upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-29 02:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7987 commits 23 branches 209 tags 124 MiB
Commit graph

4880 commits

Author SHA1 Message Date
W.C.A. Wijngaards
3adb9c8f92 - Fix #1103: unbound 1.20.0 segmentation fault with nghttp2. 2024-07-12 16:11:29 +02:00
Yorgos Thessalonikefs
51425b2388 - Add RPZ tag tests in acl_interface.tdir. 2024-07-12 15:38:12 +02:00
W.C.A. Wijngaards
d43760a8cd - For #773: In contrib/unbound.service.in set unbound to start after 
network-online.target. Also for contrib/unbound_portable.service.in.
 2024-07-10 14:05:43 +02:00
Yorgos Thessalonikefs
ea3e327006 - Update list of known EDE codes. 2024-07-09 15:58:30 +02:00
W.C.A. Wijngaards
be09350eca - Fix shadowed error string variable in validator dnskey handling. 2024-07-08 16:50:16 +02:00
W.C.A. Wijngaards
169acfc546 - Fixup algo_needs_reason string buffer length. 2024-07-08 15:38:27 +02:00
W.C.A. Wijngaards
bed7cc2a90 - Fix that validation reason failure that uses string print uses 
separate buffer that is passed, from the scratch validation buffer.
 2024-07-08 15:29:20 +02:00
Yorgos Thessalonikefs
02f4446833 - Don't check for message TTL changes if the RRsets remain the same. 2024-07-05 19:58:19 +02:00
W.C.A. Wijngaards
c8a2289542 - Fix for #1099: Fix to check for deleted RRset when the contents 
is updated and fetched after it is stored, and also check for a
  changed RRset.
 2024-07-05 17:54:46 +02:00
W.C.A. Wijngaards
b53d90053e - Fix #1099: Unbound core dump on SIGSEGV. 2024-07-05 17:18:01 +02:00
W.C.A. Wijngaards
978b0696d3 - Fix neater printout. 2024-07-05 14:11:26 +02:00
W.C.A. Wijngaards
ec5f86b4eb - Fix for neater printout for error for missing DS response. 2024-07-05 08:49:52 +02:00
W.C.A. Wijngaards
ec2f45c6fd - Fix to print details about the failure to lookup a DNSKEY record 
when validation fails due to the missing DNSKEY. Also for key prime
  and DS lookups.
 2024-07-04 14:51:18 +02:00
W.C.A. Wijngaards
6b319c97ee - Fix compile warnings in fptr_wlist.c. 2024-07-03 16:42:52 +02:00
W.C.A. Wijngaards
6eb3992c9e - Fix to remove unneeded linebreak in fptr_wlist.c. 2024-07-03 15:51:22 +02:00
W.C.A. Wijngaards
94a94fd8c8 - Fix to use modstack_init in zonemd unit test. 2024-07-03 15:49:13 +02:00
W.C.A. Wijngaards
36f9d1a2a9 - Add unit test skip files and bison and flex output to gitignore. 2024-07-03 14:59:39 +02:00
W.C.A. Wijngaards
d3a2264272 Changelog entry for #144 and #1098 
- Fix #144: Port ipset to BSD pf tables.
 2024-07-03 14:53:42 +02:00
Yorgos Thessalonikefs
96f8a94c19 - Fix for repeated use of a DNAME record: first overallocate and then 
move the exact size of the init value to avoid false positive heap
  overflow reads from address sanitizers.
 2024-07-03 10:08:44 +02:00
W.C.A. Wijngaards
2fe4e2ec3e - Fix compile warning in worker pthread id printout. 2024-07-02 09:44:58 +02:00
W.C.A. Wijngaards
e54928a628 - Fix unused variable warning in do_cache_remove. 2024-07-02 09:33:22 +02:00
W.C.A. Wijngaards
538434186e - Fix to remove unused include from the readzone test program. 2024-07-02 09:31:34 +02:00
W.C.A. Wijngaards
7fbc061846 - Fix ip-ratelimit-cookie setting, it was not applied. 2024-06-27 14:51:58 +02:00
Yorgos Thessalonikefs
70f73a33b3 - Explicitly set the RD bit for the mesh query flags when prefetching. 
These queries have no waiting client but they need to be treated as
  recursive.
 2024-06-26 15:51:58 +02:00
Yorgos Thessalonikefs
b67fbb69e7 - Fix pkg-config availability check in dnstap/dnstap.m4 and 
systemd.m4.
- autoconf.
 2024-06-21 14:34:12 +02:00
Yorgos Thessalonikefs
902c79608c - Fix #1092: Ubuntu 22.04 Jammy fails to compile unbound 1.20.0; by 
adding helpful text for the Python interpreter version and allowing
  the default pkg-config unavailability error message to be shown.
- autoconf.
 2024-06-19 15:27:50 +02:00
W.C.A. Wijngaards
08050dc939 - Fix #1091: Build fails with OpenSSL >= 3.0 built with 
OPENSSL_NO_DEPRECATED.
 2024-06-17 12:28:45 +02:00
W.C.A. Wijngaards
9603924bb4 - Add unit test for validation of repeated use of a DNAME record. 2024-06-07 11:56:19 +02:00
W.C.A. Wijngaards
4c2da2b979 - Fix validation for repeated use of a DNAME record. 2024-06-06 15:28:21 +02:00
W.C.A. Wijngaards
1974732d19 - Fix typos for 'the the' in text. 2024-06-06 09:35:57 +02:00
W.C.A. Wijngaards
3cad5818a1 - Fix memory leak in setup of dsa sig. 2024-06-06 09:30:09 +02:00
Yorgos Thessalonikefs
ad12109191 - Merge #1080: AddressSanitizer detection in tdir tests and memory leak 
fixes.
