upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-21 15:21:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7987 commits 23 branches 209 tags 123 MiB
Commit graph

425 commits

Author SHA1 Message Date
George Thessalonikefs
71db243b0d Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf 2022-12-13 14:35:01 +01:00
George Thessalonikefs
c61b2121b5 - Expose 'max-sent-count' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 13:57:07 +01:00
TCY16
8b4a8493d0 Merge branch 'master' of github.com:NLnetLabs/unbound into features/ede-caching 2022-11-21 11:34:36 +01:00
David Lamparter
64fb06f892 NAT64 support 
This implements #721.  Includes documentation and some very basic tests.
Please refer to doc for further detail.
 2022-11-07 11:37:50 +00:00
George Thessalonikefs
e9107907e5 - Clarify the use of MAX_SENT_COUNT in the iterator code. 2022-10-18 12:29:07 +02:00
W.C.A. Wijngaards
b043bc5eb4 - Fix to stop responses with TC flag from resulting in partial 
responses. It retries to fetch the data elsewhere, or fails the
  query and in depth fix removes the TC flag from the cached item.
 2022-10-06 10:01:09 +02:00
Yorgos Thessalonikefs
f1d263a318
Leniency for target discovery when under load (for NRDelegation changes) (#764) 
* - Introduce leniency for target discovery when under load.

* - Allow for easier testing (to be reverted).

* - Happy compiler.

* - Precheck access to target_fetch_policy.

* - Do not mark a nameserver as resolved when one of A/AAAA is negative.

* - Update fetch_glue.rpl test for (possible) outstanding queries.

* - Update fetch_glue_cname.rpl test for possible outstanding queries.

* - Better fix for fetch_glue_cname.rpl.

* - Fix iter_emptydp_for_glue.rpl to match the referral.

* - Disabled the nxns tests for now (to be reverted).

* - Update iter_recurse.rpl for possible outstanding queries.

* Revert "- Disabled the nxns tests for now (to be reverted)."

This reverts commit 34a9c13a90.

* Revert "- Allow for easier testing (to be reverted)."

This reverts commit b6dfe35e1d.
 2022-10-04 22:21:08 +02:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
W.C.A. Wijngaards
a102fb1df8 - Fix to remove erroneous TC flag from TCP upstream. 2022-10-03 09:53:41 +02:00
TCY16
dcfcde2ec8 add cached EDE strings 2022-09-21 11:21:33 +02:00
W.C.A. Wijngaards
137719522a - Patch for CVE-2022-3204 Non-Responsive Delegation Attack. 2022-09-21 11:10:38 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
Minghang Chen
249efd4285 Introduce infra-cache-max-rtt option to config max retransmit timeout 
Added the option and let it default to 120 seconds so that it won't change
current behavior.

