upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8155 commits 23 branches 209 tags 123 MiB
Commit graph

5001 commits

Author SHA1 Message Date
Yorgos Thessalonikefs
c3a8d5251f - Small debug output improvement when attaching an EDE. 2025-09-15 12:06:49 +02:00
W.C.A. Wijngaards
d71ead5598 - Update contrib/aaaa-filter-iterator.patch so it applies on 1.24.0. 2025-09-11 13:23:51 +02:00
W.C.A. Wijngaards
cdbfadfb7b - version set to 1.24.0 for release. 
- tag for 1.24.0rc1.
 2025-09-11 09:03:40 +02:00
W.C.A. Wijngaards
4267de87b5 - Fix #1332: CNAME chains are sometimes not followed when RPZs add a 
local CNAME rewrite.
 2025-09-09 12:34:11 +02:00
Yorgos Thessalonikefs
dd6200065f - Update man pages. 2025-09-08 14:50:27 +02:00
Yorgos Thessalonikefs
a72177e73c - Update documentation for using "SET ... EX" in Redis. 
- Document max buffer sizes for Redis commands.
 2025-09-08 14:49:12 +02:00
W.C.A. Wijngaards
5588f66bdb - For #1328: make depend. 2025-09-03 14:04:24 +02:00
W.C.A. Wijngaards
85e916e7e0 - Fix indentation in tcp-mss option parsing. 2025-09-02 17:12:14 +02:00
W.C.A. Wijngaards
af96824642 - Fix #1324: Memory leak in 'msgparse.c' in 
'parse_edns_options_from_query(...)'.
 2025-09-02 17:10:42 +02:00
W.C.A. Wijngaards
8faa95354d - Fix #1235: Outdated Python2 code in 
unbound/pythonmod/examples/log.py.
 2025-09-02 12:54:03 +02:00
W.C.A. Wijngaards
c57c39833e - Fix for #1324: Fix to free edns options scratch in ratelimit case. 2025-09-01 09:28:29 +02:00
Yorgos Thessalonikefs
44da5eee66 - Limit the number of consecutive reads on an HTTP/2 session. 
Thanks to Gal Bar Nahum for exposing the possibility of infinite
  reads on the session.
 2025-08-29 15:35:32 +02:00
W.C.A. Wijngaards
74bc8c9e77 - Fix setup_listen_sslctx warning for nettle compile. 2025-08-28 14:19:52 +02:00
W.C.A. Wijngaards
0c558cb805 - Fix unbound-control dump_cache for double unlock of lruhash table. 
Changelog entry.
 2025-08-27 16:55:55 +02:00
W.C.A. Wijngaards
e613e27f35 - Fix ports workflow to install expat for macos. 2025-08-26 14:41:13 +02:00
W.C.A. Wijngaards
f2f36a2733 - Fix that the zone acquired timestamp is set after the 
zonefile is read.
 2025-08-22 14:06:51 +02:00
W.C.A. Wijngaards
78d9bcacb6 - Fix #1319: [FR] zone status for Unbound auth-zones. 2025-08-22 12:40:00 +02:00
W.C.A. Wijngaards
c170ed1b30 - Fix sha1 enable environment variable in test code on windows. 2025-08-22 10:04:57 +02:00
W.C.A. Wijngaards
ebfa09e04f - For #1318: Fix compile warnings for DoH compile on windows. 2025-08-22 10:04:00 +02:00
W.C.A. Wijngaards
65be1d0ec3 - Fix for #1317: Fix contrib/unbound.service comment path for 
systemd network configuration.
 2025-08-21 15:49:42 +02:00
W.C.A. Wijngaards
ca36e21f71 - Fix #1317: Unbound starts too early. Add 
Wants=network-online.target under [Unit] in unbound.service.
 2025-08-21 15:14:42 +02:00
W.C.A. Wijngaards
458c793012 - Fix to check for extraneous command arguments for unbound-control, 
when the command takes no arguments but there are arguments present.
Changelog note for the fix.
 2025-08-21 10:00:41 +02:00
W.C.A. Wijngaards
1d877400ea - Fix cache_lookup subnet print to not print messages without rrsets 
and perform in-depth check on node in the addrtree.
 2025-08-15 16:04:34 +02:00
W.C.A. Wijngaards
523710f371 - Fix cache_lookup subnet printout to wipe zero part of the prefix. 
Changelog entry.
 2025-08-15 14:07:05 +02:00
W.C.A. Wijngaards
1e37f86ef5 - unbound-control cache_lookup +t allows tld and root names. And 
subnet cache contents are printed.
Changelog, documentation and unit test.