 2024-06-04 17:34:58 +02:00
W.C.A. Wijngaards
86fe9cbce5 - Fix to squelch connection reset by peer errors from log. And fix 
that the tcp read errors are labeled as initial for the first calls.
 2024-06-03 12:14:51 +02:00
W.C.A. Wijngaards
4b30e88eec - Fix for #1079: fix RPZ taglist in iterator callback that no client 
info is like no taglist intersection.
 2024-05-30 12:44:26 +02:00
W.C.A. Wijngaards
b6c7ea563f - Fix #1079: tags from tagged rpz zones are no longer honored after 
upgrade from 1.19.3 to 1.20.0.
 2024-05-30 12:11:30 +02:00
W.C.A. Wijngaards
910d7cf446 Changelog note for #1078. 
- Merge #1078: Only check old pid if no username.
 2024-05-29 14:45:01 +02:00
Yorgos Thessalonikefs
5fc4673901 - Update patch to remove 'command' shell builtin and update error 
text.
 2024-05-27 17:17:48 +02:00
Yorgos Thessalonikefs
f5a2160ba3 - Fix unused variable warning on compilation with no thread support. 2024-05-27 14:56:52 +02:00
W.C.A. Wijngaards
0c0c36f015 - Fix spelling of tcp-idle-timeout docs, from Michael Tokarev. 2024-05-27 14:36:35 +02:00
W.C.A. Wijngaards
47956de897 - Fix to enable that SERVFAIL is cached, for a short period, for more 
cases. In the cases where limits are exceeded.
 2024-05-27 13:53:16 +02:00
Yorgos Thessalonikefs
b30c869a59 Changelog entry for #1059: 
- Fix #1059: Intermittent DNS blocking failure with local-zone and
  always_nxdomain. Addition of local_zones dynamically via
  unbound-control was not finding the zone's parent correctly.
 2024-05-24 15:24:52 +02:00
W.C.A. Wijngaards
7107d3c9e7 - Fix #1064: Unbound 1.20 Cachedb broken? 
Add unit test for validation status commit.
 2024-05-24 09:06:48 +02:00
W.C.A. Wijngaards
fbdc06ebc4 - Fix for #1064: Fix that cachedb expired messages are considered 
insecure, and thus can be served to clients when dnssec is enabled.
 2024-05-21 17:06:18 +02:00
W.C.A. Wijngaards
d149e755fd - Fix for parse end of forward-zone, stub-zone and view. 2024-05-21 12:04:57 +02:00
W.C.A. Wijngaards
86ee8ccd12 - Fix to print a parse error when config is read with no name for 
a forward-zone, stub-zone or view.
 2024-05-21 11:54:18 +02:00
W.C.A. Wijngaards
8d6a1ba811 Changelog note for #1073. 
- Merge #1073: fix null pointer dereference issue in function
  ub_ctx_set_fwd.
 2024-05-21 11:52:47 +02:00
Yorgos Thessalonikefs
2e70506763 Changelog entry for #1069: 
- Merge #1069: Fix unbound-control stdin commands for multi-process
  Unbounds.
 2024-05-17 10:31:20 +02:00
W.C.A. Wijngaards
da2b307aa3 - Fix #1071: [FR] Clear both in-memory and cachedb module cache with 
`unbound-control flush*` commands.
 2024-05-16 16:56:58 +02:00
Yorgos Thessalonikefs
739a88ceed Changelog entry for #1070: 
- Merge #1070: Fix rtt assignement for low values of
  infra-cache-max-rtt.
 2024-05-16 13:43:24 +02:00
Yorgos Thessalonikefs
1048c4a28c - Add missing common functions to tdir tests. 2024-05-15 11:20:36 +02:00
W.C.A. Wijngaards
7de009f99a - Fix when the mesh jostle is exceeded that nameserver targets are 
marked as resolved, so that the lookup is not stuck on the
  requestlist.
 2024-05-10 09:50:35 +02:00
W.C.A. Wijngaards
95669855fb - Fix to squelch udp connect errors in the log at low verbosity about 
invalid argument for IPv6 link local addresses.
 2024-05-08 16:40:41 +02:00
W.C.A. Wijngaards
56e7cade28 The code repository continues with version 1.20.1. 2024-05-08 11:10:53 +02:00
W.C.A. Wijngaards
c085a53268 - Fix for #1062: declaration before statement, avoid print of null, 
and redundant check for array size.
And changelog note for merge of #1062.
 2024-05-07 14:05:21 +02:00
W.C.A. Wijngaards
b9525c5fd4 - Set version number to 1.20.0 for release. 2024-05-01 10:15:12 +02:00
W.C.A. Wijngaards
c3206f4568 - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li 
from the Network and Information Security Lab of Tsinghua University
  for reporting it.
 2024-05-01 10:10:58 +02:00
W.C.A. Wijngaards
9abed3fc83 - Fix doxygen comment for errinf_to_str_bogus. 2024-04-29 13:42:26 +02:00
Yorgos Thessalonikefs
63a6b7b255 - Cleanup unnecessary strdup calls for EDE strings. 2024-04-29 10:15:19 +02:00
W.C.A. Wijngaards
15dc8e8a3f - Man page entry for unbound-checkconf -q. 2024-04-26 14:54:25 +02:00
Yorgos Thessalonikefs
cd4a017e96 - Fix #876: [FR] can unbound-checkconf be silenced when configuration 
is valid?
 2024-04-26 14:50:39 +02:00
W.C.A. Wijngaards
82c0207fa6 - Add unit tests for cachedb and subnet cache expired data. 2024-04-26 13:33:26 +02:00
W.C.A. Wijngaards
7c5e765b3b - Fix cachedb with serve-expired-client-timeout disabled. The edns 
subnet module deletes global cache and cachedb cache when it
  stores a result, and serve-expired is enabled, so that the global
  reply, that is older than the ecs reply, does not return after
  the ecs reply expires.
