upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-28 10:39:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7970 commits 23 branches 209 tags 124 MiB
Commit graph

342 commits

Author SHA1 Message Date
W.C.A. Wijngaards
16ee7cf944 - Fix for print of connection type in log-replies for dot and doh. 2025-04-10 09:33:51 +02:00
Yorgos Thessalonikefs
9de159b96b - For #1175, the default value of serve-expired-ttl is set to 86400 
(1 day) as suggested by RFC8767.
 2024-12-03 13:09:51 +01:00
Yorgos Thessalonikefs
f46acec35f - For #1189, homogenize the input buffer size for dname_str(). 2024-12-02 11:53:56 +01:00
Yorgos Thessalonikefs
1cd2fb3b9d - For #1189, add unit tests for dname_str() and debug check the input 
buffer size.
 2024-12-02 10:03:35 +01:00
wenxuan70
06fb30d0a0 Fix the dname_str method to cause conversion errors when the domain name length is 255 2024-11-24 17:53:23 +08:00
Yorgos Thessalonikefs
490585bf29 Merge branch 'release-1.21.1' 2024-10-03 18:14:01 +02:00
Yorgos Thessalonikefs
b7c61d7cc2 - Fix CVE-2024-8508, unbounded name compression could lead to denial of 
service.
 2024-10-03 17:41:20 +02:00
Yorgos Thessalonikefs
2e398d51ba
Fix cache update when serve expired is used (#1143) 
- Fix cache update when serve expired is used in order to not evict
  still usable expired records. Modules are forbidden to update the
  cache if their answer is DNSSEC unchecked or bogus and a valid
  (expired) entry already exists. Bogus replies from the validator are
  also discarded in favor of existing (expired) valid replies.

- serve-expired-ttl-reset should try to keep expired records in the
  cache in case they are reset.
 2024-09-24 16:47:04 +02:00
W.C.A. Wijngaards
1e0cf1e86b - Merge patch to fix for glue that is outside of zone, with 
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
  Enabling this option protects the Unbound resolver against bad
  glue, that is unverified out of zone glue, by resolving them.
  It uses the records as last resort if there is no other working
  glue.
 2024-08-23 08:56:48 +02:00
Wouter Wijngaards
ad21dbd1c2
Cookie secret file (#1090) 
* - cookie-secret-file, define struct.

* - cookie-secret-file, add config option, create, read and delete struct.

* - cookie-secret-file, check cookie secrets for cookie validation.

* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
  activate_cookie_secret and print_cookie_secrets.

* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
  staging cookies get a fresh cookie and spelling in error message.

* - cookie-secret-file, remove unused variable from cookie file unit test.

* Remove unshare and faketime dependencies for cookie_file test; documentation nits.

