upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6695 commits 23 branches 209 tags 123 MiB
Commit graph

509 commits

Author SHA1 Message Date
Wouter Wijngaards
74f1f0addd
Merge pull request #401 from NLnetLabs/rpz-triggers 
RPZ triggers
 2021-08-25 10:14:12 +02:00
Shchelkunov Artem
ba7598f559
Fix: passed to proc after free 
Found by static analyzer svace
Static analyzer message: Pointer 'dp' is passed to a function at
iter_hints.c:401 after the referenced memory was deallocated at
iter_hints.c:174 by passing as 3rd parameter to function 'hints_insert'
at iter_hints.c:398.

on-behalf-of: @ideco-team <github@ideco.ru>
 2021-08-20 18:06:51 +05:00
W.C.A. Wijngaards
a9de6879b8 Merge branch 'master' into rpz-triggers 2021-08-18 09:53:35 +02:00
W.C.A. Wijngaards
f232562430 Merge branch 'master' into rpz-triggers 2021-08-05 13:37:22 +02:00
Tomasz Ziolkowski
ae45f46b9e Add (stub|forward)-tcp-upstream options which enable using tcp transport only for specified stub/forward zones 2021-08-05 08:44:18 +02:00
George Thessalonikefs
8878680898 - Bump MAX_RESTART_COUNT to 11 from 8; in relation to #438. This allows 
longer CNAME chains in Unbound.
 2021-08-04 10:53:22 +02:00
W.C.A. Wijngaards
79209823ac - Fix a number of warnings reported by the gcc analyzer. 2021-06-18 18:12:26 +02:00
W.C.A. Wijngaards
32d82fac9b Merge branch 'master' into rpz-triggers 2021-05-14 08:47:56 +02:00
W.C.A. Wijngaards
ecb8aed2f2 - Add that log-servfail prints an IP address and more information 
about one of the last failures for that query.
 2021-04-29 10:24:35 +02:00
W.C.A. Wijngaards
b366441157 Merge branch 'master' into rpz-triggers 2021-04-14 09:39:41 +02:00
W.C.A. Wijngaards
55ba863440 - Fix that nxdomain synthesis does not happen above the stub or 
forward definition.
 2021-04-13 13:52:57 +02:00
George Thessalonikefs
403d0551b7 - Fix (increase) verbosity level for iterator error log in 
processQueryTargets().
 2021-04-12 16:49:45 +02:00
W.C.A. Wijngaards
1c75e62804 - rpz-triggers, separate cache storage of RPZ records from network records. 2021-04-01 12:06:14 +02:00
W.C.A. Wijngaards
49d9e91492 Merge branch 'master' into rpz-triggers 2021-03-25 17:28:53 +01:00
W.C.A. Wijngaards
8e7ced72e5 - rpz-triggers, fix that after cname an nsdname or nsip trigger has cname 
rrsets prepended by the iterator.
 2021-03-22 09:42:04 +01:00
W.C.A. Wijngaards
81cd0d76c8 - rpz-triggers, call rpz callback only if there are auth zones configured. 2021-03-22 09:39:12 +01:00
W.C.A. Wijngaards
7f39003c04 - rpz triggers, implement qname trigger after cname. 2021-03-19 17:31:44 +01:00
W.C.A. Wijngaards
0c07861404 - Fix #441: Minimal NSEC range not accepted for top level domains. 2021-03-17 14:04:02 +01:00
W.C.A. Wijngaards
6f507eb036 Merge branch 'master' into rpz-triggers 2021-03-12 09:04:54 +01:00
W.C.A. Wijngaards
3b24d845ff - Fix doxygen and pydoc warnings. 2021-02-18 11:39:06 +01:00
W.C.A. Wijngaards
5943c6f2e3 - Fix to make tests work with support indicators set for iterator. 2021-02-15 14:57:29 +01:00
W.C.A. Wijngaards
74e06cc4b3 - Fix #422: IPv6 fallback issues when IPv6 is not properly 
enabled/configured.
 2021-02-15 14:40:48 +01:00
mb
f78aa90ff1 rpz: nsdname stubs 2020-11-26 11:33:49 +01:00
mb
7acf1a5088 rpz: fix forged response 2020-11-24 16:29:15 +01:00
mb
afc73e28d8 rpz: fix forged messages 2020-11-24 12:02:59 +01:00
mb
b178cf34b6 rpz: update ext_state in the iterator 2020-11-24 11:33:16 +01:00
mb
126e114d6f rpz: forge responses 2020-11-24 11:25:01 +01:00
mb
354c19f6ac rpz: apply trigger at query time not response time 2020-11-24 09:33:08 +01:00
mb
e27b160acd rpz: stubs for nsip triggers 2020-11-13 14:36:00 +01:00
W.C.A. Wijngaards
dd59521e52 dlv removal, remove from comments and unused code in iterator and validator 2020-08-04 17:17:48 +02:00
W.C.A. Wijngaards
ba0f382eee - CVE-2020-12662 Unbound can be tricked into amplifying an incoming 
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.
 2020-05-19 10:27:27 +02:00
Ralph Dolmans
03a37d1ff6 - Keep track of number of timeouts. Use this counter to determine if capsforid 
fallback should be started.
 2020-04-06 18:00:06 +02:00
W.C.A. Wijngaards
318d4e91cc - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for 
using ipv4 filters, because the hosts ip6 netblock /64 is not owned
  by one operator, and thus reputation is shared.
 2020-02-25 09:55:59 +01:00
W.C.A. Wijngaards
f5e06689d1 - Fix Assert Causing DoS in synth_cname(), 
reported by X41 D-Sec.
 2019-12-03 15:10:36 +01:00
W.C.A. Wijngaards
9f0b260c49 - Fix wrong response ttl for prepended short CNAME ttls, this would 
create a wrong zero_ttl response count with serve-expired enabled.
 2019-09-19 16:29:51 +02:00
Ralph Dolmans
edf1ad369a - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain 
answers.
 - For harden-below-nxdomain: do not consider a name to be non-exitent when
   message contains a CNAME record.