 2024-04-26 13:32:15 +02:00
W.C.A. Wijngaards
f456d97a34 - Fix doc unit test for out of directory build. 2024-04-25 17:06:06 +02:00
W.C.A. Wijngaards
8b490b1540 - Fix to disable fragmentation on systems with IP_DONTFRAG, 
with a nonzero value for the socket option argument.
 2024-04-25 12:53:05 +02:00
W.C.A. Wijngaards
b3951e5885 Changelog note for #1041 and #1038. 
- Merge #1041: Stub and Forward unshare. This has one structure
  for them and fixes #1038: fatal error: Could not initialize
  thread / error: reading root hints.
 2024-04-25 11:12:27 +02:00
W.C.A. Wijngaards
07859a9ef3 - Fix configure flto check error, by finding grep for it. 2024-04-25 10:53:35 +02:00
W.C.A. Wijngaards
cb74467acb - Fix ci workflow for macos for moved install locations. 2024-04-24 16:31:44 +02:00
Yorgos Thessalonikefs
62dad42152 - Merge #1053: Remove child delegations from cache when grandchild 
delegations are returned from parent.
 2024-04-23 14:24:07 +02:00
W.C.A. Wijngaards
52aff65e35 - Fix edns subnet to sort rrset references when storing messages 
in the cache. This fixes a race condition in the rrset locks.
 2024-04-22 13:44:42 +02:00
W.C.A. Wijngaards
5994fb3db5 - Add checklock feature verbose_locking to trace locks and unlocks. 2024-04-22 13:42:35 +02:00
Yorgos Thessalonikefs
0dbcb45d28 Changelog entry for #1049: 
- Merge #1049 from Petr Menšík: Py_NoSiteFlag is not needed since
  Python 3.8
 2024-04-15 14:49:14 +02:00
W.C.A. Wijngaards
0d4c5aa421 - Fix configure, autoconf for #1048. 2024-04-15 12:17:56 +02:00
W.C.A. Wijngaards
9e60f93b84 Changelog note for #1048. 
- Fix #1048: Update ax_pkg_swig.m4 and ax_pthread.m4.
 2024-04-15 12:15:54 +02:00
W.C.A. Wijngaards
491b56d051 - Fixup cachedb to not refetch when serve-expired-client-timeout is 
used.
 2024-04-12 14:22:18 +02:00
W.C.A. Wijngaards
4d530920e0 - Fixup unit test for cachedb server expired client timeout with 
a check if response if from upstream or from cachedb.
 2024-04-12 11:51:00 +02:00
W.C.A. Wijngaards
08fb9a9209 - Fix cachedb for serve-expired with serve-expired-client-timeout. 2024-04-12 11:26:53 +02:00
W.C.A. Wijngaards
04ff2672b5 - Fix to not reply serve expired unless enabled for cachedb. 2024-04-10 17:06:01 +02:00
W.C.A. Wijngaards
d47849a26e - Fix cachedb for serve-expired with serve-expired-reply-ttl. 2024-04-10 17:01:57 +02:00
W.C.A. Wijngaards
63ee97d0fd - Fix makefile dependencies for fake_event.c. 2024-04-10 14:04:39 +02:00
W.C.A. Wijngaards
bd74a32b79 - Extended test for cachedb serve expired. 2024-04-10 13:08:23 +02:00
W.C.A. Wijngaards
b990be88ef - Add test for cachedb serve expired. 2024-04-10 12:36:21 +02:00
W.C.A. Wijngaards
d55511f1dd - Fixup compile without cachedb. 2024-04-10 11:27:08 +02:00
W.C.A. Wijngaards
d98c7b9ae3 - Implement cachedb-check-when-serve-expired: yes option, default 
is enabled. When serve expired is enabled with cachedb, it first
  checks cachedb before serving the expired response.
 2024-04-10 11:21:28 +02:00
Yorgos Thessalonikefs
a30221c5bb - Merge #1043 from xiaoxiaoafeifei: Add loongarch support; updates 
config.guess(2024-01-01) and config.sub(2024-01-01), verified
  with upstream.
 2024-04-09 17:00:59 +02:00
Yorgos Thessalonikefs
8575d5b35c - Fix #595: unbound-anchor cannot deal with full disk; it will now 
first write out to a temp file before replacing the original one,
  like Unbound already does for auto-trust-anchor-file.
 2024-04-08 14:15:03 +02:00
W.C.A. Wijngaards
ba16e41160 - Fix comment syntax for view function views_find_view. 2024-04-05 16:11:29 +02:00
Yorgos Thessalonikefs
708d5229ae - Merge #1027: Introduce 'cache-min-negative-ttl' option. 2024-04-05 11:44:37 +02:00
Yorgos Thessalonikefs
fb4a7d65d7 - Fix #369: dnstap showing extra responses; for client responses 
right from the cache when replying with expired data or
  prefetching.
 2024-04-03 15:18:13 +02:00
Yorgos Thessalonikefs
91e8e0e511 - Fix #1035: Potential Bug while parsing port from the "stub-host" 
string; also affected forward-zones and remote-control host
  directives.
 2024-04-03 13:37:57 +02:00
W.C.A. Wijngaards
dfff8d23cf - For #1040: adjust error text and disallow negative ports in other 
parts of cfg_mark_ports.
 2024-04-03 10:16:18 +02:00
W.C.A. Wijngaards
103d9a68fa Changelog note for #1040 
- Fix #1040: fix heap-buffer-overflow issue in function cfg_mark_ports
  of file util/config_file.c.
