upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-30 03:19:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7128 commits 23 branches 209 tags 124 MiB
Commit graph

1875 commits

Author SHA1 Message Date
Sergey Kacheev
52a4ccee18 add a metric about the maximum number of collisions in lrushah 2023-01-13 13:33:38 +07:00
George Thessalonikefs
df411b3f28 - Updates for #461 (Add max-query-restarts option). 2022-12-13 15:29:22 +01:00
George Thessalonikefs
71db243b0d Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf 2022-12-13 14:35:01 +01:00
George Thessalonikefs
c61b2121b5 - Expose 'max-sent-count' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 13:57:07 +01:00
George Thessalonikefs
859d0f2dfe - Expose 'statistics-inhibit-zero' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 10:47:37 +01:00
W.C.A. Wijngaards
effbf99281 - Fix #782: Segmentation fault in stats.c:404. 2022-11-30 10:18:27 +01:00
W.C.A. Wijngaards
6f7da59b77 - Fix for the ignore of tcp events for closed comm points, preserve 
the use after free protection features.
 2022-11-28 10:04:52 +01:00
Philip-NLnetLabs
b86a97019f
Merge pull request #720 from jonathangray/winsock_uaf 
fix use after free when WSACreateEvent() fails
 2022-11-23 14:08:01 +01:00
W.C.A. Wijngaards
89d9b25090 - iana portlist update. 2022-11-08 15:24:24 +01:00
W.C.A. Wijngaards
52a9e6268e - Fix to make sure to not read again after a tcp comm point is closed. 2022-11-08 13:23:44 +01:00
W.C.A. Wijngaards
8367b24bc5 - Fix to ignore tcp events for closed comm points. 2022-11-08 12:02:48 +01:00
Florian Obser
08dcae0dab Arithmetic on a pointer to void is a GNU extension. 2022-10-14 13:56:32 +02:00
George Thessalonikefs
d25e0cd9b0 - Fix PROXYv2 header read for TCP connections when no proxied addresses 
are provided.
 2022-10-11 17:39:30 +02:00
W.C.A. Wijngaards
bf1cce6f9b - Fix proxy length debug output printout typecasts. 2022-10-06 15:53:21 +02:00
W.C.A. Wijngaards
c0eaadfc42 - Fix to close errno block in comm_point_tcp_handle_read outside of 
ifdef.
 2022-10-03 16:21:39 +02:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
George Thessalonikefs
d301bfe4a2 - ACL per interface: refactor, complete testing and a bugfix for 
interface names.
 2022-09-11 20:57:41 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
57230d7f22 - Fix to log a verbose message at operational notice level if a 
thread is not responding, to stats requests. It is logged with
  thread identifiers.
 2022-09-01 15:14:20 +02:00
W.C.A. Wijngaards
d66e1cccf8 - Fix to set out of file descriptor warning to operational verbosity. 2022-09-01 14:01:56 +02:00
W.C.A. Wijngaards
2450b4653a - Slow down log frequency of write wait failures. 2022-09-01 14:00:29 +02:00
W.C.A. Wijngaards
1f5cc25974 - Fix for wait for udp send to stop when packet is successfully sent. 2022-08-31 16:45:15 +02:00
W.C.A. Wijngaards
ec5812a748 - Fix to wait for blocked write on UDP sockets, with a timeout if it 
takes too long the packet is dropped.
 2022-08-31 11:54:11 +02:00
W.C.A. Wijngaards
10a5a5880a - Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive 
operations, so that instruction reordering does not cause mistakenly
  blocking socket operations.
 2022-08-31 10:11:25 +02:00
W.C.A. Wijngaards
2fa1c17cd9 - Fix to avoid process wide fcntl calls mixed with nonblocking 
operations after a blocked write.
 2022-08-31 10:09:39 +02:00
W.C.A. Wijngaards
dc6c04b243 - Fix to log accept error ENFILE and EMFILE errno, but slowly, once 
per 10 seconds. Also log accept failures when no slow down is used.
 2022-08-12 09:54:29 +02:00
W.C.A. Wijngaards
ef57f8bd51 - Fix #734 [FR] enable unbound-checkconf to detect more (basic) 
errors.
 2022-08-05 14:41:05 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
Jonathan Gray
1464b166a4 fix use after free when WSACreateEvent() fails 2022-07-22 18:23:59 +10:00
Minghang Chen
249efd4285 Introduce infra-cache-max-rtt option to config max retransmit timeout 
Added the option and let it default to 120 seconds so that it won't change
current behavior.

