upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-25 09:09:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
2395 commits 23 branches 209 tags 124 MiB
Commit graph

310 commits

Author SHA1 Message Date
Wouter Wijngaards
784d659e91 - Fix TTL of SOA so negative TTL is separately cached from normal TTL. 
git-svn-id: file:///svn/unbound/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 12:34:47 +00:00
Wouter Wijngaards
3922eed584 val-override-date: -1 ignores dates entirely, for NTP usage. 
git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 14:06:46 +00:00
Wouter Wijngaards
b4a089ff0d - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. 
git-svn-id: file:///svn/unbound/trunk@2397 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:48:45 +00:00
Wouter Wijngaards
003658eea0 test and cleanup. 
git-svn-id: file:///svn/unbound/trunk@2360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-22 09:41:38 +00:00
Wouter Wijngaards
daab92e954 - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
Wouter Wijngaards
e9582487d9 Work on validation of multiple algorithms. 
git-svn-id: file:///svn/unbound/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00
Wouter Wijngaards
c4c8a65ff2 - fix validation in this case: CNAME to nodata for co-hosted opt-in 
NSEC3 insecure delegation, was bogus, fixed to be insecure.


git-svn-id: file:///svn/unbound/trunk@2355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-17 10:05:56 +00:00
Wouter Wijngaards
488aee467a - Fix validation failure for parent and child on same server with an 
insecure childzone and a CNAME from parent to child.


git-svn-id: file:///svn/unbound/trunk@2321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-29 13:10:26 +00:00
Wouter Wijngaards
46345c0809 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
Wouter Wijngaards
e399b79baa - DLV has downgrade protection again, because the RFC says so. 
git-svn-id: file:///svn/unbound/trunk@2238 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-17 08:54:16 +00:00
Wouter Wijngaards
aac3c03f72 - Fix reported validation error in out of memory condition. 
git-svn-id: file:///svn/unbound/trunk@2237 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:57:22 +00:00
Wouter Wijngaards
8b274b92aa - Algorithm rollover operational reality intrudes, for trust-anchor, 
5011-store, and DLV-anchor if one key matches it's good enough.


git-svn-id: file:///svn/unbound/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:40:26 +00:00
Wouter Wijngaards
c3f180eebb - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout. 
git-svn-id: file:///svn/unbound/trunk@2233 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-15 07:08:09 +00:00
Wouter Wijngaards
40f8fe2815 add and fix doxygen comments for doxygen-1.7.1. (which reports lots of 
spurious items as well, by the way).


git-svn-id: file:///svn/unbound/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-13 08:41:49 +00:00
Wouter Wijngaards
b701d70147 - Return NXDOMAIN after chain of CNAMEs ends at name-not-found. 
git-svn-id: file:///svn/unbound/trunk@2208 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-05 14:31:52 +00:00
Wouter Wijngaards
ca36fd0110 please lint. 
git-svn-id: file:///svn/unbound/trunk@2206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-04 08:43:38 +00:00
Wouter Wijngaards
4c4671a63f - Fix validation in case a trust anchor enters into a zone with 
unsupported algorithms.


git-svn-id: file:///svn/unbound/trunk@2205 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-04 08:36:27 +00:00
Wouter Wijngaards
6df29c32e4 - iana portlist updated. 
- Fix validation of qtype DNSKEY when a key-cache entry exists but
  no rr-cache entry is used (it expired or prefetch), it then goes
  back up to the DS or trust-anchor to validate the DNSKEY.


git-svn-id: file:///svn/unbound/trunk@2189 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-09 15:00:35 +00:00
Wouter Wijngaards
f042f0dd5d - Neat function prototypes, unshadowed local declarations. 
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
Wouter Wijngaards
518504ff5c Fix 4035 compliance for algorithms from the DS rrset that MUST sign the DNSKEY. 
git-svn-id: file:///svn/unbound/trunk@2172 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-01 12:08:48 +00:00
Wouter Wijngaards
b4b641807b Fix various compiler warnings from the clang llvm compiler. 
git-svn-id: file:///svn/unbound/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-18 12:37:04 +00:00
Wouter Wijngaards
12e20eb5f4 - autotrust anchor file can be initialized with a ZSK key as well. 
git-svn-id: file:///svn/unbound/trunk@2100 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-27 13:00:48 +00:00
Wouter Wijngaards
0720e1a9a1 - Fix chain of trust with CNAME at an intermediate step, for the DS 
processing proof.



git-svn-id: file:///svn/unbound/trunk@2075 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-09 14:28:32 +00:00
Wouter Wijngaards
bec7e7a552 Fix validation of queries with wildcard names (*.example). 
git-svn-id: file:///svn/unbound/trunk@2070 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-08 13:22:29 +00:00
Wouter Wijngaards
77f49a5510 GOST support. 
git-svn-id: file:///svn/unbound/trunk@2065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-06 12:15:19 +00:00
Wouter Wijngaards
11ecb5183b review of NSEC and NSEC3 zones results 
git-svn-id: file:///svn/unbound/trunk@2058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-22 14:40:45 +00:00
Wouter Wijngaards
75565262f7 Fixed random numbers for port, interface and server selection. 
Removed very small bias.
Also some lint fixes.