 2024-04-03 10:03:04 +02:00
W.C.A. Wijngaards
e1aeabde44 - Fix for crypto related failures to have a better error string. 2024-03-28 09:58:57 +01:00
W.C.A. Wijngaards
6d1e61173b - Fix #1034: DoT forward-zone via unbound-control. 2024-03-28 09:58:03 +01:00
W.C.A. Wijngaards
6f82b5be4a - Fix that the server does not chown the pidfile. 2024-03-27 14:52:25 +01:00
W.C.A. Wijngaards
192f1b0e2b - Fix that when the server truncates the pidfile, it does not follow 
symbolic links.
 2024-03-27 14:07:54 +01:00
W.C.A. Wijngaards
238a796e38 - Fix to add unit test for lruhash space that exercises the routines. 2024-03-27 13:33:46 +01:00
W.C.A. Wijngaards
fe393ac355 - Fix comment in lruhash space function. 2024-03-27 12:30:00 +01:00
W.C.A. Wijngaards
3ea078baf6 - Fix for #1032, add safeguard to make table space positive. 2024-03-27 11:49:20 +01:00
W.C.A. Wijngaards
eb3e1ae24f - Fix #1032: The size of subnet_msg_cache calculation mistake cause 
memory usage increased beyond expectations.
 2024-03-27 11:45:34 +01:00
W.C.A. Wijngaards
c2b20c585e - Fix name of unit test for subnet cache response. 2024-03-27 11:43:55 +01:00
Yorgos Thessalonikefs
07561964fc - For #831: Format text, use exclamation icon and explicit label 
names.
 2024-03-25 22:02:08 +01:00
Yorgos Thessalonikefs
ce8c1ce5b0 Changelog entry for #831 
- Merge #831 from Pierre4012: Improve Windows NSIS installer
  script (setup.nsi).
 2024-03-25 16:46:25 +01:00
W.C.A. Wijngaards
73bd5a19aa - Fix localdata and rpz localdata to match CNAME only if no direct 
type match is available.
 2024-03-19 10:21:10 +01:00
W.C.A. Wijngaards
fef974ca5c - Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that 
clientip and nsip can give a CNAME.
 2024-03-19 09:32:53 +01:00
W.C.A. Wijngaards
8dbf46913b - Fix rpz for qtype CNAME after nameserver trigger. 2024-03-18 14:36:29 +01:00
W.C.A. Wijngaards
e46b188fe8 - Add rpz unit test for nsip action override. 2024-03-18 14:11:43 +01:00
W.C.A. Wijngaards
e6b1f9a4c3 - Fix rpz that copies the cname override completely to the temp 
region, so there are no references to the rpz region.
 2024-03-18 13:52:59 +01:00
W.C.A. Wijngaards
39cfc8c1c0 - Fix rpz, it follows iterator CNAMEs for nsip and nsdname and sets 
the reply query_info values, that is better for debug logging.
 2024-03-18 12:45:00 +01:00
W.C.A. Wijngaards
79e25e192c - Fix that rpz CNAME content is limited to the max number of cnames. 2024-03-18 11:25:29 +01:00
Yorgos Thessalonikefs
792089f523 Merge branch 'features/makedist-persist-windir' 2024-03-15 17:22:00 +01:00
W.C.A. Wijngaards
2993437eaa - Fix that addrinfo is not kept around but copied and freed, so that 
log-destaddr uses a copy of the information, much like NSD does.
 2024-03-15 13:39:49 +01:00
W.C.A. Wijngaards
0bcc8c0211 - The code repository continues with version 1.19.4. 2024-03-14 10:33:13 +01:00
W.C.A. Wijngaards
4b54d8e15e - Fix rpz for cname override action after nsdname and nsip triggers. 2024-03-13 17:14:14 +01:00
W.C.A. Wijngaards
afe52595a9 - Fix to unify codepath for local alias for rpz cname action override. 2024-03-13 16:12:48 +01:00
W.C.A. Wijngaards
4f417262e3 - Fix rpz that the rpz override is taken in case of clientip triggers. 
Fix that the clientip passthru action is logged. Fix that the
  clientip localdata action is logged. Fix rpz override action cname
  for the clientip trigger.
 2024-03-13 16:04:58 +01:00
W.C.A. Wijngaards
1db3b38104 - Fix #1029: rpz trigger clientip and action rpz-passthru not working 
as expected.
 2024-03-13 13:45:04 +01:00
Yorgos Thessalonikefs
bc47f50926 Changelog entry for #1028: 
- Merge #1028: Clearer documentation for tcp-idle-timeout and
  edns-tcp-keepalive-timeout.
 2024-03-12 14:52:57 +01:00
W.C.A. Wijngaards
320d0a5f1b - Fix #1021 Inconsistent Behavior with Changing rpz-cname-override 
and doing a unbound-control reload.
 2024-03-11 16:31:58 +01:00
W.C.A. Wijngaards
d382210fce Update doc/Changelog to note the fixes included in 1.19.3rc2. 2024-03-11 12:30:24 +01:00
W.C.A. Wijngaards
7b62767e16 - Fix unbound-control-setup.cmd to have CA v3 basicConstraints, 
like unbound-control-setup.sh has.
 2024-03-08 17:18:05 +01:00
W.C.A. Wijngaards
6568841bb0 - Fix doc test so it ignores but outputs unsupported doxygen options. 2024-03-08 16:43:24 +01:00
W.C.A. Wijngaards
e361f6b284 - Fix qname minimisation for reply with a DNAME for qtype CNAME that 
answers it.
 2024-03-08 16:33:17 +01:00
Yorgos Thessalonikefs
53766917ef - Update doc/unbound.doxygen with 'doxygen -u'. Fixes option 
deprecation warnings and updates with newer defaults.
 2024-03-08 16:13:36 +01:00
W.C.A. Wijngaards
2a255076f5 - Fix validator classification of qtype DNAME for positive and 
redirection answers, and fix validator signature routine for dealing
  with the synthesized CNAME for a DNAME without previously
  encountering it and also for when the qtype is DNAME.