Related-to #717
 2022-07-16 01:46:18 -07:00
George Thessalonikefs
2dbaba7d73 - Improved logging for NXNS fallback. 2022-07-01 16:18:33 +02:00
George Thessalonikefs
923eb7d474 - Allow fallback to the parent side when MAX_TARGET_NX is reached. 
This will also allow MAX_TARGET_NX more NXDOMAINs.
 2022-06-29 17:32:29 +02:00
George Thessalonikefs
58b21e4fca - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. 2022-06-29 17:26:09 +02:00
W.C.A. Wijngaards
b61b0af5d6 - Fix #670: SERVFAIL problems with unbound 1.15.0 running on 
OpenBSD 7.1.
 2022-04-28 14:51:47 +02:00
Christian Allred
d19e12ab5d Merge branch 'master' of https://github.com/NLnetLabs/unbound into restart_conf 2022-04-18 12:16:40 -07:00
George Thessalonikefs
82adcfb971 - Fix #630: Unify the RPZ log messages. 2022-02-28 12:07:25 +01:00
W.C.A. Wijngaards
4b772ed571 - Fix to detect that no IPv6 support means that IPv6 addresses are 
useless for delegation point lookups.
 2022-02-25 10:27:56 +01:00
W.C.A. Wijngaards
c44fe07a07 - Fix #412: cache invalidation issue with CNAME+A. 2022-02-04 14:27:01 +01:00
gthess
11f2e7e6ae
Merge pull request #617 from NLnetLabs/update-host-notation 
Update stub/forward-host notation to accept port and tls-auth-name
 2022-02-02 11:56:27 +01:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
W.C.A. Wijngaards
6b2e96430e - Fix for #596: fix that rpz return message is returned and not just 
the rcode from the iterator return path. This fixes signal unset RA
  after a CNAME.
 2022-01-05 13:35:18 +01:00
Wouter Wijngaards
9645228f03
Merge pull request #570 from rex4539/typos 
Fix typos
 2021-11-29 11:39:48 +01:00
Tom Carpay
e899b4cefe Make explicit whether edns options are parsed from queries or responses 2021-11-15 13:40:51 +00:00
Dimitris Apostolou
c21d6af617
Fix typos 2021-11-13 16:56:15 +02:00
Tom Carpay
89d7476539 split edns_data.opt_list in opt_list_in and opt_list_out 
opt_list_in for parsed (incoming) edns options, and
opt_list_out for outgoing (to be encoded) edns options
 2021-11-01 12:48:40 +00:00
W.C.A. Wijngaards
750f46d1aa - Small fixes for #41: changelog, conflicts resolved, 
processQueryResponse takes an iterator env argument like other
  functions in the iterator, no colon in string for set_option,
  and some whitespace style, to make it similar to the rest.
 2021-09-08 14:52:56 +02:00
W.C.A. Wijngaards
204edd229e Merge branch 'feature/configure-outbound_msg_retry' of git://github.com/countsudoku/unbound into countsudoku-feature/configure-outbound_msg_retry 2021-09-08 14:38:36 +02:00
W.C.A. Wijngaards
a9de6879b8 Merge branch 'master' into rpz-triggers 2021-08-18 09:53:35 +02:00
Tomasz Ziolkowski
ae45f46b9e Add (stub|forward)-tcp-upstream options which enable using tcp transport only for specified stub/forward zones 2021-08-05 08:44:18 +02:00
W.C.A. Wijngaards
32d82fac9b Merge branch 'master' into rpz-triggers 2021-05-14 08:47:56 +02:00
W.C.A. Wijngaards
ecb8aed2f2 - Add that log-servfail prints an IP address and more information 
about one of the last failures for that query.
 2021-04-29 10:24:35 +02:00
W.C.A. Wijngaards
b366441157 Merge branch 'master' into rpz-triggers 2021-04-14 09:39:41 +02:00
W.C.A. Wijngaards
55ba863440 - Fix that nxdomain synthesis does not happen above the stub or 
forward definition.
 2021-04-13 13:52:57 +02:00
George Thessalonikefs
403d0551b7 - Fix (increase) verbosity level for iterator error log in 
processQueryTargets().
 2021-04-12 16:49:45 +02:00
Christian Allred
07c0d04a14 Use max-query-restarts in iterative resolver 2021-04-05 16:25:43 -07:00
W.C.A. Wijngaards
1c75e62804 - rpz-triggers, separate cache storage of RPZ records from network records. 2021-04-01 12:06:14 +02:00
W.C.A. Wijngaards
8e7ced72e5 - rpz-triggers, fix that after cname an nsdname or nsip trigger has cname 
rrsets prepended by the iterator.
 2021-03-22 09:42:04 +01:00
W.C.A. Wijngaards
81cd0d76c8 - rpz-triggers, call rpz callback only if there are auth zones configured. 2021-03-22 09:39:12 +01:00
W.C.A. Wijngaards
7f39003c04 - rpz triggers, implement qname trigger after cname. 2021-03-19 17:31:44 +01:00
Christopher Zimmermann
1d23e0c920 Merge remote-tracking branch 'upstream/master' 2021-02-03 13:19:19 +01:00
mb
f78aa90ff1 rpz: nsdname stubs 2020-11-26 11:33:49 +01:00
mb
7acf1a5088 rpz: fix forged response 2020-11-24 16:29:15 +01:00
mb
afc73e28d8 rpz: fix forged messages 2020-11-24 12:02:59 +01:00
mb
b178cf34b6 rpz: update ext_state in the iterator 2020-11-24 11:33:16 +01:00
mb
126e114d6f rpz: forge responses 2020-11-24 11:25:01 +01:00
mb
354c19f6ac rpz: apply trigger at query time not response time 2020-11-24 09:33:08 +01:00
mb
e27b160acd rpz: stubs for nsip triggers 2020-11-13 14:36:00 +01:00
W.C.A. Wijngaards
dd59521e52 dlv removal, remove from comments and unused code in iterator and validator 2020-08-04 17:17:48 +02:00
W.C.A. Wijngaards
ba0f382eee - CVE-2020-12662 Unbound can be tricked into amplifying an incoming 
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.
 2020-05-19 10:27:27 +02:00
Christopher Zimmermann
c96e4ca121 allow privileged initialisation of modules 2020-05-10 22:30:25 +02:00
Ralph Dolmans
03a37d1ff6 - Keep track of number of timeouts. Use this counter to determine if capsforid 
fallback should be started.
 2020-04-06 18:00:06 +02:00
W.C.A. Wijngaards
9f0b260c49 - Fix wrong response ttl for prepended short CNAME ttls, this would 
create a wrong zero_ttl response count with serve-expired enabled.
 2019-09-19 16:29:51 +02:00
Moritz Schneider
79cc049096 Make outbound msg retry configurable 2019-06-12 19:01:28 +02:00
Ralph Dolmans
edf1ad369a - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain 
answers.
 - For harden-below-nxdomain: do not consider a name to be non-exitent when
   message contains a CNAME record.