git-svn-id: file:///svn/unbound/trunk@2049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-18 14:42:22 +00:00
Wouter Wijngaards
cd57530efd includes 
git-svn-id: file:///svn/unbound/trunk@2048 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:50:12 +00:00
Wouter Wijngaards
091050add6 cache verify work for nsec and nsec3. 
git-svn-id: file:///svn/unbound/trunk@2047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:49:18 +00:00
Wouter Wijngaards
42599b7044 and store sec status 
git-svn-id: file:///svn/unbound/trunk@2046 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:27:53 +00:00
Wouter Wijngaards
367c2abbf3 Faster nsec3. 
git-svn-id: file:///svn/unbound/trunk@2044 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-16 16:52:56 +00:00
Wouter Wijngaards
147d47eee7 Move includes to code files. 
git-svn-id: file:///svn/unbound/trunk@2035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-12 15:17:48 +00:00
Wouter Wijngaards
8c7781fb24 spelling fix 
git-svn-id: file:///svn/unbound/trunk@2029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-11 16:17:45 +00:00
Matthijs Mekking
4f325d281b typo svn:NO TEST 
git-svn-id: file:///svn/unbound/trunk@2010 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-04 15:24:51 +00:00
Wouter Wijngaards
67624a8ee0 Skip RRSIGs on 5011 init. Make install makes all. 
git-svn-id: file:///svn/unbound/trunk@1997 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-01 10:26:42 +00:00
Wouter Wijngaards
8adc2929e8 printout errors if trust anchor write fails. 
git-svn-id: file:///svn/unbound/trunk@1984 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-16 08:52:44 +00:00
Wouter Wijngaards
6888c78e1e Fix for Roy. 
git-svn-id: file:///svn/unbound/trunk@1982 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-15 10:49:03 +00:00
Wouter Wijngaards
67a4310b36 Retry in case of validation failure less, cached per-zone not per-query. 
git-svn-id: file:///svn/unbound/trunk@1981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-12 15:24:42 +00:00
Wouter Wijngaards
e7da8f089e remove warning on format string. 
git-svn-id: file:///svn/unbound/trunk@1964 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-27 20:29:07 +00:00
Wouter Wijngaards
5b0fd59e76 work on prefetch: store the updated results in the cache. 
git-svn-id: file:///svn/unbound/trunk@1954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-08 15:59:36 +00:00
Wouter Wijngaards
43d228c5bc Doc fix and work on prefetch feature. 
git-svn-id: file:///svn/unbound/trunk@1951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-07 14:38:18 +00:00
Wouter Wijngaards
7094eab574 fixes and new ldns tarball. 
git-svn-id: file:///svn/unbound/trunk@1939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:31:39 +00:00
Wouter Wijngaards
ab9bd76768 Answer qclass=ANY. 
git-svn-id: file:///svn/unbound/trunk@1938 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:10:04 +00:00
Wouter Wijngaards
47e7b5fb51 Check rrsig expiration last in verify_rrsig 
git-svn-id: file:///svn/unbound/trunk@1936 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-10 16:03:31 +00:00
Wouter Wijngaards
1d2c4f70fa fix crash for hauke 
git-svn-id: file:///svn/unbound/trunk@1933 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 16:27:13 +00:00
Wouter Wijngaards
c68aebb3d7 - Fix SOA excluded from negative DS responses. Reported by Hauke 
Lampe.  The negative cache did not include proper SOA records for
	  negative qtype DS responses which makes BIND barf on it, such
	  responses are now only used internally.
	- Fix negative cache lookup of closestencloser check of DS type bit.



git-svn-id: file:///svn/unbound/trunk@1932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 14:55:19 +00:00
Wouter Wijngaards
4d1c4c8002 Fix crash reported on unbound-users with module-config "iterator" 
git-svn-id: file:///svn/unbound/trunk@1924 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-01 08:12:00 +00:00
Wouter Wijngaards
caeebbf4fa review comments 
git-svn-id: file:///svn/unbound/trunk@1915 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-20 12:06:00 +00:00
Wouter Wijngaards
c56fdce932 Fixup unsigned CNAME to signed CNAME detection of signatures. 
git-svn-id: file:///svn/unbound/trunk@1905 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-16 13:34:03 +00:00
Wouter Wijngaards
a4a7894f79 Fix validation failure cnamenodata proof failed for hud.gov. 
git-svn-id: file:///svn/unbound/trunk@1902 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-13 10:10:05 +00:00