upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-29 19:09:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7265 commits 23 branches 209 tags 124 MiB
Commit graph

205 commits

Author SHA1 Message Date
Philip Homburg
1aa2c318e7 Remove msg_del_for_0ttl, call msg_cache_remove directly 2023-04-26 17:11:29 +02:00
Philip Homburg
1ac9b7548b Small fixes from Wouter's review 2023-03-23 15:15:54 +01:00
Philip Homburg
9d7b1d3127 Fix issue #860: Bad interaction with 0 TTL records and serve-expired 2023-03-22 15:23:47 +01:00
George Thessalonikefs
896f7a8306 - Ignore expired error responses. 2022-11-22 17:44:55 +01:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
W.C.A. Wijngaards
e3871ca907 Merge branch 'branch-1.16.3' 2022-09-21 12:11:26 +02:00
W.C.A. Wijngaards
137719522a - Patch for CVE-2022-3204 Non-Responsive Delegation Attack. 2022-09-21 11:10:38 +02:00
W.C.A. Wijngaards
fbe8e3b0b2 - Fix ratelimit inconsistency, for ip-ratelimits the value is the 
amount allowed, like for ratelimits.
 2022-08-04 11:33:37 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
W.C.A. Wijngaards
33bd49af81 - Merge PR 714: Avoid treat normal hosts as unresponsive servers. 
And fixup the lock code.
 2022-07-15 08:51:31 +02:00
Hunts Chen
88bf803297 Avoid treat normal hosts as unresponsive servers 
This is a fix for issue #713

When infra-keep-probing is on, all hosts with expired entries were treated as
unresponsive servers and thus causing problems (see #713).

This commit change that, so that normal hosts with expired entries are treated
as unknown servers.
 2022-07-14 10:16:13 -07:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
George Thessalonikefs
3086335724 - Introduce ratelimit-backoff and ip-ratelimit-backoff options for more 
aggressive rate limiting.
 2022-01-30 00:36:29 +01:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
Dimitris Apostolou
c21d6af617
Fix typos 2021-11-13 16:56:15 +02:00
W.C.A. Wijngaards
79209823ac - Fix a number of warnings reported by the gcc analyzer. 2021-06-18 18:12:26 +02:00
W.C.A. Wijngaards
55ba863440 - Fix that nxdomain synthesis does not happen above the stub or 
forward definition.
 2021-04-13 13:52:57 +02:00
Roland van Rijswijk-Deij
c4c849d878 Rebase on master 2021-01-22 16:44:56 +00:00
W.C.A. Wijngaards
37354c8927 Merge branch 'master' into infra-keep-probing 2020-10-21 10:13:10 +02:00
W.C.A. Wijngaards
c0c722cd97 DLV removal 2020-08-04 09:05:09 +02:00
Ubuntu
b5b79e3a36 Add feature to serve original TTLs rather than decrementing ones 2020-07-15 15:15:45 +00:00
W.C.A. Wijngaards
4fe2122890 Merge branch 'master' into infra-keep-probing 
Remade yacc and lex files.
 2020-06-24 13:21:14 +02:00
W.C.A. Wijngaards
ba0f382eee - CVE-2020-12662 Unbound can be tricked into amplifying an incoming 
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.
 2020-05-19 10:27:27 +02:00
W.C.A. Wijngaards
055f5e68a3 Add infra-keep-probing: yes option. Hosts that are down are probed more 
frequently.
 2020-04-22 16:29:06 +02:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
edf1ad369a - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain 
answers.
 - For harden-below-nxdomain: do not consider a name to be non-exitent when
   message contains a CNAME record.