git-svn-id: file:///svn/unbound/trunk@5174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 15:09:15 +00:00
Wouter Wijngaards
91e863138b - Print query name and IP address when domain rate limit exceeded. 
git-svn-id: file:///svn/unbound/trunk@5117 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 15:53:02 +00:00
Wouter Wijngaards
429e130768 - Fix that qname minimisation does not skip a label when missing 
nameserver targets need to be fetched.


git-svn-id: file:///svn/unbound/trunk@5107 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-08 13:30:51 +00:00
Wouter Wijngaards
3028fa50a8 - Patch from Florian Obser fixes some compiler warnings: 
include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c



git-svn-id: file:///svn/unbound/trunk@5072 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:05:00 +00:00
Wouter Wijngaards
d48abb9a84 clang analysis fixes, assert arc4random buffer in init, 
no check for already checked delegation pointer in iterator,
in testcode check for NULL packet matches, in perf do not copy
from NULL start list when growing capacity.  Adjust host and file
only when present in test header read to please checker.  In
testcode for unknown macro operand give zero result. Initialise the
passed argv array in test code.  In test code add EDNS data
segment copy only when nonempty.


git-svn-id: file:///svn/unbound/trunk@5070 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 11:55:10 +00:00
Wouter Wijngaards
762920232a - For caps-for-id fallback, use the whitelist to avoid timeout 
starting a fallback sequence for it.


git-svn-id: file:///svn/unbound/trunk@5038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-17 08:50:25 +00:00
Wouter Wijngaards
d96de4c222 - New and better fix for Fix #4193: Fix that prefetch failure does 
not overwrite valid cache entry with SERVFAIL.


git-svn-id: file:///svn/unbound/trunk@4982 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 10:56:45 +00:00
Wouter Wijngaards
0ff5c52657 - Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work. 
git-svn-id: file:///svn/unbound/trunk@4981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 10:29:14 +00:00
Wouter Wijngaards
8fcc82171a - Fix #4193: Fix that prefetch failure does not overwrite valid cache 
entry with SERVFAIL.


git-svn-id: file:///svn/unbound/trunk@4976 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-26 10:25:50 +00:00
Wouter Wijngaards
fd5e4e6019 - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, 
adds the option unknown-server-time-limit to unbound.conf that
  can be increased to avoid the problem.


git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 09:21:41 +00:00
Wouter Wijngaards
9be04e6fac - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes 
qname minimisation with a forwarder when connectivity has issues
  from rejecting responses.


git-svn-id: file:///svn/unbound/trunk@4916 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-27 08:19:29 +00:00
Wouter Wijngaards
9b6caf5a5b - Fix that with harden-below-nxdomain and qname minisation enabled 
some iterator states for nonresponsive domains can get into a
  state where they waited for an empty list.
- Stop UDP to TCP failover after timeouts that causes the ping count
  to be reset by the TCP time measurement (that exists for TLS),
  because that causes the UDP part to not be measured as timeout.


git-svn-id: file:///svn/unbound/trunk@4912 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-17 11:25:52 +00:00
Wouter Wijngaards
8dd6efe5ed - remove unused variable assignment from iterator scrub routine. 
- check for null in delegation point during iterator refetch
  in forward zone.
- neater pointer cast in libunbound context quit routine.


git-svn-id: file:///svn/unbound/trunk@4902 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 10:36:22 +00:00
Wouter Wijngaards
a09c4bbdc2 - Fix spelling errors. 
git-svn-id: file:///svn/unbound/trunk@4893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-11 13:28:21 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
Wouter Wijngaards
b0ca964984 and printout for these cases too. 
git-svn-id: file:///svn/unbound/trunk@4862 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 15:09:23 +00:00
Wouter Wijngaards
e8c4f20f66 - added more servfail printout statements, to the iterator. 
git-svn-id: file:///svn/unbound/trunk@4861 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 15:01:35 +00:00
Wouter Wijngaards
b0daf867c2 and the error looks good. 
git-svn-id: file:///svn/unbound/trunk@4860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 14:17:48 +00:00
Wouter Wijngaards
8385c462ed - print servfail info to log as error. 
git-svn-id: file:///svn/unbound/trunk@4859 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 13:29:27 +00:00
Ralph Dolmans
afd4063f20 - Fix classification for QTYPE=CNAME queries when QNAME minimisation is enabled. 
git-svn-id: file:///svn/unbound/trunk@4858 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 12:48:47 +00:00
Wouter Wijngaards
1e61604aab use closer of stub and forward if both configured. 
git-svn-id: file:///svn/unbound/trunk@4849 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-09 13:00:06 +00:00
Wouter Wijngaards
488eaf09ce Fixup log printout. 
git-svn-id: file:///svn/unbound/trunk@4848 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-09 12:56:49 +00:00
Wouter Wijngaards
256ab3d935 - Patch for stub-no-cache and forward-no-cache options that disable 
caching for the contents of that stub or forward, for when you
  want immediate changes visible, from Bjoern A. Zeeb.


