- Merge #902: DNS Error Reporting (RFC 9567). Introduces new
configuration option 'dns-error-reporting' and new statistics for
'num.dns_error_reports'.
* - fast-reload, add unbound-control fast_reload
* - fast-reload, make a thread to service the unbound-control command.
* - fast-reload, communication sockets for information transfer.
* - fast-reload, fix compile for unbound-dnstap-socket.
* - fast-reload, set nonblocking communication to keep the server thread
responding to DNS requests.
* - fast-reload, poll routine to test for readiness, timeout fails connection.
* - fast-reload, detect loop in sock_poll_timeout routine.
* - fast-reload, send done and exited notification.
* - fast-reload, defines for constants in ipc.
* - fast-reload, ipc socket recv and send resists partial reads and writes and
can continue byte by byte. Also it can continue after an interrupt.
* - fast-reload, send exit command to thread when done.
* - fast-reload, output strings for client on string list.
* - fast-reload, add newline to terminal output.
* - fast-reload, send client string to remote client.
* - fast-reload, better debug output.
* - fast-reload, print queue structure, for output to the remote client.
* - fast-reload, move print items to print queue from fast_reload_thread struct.
* - fast-reload, keep list of pending print queue items in daemon struct.
* - fast-reload, comment explains in_list for printq to print remainder.
* - fast-reload, unit test testdata/fast_reload_thread.tdir that tests the
thread output.
* - fast-reload, fix test link for fast_reload_printq_list_delete function.
* - fast-reload, reread config file from disk.
* - fast-reload, unshare forwards, making the structure locked, with an rwlock.
* - fast-reload, for nonthreaded, the unbound-control commands forward,
forward_add and forward_delete should be distributed to other processes,
but when threaded, they should not be distributed to other threads because
the structure is not thread specific any more.
* - fast-reload, unshared stub hints, making the structure locked, with an rwlock.
* - fast-reload, helpful comments for hints lookup function return value.
* - fast-reload, fix bug in fast reload printout, the strlist appendlist routine,
and printout time statistics after the reload is done.
* - fast-reload, keep track of reloadtime and deletestime and print them.
* - fast-reload, keep track of constructtime and print it.
* - fast-reload, construct new items.
* - fast-reload, better comment.
* - fast-reload, reload the config and swap trees for forwards and stub hints.
* - fast-reload, in forwards_swap_tree set protection of trees with locks.
* - fast-reload, in hints_swap_tree also swap the node count of the trees.
* - fast-reload, reload ipc to stop and start threads.
* - fast-reload, unused forward declarations removed.
* - fast-reload, unit test that fast reload works with forwards and stubs.
* - fast-reload, fix clang analyzer warnings.
* - fast-reload, small documentation entry in unbound-control -h output.
* - fast-reload, printout memory use by fast reload, in bytes.
* - fast-reload, compile without threads.
* - fast-reload, document fast_reload in man page.
* - fast-reload, print ok when done successfully.
* - fast-reload, option for fast-reload commandline, +v verbosity option,
with timing and memory use output.
* - fast-reload, option for fast-reload commandline, +p does not pause threads.
* - fast-reload, option for fast-reload commandline, +d drops mesh queries.
* - fast-reload, fix to poll every thread with nopause to make certain that
resources are not held by the threads and can be deleted.
* - fast-reload, fix to use atomic store for config variables with nopause.
* - fast-reload, reload views.
* - fast-reload, when tag defines are different, it drops the queries.
* - fast-reload, fix tag define check.
* - fast-reload, document that tag change causes drop of queries.
* - fast-reload, fix space in documentation man page.
* - fast-reload, copy respip client information to query state, put views tree
in module env for lookup.
* - fast-reload, nicer respip view comparison.
* - fast-reload, respip global set is in module env.
* - fast-reload, document that respip_client_info acl info is copied.
* - fast-reload, reload the respip_set.
* - fast-reload, document no pause and pick up of use_response_ip boolean.
* - fast-reload, fix test compile.
