- Added serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes#107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
Allows the use of multiple dynamic modules. Simply add more "dynlib"
entries to the "modules-config" and the same amount of "dynlib-file"
entries in the dynlib configuration block.
This commit adds proper support for multiple instances of the python
module: When more than one instance is added to the module list, the
first instance loads the first script specified in the `python:`
configuration section. The second instance loads the second script,
and so on.
When there are more module instances in the module list than there are
scripts in the `python:` section, an error is raised during
initialization and unbound won't start. When more scripts than module
instances are provided, the surplus scripts are ignored.
memory used by waiting tcp and tls stream replies. This avoids
a denial of service where these replies use up all of the memory.
git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
adds the option unknown-server-time-limit to unbound.conf that
can be increased to avoid the problem.
git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
deny-any: yes in unbound.conf. This responds with an empty message
to queries of type ANY.
git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
by default for Linux and DragonFlyBSD. The setting can
be configured in unbound.conf to override the default.
git-svn-id: file:///svn/unbound/trunk@4932 be551aaa-1e26-0410-a405-d3ace91eadb9
- free memory leaks in config strlist and str2list insert functions.
- do not move unused argv variable after getopt.
- Remove unused if clause in testcode.
git-svn-id: file:///svn/unbound/trunk@4896 be551aaa-1e26-0410-a405-d3ace91eadb9
resilience of the server. The so-reuseport, harden-below-nxdomain,
and minimal-responses options are enabled by default. They used
to be disabled by default, waiting to make sure they worked. They
are enabled by default now, and can be disabled explicitly by
setting them to "no" in the unbound.conf config file. The reuseport
and minimal options increases speed of the server, and should be
otherwise harmless. The harden-below-nxdomain option works well
together with the recently default enabled qname minimisation, this
causes more fetches to use information from the cache.
git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
This limits the number of simultaneous TCP client connections
from a nominated netblock.
And a simple test for TCP connection limit.
git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
root directory.
- Add config tcp-idle-timeout (default 30s). This applies to
client connections only; the timeout on TCP connections upstream
is unaffected.
git-svn-id: file:///svn/unbound/trunk@4802 be551aaa-1e26-0410-a405-d3ace91eadb9
certificate and key files, access can be restricted with file and
directory permissions. The option control-use-cert is no longer
used, and ignored if found in unbound.conf.
git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
authenticating DNS-over-TLS connections. It can be used instead
of the tls-cert-bundle option, or with it to add certificates.
git-svn-id: file:///svn/unbound/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
from Manu Bretelle.
This option allows handling multiple cert/key pairs while only
distributing some of them.
In order to reliably match a client magic with a given key without
strong assumption as to how those were generated, we need both key and
cert. Likewise, in order to know which ES version should be used.
On the other hand, when rotating a cert, it can be desirable to only
serve the new cert but still be able to handle clients that are still
using the old certs's public key.
The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
publish the cert as part of the DNS's provider_name's TXT answer.
git-svn-id: file:///svn/unbound/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
- Add defaults for new local-zone trees added to views using unbound-control.
git-svn-id: file:///svn/unbound/trunk@4199 be551aaa-1e26-0410-a405-d3ace91eadb9
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event
git-svn-id: file:///svn/unbound/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9
- Do not touch rrset cache after ECS cache message generation.
- Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.
git-svn-id: file:///svn/unbound/trunk@4086 be551aaa-1e26-0410-a405-d3ace91eadb9
of TXT RRs with a string like "example.com. 2345 1234" with
the trust anchors and their keytags.
git-svn-id: file:///svn/unbound/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
- unbound-control stats_shm command prints stats using shared memory,
which uses less cpu.
git-svn-id: file:///svn/unbound/trunk@4020 be551aaa-1e26-0410-a405-d3ace91eadb9
information that DNS queries and response code and response size,
patch from Larissa Feng.
git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
you enable use-systemd: yes in unbound.conf.
Also there are contrib/unbound.socket and contrib/unbound.service:
systemd files for unbound, install them in /usr/lib/systemd/system.
Contributed by Sami Kerola and Pavel Odintsov.
git-svn-id: file:///svn/unbound/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
