upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-26 17:49:55 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
3446 commits 23 branches 209 tags 124 MiB
Commit graph

408 commits

Author SHA1 Message Date
Wouter Wijngaards
718e98b1cd - Fix that NSEC3 negative cache is used when there is no salt. 
git-svn-id: file:///svn/unbound/trunk@3639 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-24 15:02:35 +00:00
Wouter Wijngaards
e9f954b828 - load gost algorithm if digest is seen before key algorithm. 
git-svn-id: file:///svn/unbound/trunk@3630 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:17:03 +00:00
Wouter Wijngaards
134924c4da Remove lint warning. 
git-svn-id: file:///svn/unbound/trunk@3629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:16:27 +00:00
Wouter Wijngaards
2c94a5b312 - Print understandable debug log when unusable DS record is seen. 
git-svn-id: file:///svn/unbound/trunk@3627 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 10:48:23 +00:00
Wouter Wijngaards
785697de82 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: file:///svn/unbound/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
Wouter Wijngaards
152458c40b - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
Wouter Wijngaards
ffb5a2d9eb Document ASN contents. 
git-svn-id: file:///svn/unbound/trunk@3542 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 14:36:10 +00:00
Wouter Wijngaards
4e3ae5505e cast to please lint. 
git-svn-id: file:///svn/unbound/trunk@3541 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 14:27:49 +00:00
Wouter Wijngaards
39dc5be222 - Fixup DER encoded DSA signatures for libnettle. 
git-svn-id: file:///svn/unbound/trunk@3540 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 13:31:22 +00:00
Wouter Wijngaards
2756b0f873 Repair // style comments for portability. 
git-svn-id: file:///svn/unbound/trunk@3539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 12:46:47 +00:00
Wouter Wijngaards
fa57a6c6e8 use digest_nettle function for nsec3_hash calls. 
git-svn-id: file:///svn/unbound/trunk@3537 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:39:58 +00:00
Wouter Wijngaards
3433a30878 please lint. 
git-svn-id: file:///svn/unbound/trunk@3536 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:32:04 +00:00
Wouter Wijngaards
2a73ccd5b4 - refactor nsec3 hash implementation to be more library-portable. 
git-svn-id: file:///svn/unbound/trunk@3535 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:30:04 +00:00
Wouter Wijngaards
2bdea62a9e - Fix #594. libunbound: optionally use libnettle for crypto. 
Contributed by Luca Bruno.  Added --with-nettle for use with
  --with-libunbound-only.


git-svn-id: file:///svn/unbound/trunk@3533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 09:43:07 +00:00
Wouter Wijngaards
bdb24c91b2 - Fix #716: nodata proof with empty non-terminals and wildcards. 
git-svn-id: file:///svn/unbound/trunk@3526 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-29 13:08:15 +00:00
Wouter Wijngaards
dd174820dc windows portability. 
git-svn-id: file:///svn/unbound/trunk@3521 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-27 15:35:08 +00:00
Wouter Wijngaards
40c139cd8f - Fix #712: unbound-anchor appears to not fsync root.key. 
git-svn-id: file:///svn/unbound/trunk@3512 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-22 07:06:31 +00:00
Wouter Wijngaards
e3351c3606 - Remove confusion comment from canonical_compare() function. 
git-svn-id: file:///svn/unbound/trunk@3488 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-22 08:43:56 +00:00
Wouter Wijngaards
934954375e configuration option affects autotrust. 
git-svn-id: file:///svn/unbound/trunk@3472 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-13 12:52:51 +00:00
Wouter Wijngaards
08e6883578 - 5011 implementation does not insist on all algorithms, when 
harden-algo-downgrade is turned off.


git-svn-id: file:///svn/unbound/trunk@3471 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-13 12:03:53 +00:00
Wouter Wijngaards
771e7295ac - Fix 5011 anchor update timer after reload. 
git-svn-id: file:///svn/unbound/trunk@3466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 11:56:37 +00:00
Wouter Wijngaards
7166c1ad36 no zero waiting times. 
git-svn-id: file:///svn/unbound/trunk@3464 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 14:01:04 +00:00
Wouter Wijngaards
814ddc5d48 fixup. 
git-svn-id: file:///svn/unbound/trunk@3463 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 12:02:18 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
b5f391d845 - DLV is going to be decommissioned. Advice to stop using it, and 
put text in the example configuration and man page to that effect.


