svn-id: file:///svn/unbound/trunk@4227 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-15 15:00:07 +00:00
Wouter Wijngaards
39b5f5bbc6 - Fix stub zone queries leaking to the internet for 
harden-referral-path ns checks.


git-svn-id: file:///svn/unbound/trunk@4226 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-15 07:59:05 +00:00
Wouter Wijngaards
1db056b19c - Fix queries for nameservers under a stub leaking to the internet. 
git-svn-id: file:///svn/unbound/trunk@4154 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-12 15:10:10 +00:00
Wouter Wijngaards
893159454f - Adjust servfail by iterator to not store in cache when serve-expired 
is enabled, to avoid overwriting useful information there.


git-svn-id: file:///svn/unbound/trunk@4153 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-12 12:16:41 +00:00
Ralph Dolmans
a5c7c469ee - Remove ECS option after REFUSED answer 
- Fix small memory leak in edns_opt_copy_alloc



git-svn-id: file:///svn/unbound/trunk@4100 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-10 09:12:04 +00:00
Ralph Dolmans
b0fd814975 - Merge EDNS Client subnet implementation from feature branch into main branch, 
using new EDNS processing framework.


git-svn-id: file:///svn/unbound/trunk@4074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-21 12:08:17 +00:00
Wouter Wijngaards
f952ac1dee - Fix #1237 - Wrong resolving in chain, for norec queries that get 
SERVFAIL returned.


git-svn-id: file:///svn/unbound/trunk@4064 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-17 14:32:25 +00:00
Wouter Wijngaards
ca48de34e9 - Fix that looped DNAMEs do not cause unbound to spend effort. 
git-svn-id: file:///svn/unbound/trunk@4055 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 14:32:58 +00:00
Wouter Wijngaards
45517ad616 - Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead 
of YXDOMAIN + query loop, reported by Petr Spacek.


git-svn-id: file:///svn/unbound/trunk@4049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-13 08:27:01 +00:00
Wouter Wijngaards
038550c889 - Fix #1234: shortening DNAME loop produces duplicate DNAME records 
in ANSWER section.


git-svn-id: file:///svn/unbound/trunk@4047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-10 13:04:24 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
George Thessalonikefs
7b948b0647 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
Ralph Dolmans
efe248c46a - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: file:///svn/unbound/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
Wouter Wijngaards
2785225a43 - Fixup query_info local_alias init. 
git-svn-id: file:///svn/unbound/trunk@3901 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 15:05:30 +00:00
Wouter Wijngaards
503df095b2 - Patch that resolves CNAMEs entered in local-data conf statements that 
point to data on the internet, from Jinmei Tatuya (Infoblox).


git-svn-id: file:///svn/unbound/trunk@3885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-18 13:18:20 +00:00
Ralph Dolmans
9c0944ec1e - Added qname-minimisation-strict config option. 
git-svn-id: file:///svn/unbound/trunk@3878 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-11 11:32:50 +00:00
Wouter Wijngaards
9bc918fa7b - Fix #804: lower num_target_queries for iterator also for failed 
lookups.


git-svn-id: file:///svn/unbound/trunk@3831 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-08-23 08:49:01 +00:00
Ralph Dolmans
dfe52a0de5 - Decrease dp attempts at each QNAME minimisation iteration 
git-svn-id: file:///svn/unbound/trunk@3796 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-16 11:57:20 +00:00
Ralph Dolmans
5b63c08c72 - Use QTYPE=A for QNAME minimisation. 
- Keep track of number of time-outs when performing QNAME minimisation.
  Stop minimising when number of time-outs for a QNAME/QTYPE pair is
  more than three.



git-svn-id: file:///svn/unbound/trunk@3782 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-13 13:06:35 +00:00
Wouter Wijngaards
031caba9c0 - and also generic edns options for upstream messages (and replies). 
after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID),
  to insert use edns_opt_append(edns, region, code, len, bindata) on
  the opt_list passed to send_query, or in edns_opt_inplace_reply.


git-svn-id: file:///svn/unbound/trunk@3742 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:55:22 +00:00
Wouter Wijngaards
40dd2acfd9 - generic edns option parse and store code. 
git-svn-id: file:///svn/unbound/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00
Wouter Wijngaards
74603017b6 - Updated patch from Charles Walker. 
git-svn-id: file:///svn/unbound/trunk@3728 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-26 06:49:44 +00:00
Wouter Wijngaards
7fcec8102f - disable-dnssec-lame-check config option from Charles Walker. 
git-svn-id: file:///svn/unbound/trunk@3725 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-24 12:17:42 +00:00
Ralph Dolmans
f39692acc7 - No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC signed zones. 
git-svn-id: file:///svn/unbound/trunk@3722 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-20 14:04:27 +00:00
Wouter Wijngaards
3d60a6f446 - Fix #761: DNSSEC LAME false positive resolving nic.club. 
git-svn-id: file:///svn/unbound/trunk@3720 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-18 14:09:12 +00:00
Ralph Dolmans
5d061f13f9 - Validate QNAME minimised NXDOMAIN responses. 
- If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
   harden-below-nxdomain.



git-svn-id: file:///svn/unbound/trunk@3682 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-18 15:44:41 +00:00
Ralph Dolmans
6362a12bd7 - Limit number of QNAME minimisation iterations. 
git-svn-id: file:///svn/unbound/trunk@3681 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-17 14:44:41 +00:00
Wouter Wijngaards
47e2026ca6 - Fix #746: Fix unbound sets CD bit on all forwards. 
If no trust anchors, it'll not set CD bit when forwarding to another
  server.  If a trust anchor, no CD bit on the first attempt to a
  forwarder, but CD bit thereafter on repeated attempts to get DNSSEC.


git-svn-id: file:///svn/unbound/trunk@3679 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-17 14:01:59 +00:00
Ralph Dolmans
d853b0841b Don't minimise forwarded requests. 
git-svn-id: file:///svn/unbound/trunk@3575 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-07 15:56:47 +00:00
Ralph Dolmans
3328dc4d68 Stop minimising after receiving rcode!=NOERROR 
git-svn-id: file:///svn/unbound/trunk@3573 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-03 15:45:52 +00:00
Ralph Dolmans
e47e31a69f Keep incrementing QNAME after receiving throwaway answer. 
git-svn-id: file:///svn/unbound/trunk@3568 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-03 12:09:45 +00:00
Ralph Dolmans
014142d7bf Qname minimisation review fixes 
git-svn-id: file:///svn/unbound/trunk@3561 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 13:14:00 +00:00
Wouter Wijngaards
3ee1dc25d5 yacced,lexed, include for undeclared function and make depend. 
git-svn-id: file:///svn/unbound/trunk@3555 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 08:11:48 +00:00
Ralph Dolmans
a05bf09811 Implemented qname minimisation 
git-svn-id: file:///svn/unbound/trunk@3554 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-30 16:10:26 +00:00
Wouter Wijngaards
152458c40b - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
bc658e0361 Fixes. 
git-svn-id: file:///svn/unbound/trunk@3392 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 10:57:25 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
6feb8fb6a5 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: file:///svn/unbound/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
Wouter Wijngaards
7861314db3 And use best response in case 0x20 fallback done. 
git-svn-id: file:///svn/unbound/trunk@3349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-04 09:35:06 +00:00