 2024-03-08 14:10:06 +01:00
W.C.A. Wijngaards
fb080e7853 - Remove unused portion from iter_dname_ttl unit test. 2024-03-08 09:51:37 +01:00
W.C.A. Wijngaards
0818841038 - Fix TTL of synthesized CNAME when a DNAME is used from cache. 2024-03-08 09:47:59 +01:00
W.C.A. Wijngaards
939baebfe7 - Fix unbound-control-setup.cmd to use 3072 bits so that certificates 
are long enough for newer OpenSSL versions.
 2024-03-08 09:07:36 +01:00
W.C.A. Wijngaards
326ba26522 - Version set to 1.19.3 for release. After 1.19.2 point release with 
security fix for CVE-2024-1931, Denial of service when trimming
  EDE text on positive replies. The code repo includes the fix and
  is for version 1.19.3.
 2024-03-07 11:06:42 +01:00
W.C.A. Wijngaards
ec0b510f1c - Fix for #1022: Fix ede prohibited in access control refused answers. 2024-03-05 13:39:29 +01:00
W.C.A. Wijngaards
be626f7c53 - Fix edns subnet replies for scope zero answers to not get stored 
in the global cache, and in cachedb, when the upstream replies
  without an EDNS record.
 2024-03-04 13:20:13 +01:00
W.C.A. Wijngaards
3096e4930e - Move github workflows to use checkoutv4. 2024-02-28 11:44:52 +01:00
Yorgos Thessalonikefs
33bdf44a04 - Document the suspend argument for process_ds_response(). 2024-02-23 14:34:33 +01:00
W.C.A. Wijngaards
ccbe31c21f - Fix trim of EDE text from large udp responses from spinning cpu. 2024-02-22 16:22:31 +01:00
Yorgos Thessalonikefs
c6746499c1 Changelog entry for #1010: 
- Merge #1010: Mention REFUSED has the TC bit set with unmatched
  allow_cookie acl in the manpage. It also fixes the code to match the
  documentation about clients with a valid cookie that bypass the
  ratelimit regardless of the allow_cookie acl.
 2024-02-20 15:33:18 +01:00
W.C.A. Wijngaards
be27499d39 - These fixes are part of the 1.19.1 release, that is a security 
point release on 1.19.0, the code repository continues with these
  fixes, with version number 1.19.2.
 2024-02-13 14:03:30 +01:00
W.C.A. Wijngaards
54d86dd73b - Fix documentation for access-control in the unbound.conf man page. 2024-02-08 14:36:18 +01:00
Yorgos Thessalonikefs
93490a0fc1 - Fix #1006: Can't find protobuf-c package since #999. 2024-02-07 10:38:52 +01:00
W.C.A. Wijngaards
0585c3e5fd Autoconf and changelog note for #999 
- Merge #999: Search for protobuf-c with pkg-config.
 2024-01-30 16:24:41 +01:00
Yorgos Thessalonikefs
3522451600 - Update message TTL when using cached RRSETs. It could result in 
non-expired messages with expired RRSETs (non-usable messages by
  Unbound).
 2024-01-23 10:10:37 +01:00
Yorgos Thessalonikefs
fe03bacd6c - Update error printout for duplicate trust anchors to include the 
trust anchor name (relates to #920).
 2024-01-22 15:54:36 +01:00
W.C.A. Wijngaards
1f46d5945b - Fix for #997: Print details for SSL certificate failure. 2024-01-22 09:40:36 +01:00
W.C.A. Wijngaards
d1a2bd67da - Fix warning for windres on resource files due to redefinition. 2024-01-17 16:19:56 +01:00
W.C.A. Wijngaards
74b4d81992 - Update workflow for ports to use newer openssl on windows compile. 2024-01-17 13:45:59 +01:00
W.C.A. Wijngaards
fea8f0d5fd Changelog note for #993 
- Merge #993: Update b.root-servers.net also in example config file.
 2024-01-16 16:44:15 +01:00
W.C.A. Wijngaards
c550bc154f - Fix to link with libssp for libcrypto and getaddrinfo check for 
only header. Also update crosscompile to remove ssp for 32bit.
 2024-01-16 16:40:14 +01:00
W.C.A. Wijngaards
c8554ff48c - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows. 2024-01-15 16:44:27 +01:00
W.C.A. Wijngaards
3d95cef08c Changelog note for #988. 
- Merge #988: Fix NLnetLabs#981: dump_cache truncates large records.
 2024-01-09 08:41:52 +01:00
W.C.A. Wijngaards
418eeb642c - Fix unit test for #987 change in udp1xxx retry packet send. 2024-01-05 14:11:55 +01:00
W.C.A. Wijngaards
8ac56d004d Changelog note for #987 
- Merge #987: skip edns frag retry if advertised udp payload size is
  not smaller.
 2024-01-05 13:47:30 +01:00
W.C.A. Wijngaards
b9b488b6d3 - Remove unneeded newlines and improve indentation in remote control 
code.
 2024-01-04 17:06:15 +01:00
W.C.A. Wijngaards
9a2d0238a8 - Fix #983: Sha1 runtime insecure change was incomplete. 2024-01-03 13:33:43 +01:00
W.C.A. Wijngaards
5cc21690eb Changelog note for #985. 
- Merge #985: Add DoH and DoT to dnstap message.
 2024-01-03 10:37:44 +01:00
W.C.A. Wijngaards
df284fbe65 Changelog note for #979 and #980. 
- Merge #980: DoH: reject non-h2 early. To fix #979: Improve errors
  for non-HTTP/2 DoH clients.
 2024-01-03 10:04:06 +01:00
Yorgos Thessalonikefs
6c82f4ae9b - Update example.conf with cookie options. 2023-12-22 11:42:20 +01:00
W.C.A. Wijngaards
22dc376392 Fixup doc/Changelog. 2023-12-08 17:17:23 +01:00
W.C.A. Wijngaards
4ef1fb5a24 - Fix root_zonemd unit test, it checks that the root ZONEMD verifies, 
now that the root has a valid ZONEMD.