git-svn-id: file:///svn/unbound/trunk@3424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-20 06:24:06 +00:00
Wouter Wijngaards
bfd78a8c23 - Change syntax of particular validator error to be easier for 
machine parse, swap rrset and ip adres info so it looks like:
  validation failure <www.example.nl. TXT IN>: signature crypto
  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>


git-svn-id: file:///svn/unbound/trunk@3422 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-10 12:04:22 +00:00
Wouter Wijngaards
32f808fcfa - Unbound exits with a fatal error when the auto-trust-anchor-file 
fails to be writable.  This is seconds after startup.  You can
  load a readonly auto-trust-anchor-file with trust-anchor-file.
  The file has to be writable to notice the trust anchor change,
  without it, a trust anchor change will be unnoticed and the system
  will then become unoperable.


git-svn-id: file:///svn/unbound/trunk@3387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 12:03:05 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
7a9ccf858c - If unknown trust anchor algorithm, and libressl is used, error 
message encourages upgrade of the libressl package.


git-svn-id: file:///svn/unbound/trunk@3378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-25 16:04:05 +00:00
Wouter Wijngaards
6feb8fb6a5 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: file:///svn/unbound/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
Wouter Wijngaards
63b5d109f8 - Use reallocarray for integer overflow protection, patch submitted 
by Loganaden Velvindron.


git-svn-id: file:///svn/unbound/trunk@3365 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-17 08:24:24 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
e08aa7c5e1 - Fix validation failure in case upstream forwarder (ISC BIND) does 
not have the same trust anchors and decides to insert unsigned NS
  record in authority section.


git-svn-id: file:///svn/unbound/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-09 11:44:46 +00:00
Wouter Wijngaards
15d16580a8 - Fix unintended use of gcc extension for incomplete enum types, 
compile with pedantic c99 compliance (from Daniel Dickman).


git-svn-id: file:///svn/unbound/trunk@3321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-26 08:46:40 +00:00
Wouter Wijngaards
67a3c4933c - Fix cdflag dns64 processing. 
git-svn-id: file:///svn/unbound/trunk@3275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-19 08:43:08 +00:00
Wouter Wijngaards
b781f2d48d - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: file:///svn/unbound/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
Wouter Wijngaards
f1bcc1032f More casts. 
git-svn-id: file:///svn/unbound/trunk@3244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 09:23:12 +00:00
Wouter Wijngaards
339a6be27d More unsigned chasts for toupper/tolower/ctype 
git-svn-id: file:///svn/unbound/trunk@3242 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 08:35:00 +00:00
Matthijs Mekking
dab0af8d87 Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is received. 
This is okay according 4035, but not after revising existence in 4592. 
NSEC empty non-terminals exist and thus the RCODE should have been NOERROR.

If this occurs, and the RRsets are secure, we set the RCODE to NOERROR and
the security status of the reponse is also considered secure.



git-svn-id: file:///svn/unbound/trunk@3089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-20 09:46:50 +00:00
Matthijs Mekking
492a5ca681 only whitespace changes 
git-svn-id: file:///svn/unbound/trunk@3088 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-18 13:54:19 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
2bb8f893cc - Fix #547: no trustanchor written if filesystem full, fclose checked. 
git-svn-id: file:///svn/unbound/trunk@3044 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-21 10:14:55 +00:00
Wouter Wijngaards
3ce7b4a6fa - Windows port, adjust %lld to %I64d, and warning in win_event.c. 
git-svn-id: file:///svn/unbound/trunk@3040 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 16:01:37 +00:00
Wouter Wijngaards
67f5157e45 - fix #544: Fixed +i causes segfault when running with module conf "iterator". 
git-svn-id: file:///svn/unbound/trunk@3038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 13:04:34 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
3de090dadb Fix linking of sldns and ldns, unique identifiers for global variables. 
git-svn-id: file:///svn/unbound/trunk@3021 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-30 11:03:55 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
c9438d938e fix lint, more time_t 
git-svn-id: file:///svn/unbound/trunk@2950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 14:45:33 +00:00
Wouter Wijngaards
3e41dedfc5 remove bool. 
git-svn-id: file:///svn/unbound/trunk@2949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:47:23 +00:00
Wouter Wijngaards
bf67dc2a0d remove bool. 
git-svn-id: file:///svn/unbound/trunk@2948 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:46:41 +00:00