upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-30 19:39:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
7560 commits 23 branches 209 tags 124 MiB
Commit graph

7560 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yorgos Thessalonikefs
bc47f50926 Changelog entry for #1028: 
- Merge #1028: Clearer documentation for tcp-idle-timeout and
  edns-tcp-keepalive-timeout.
 2024-03-12 14:52:57 +01:00
Yorgos Thessalonikefs
e36b5a099c
Clearer documentation for tcp-idle-timeout and edns-tcp-keepalive-timeout (#1028) 
* - Clearer documentation for tcp-idle-timeout and
  edns-tcp-keepalive-timeout.

* - Address review comment.
 2024-03-12 14:52:00 +01:00
W.C.A. Wijngaards
320d0a5f1b - Fix #1021 Inconsistent Behavior with Changing rpz-cname-override 
and doing a unbound-control reload.
 2024-03-11 16:31:58 +01:00
W.C.A. Wijngaards
d382210fce Update doc/Changelog to note the fixes included in 1.19.3rc2. 2024-03-11 12:30:24 +01:00
W.C.A. Wijngaards
7b62767e16 - Fix unbound-control-setup.cmd to have CA v3 basicConstraints, 
like unbound-control-setup.sh has.
 2024-03-08 17:18:05 +01:00
W.C.A. Wijngaards
6568841bb0 - Fix doc test so it ignores but outputs unsupported doxygen options. 2024-03-08 16:43:24 +01:00
W.C.A. Wijngaards
e361f6b284 - Fix qname minimisation for reply with a DNAME for qtype CNAME that 
answers it.
 2024-03-08 16:33:17 +01:00
Yorgos Thessalonikefs
53766917ef - Update doc/unbound.doxygen with 'doxygen -u'. Fixes option 
deprecation warnings and updates with newer defaults.
 2024-03-08 16:13:36 +01:00
W.C.A. Wijngaards
2a255076f5 - Fix validator classification of qtype DNAME for positive and 
redirection answers, and fix validator signature routine for dealing
  with the synthesized CNAME for a DNAME without previously
  encountering it and also for when the qtype is DNAME.
 2024-03-08 14:10:06 +01:00
W.C.A. Wijngaards
fb080e7853 - Remove unused portion from iter_dname_ttl unit test. 2024-03-08 09:51:37 +01:00
W.C.A. Wijngaards
0818841038 - Fix TTL of synthesized CNAME when a DNAME is used from cache. 2024-03-08 09:47:59 +01:00
W.C.A. Wijngaards
939baebfe7 - Fix unbound-control-setup.cmd to use 3072 bits so that certificates 
are long enough for newer OpenSSL versions.
 2024-03-08 09:07:36 +01:00
W.C.A. Wijngaards
326ba26522 - Version set to 1.19.3 for release. After 1.19.2 point release with 
security fix for CVE-2024-1931, Denial of service when trimming
  EDE text on positive replies. The code repo includes the fix and
  is for version 1.19.3.
 2024-03-07 11:06:42 +01:00
W.C.A. Wijngaards
ec0b510f1c - Fix for #1022: Fix ede prohibited in access control refused answers. 2024-03-05 13:39:29 +01:00
W.C.A. Wijngaards
be626f7c53 - Fix edns subnet replies for scope zero answers to not get stored 
in the global cache, and in cachedb, when the upstream replies
  without an EDNS record.
 2024-03-04 13:20:13 +01:00
W.C.A. Wijngaards
3096e4930e - Move github workflows to use checkoutv4. 2024-02-28 11:44:52 +01:00
Yorgos Thessalonikefs
33bdf44a04 - Document the suspend argument for process_ds_response(). 2024-02-23 14:34:33 +01:00
W.C.A. Wijngaards
ccbe31c21f - Fix trim of EDE text from large udp responses from spinning cpu. 2024-02-22 16:22:31 +01:00
Yorgos Thessalonikefs
c6746499c1 Changelog entry for #1010: 
- Merge #1010: Mention REFUSED has the TC bit set with unmatched
  allow_cookie acl in the manpage. It also fixes the code to match the
  documentation about clients with a valid cookie that bypass the
  ratelimit regardless of the allow_cookie acl.
 2024-02-20 15:33:18 +01:00
Willem Toorop
e1229e375f
Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage (#1010) 
* Mention REFUSED with TC with unmatched allow_cookie acl in manpage

Also moved the part about bypassing ip-ratelimit to the ip-ratelimit
description as it will be bypassed with a valid DNS-Cookie regardless of the
allow_cookie acl.