 2025-08-15 13:03:31 +02:00
W.C.A. Wijngaards
40877f46e5 - Fix to decouple file descriptor activity and cache lookups in 
dump_cache.
Changelog note.
 2025-08-14 12:20:22 +02:00
W.C.A. Wijngaards
4f790bd65e - Fix to increase responsiveness of dump_cache. 2025-08-14 11:25:40 +02:00
W.C.A. Wijngaards
d122ae6490 - Fix to unlock cache_lookup message for malformed records. 2025-08-13 12:02:41 +02:00
W.C.A. Wijngaards
651a71fa76 - Fix to remove debug from cache_lookup. 2025-08-13 11:59:53 +02:00
W.C.A. Wijngaards
2f7890eb6e - unbound-control cache_lookup <domains> prints the cached rrsets 
and messages for those.
Changelog and information.
 2025-08-13 11:36:47 +02:00
W.C.A. Wijngaards
d55f20fdcc - Fix that unbound-control dump_cache releases the cache locks 
every so often, so that the server stays responsive.
Changelog entry for it.
 2025-08-12 12:00:01 +02:00
W.C.A. Wijngaards
752a3f7f52 - Fix to whitespace in dname_str. 2025-08-07 16:19:10 +02:00
W.C.A. Wijngaards
3ec5d78ac9 - Fix that edns-subnet failure to create a subquery errors as 
servfail, and not formerror.
 2025-08-07 16:09:47 +02:00
W.C.A. Wijngaards
08d59c9a78 - Fix dname_str for printout of long names. Thanks to Jan Komissar 
for the fix.
 2025-08-07 09:45:02 +02:00
W.C.A. Wijngaards
cdcc0337d1 - Fix edns subnet, so that the subquery without subnet is stored in 
global cache if the querier used 0.0.0.0/0 and the name and address
  do not receive subnet treatment. If the name and address are
  configured for subnet, it is stored in the subnet cache.
 2025-08-06 12:08:44 +02:00
W.C.A. Wijngaards
3d7e847a5e - Fix to use assertions for consistency checks in #1309 reclaimed 2025-08-05 16:20:01 +02:00
W.C.A. Wijngaards
da6b735ed9 - Fix #1309: incorrectly reclaimed tcp handler can cause data 
corruption and segfault.
 2025-08-05 15:46:54 +02:00
W.C.A. Wijngaards
5758427d86 - Fix testbound test program to accurately output packets from hex. 2025-08-01 10:34:12 +02:00
W.C.A. Wijngaards
4f12148af4 - Fix redis cachedb module gettimeofday init failure. 
Changelog note for the fix.
 2025-07-28 09:33:42 +02:00
W.C.A. Wijngaards
da9ab59e10 - Redis checks for server down and throttles reconnects. 
And unit test for redis reconnect interval.
 2025-07-24 11:06:00 +02:00
W.C.A. Wijngaards
910288c0d1 - iana portlist updated. 2025-07-17 14:50:29 +02:00
W.C.A. Wijngaards
b6e52c0a52 - Fix #1303: [FR] Disable TLSv1.2. 2025-07-17 14:50:13 +02:00
W.C.A. Wijngaards
b58af78b63 - Fix to not set rlimits in the unit tests. 2025-07-17 11:40:31 +02:00
W.C.A. Wijngaards
a1150078f2 - Add unit tests for non-ecs aggregation. 2025-07-16 11:46:04 +02:00
W.C.A. Wijngaards
f49e6ccecd - Fix for RebirthDay Attack CVE-2025-5994, reported by Xiang Li 
from AOSP Lab Nankai University.
- Tag for 1.23.1 with the release of 1.23.0 and the CVE fix, the
  repository continues with the previous fixes, with 1.23.2.
 2025-07-16 11:40:32 +02:00
Yorgos Thessalonikefs
dd3ac53ff1 - For #1289: add num.valops in the unbound-control man page. 2025-07-12 17:35:16 +02:00
Yorgos Thessalonikefs
1a6052fcac - For #1289: test num.valops in existing stat_values.tdir. 2025-07-12 17:33:43 +02:00
Yorgos Thessalonikefs
6689f0b4da Changelog entry for #1289: 
- Merge #1289 from Roland van Rijswijk-Deij: Add extra statistic to
  track the number of signature validation operations.
  Adds 'num.valops' to extended statistics.