git-svn-id: file:///svn/unbound/trunk@5174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 15:09:15 +00:00
Wouter Wijngaards
ce0628ee55 - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482. 
git-svn-id: file:///svn/unbound/trunk@5137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 09:26:06 +00:00
Wouter Wijngaards
91e863138b - Print query name and IP address when domain rate limit exceeded. 
git-svn-id: file:///svn/unbound/trunk@5117 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 15:53:02 +00:00
Wouter Wijngaards
d1e92a0ebd - Spaces instead of tabs in that log message. 
git-svn-id: file:///svn/unbound/trunk@5116 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 12:32:42 +00:00
Wouter Wijngaards
3949bf2c82 - Print query name with ip_ratelimit exceeded log lines. 
git-svn-id: file:///svn/unbound/trunk@5115 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 10:40:41 +00:00
Wouter Wijngaards
3028fa50a8 - Patch from Florian Obser fixes some compiler warnings: 
include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c



git-svn-id: file:///svn/unbound/trunk@5072 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:05:00 +00:00
Wouter Wijngaards
23505d30a5 - Fix #4190: Please create a "ANY" deny option, adds the option 
deny-any: yes in unbound.conf.  This responds with an empty message
  to queries of type ANY.


git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:07:37 +00:00
Ralph Dolmans
987c1c97e5 - More explicitly mention the type of ratelimit when applying ip-ratelimit. 
git-svn-id: file:///svn/unbound/trunk@4884 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-04 09:16:07 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
Wouter Wijngaards
efe5c8e6be - Fix #4144: dns64 module caches wrong (negative) information. 
git-svn-id: file:///svn/unbound/trunk@4850 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-10 08:03:17 +00:00
Wouter Wijngaards
f8e585f308 nicer code, in function. 
git-svn-id: file:///svn/unbound/trunk@4790 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 15:07:09 +00:00
Wouter Wijngaards
5bda4f9822 Fixup cache size test for msg cache. 
git-svn-id: file:///svn/unbound/trunk@4789 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:56:02 +00:00
Wouter Wijngaards
d2d7b987fa brackets added. 
git-svn-id: file:///svn/unbound/trunk@4788 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:44:20 +00:00
Wouter Wijngaards
7579216922 - Resize ratelimit and ip-ratelimit caches if changed on reload. 
git-svn-id: file:///svn/unbound/trunk@4787 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:42:38 +00:00
Wouter Wijngaards
330c6e1cb0 - Fix that ratelimit and ip-ratelimit are applied after reload of 
git-svn-id: file:///svn/unbound/trunk@4786 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:27:44 +00:00
Wouter Wijngaards
a4a5bfaa2f - Fix crash if ratelimit taken into use with unbound-control 
instead of with unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4711 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-05 07:06:19 +00:00
Ralph Dolmans
d97a635084 - Fix memory leak when caching wildcard records for aggressive NSEC use 
git-svn-id: file:///svn/unbound/trunk@4662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-25 13:13:05 +00:00
Wouter Wijngaards
3a287a70cd Test and fix. 
git-svn-id: file:///svn/unbound/trunk@4583 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-13 13:14:56 +00:00
Wouter Wijngaards
d111aaf64f - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually 
flushed with serve-expired on.


git-svn-id: file:///svn/unbound/trunk@4582 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-13 12:52:11 +00:00
Wouter Wijngaards
3b25c475f5 - Attempt to remove warning about trailing whitespace. 
git-svn-id: file:///svn/unbound/trunk@4568 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:52:18 +00:00
Ralph Dolmans
24fc3242fc - Save wildcard RRset from answer with original owner for use in aggressive 
NSEC.


git-svn-id: file:///svn/unbound/trunk@4550 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-22 15:12:31 +00:00
Ralph Dolmans
77f78152ee - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: file:///svn/unbound/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00
Wouter Wijngaards
cb28d35bd2 - Fix lock race condition in dns cache dname synthesis. 
git-svn-id: file:///svn/unbound/trunk@4495 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 10:33:19 +00:00
Wouter Wijngaards
859ca7db68 - Fix #3397: Fix that when the cache contains an unsigned DNAME in 
the middle of a cname chain, a result without the DNAME could
  be returned.


git-svn-id: file:///svn/unbound/trunk@4446 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 14:30:16 +00:00
Wouter Wijngaards
df6fbb82be - Fix #3397: Fix that cachedb could return a partial CNAME chain. 
git-svn-id: file:///svn/unbound/trunk@4445 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 13:54:20 +00:00