* Apply suggestions from code review

* Update doc/unbound.conf.5.in

* DNS-Cookies should bypass ip-ratelimit setting
 2024-02-20 15:29:34 +01:00
W.C.A. Wijngaards
be27499d39 - These fixes are part of the 1.19.1 release, that is a security 
point release on 1.19.0, the code repository continues with these
  fixes, with version number 1.19.2.
 2024-02-13 14:03:30 +01:00
W.C.A. Wijngaards
56a2b564ef Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c' 2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9 Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae' 2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69 - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. 2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
W.C.A. Wijngaards
54d86dd73b - Fix documentation for access-control in the unbound.conf man page. 2024-02-08 14:36:18 +01:00
Yorgos Thessalonikefs
b496714caa - autoconf. 2024-02-07 10:51:16 +01:00
Yorgos Thessalonikefs
3f5175584b - For #1006: fix logic error introduced by previous fix. 2024-02-07 10:49:28 +01:00
Yorgos Thessalonikefs
11fff226f3 - autoheader, autoconf. 2024-02-07 10:42:39 +01:00
Yorgos Thessalonikefs
93490a0fc1 - Fix #1006: Can't find protobuf-c package since #999. 2024-02-07 10:38:52 +01:00
W.C.A. Wijngaards
0585c3e5fd Autoconf and changelog note for #999 
- Merge #999: Search for protobuf-c with pkg-config.
 2024-01-30 16:24:41 +01:00
Wouter Wijngaards
0b74f2a007
Merge pull request #999 from NickCao/master 
Search for protobuf-c with pkg-config
 2024-01-30 16:23:43 +01:00
Nick Cao
59d98b9ef6
Search for protobuf-c with pkg-config 2024-01-26 17:52:24 -05:00
Yorgos Thessalonikefs
3522451600 - Update message TTL when using cached RRSETs. It could result in 
non-expired messages with expired RRSETs (non-usable messages by
  Unbound).
 2024-01-23 10:10:37 +01:00
Yorgos Thessalonikefs
fe03bacd6c - Update error printout for duplicate trust anchors to include the 
trust anchor name (relates to #920).
 2024-01-22 15:54:36 +01:00
W.C.A. Wijngaards
1f46d5945b - Fix for #997: Print details for SSL certificate failure. 2024-01-22 09:40:36 +01:00
W.C.A. Wijngaards
585d73bf7c For analysis workflow, clean up the script to use OpenSSL Configure 
without change.
 2024-01-17 16:23:18 +01:00
W.C.A. Wijngaards
9e84cebfdb - workflow for analysis, cleanup of windows compile with msys2 perl. 2024-01-17 16:20:22 +01:00
W.C.A. Wijngaards
d1a2bd67da - Fix warning for windres on resource files due to redefinition. 2024-01-17 16:19:56 +01:00
W.C.A. Wijngaards
7708429d35 For workflow, set perl interpreter for build. 2024-01-17 15:08:56 +01:00
W.C.A. Wijngaards
6045911d95 - Fix for workflow 2024-01-17 14:58:44 +01:00
W.C.A. Wijngaards
1b212aa073 For workflow, look for pacman. 2024-01-17 14:56:10 +01:00
W.C.A. Wijngaards
4d48166835 For workflow, use msys2 perl. 2024-01-17 14:53:23 +01:00
W.C.A. Wijngaards
437bac370a In workflow, use strawberry perl to run configure script. 2024-01-17 14:40:57 +01:00
W.C.A. Wijngaards
546062d3a3 For workflow, change path separator. 2024-01-17 14:36:35 +01:00
W.C.A. Wijngaards
576b93c99f For windows runner, look at perl contents. 2024-01-17 14:30:48 +01:00
W.C.A. Wijngaards
180275c4e0 Fix to install with cpanmin a missing perl module for the windows workflow. 2024-01-17 14:07:57 +01:00
W.C.A. Wijngaards
379e4b68f5 Fix for workflow to install perl module. 2024-01-17 14:03:30 +01:00
W.C.A. Wijngaards
74b4d81992 - Update workflow for ports to use newer openssl on windows compile. 2024-01-17 13:45:59 +01:00
W.C.A. Wijngaards
fea8f0d5fd Changelog note for #993 
- Merge #993: Update b.root-servers.net also in example config file.
 2024-01-16 16:44:15 +01:00