 2025-07-12 16:35:02 +02:00
W.C.A. Wijngaards
b4e12030e7 - For #1301: configure cant find SSL_is_quic in OpenSSL 3.5.1. 2025-07-11 15:58:50 +02:00
W.C.A. Wijngaards
9fe92d1119 - Fix detection of SSL_CTX_set_tmp_ecdh function. 2025-07-11 15:47:59 +02:00
W.C.A. Wijngaards
6ba2d6840b - Fix to improve dnstap discovery on Fedora. 2025-07-08 09:29:27 +02:00
W.C.A. Wijngaards
1de9d6ec66 - Fix layout of comm_point_udp_ancil_callback. 2025-07-03 15:57:49 +02:00
W.C.A. Wijngaards
cb919d5126 - For #1300: implement sock-queue-timeout for FreeBSD as well. 2025-07-03 15:54:33 +02:00
W.C.A. Wijngaards
444c839474 - Fix #1300: Is 'sock-queue-timeout' a linux only feature. 2025-07-03 14:10:46 +02:00
W.C.A. Wijngaards
0276bcbceb Changelog note for #1299 
- Generate ltmain.sh and configure again.
 2025-07-02 10:57:23 +02:00
Jose Luis Duran
41c55ffac1
Fix typos (#1299) 2025-07-02 10:50:49 +02:00
Yorgos Thessalonikefs
4200d23882 - For #1247, replay test (added tcp_transport to 
outnet_serviced_query).
 2025-06-25 14:02:47 +02:00
Yorgos Thessalonikefs
e2814fe165 - For #1247, turn off fetch-policy for delegation when looking into 
parent side name servers that may not update the addresses and hit
  NXNS limits.
 2025-06-25 13:59:17 +02:00
Yorgos Thessalonikefs
ca153f4657 - Fix #1247: forward-first: ssl handshake failed on root nameservers. 2025-06-25 13:56:50 +02:00
Yorgos Thessalonikefs
ee607c0f72 Changelog entry for #1293: 
- Fix #1293: EDE 6 is attached to insecure cached answers when client
  sends the CD bit.
 2025-06-20 14:11:22 +02:00
W.C.A. Wijngaards
ce72770f61 - Fix rrset cache create allocation failure case. 2025-06-19 16:27:13 +02:00
W.C.A. Wijngaards
de93a636da Changelog note for #1297 
- Merge #1297: edns-subnet: fix NULL_AFTER_DEREF on subnetmod.
 2025-06-19 16:24:54 +02:00
W.C.A. Wijngaards
a1d68cdc96 - Fix #1296: DNS over QUIC depends on a very outdated version of 
ngtcp2. Fixed so it works with ngtcp2 1.13.0 and OpenSSL 3.5.0.
 2025-06-19 14:39:45 +02:00
Yorgos Thessalonikefs
9201c75013 - Fix for consistent use of local zone CNAME alias for configured auth 
zones. Now it also applies to downstream configured auth zones.
 2025-06-17 15:03:29 +02:00
W.C.A. Wijngaards
f066d6d453 - Fix #1295: Windows 32-bit binaries download seems to be missing dll 
dependency.
 2025-06-16 14:26:54 +02:00
W.C.A. Wijngaards
a04bd5da29 - Fix to check control-interface addresses in unbound-checkconf. 2025-06-16 12:43:31 +02:00
W.C.A. Wijngaards
e4cf7aeccf - Fix header return value description for skip_pkt_rrs and 
parse_edns_from_query_pkt.
 2025-06-12 12:17:01 +02:00
W.C.A. Wijngaards
a8aa1dbbe1 - Fix conditional expressions with parentheses for bitwise and. 2025-06-11 16:42:43 +02:00
W.C.A. Wijngaards
9f29292839 - Fix bitwise operators in conditional expressions with parentheses. 2025-06-11 15:46:31 +02:00
W.C.A. Wijngaards
1cc1e0b89e - iana portlist updated. 2025-06-05 11:11:56 +02:00
W.C.A. Wijngaards
565bce670c - Fix comment for the dname_remove_label_limit_len function. 2025-06-05 11:11:32 +02:00
W.C.A. Wijngaards
c0563f43b0 - Fix unbound-anchor certificate file read for line ends and end of 
file.
 2025-06-05 11:09:53 +02:00
Yorgos Thessalonikefs
81f3de4da2 - Small man page corrections for the 'disable-dnssec-lame-check' option. 2025-06-03 14:12:27 +02:00
W.C.A. Wijngaards
ff7dfd52a2 - Fix #1288: [FR] Improve fuzzing of unbound by adapting the netbound 
program.
 2025-05-21 12:41:54 +02:00
Yorgos Thessalonikefs
342a0f48e3 - Add more checks about respip in unbound-checkconf. 
Also fixes #310: unbound-checkconf not reporting RPZ configuration
  error.
 2025-05-20 16:21:02 +02:00
Yorgos Thessalonikefs
71ac59e6f4 Changelog entry for #1285: 
- Merge #1285:  RST man pages.
