upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7992 commits 23 branches 209 tags 123 MiB
Commit graph

48 commits

Author SHA1 Message Date
W.C.A. Wijngaards
e4cf7aeccf - Fix header return value description for skip_pkt_rrs and 
parse_edns_from_query_pkt.
 2025-06-12 12:17:01 +02:00
Yorgos Thessalonikefs
2e398d51ba
Fix cache update when serve expired is used (#1143) 
- Fix cache update when serve expired is used in order to not evict
  still usable expired records. Modules are forbidden to update the
  cache if their answer is DNSSEC unchecked or bogus and a valid
  (expired) entry already exists. Bogus replies from the validator are
  also discarded in favor of existing (expired) valid replies.

- serve-expired-ttl-reset should try to keep expired records in the
  cache in case they are reset.
 2024-09-24 16:47:04 +02:00
Wouter Wijngaards
ad21dbd1c2
Cookie secret file (#1090) 
* - cookie-secret-file, define struct.

* - cookie-secret-file, add config option, create, read and delete struct.

* - cookie-secret-file, check cookie secrets for cookie validation.

* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
  activate_cookie_secret and print_cookie_secrets.

* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
  staging cookies get a fresh cookie and spelling in error message.

* - cookie-secret-file, remove unused variable from cookie file unit test.

* Remove unshare and faketime dependencies for cookie_file test; documentation nits.

---------

Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
 2024-08-02 13:32:08 +02:00
Yorgos Thessalonikefs
025881d0e9 - Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for 
negative answers overriding 'cache-min-ttl'.
 2024-03-12 11:24:59 +01:00
W.C.A. Wijngaards
63616a5fce - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. 2023-09-07 11:29:53 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
1cd75cccfc - For #762: More generic integration for siphash.c 2023-06-22 11:45:08 +02:00
Willem Toorop
75f3fbdd65 Downstream DNS Cookies a la RFC7873 and RFC9018 
Create server cookies for clients that send client cookies.
Needs to be turned on in the config file with:

	answer-cookie: yes

A cookie-secret can be configured for anycast setups.
Also adds an access control list that will allow queries with
either a valid cookie or over a stateful transport.
 2022-09-28 10:28:19 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
Tom Carpay
e899b4cefe Make explicit whether edns options are parsed from queries or responses 2021-11-15 13:40:51 +00:00
tcarpay
fa73142b79
Apply suggestions from code review 
Co-authored-by: Willem Toorop <willem@nlnetlabs.nl>
 2021-11-08 11:02:54 +01:00
Tom Carpay
5f8447830a Move option handling to parse-time 2021-11-01 13:48:31 +00:00
Tom Carpay
89d7476539 split edns_data.opt_list in opt_list_in and opt_list_out 
opt_list_in for parsed (incoming) edns options, and
opt_list_out for outgoing (to be encoded) edns options
 2021-11-01 12:48:40 +00:00
Tom Carpay
3e6eeb504d Modules have their own outgoing ends options list 
But nothing happens with it yet
 2021-10-27 13:48:49 +00:00
George Thessalonikefs
f5b7169729 Merge branch 'orig_ttl' of https://github.com/rijswijk/unbound into rijswijk-orig_ttl 2021-01-25 17:39:24 +01:00
Ubuntu
b5b79e3a36 Add feature to serve original TTLs rather than decrementing ones 2020-07-15 15:15:45 +00:00
Willem Toorop
4f78b37c61 Down- and upstream padding a la RFC7830 & RFC8467 2020-04-02 18:34:03 +02:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
Wouter Wijngaards
8746283787 fixup pythonmod. 
git-svn-id: file:///svn/unbound/trunk@3991 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 11:51:47 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
George Thessalonikefs
7b948b0647 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
Wouter Wijngaards
40dd2acfd9 - generic edns option parse and store code. 
git-svn-id: file:///svn/unbound/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00
Wouter Wijngaards
94a6478e05 - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: file:///svn/unbound/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
50934d4ce7 more time_t. 
git-svn-id: file:///svn/unbound/trunk@2951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-09-10 08:46:33 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
147d47eee7 Move includes to code files. 
git-svn-id: file:///svn/unbound/trunk@2035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-12 15:17:48 +00:00
Wouter Wijngaards
768c4b2643 min-ttl option and tests for min-ttl and max-ttl. 
git-svn-id: file:///svn/unbound/trunk@1598 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-14 10:10:11 +00:00
Wouter Wijngaards
f64778a893 memory footprint improvements. 
git-svn-id: file:///svn/unbound/trunk@778 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-27 15:52:41 +00:00
Wouter Wijngaards
fe44f5918a max ttl option. 
git-svn-id: file:///svn/unbound/trunk@721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-31 07:46:30 +00:00
Wouter Wijngaards
6f49c2fe55 regional nicer, remove region-allocator. 
git-svn-id: file:///svn/unbound/trunk@697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-18 20:31:43 +00:00
Wouter Wijngaards
9c33f8dcf4 fixup CNAME generated by scrubber. 
git-svn-id: file:///svn/unbound/trunk@403 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-06-20 08:55:00 +00:00
Wouter Wijngaards
28f9864b53 scrubbing routines. 
git-svn-id: file:///svn/unbound/trunk@354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-06-01 09:42:31 +00:00
Wouter Wijngaards
1a90ff7b67 Serviced queries in outside network service get full EDNS, UDP retry and 
TCP fallback attention.


git-svn-id: file:///svn/unbound/trunk@326 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-05-21 15:10:55 +00:00
Wouter Wijngaards
f3c0cd34d8 EDNS for the client. 
git-svn-id: file:///svn/unbound/trunk@288 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-05-07 13:17:27 +00:00
Wouter Wijngaards
8420d0b819 Use packedrrset msgformat in service. 
git-svn-id: file:///svn/unbound/trunk@277 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-05-03 15:34:03 +00:00
Wouter Wijngaards
d86f444442 start of EDNS work; TC truncation of message encoding. 
git-svn-id: file:///svn/unbound/trunk@276 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-05-02 15:31:32 +00:00
Wouter Wijngaards
182b6b7b46 lint faster, lint fix and define. 
git-svn-id: file:///svn/unbound/trunk@260 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-04-26 07:55:51 +00:00
Wouter Wijngaards
02f5c63635 parse type in host byte order. 
git-svn-id: file:///svn/unbound/trunk@256 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-04-25 11:36:51 +00:00
Wouter Wijngaards
add942bd40 RRSIG parsing and outputting. 
git-svn-id: file:///svn/unbound/trunk@255 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-04-24 13:39:23 +00:00
Wouter Wijngaards
2d53f65c92 RRSIG parse plans. 
git-svn-id: file:///svn/unbound/trunk@254 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-04-20 09:58:32 +00:00
Wouter Wijngaards
561385c35a review changes. 
git-svn-id: file:///svn/unbound/trunk@250 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-04-18 13:57:01 +00:00
Wouter Wijngaards
1cb321662d test for msgparse. 
git-svn-id: file:///svn/unbound/trunk@246 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-04-17 14:03:33 +00:00
Wouter Wijngaards
8bda1b6893 message parsing code in one file. 
git-svn-id: file:///svn/unbound/trunk@245 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-04-17 11:56:48 +00:00