upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-04 22:09:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7560 commits 23 branches 209 tags 124 MiB
Commit graph

1383 commits

Author SHA1 Message Date
W.C.A. Wijngaards
320d0a5f1b - Fix #1021 Inconsistent Behavior with Changing rpz-cname-override 
and doing a unbound-control reload.
 2024-03-11 16:31:58 +01:00
W.C.A. Wijngaards
0818841038 - Fix TTL of synthesized CNAME when a DNAME is used from cache. 2024-03-08 09:47:59 +01:00
W.C.A. Wijngaards
56a2b564ef Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c' 2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9 Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae' 2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69 - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. 2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
Yorgos Thessalonikefs
3522451600 - Update message TTL when using cached RRSETs. It could result in 
non-expired messages with expired RRSETs (non-usable messages by
  Unbound).
 2024-01-23 10:10:37 +01:00
sahnalys12
b1d02cc94f skip edns frag retry if advertised udp payload size is not smaller 
If serviced query is in UDP_EDNS_FRAG mode, and EDNS_ADVERTISED_SIZE
is 1232 (the default) or more, then the retry will have the same edns
udp payload size with the same result.
 2024-01-05 12:16:23 +01:00
k-akashi
4b9cd8e81d Add DoH and DoT to dnstap message 2023-12-27 07:26:21 +09:00
Yorgos Thessalonikefs
8517f49745 - Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672. 2023-12-06 23:40:01 +01:00
W.C.A. Wijngaards
3d1bc143af - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. 2023-12-05 10:05:51 +01:00
W.C.A. Wijngaards
0f78bea4a3 - Fix #954: Inconsistent RPZ handling for A record returned along with 
CNAME.
 2023-10-17 16:47:04 +02:00
W.C.A. Wijngaards
39df4f0923 - disable-edns-do, queriers receive no EDNS in response if the 
disable-edns-do option is enabled and they set the DO flag. And unit test
  for that.
 2023-10-04 13:54:05 +02:00
George Thessalonikefs
9342bf685e - Fix misplaced comment. 2023-10-02 16:13:23 +02:00
W.C.A. Wijngaards
bd5dc855af - Fix rpz tcp-only action with rpz triggers nsdname and nsip. 2023-09-18 09:55:39 +02:00
W.C.A. Wijngaards
6e65343895 - Fix authority zone answers for obscured DNAMEs and delegations. 2023-09-14 11:37:49 +02:00
Philip Homburg
1c8f0e0fc5 Avoid calling comm_point_udp_ancil_callback from comm_point_create_udp 2023-09-07 16:35:22 +02:00
Philip Homburg
17a557dfd5 Fix #928 (1.18 doesn't start on macOS/SunOS) 2023-09-07 16:35:22 +02:00
George Thessalonikefs
49e4258102 - For #762: Interaction between DNS Cookies and source IP ratelimiting 
by allowing Cookies to bypass the ratelimit, but still allowing
  ratelimit to valid DNS Cookie clients via the new
  ip-ratelimit-cookie option.
 2023-08-08 10:14:03 +02:00
George Thessalonikefs
4ccb613396 Merge branch 'master' into features/downstream-cookies 2023-08-05 20:37:48 +02:00
George Thessalonikefs
f97927a47e Merge branch 'master' into features/ede-caching-cachedb 2023-07-30 14:17:52 +02:00
George Thessalonikefs
6819c1e444 - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. 2023-07-30 11:48:04 +02:00
George Thessalonikefs
0912015fb9 - Review for #790: Fix memory leak. 2023-07-28 17:21:15 +02:00
George Thessalonikefs
50ea4a1072 Address review comments for #759: 
- Decrease allocations for "" EDE strings when loading the cachedump.
- Check for existence of EDE code before attaching.
 2023-07-28 12:56:13 +02:00
George Thessalonikefs
6289238cd6 - For #889: Account for num_detached_states before possible 
mesh_state_delete when erroring out.
 2023-07-21 21:05:38 +02:00
George Thessalonikefs
201da1f50a Merge branch 'free_memory_in_error_case' of https://github.com/borisVanhoof/unbound into borisVanhoof-free_memory_in_error_case 2023-07-21 17:04:33 +02:00
George Thessalonikefs
862fa0d514 Merge branch 'module-error' of https://github.com/trofi/unbound into trofi-module-error 2023-07-20 12:08:27 +02:00
George Thessalonikefs
846b158304 - Remove redundant checks when attaching EDE to a SERVFAIL answer. 2023-07-19 15:26:08 +02:00
George Thessalonikefs
95604a90e8 Review for #759: 
- Keep EDE information for keys close to key creation.
- Fix inconsistencies between reply and cached EDEs.
- Incorporate EDE caching checks in EDE tests.
- Fix some EDE cases where missing DNSKEY was wrongly reported.
 2023-07-19 15:20:44 +02:00
George Thessalonikefs
f5a2a58ce3 Review for #759: 
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
  0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
 2023-07-17 17:26:31 +02:00
George Thessalonikefs
606e5a0a5f Merge branch 'cleanup_cppcheck' of https://github.com/chipitsine/unbound into chipitsine-cleanup_cppcheck 2023-07-13 11:49:41 +02:00
George Thessalonikefs
15b8d8b96a Merge branch 'master' into features/ede-caching 2023-07-13 11:25:59 +02:00
George Thessalonikefs
a952ac17be Merge branch 'tilan7663-subnet_cache_prefetch' into subnet_cache_prefetch 2023-07-07 16:50:58 +02:00
George Thessalonikefs
40e47bf767 - For #664: easier code flow for subnetcache prefetching. 
- For #664: add testcase.
 2023-07-06 22:22:21 +02:00
George Thessalonikefs
2069271384 - Merge #802: add validation EDEs to queries where the CD bit is set. 
- For #802: Cleanup comments and add RCODE check for CD bit test case.
 2023-07-03 14:48:39 +02:00
George Thessalonikefs
014db3fb03 - For #802: Cleanup comments and add RCODE check for CD bit test case. 2023-07-03 14:40:01 +02:00
W.C.A. Wijngaards
5aa47fb1fa - Fix dereference of NULL variable warning in mesh_do_callback. 2023-07-03 13:50:39 +02:00
George Thessalonikefs
41dac805f5 - Merge #892: Add cachedb hit stat. Introduces 'num.query.cachedb' as 
a new statistical counter.
 2023-06-27 12:46:26 +02:00
Sergei Trofimovich
d10a889a68 config: improve handling of unknown modules 
The change fixes module print when specified module is unknown. On
example config:

    server:
      module-config: "respip valdator iterator"

Before the change printed error looked like:

    error: Unknown value in module-config, module: ''. This module is
    not present (not compiled in), See the list of linked modules with
    unbound -V

After the change module is printed as expected:

    error: Unknown value in module-config, module: 'valdator'. This
    module is not present (not compiled in), See the list of linked
    modules with unbound -V

Module truncation happens because parse error does not guarantee that
leading whitespace is removed by `module_factory()` call.

The change always removes leading whitespace (if present).
 2023-06-19 18:20:22 +01:00
Philip Homburg
52581f8644 Fix for issue #887 (Timeouts to forward servers on BSD based system with ASLR) 
and proabbly #516 (Stream reuse does not work on Windows)
 2023-06-09 13:59:31 +02:00
George Thessalonikefs
db5cf5851d - More efficient mesh accounting per client. 2023-05-30 23:34:31 +02:00
George Thessalonikefs
4f52be4db9 - Introduce num.query.cachedb to track cache hits for the external cache. 2023-05-30 17:49:50 +02:00
Boris VANHOOF
a21bc23139 free memory in error case 2023-05-23 09:23:03 +02:00
Boris VANHOOF
62d54d8091 remove unused function 2023-05-23 09:22:35 +02:00
W.C.A. Wijngaards
59fd48c226 - Fix to remove unused variables from RPZ clientip data structure. 2023-05-19 16:36:31 +02:00
W.C.A. Wijngaards
da78c42f88 - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR. 2023-05-19 14:38:41 +02:00
W.C.A. Wijngaards
1fb78afc29 - Fix warning in windows compile, in set_recvtimestamp. 2023-05-11 09:32:59 +02:00
Philip Homburg
4a04ba813a Merge branch '0ttl' 2023-04-26 17:14:15 +02:00
Philip Homburg
1aa2c318e7 Remove msg_del_for_0ttl, call msg_cache_remove directly 2023-04-26 17:11:29 +02:00
W.C.A. Wijngaards
8058dc9127 - Fix for #882: document variable to stop doxygen warning. 2023-04-26 14:07:33 +02:00