 2023-12-08 17:15:35 +01:00
Yorgos Thessalonikefs
be6fd80a1c - Merge PR #973: Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672. 2023-12-08 09:23:26 +01:00
W.C.A. Wijngaards
c48a467b8e Changelog note for #975 
- Merge #975: Fixed some syntax errors in rpl files.
 2023-12-07 12:11:03 +01:00
W.C.A. Wijngaards
2978106991 - Fix #974: doc: default number of outgoing ports without libevent. 2023-12-07 09:41:03 +01:00
W.C.A. Wijngaards
6c76b4e2f8 - Fix tests to use new common.sh functions, wait_logfile and 
kill_from_pidfile.
 2023-12-06 16:32:06 +01:00
W.C.A. Wijngaards
c91bd60051 - Update test script file common.sh. 2023-12-06 16:14:24 +01:00
W.C.A. Wijngaards
a8739bad76 - Updated IPv4 and IPv6 address for b.root-servers.net in root hints. 2023-12-06 13:25:58 +01:00
W.C.A. Wijngaards
2b97442f2e - iana portlist update. 2023-12-06 13:22:35 +01:00
W.C.A. Wijngaards
5997355e22 - Fix to sync the tests script file common.sh. 2023-12-06 11:58:14 +01:00
W.C.A. Wijngaards
d8bd9845cc - Fix dnstap that assertion failed on logging other than UDP and TCP 
traffic. It lists it as TCP traffic.
 2023-12-05 13:14:08 +01:00
W.C.A. Wijngaards
3d1bc143af - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. 2023-12-05 10:05:51 +01:00
W.C.A. Wijngaards
72a25f825c Changelog note for #971 
- Merge #971: fix 'WARNING: Message has 41 extra bytes at end'.
 2023-12-05 09:09:42 +01:00
Yorgos Thessalonikefs
a2f0186427 - Merge #968: Replace the obsolescent fgrep with grep -F in tests. 2023-11-27 16:47:13 +01:00
W.C.A. Wijngaards
58d670a258 - Fix #964: config.h.in~ backup file in release tar balls. 2023-11-27 16:04:33 +01:00
Yorgos Thessalonikefs
15a9b0f2be - Use 127.0.0.1 explicitly in tests to avoid delays and errors on newer 
systems.
 2023-11-24 15:34:25 +01:00
W.C.A. Wijngaards
197bf15402 - Fix unit test parse of origin syntax. 2023-11-09 15:26:46 +01:00
W.C.A. Wijngaards
0bae242cbf - The repository continues with 1.19.1. 2023-11-08 10:59:25 +01:00
W.C.A. Wijngaards
3352b1090e - Set version number to 1.19.0. 
- Tag for 1.19.0rc1 release.
 2023-11-02 08:40:20 +01:00
W.C.A. Wijngaards
c4d17dd231 - Fix compilation without openssl, remove unused function warning. 2023-11-01 17:09:37 +01:00
W.C.A. Wijngaards
5f78f67e39 - Fix SSL compile failure for other missing definitions in 
log_crypto_err_io_code_arg.
 2023-11-01 14:20:52 +01:00
W.C.A. Wijngaards
b1d99bb6b6 - Fix SSL compile failure for definition in log_crypto_err_io_code_arg. 2023-11-01 14:14:02 +01:00
George Thessalonikefs
8914e9fd03 - Mention flex and bison in README.md when building from repository 
source.
 2023-11-01 13:57:06 +01:00
George Thessalonikefs
8d1d728d88 - Fix #941: dnscrypt doesn't work after upgrade to 1.18 with 
suggestion by dukeartem to also fix the udp_ancil with dnscrypt.
 2023-10-31 22:41:06 +01:00
George Thessalonikefs
59c14c747a Changelog entry for #930 
- Merge #930 from Stuart Henderson: add void to
  log_ident_revert_to_default declaration.
 2023-10-30 12:18:01 +01:00
W.C.A. Wijngaards
a7e079ea16 - autoconf. 2023-10-30 10:44:23 +01:00
George Thessalonikefs
a97bed9d22 - Clearer configure text for missing protobuf-c development libraries. 2023-10-24 16:34:12 +02:00
W.C.A. Wijngaards
0ce68e97a7 Changelog entry for #951. 
- Merge #951: Cachedb no store. The cachedb-no-store: yes option is
  used to stop cachedb from writing messages to the backend storage.
  It reads messages when data is available from the backend. The
  default is no.
 2023-10-20 17:01:13 +02:00
W.C.A. Wijngaards
35d0a8a843 - Fix to print detailed errors when an SSL IO routine fails via 
SSL_get_error.
 2023-10-19 11:17:32 +02:00
George Thessalonikefs
44c3d4d2dc - Changelog entry for: 
Merge #955 from buevsan: fix ipset wrong behavior.
- Update testdata/ipset.tdir test for ipset fix.
 2023-10-18 15:11:38 +02:00
George Thessalonikefs
2f0b11673a - Update the dns64_lookup.rpl test for the DNS64 fallback patch. 2023-10-18 12:59:54 +02:00
George Thessalonikefs
c5aa6a2286 - Changelog entry for DNS64 patches from Daniel Gröber. 2023-10-18 12:16:35 +02:00
W.C.A. Wijngaards
0f78bea4a3 - Fix #954: Inconsistent RPZ handling for A record returned along with 
CNAME.
 2023-10-17 16:47:04 +02:00
George Thessalonikefs
e4510c76e5 - For multi Python module setups, clean previously parsed module 
functions in __main__'s dictionary, if any, so that only current
  module functions are registered.