Related-to #717
 2022-07-16 01:46:18 -07:00
W.C.A. Wijngaards
12cd495d55 - iana portlist update. 2022-07-15 09:20:25 +02:00
W.C.A. Wijngaards
7696398231 - Fix verbose EDE error printout. 2022-07-11 13:13:51 +02:00
George Thessalonikefs
a30286502c - Fix for correct openssl error when adding windows CA certificates to 
the openssl trust store.
 2022-07-03 22:41:39 +02:00
W.C.A. Wijngaards
80dbc7dd2c - iana portlist update. 2022-06-29 09:38:31 +02:00
W.C.A. Wijngaards
11d077c826 - Fix some lint type warnings. 2022-05-20 15:32:27 +02:00
George Thessalonikefs
7e506bb477 - Fix typos in config_set_option for the 'num-threads' and 
'ede-serve-expired' options.
 2022-05-18 19:56:26 +03:00
W.C.A. Wijngaards
e62b309959 - For #677: Added tls-system-cert to config parser and documentation. 
- Changelog note for #677.
 2022-05-12 16:30:19 +02:00
Wouter Wijngaards
2132e67b36
Merge pull request #677 from InfrastructureServices/use-system-cas 
Allow using system certificates not only on Windows
 2022-05-12 16:16:49 +02:00
Petr Mensik
0abfddd279 Allow using system certificates not only on Windows 
OpenSSL has a way to load default file. That file might contain usable
certificates to verify common connections. Allow similar trust as on
windows and leave it on openssl package to provide sane defaults.

Also provide use-system-cert alias, because it is not windows specific
anymore.
 2022-05-12 16:07:41 +02:00
W.C.A. Wijngaards
f0d91950ad - Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to 
host.
 2022-05-11 17:10:42 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
Christian Allred
d19e12ab5d Merge branch 'master' of https://github.com/NLnetLabs/unbound into restart_conf 2022-04-18 12:16:40 -07:00
George Thessalonikefs
b8e7dfa01e - Various fixes for #632: variable initialisation, convert the qinfo 
to str once, accept trailing dot in the local-zone ipset option.
 2022-03-02 14:29:56 +01:00
Wouter Wijngaards
fbbb42c9d4
Merge pull request #631 from mollyim/boringssl-compat 
Replace OpenSSL's ERR_PACK with ERR_GET_REASON
 2022-02-18 09:37:34 +01:00
Oscar Mira
78aee89201 Replace OpenSSL's ERR_PACK with ERR_GET_REASON 2022-02-17 20:20:18 +01:00
W.C.A. Wijngaards
2b90181d3a - Fix #628: A rpz-passthru action is not ending RPZ zone processing. 2022-02-15 16:20:12 +01:00
W.C.A. Wijngaards
a0feea393a - Fix #618: enabling interface-automatic disables DNS-over-TLS. 
Adds the option to list interface-automatic-ports.
 2022-02-11 10:58:53 +01:00
W.C.A. Wijngaards
e656be63f9 - Fix header comment for doxygen for authextstrtoaddr. 2022-02-02 13:20:46 +01:00
gthess
11f2e7e6ae
Merge pull request #617 from NLnetLabs/update-host-notation 
Update stub/forward-host notation to accept port and tls-auth-name
 2022-02-02 11:56:27 +01:00
George Thessalonikefs
32c3bbd249 - Change aggressive-nsec default to yes. 2022-02-02 11:25:08 +01:00