* - fast-reload, reload local zones.
* Update locking management for iter_fwd and iter_hints methods. (#1054)
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
* - fast-reload, reload access-control.
* - fast-reload, reload access control interface, such as interface-action.
* - fast-reload, reload tcp-connection-limit.
* - fast-reload, improve comments on acl_list and tcl_list swap tree.
* - fast-reload, fixup references to old tcp connection limits in open tcp
connections.
* - fast-reload, fixup to clean tcp connection also for different linked order.
* - fast-reload, if no tcp connection limits existed, no need to remove
references for that.
* - fast-reload, document more options that work and do not work.
* - fast-reload, reload auth_zone and rpz data.
* - fast-reload, fix auth_zones_get_mem.
* - fast-reload, fix compilation of testbound for the new comm_timer_get_mem
reference in remote control.
* - fast-reload, change use_rpz with reload.
* - fast-reload, list changes in auth zones and stop zonemd callbacks for
deleted auth zones.
* - fast-reload, note xtree is not swapped, and why it is not swapped.
* - fast-reload, for added auth zones, pick up zone transfer and zonemd tasks.
* - fast-reload, unlock xfr when done with transfer pick up.
* - fast-reload, unlock z when picking up the xfr for it during transfer task
pick up.
* - fast-reload, pick up task changes for added, deleted and modified auth zones.
* - fast-reload, remove xfr of auth zone deletion without tasks.
* - fast-reload, pick up zone transfer config.
* - fast-reload, the main worker thread picks up the transfer tasks and also
performs setup of the xfer struct.
* - fast-reload, keep writelock on newzone when auth zone changes.
* - fast-reload, change cachedb_enabled setting.
* - fast-reload, pick up edns-strings config.
* - fast-reload, note that settings are not updated.
* - fast-reload, pick up dnstap config.
* - fast-reload, dnstap options that need to be loaded without +p.
* - fast-reload, fix auth zone reload
* - fast-reload, remove debug for auth zone test.
* - fast-reload, fix auth zone reload with zone transfer.
* - fast-reload, fix auth zone reload lock order.
* - fast-reload, remove debug from fast reload test.
* - fast-reload, remove unused function.
* - fast-reload, fix the worker trust anchor probe timer lock acquisition in
the probe answer callback routine for trust anchor probes.
* - fast-reload, reload trust anchors.
* - fast-reload, fix trust anchor reload lock on autr global data and test
for trust anchor reload.
* - fast-reload, adjust cache sizes.
* - fast-reload, reload cache sizes when changed.
* - fast-reload, reload validator env changes.
* - fast-reload, reload mesh changes.
* - fast-reload, check for incompatible changes.
* - fast-reload, improve error text for incompatible change.
* - fast-reload, fix check config option compatibility.
* - fast-reload, improve error text for nopause change.
* - fast-reload, fix spelling of incompatible options.
* - fast-reload, reload target-fetch-policy, outbound-msg-retry, max-sent-count
and max-query-restarts.
* - fast-reload, check nopause config change for target-fetch-policy.
* - fast-reload, reload do-not-query-address, private-address and capt-exempt.
* - fast-reload, check nopause config change for do-not-query-address,
private-address and capt-exempt.
* - fast-reload, check fast reload not possible due to interface and
outgoing-interface changes.
* - fast-reload, reload nat64 settings.
* - fast-reload, reload settings stored in the infra structure.
* - fast-reload, fix modstack lookup and remove outgoing-range check.
* - fast-reload, more explanation for config parse failure.
* - fast-reload, reload worker outside network changes.
* - fast-reload, detect incompatible changes in network settings.
* fast-reload, commit test files.
* - fast-reload, fix warnings for call types in windows compile.
* - fast-reload, fix warnings and comm_point_internal for tcp wouldblock calls.
* - fast-reload, extend lock checks for repeat thread ids.
* - fast-reload, additional test cases, cache change and tag changes.
* - fast-reload, fix documentation for auth_zone_verify_zonemd_with_key.