git-svn-id: file:///svn/unbound/trunk@4846 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-09 12:44:40 +00:00
Ralph Dolmans
3f2d186694 - Make capsforid fallback QNAME minimisation aware. 
git-svn-id: file:///svn/unbound/trunk@4840 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 12:43:49 +00:00
George Thessalonikefs
749d1b9ebc - Expose if a query (or a subquery) was ratelimited (not src IP 
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Tidy pylib tests.


git-svn-id: file:///svn/unbound/trunk@4828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 14:00:46 +00:00
Wouter Wijngaards
8aa53f027d - Fix qname minimisation NXDOMAIN validation lookup failures causing 
error_supers assertion fails.


git-svn-id: file:///svn/unbound/trunk@4780 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-16 10:21:34 +00:00
Ralph Dolmans
00a0cabf7f - Don't count CNAME response types received during qname minimisation as query 
restart.


git-svn-id: file:///svn/unbound/trunk@4728 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 13:09:14 +00:00
Wouter Wijngaards
53b1e11eba better fix for #4100 
git-svn-id: file:///svn/unbound/trunk@4709 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-04 14:07:08 +00:00
Wouter Wijngaards
d386641820 - Fix stub reprime when it becomes useless. 
git-svn-id: file:///svn/unbound/trunk@4707 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-04 12:28:33 +00:00
Wouter Wijngaards
2be0263dfa - Fix cname classification with qname minimisation enabled. 
git-svn-id: file:///svn/unbound/trunk@4648 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 13:14:39 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
d41cdb6ce8 - low-rtt and low-rtt-pct in unbound.conf enable the server selection 
of fast servers for some percentage of the time.


git-svn-id: file:///svn/unbound/trunk@4612 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 13:27:28 +00:00
Wouter Wijngaards
89ad258515 - num.query.authzone.up and num.query.authzone.down statistics counters. 
- Fix downstream auth zone, only fallback when auth zone fails to
  answer and fallback is enabled.


git-svn-id: file:///svn/unbound/trunk@4610 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 10:15:06 +00:00
Wouter Wijngaards
100cc496de Fixup. 
git-svn-id: file:///svn/unbound/trunk@4605 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 09:58:59 +00:00
Wouter Wijngaards
0a06c5bfa2 - Fix above stub queries for type NS and useless delegation point. 
git-svn-id: file:///svn/unbound/trunk@4604 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 09:53:27 +00:00
Wouter Wijngaards
4e0128f16a - Fix unable to resolve after new WLAN connection, due to auth-zone 
failing with a forwarder set.  Now, auth-zone is only used for
  answers (not referrals) when a forwarder is set.


git-svn-id: file:///svn/unbound/trunk@4600 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-03 12:22:35 +00:00
Ralph Dolmans
9f0d521b88 - Do use cached NSEC records to generate negative answers for domains under 
DNSSEC Negative Trust Anchors.


git-svn-id: file:///svn/unbound/trunk@4593 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-21 14:34:17 +00:00
Wouter Wijngaards
1a7540c80a - Reverted fix for #3512, this may not be the best way forward; 
although it could be changed at a later time, to stay similar to
  other implementations.


git-svn-id: file:///svn/unbound/trunk@4560 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-06 08:22:33 +00:00
Wouter Wijngaards
6905e41b57 - Fix validation for CNAME loops. When it detects a cname loop, 
by finding the cname, cname in the existing list, it returns
  the partial result with the validation result up to then.


git-svn-id: file:///svn/unbound/trunk@4547 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 14:04:02 +00:00
Wouter Wijngaards
075f470778 neater code. 
git-svn-id: file:///svn/unbound/trunk@4546 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 13:19:49 +00:00
Wouter Wijngaards
b8c72d7cbc comment to explain it. 
git-svn-id: file:///svn/unbound/trunk@4545 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 13:17:27 +00:00
Wouter Wijngaards
b89db70821 - Fix #3512: unbound incorrectly reports SERVFAIL for CAA query 
when there is a CNAME loop.


git-svn-id: file:///svn/unbound/trunk@4544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 13:13:58 +00:00
Ralph Dolmans
77f78152ee - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: file:///svn/unbound/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00