 2025-05-20 12:23:32 +02:00
W.C.A. Wijngaards
32644937b0 - Fix for cname chain length with qtype ANY and qname minimisation. 
Thanks to Jim Greenwood from Nominet for the report.
 2025-05-19 13:17:21 +02:00
W.C.A. Wijngaards
1634beb4a0 - Fix config of slab values when there is no config file. 2025-05-15 14:34:18 +02:00
W.C.A. Wijngaards
1ef7b4a246 - Adjusted so-sndbuf default to 4m. 2025-05-13 15:31:05 +02:00
W.C.A. Wijngaards
03772d10fb - Change default for so-sndbuf to 1m, to mitigate a cross-layer 
issue where the UDP socket send buffers are exhausted waiting
  for ARP/NDP resolution. Thanks to Reflyable for the report.
 2025-05-13 15:04:32 +02:00
Yorgos Thessalonikefs
9152c914af - Fix #1282: log-destaddr fail on long ipv6 addresses. 2025-05-13 11:02:58 +02:00
Yorgos Thessalonikefs
a35ac5d82e - Fix #1284: NULL pointer deref in az_find_nsec_cover() (latent bug) 
by adding a log_assert() to safeguard future development.
 2025-05-13 11:00:23 +02:00
W.C.A. Wijngaards
21e3278400 - Fix #1283: Unsafe usage of atoi() while parsing the configuration 
file.
 2025-05-12 14:57:42 +02:00
Yorgos Thessalonikefs
8e1deede08 Changelog entry for #1280: 
- Merge #1280: Fix auth nsec3 code. Fixes NSEC3 code to not break on
  broken auth zones that include unsigned out of zone (above apex)
  data. Could lead to hang while trying to prove a wildcard answer.
 2025-05-12 14:29:11 +02:00
W.C.A. Wijngaards
8190526250 - Fix #1281: forward-zone "name: ." conflicts with auth-zone "name: ." 
in 1.23.0, but worked in 1.22.0.
 2025-05-09 16:01:41 +02:00
Yorgos Thessalonikefs
5dd14e2644 - Sync unbound and unbound-checkconf log output for unknown modules. 2025-05-05 14:47:12 +02:00
Yorgos Thessalonikefs
b50faccb1d Changelog entry for #1276: 
- Merge #1276: Auto-configure '-slabs' values.
 2025-04-29 15:23:07 +02:00
W.C.A. Wijngaards
a904a3a2c2 - Fix dnstap to use protoc. 2025-04-29 12:43:56 +02:00
W.C.A. Wijngaards
c253c8367a - Fix for parallel build of dnstap protoc-c output. 2025-04-29 12:38:41 +02:00
Yorgos Thessalonikefs
0f95fae445 Changelog entry for #1275: 
- Merge #1275: Use macros for the fr_check_changed* functions.
 2025-04-28 15:50:03 +02:00
W.C.A. Wijngaards
c88fa02c18 - Fix #1272: assertion failure testcode/unitverify.c:202. 2025-04-25 11:12:28 +02:00
W.C.A. Wijngaards
e794234ac8 - Tag for 1.23.0rc2. This became the release of 1.23.0 on 24 April 
2025. The code repository continues with 1.23.1 in development.
 2025-04-24 10:17:45 +02:00
W.C.A. Wijngaards
db53ebb798 Merge branch 'branch-1.23.0' 2025-04-24 10:14:02 +02:00
W.C.A. Wijngaards
fe835f9d52 - Increase default to num-queries-per-thread: 2048, when unbound is 
compiled with libevent. It makes saturation of the task queue more
  resource intensive and less practical. Thanks to Shiming Liu,
  Network and Information Security Lab, Tsinghua University for the
  report.
 2025-04-16 12:03:08 +02:00
Yorgos Thessalonikefs
30c13d0351 Changelog entry for #1265: 
- Merge #1265: Fix WSAPoll.
 2025-04-11 15:10:46 +02:00
Yorgos Thessalonikefs
9c99b404a1 Changelog entry for #1265: 
- Merge #1265: Fix WSAPoll.
 2025-04-11 15:07:25 +02:00
W.C.A. Wijngaards
16ee7cf944 - Fix for print of connection type in log-replies for dot and doh. 2025-04-10 09:33:51 +02:00
W.C.A. Wijngaards
38026a21ee Merge branch 'master' into branch-1.23.0 2025-04-09 14:20:22 +02:00
W.C.A. Wijngaards
4f06e658d1 - Fix #1264: unbound 1.22.0 leaks memory when doing DoH. 2025-04-09 14:13:58 +02:00
W.C.A. Wijngaards
fca3ae0535 - Fix to detect if atomic_store links in configure. 2025-04-09 11:06:25 +02:00