 2023-10-16 16:03:11 +02:00
George Thessalonikefs
122dd6c11e - Expose the configured listening and outgoing interfaces, if any, as 
a list of strings in the Python 'config_file' class instead of the
  current Swig object proxy; fixes #79.
 2023-10-16 15:53:47 +02:00
George Thessalonikefs
63a5280f8f - Expose the script filename in the Python module environment 'mod_env' 
instead of the config_file structure which includes the linked list
  of scripts in a multi Python module setup; fixes #79.
 2023-10-16 15:47:18 +02:00
George Thessalonikefs
07149f576a - Better fix for infinite loop when reading multiple lines of input on 
a broken remote control socket, by treating a zero byte line the
  same as transmission end. Addesses #947 and #948.
 2023-10-13 14:58:16 +02:00
W.C.A. Wijngaards
908e1cb11a Changelog note for #944. 
- Merge #944: Disable EDNS DO.
  Disable the EDNS DO flag in upstream requests. This can be helpful
  for devices that cannot handle DNSSEC information. But it should not
  be enabled otherwise, because that would stop DNSSEC validation. The
  DNSSEC validation would not work for Unbound itself, and also not
  for downstream users. Default is no. The option
  is disable-edns-do: no
 2023-10-12 14:05:31 +02:00
W.C.A. Wijngaards
67153f897e - Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x. 2023-10-11 13:47:28 +02:00
W.C.A. Wijngaards
f2528dc3ac - Fix that cachedb does not warn when serve-expired is disabled about 
use of serve-expired-reply-ttl and serve-expired-client-timeout.
 2023-10-11 13:29:56 +02:00
W.C.A. Wijngaards
d5954aff08 - Fix #949: "could not create control compt". 2023-10-11 11:59:26 +02:00
George Thessalonikefs
e98b89651e - Fix #850: [FR] Ability to use specific database in Redis, with new 
redis-logical-db configuration option.
 2023-10-11 11:44:55 +02:00
George Thessalonikefs
516f90abdb - Fix infinite loop when reading multiple lines of input on a broken 
remote control socket. Addesses #947 and #948.
 2023-10-10 15:17:48 +02:00
W.C.A. Wijngaards
c09320c651 - Fix that printout of EDNS options shows the EDNS cookie option by 
name.
 2023-10-09 12:36:54 +02:00
W.C.A. Wijngaards
6d0812b567 - Fix edns subnet so that queries with a source prefix of zero cause 
the recursor send no edns subnet option to the upstream.
 2023-10-09 12:21:22 +02:00
W.C.A. Wijngaards
b865aca03a - Fix #946: Forwarder returns servfail on upstream response noerror no 
data.
 2023-10-04 18:16:22 +02:00
George Thessalonikefs
13d4504dfc - Merge #881: Generalise the proxy protocol code. 2023-10-03 14:51:50 +02:00
George Thessalonikefs
9342bf685e - Fix misplaced comment. 2023-10-02 16:13:23 +02:00
W.C.A. Wijngaards
654a7eab62 - Fix #942: 1.18.0 libunbound DNS regression when built without 
OpenSSL.
 2023-09-22 13:15:35 +02:00
W.C.A. Wijngaards
bd5dc855af - Fix rpz tcp-only action with rpz triggers nsdname and nsip. 2023-09-18 09:55:39 +02:00
W.C.A. Wijngaards
31218166fc - Fix to remove two c99 notations. 2023-09-15 13:30:30 +02:00
W.C.A. Wijngaards
6bdecdbc5a Changelog note and autoconf for #936 
- Merge #936: Check for c99 with autoconf versions prior to 2.70.
 2023-09-15 13:24:20 +02:00
W.C.A. Wijngaards
6e65343895 - Fix authority zone answers for obscured DNAMEs and delegations. 2023-09-14 11:37:49 +02:00
W.C.A. Wijngaards
0ee44ef384 - Fix send of udp retries when ENOBUFS is returned. It stops looping 
and also waits for the condition to go away. Reported by Florian
  Obser.
 2023-09-08 13:35:42 +02:00
W.C.A. Wijngaards
8c751d48a2 - Fix to print EDE text in readable form in output logs. 2023-09-07 15:28:01 +02:00
W.C.A. Wijngaards
5b8a7340bb - Fix to set ede match in unit test for rr length removal. 
Changelog note.
 2023-09-07 14:59:13 +02:00
W.C.A. Wijngaards
fdd5f8ff83 - Fix to add EDE text when RRs have been removed due to length. 2023-09-07 14:44:48 +02:00
W.C.A. Wijngaards
63616a5fce - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. 2023-09-07 11:29:53 +02:00
W.C.A. Wijngaards
dfc00271d1 - Fix to scrub resource records of type A and AAAA that have an 
inappropriate size. They are removed from responses.
 2023-09-07 11:08:04 +02:00
W.C.A. Wijngaards
1143050ea6 Changelog note for #931 
- Merge #931: Prevent warnings from -Wmissing-prototypes.
 2023-09-06 09:49:35 +02:00
W.C.A. Wijngaards
10843805ac - Fix #927: unbound 1.18.0 make test error. Fix make test without SHA1. 2023-08-31 13:54:03 +02:00
W.C.A. Wijngaards
f0e15272b2 - Fix autoconf 2.69 warnings in configure. 2023-08-31 09:19:24 +02:00
W.C.A. Wijngaards
d4c4537b33 - Fix for WKS call to getservbyname that creates allocation on exit 
in unit test by testing numbers first and testing from the services
  list later.
 2023-08-30 14:31:24 +02:00
W.C.A. Wijngaards
ba1183bb6e Tag 1.18.0rc1 became the 1.18.0 release on 
30 aug 2023, with the fix from 25 aug, fix compile on NetBSD
included. The repository continues with version 1.18.1.