---------

Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
 2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards
5bea29b01c - For #1110: Test for fallthrough attribute in configure and add 
fallthrough attribute annotations.
 2024-07-23 09:47:42 +02:00
Yorgos Thessalonikefs
6f030e9672
Proper parent identification for dynamically entered local zones (#1076) 
- Fix #1059: Intermittent DNS blocking failure with local-zone and
  always_nxdomain. Addition of local_zones dynamically via
  unbound-control was not finding the zone's parent correctly.
 2024-05-24 15:21:40 +02:00
Yorgos Thessalonikefs
025881d0e9 - Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for 
negative answers overriding 'cache-min-ttl'.
 2024-03-12 11:24:59 +01:00
W.C.A. Wijngaards
ccbe31c21f - Fix trim of EDE text from large udp responses from spinning cpu. 2024-02-22 16:22:31 +01:00
dyunwei
eb7eb5ce68 Fix NLnetLabs#981: dump_cache truncates large records. 2024-01-09 14:17:31 +08:00
W.C.A. Wijngaards
3d1bc143af - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. 2023-12-05 10:05:51 +01:00
W.C.A. Wijngaards
39df4f0923 - disable-edns-do, queriers receive no EDNS in response if the 
disable-edns-do option is enabled and they set the DO flag. And unit test
  for that.
 2023-10-04 13:54:05 +02:00
W.C.A. Wijngaards
63616a5fce - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. 2023-09-07 11:29:53 +02:00
W.C.A. Wijngaards
1c85901cc4 - Fix out of bounds read in parse_edns_options_from_query, it would read 
8 bytes after a client option of length 8, and then ignore them to
  recreate a 24 byte response. The fixup does not read out of bounds,
  and puts zeroes in the buffer at that point, that then are ignored.
 2023-08-16 16:58:49 +02:00
W.C.A. Wijngaards
2b1028bdad - Fix possibly unaligned memory access. 2023-08-16 10:06:06 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
4ccb613396 Merge branch 'master' into features/downstream-cookies 2023-08-05 20:37:48 +02:00
George Thessalonikefs
b6e2f4dbf8 - For #762: Formatting. 2023-08-04 19:03:23 +02:00
George Thessalonikefs
702f485587 - For #762: relocate EDNS cookie code to util/edns and introduce unit 
tests.
 2023-08-04 14:26:08 +02:00
George Thessalonikefs
6e47c1e05b - For #762: remove relocated code. 2023-08-02 15:51:05 +02:00
George Thessalonikefs
5b55a46550 - For #762: relocate RFC 1982 serial number arithmetic functions to their own 
file in util/rfc_1982.[ch].
 2023-08-01 17:26:14 +02:00
George Thessalonikefs
8aec671860 - More braces and formatting for Fix for EDNS EDE size calculation to 
avoid future bugs.
 2023-08-01 15:15:33 +02:00
W.C.A. Wijngaards
990b12bc8e - Fix for EDNS EDE size calculation. 2023-08-01 15:08:50 +02:00
George Thessalonikefs
08e11284fb - For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options 
altogether) before giving up on attaching EDE options.
 2023-08-01 09:55:28 +02:00
George Thessalonikefs
dcd0191d7e Merge branch 'master' of https://github.com/natalie-reece/unbound into natalie-reece-master 2023-07-31 09:57:21 +02:00
George Thessalonikefs
f5a2a58ce3 Review for #759: 
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
  0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
 2023-07-17 17:26:31 +02:00
George Thessalonikefs
15b8d8b96a Merge branch 'master' into features/ede-caching 2023-07-13 11:25:59 +02:00
Natalie Reece
67e52ea9c5 Exclude EDE before other EDNS options when there isn't enough space 2023-07-11 17:01:26 -06:00
George Thessalonikefs
a952ac17be Merge branch 'tilan7663-subnet_cache_prefetch' into subnet_cache_prefetch 2023-07-07 16:50:58 +02:00
George Thessalonikefs
40e47bf767 - For #664: easier code flow for subnetcache prefetching. 
- For #664: add testcase.
 2023-07-06 22:22:21 +02:00
George Thessalonikefs
47cf44cc70 - For #762: relocate edns_opt_list_append_keepalive. 2023-06-22 12:11:28 +02:00
George Thessalonikefs
1cd75cccfc - For #762: More generic integration for siphash.c 2023-06-22 11:45:08 +02:00
Willem Toorop
8df26b132b Merge branch 'master' into devel/merge-master-into-downstream-cookies 2022-11-07 17:09:20 +00:00
Willem Toorop
75f3fbdd65 Downstream DNS Cookies a la RFC7873 and RFC9018 
Create server cookies for clients that send client cookies.
Needs to be turned on in the config file with:

	answer-cookie: yes

A cookie-secret can be configured for anycast setups.
Also adds an access control list that will allow queries with
either a valid cookie or over a stateful transport.
 2022-09-28 10:28:19 +02:00
Willem Toorop
71f23ef354 extended_error_encode() for extended errors 2022-09-28 09:57:56 +02:00
TCY16
0b176750bd add @wcawijngaards' review comments 2022-09-26 12:14:17 +02:00
TCY16
f0989fc754 differentiate between malloc and regional_alloc 2022-09-26 11:49:49 +02:00
TCY16
c9f90def0a swap malloc for regional_alloc and add free 2022-09-26 11:18:58 +02:00
TCY16
dcfcde2ec8 add cached EDE strings 2022-09-21 11:21:33 +02:00
TCY16
5f309d0018 Add caching EDEs 2022-09-01 14:10:14 +02:00
W.C.A. Wijngaards
7696398231 - Fix verbose EDE error printout. 2022-07-11 13:13:51 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
Tom Carpay
ff030fa332 Clarify KEEPALIVE EDNS0 option operation 2021-11-15 14:00:31 +00:00
Tom Carpay
e899b4cefe Make explicit whether edns options are parsed from queries or responses 2021-11-15 13:40:51 +00:00
Tom Carpay
b47dc528aa add missing return code 2021-11-15 12:33:08 +00:00