* - fast-reload, fix copy_cfg type casts and memory leak on config parse failure.
* - fast-reload, fix use of WSAPoll.
* Review comments for the fast reload feature (#1259)
* - fast-reload review, respip set can be null from a view.
* - fast-reload review, typos.
* - fast-reload review, keep clang static analyzer happy.
* - fast-reload review, don't forget to copy tag_actions.
* - fast-reload review, less indentation.
* - fast-reload review, don't leak respip_actions when reloading.
* - fast-reload review, protect NULL pointer dereference in get_mem
functions.
* - fast-reload review, add fast_reload_most_options.tdir to test most
options with high verbosity when fast reloading.
* - fast-reload review, don't skip new line on long error printouts.
* - fast-reload review, typo.
* - fast-reload review, use new_z for consistency.
* - fast-reload review, nit for unlock ordering to make eye comparison
with the lock counterpart easier.
* - fast-reload review, in case of error the sockets are already closed.
* - fast-reload review, identation.
* - fast-reload review, add static keywords.
* - fast-reload review, update unbound-control usage text.
* - fast-reload review, updates to the man page.
* - fast-reload, the fast-reload command is experimental.
* - fast-reload, fix compile of doqclient for fast reload functions.
* Changelog comment for #1042
- Merge #1042: Fast Reload. The unbound-control fast_reload is added.
It reads changed config in a thread, then only briefly pauses the
service threads, that keep running. DNS service is only interrupted
briefly, less than a second.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
- Merge #1174: Serve expired cache update fixes. Fixes a regression bug
with serve-expired that appeared in 1.22.0 and would not allow the
iterator to update the cache with not-yet-validated entries resulting
in increased outgoing traffic.
current delegation information be updated in cache. The fix allows
current delegation and validation recursion information to be
updated, but as a consequence no longer has certain expired
information around for later dnssec valid expired responses.
- Merge #871: DNS over QUIC. This adds `quic-port: 853` and
`quic-size: 8m` that enable dnsoverquic, and the counters
`num.query.quic` and `mem.quic` in the statistics output.
The feature needs to be enabled by compiling with libngtcp2,
with `--with-libngtcp2=path` and libngtcp2 needs openssl+quic,
pass that with `--with-ssl=path` to compile unbound as well.
- Merge #1143: Fix cache update when serve expired is used. Expired
records are favored over resolution and validation failures when
serve-expired is used.
that can set the timeout separately for commands and the
connection set up to the redis server. If they are not
specified, the redis-timeout value is used.
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
Enabling this option protects the Unbound resolver against bad
glue, that is unverified out of zone glue, by resolving them.
It uses the records as last resort if there is no other working
glue.
- Merge #1090: Cookie secret file. Adds
`cookie-secret-file: "unbound_cookiesecrets.txt"` option to store
cookie secrets for EDNS COOKIE secret rollover. The remote control
add_cookie_secret, activate_cookie_secret and drop_cookie_secret
commands can be used for rollover, the command print_cookie_secrets
shows the values in use.
for tap_data_free, does not delete NULL items. Also it does not try
to free the tail, specifically in the free of the list since that
picked up the next item in the list for its loop causing invalid
free. Added internal unit test to unbound-dnstap-socket for that.
performed, so that with nonzero target-fetch-policy it fetches
forwarder addresses and uses them from cache. Also updated that
delegation point cache fill routines use CDflag for AAAA message
lookups, so that its negative lookup stops a recursion since the
cache uses the bit for disambiguation for dns64 but the recursion
uses CDflag for the AAAA target lookups, so the check correctly
stops a useless recursion by its cache lookup.
increased, a timer is started when the dtio thread is sleeping,
the timer set disabled when the dtio thread goes to sleep, and
after sleep the thread checks to see if there are messages to log
immediately.
associated with the reply, not the currently active stream. And
it does not remove it twice on a mesh_send_reply call. The reply
h2_stream is NULL when not in use, for more initialisation.