 2023-08-30 11:03:42 +02:00
W.C.A. Wijngaards
85ee5284f5 - Fix for version generation race condition that ignored changes. 2023-08-28 13:25:04 +02:00
W.C.A. Wijngaards
3795e37410 - Fix compile error on NetBSD in util/netevent.h. 2023-08-25 08:43:27 +02:00
W.C.A. Wijngaards
d396d8dae3 - Tag for 1.18.0rc1 release. 2023-08-23 10:49:45 +02:00
W.C.A. Wijngaards
8da117b086 - Set version number to 1.18.0. 2023-08-22 14:32:51 +02:00
W.C.A. Wijngaards
6e43145382 - Fix unit test for unbound-control to work when threads are disabled, 
and fix cache dump check.
 2023-08-21 16:58:10 +02:00
W.C.A. Wijngaards
be53e37b15 - Fix #923: processQueryResponse() THROWAWAY should be mindful of 
fail_reply.
 2023-08-21 14:32:13 +02:00
W.C.A. Wijngaards
3160d6ac08 - Fix for #925: unbound.service: Main process exited, code=killed, 
status=11/SEGV. Fixes cachedb configuration handling.
 2023-08-21 11:28:49 +02:00
W.C.A. Wijngaards
d1f388ec93 - Fix windows ci workflow to install bison and flex. 2023-08-21 10:43:02 +02:00
W.C.A. Wijngaards
3ea6f730ac - Debug Windows ci workflow. 2023-08-21 10:16:00 +02:00
W.C.A. Wijngaards
083770cb39 - Fix stat_values test to work with dig that enables DNS cookies. 2023-08-18 13:39:27 +02:00
W.C.A. Wijngaards
8756ad63dd - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg. 2023-08-18 13:18:46 +02:00
W.C.A. Wijngaards
c4566aa5d3 Changelog for commit. 
- Fix for iter_dec_attempts that could cause a hang, part of
  capsforid and qname minimisation, depending on the settings.
 2023-08-18 13:10:51 +02:00
W.C.A. Wijngaards
5f423906de - Fix ip_ratelimit test to work with dig that enables DNS cookies. 2023-08-17 15:43:14 +02:00
W.C.A. Wijngaards
4844fa3481 - Fix regional_alloc_init for potential unaligned source of the copy. 2023-08-17 15:22:54 +02:00
W.C.A. Wijngaards
0f5fecd516 Changelog note for #762. 
- Merge PR #762: Downstream DNS Server Cookies a la RFC7873 and
  RFC9018. Create server cookies for clients that send client cookies.
  This needs to be explicitly turned on in the config file with:
  `answer-cookie: yes`. A `cookie-secret:` can be configured for
  anycast setups. Without one, a random cookie secret is generated.
  The acl option `allow_cookie` allows queries with either a valid
  cookie or over a stateful transport. The statistics output has
  `queries_cookie_valid` and `queries_cookie_client` and
  `queries_cookie_invalid` information. The `ip\-ratelimit\-cookie:`
  value determines a rate limit for queries with cookies, if desired.
 2023-08-17 15:18:46 +02:00
George Thessalonikefs
d4145772b5 - Move a cache reply callback in worker.c closer to the cache reply 
generation.
 2023-08-02 12:33:52 +02:00
George Thessalonikefs
2cc9563cf8 - Fix to use the now cached EDE, if any, for CD_bit queries. 2023-08-01 15:23:25 +02:00
George Thessalonikefs
8aec671860 - More braces and formatting for Fix for EDNS EDE size calculation to 
avoid future bugs.
 2023-08-01 15:15:33 +02:00
W.C.A. Wijngaards
990b12bc8e - Fix for EDNS EDE size calculation. 2023-08-01 15:08:50 +02:00
George Thessalonikefs
11f12bc981 - Merge #911 from natalie-reece: Exclude EDE before other EDNS options when 
there isn't enough space.
- For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options
  altogether) before giving up on attaching EDE options.
 2023-08-01 10:01:18 +02:00
W.C.A. Wijngaards
f531011e85 - iana portlist update. 2023-07-31 10:24:43 +02:00
George Thessalonikefs
d18813be30 - Merge #790 from Tom Carpay: Add support for EDE caching in cachedb 
and subnetcache.
 2023-07-31 10:18:10 +02:00
George Thessalonikefs
6819c1e444 - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. 2023-07-30 11:48:04 +02:00
George Thessalonikefs
373904f865 - Fix unused variable compile warning for kernel timestamps in 
netevent.c
 2023-07-28 20:17:07 +02:00
George Thessalonikefs
1e47eea6e3 - Merge #889 from borisVanhoof: Free memory in error case + remove 
unused function.
 2023-07-21 21:13:43 +02:00
George Thessalonikefs
51c189394d - Cleaner failure code for callback functions in interface.i. 2023-07-21 16:53:36 +02:00
George Thessalonikefs
2e257fff2a - Merge #390 from Frank Riley: Add missing callbacks to the python 
module.
 2023-07-21 16:50:57 +02:00
George Thessalonikefs
04053d39a0 - Merge #118 from mibere: Changed verbosity level for Redis init & 
deinit.
 2023-07-21 15:01:48 +02:00
George Thessalonikefs
36b38cea74 - Merge #857 from eaglegai: fix potential memory leaks when errors 
happen.
 2023-07-21 14:04:38 +02:00
George Thessalonikefs
ae2c2be1a5 Merge branch 'master' of github.com:NLnetLabs/unbound 2023-07-20 12:56:31 +02:00
George Thessalonikefs
bf37487dca - Merge #901 from Sergei Trofimovich: config: improve handling of 
unknown modules.
 2023-07-20 12:56:20 +02:00
W.C.A. Wijngaards
8d45c1592b - For #909: Fix RR class comparison. 2023-07-20 12:16:24 +02:00