git-svn-id: file:///svn/unbound/trunk@5174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 15:09:15 +00:00
Wouter Wijngaards
91e863138b - Print query name and IP address when domain rate limit exceeded. 
git-svn-id: file:///svn/unbound/trunk@5117 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 15:53:02 +00:00
Wouter Wijngaards
a41375411e - Fix capsforid canonical sort qsort callback. 
git-svn-id: file:///svn/unbound/trunk@5114 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-14 08:16:15 +00:00
Wouter Wijngaards
429e130768 - Fix that qname minimisation does not skip a label when missing 
nameserver targets need to be fetched.


git-svn-id: file:///svn/unbound/trunk@5107 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-08 13:30:51 +00:00
Wouter Wijngaards
20d57ec58b - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2. 
git-svn-id: file:///svn/unbound/trunk@5106 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-07 08:34:28 +00:00
Wouter Wijngaards
a9e028564d Keep scratch region free on exit. 
git-svn-id: file:///svn/unbound/trunk@5101 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 15:48:21 +00:00
Wouter Wijngaards
99994a26b0 - Perform canonical sort for 0x20 capsforid compare of replies, 
this sorts rrsets in the authority and additional section before
  comparison, so that out of order rrsets do not cause failure.


git-svn-id: file:///svn/unbound/trunk@5100 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 15:22:08 +00:00
Wouter Wijngaards
3028fa50a8 - Patch from Florian Obser fixes some compiler warnings: 
include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c



git-svn-id: file:///svn/unbound/trunk@5072 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:05:00 +00:00
Wouter Wijngaards
d48abb9a84 clang analysis fixes, assert arc4random buffer in init, 
no check for already checked delegation pointer in iterator,
in testcode check for NULL packet matches, in perf do not copy
from NULL start list when growing capacity.  Adjust host and file
only when present in test header read to please checker.  In
testcode for unknown macro operand give zero result. Initialise the
passed argv array in test code.  In test code add EDNS data
segment copy only when nonempty.


git-svn-id: file:///svn/unbound/trunk@5070 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 11:55:10 +00:00
Wouter Wijngaards
762920232a - For caps-for-id fallback, use the whitelist to avoid timeout 
starting a fallback sequence for it.


git-svn-id: file:///svn/unbound/trunk@5038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-17 08:50:25 +00:00
Wouter Wijngaards
d96de4c222 - New and better fix for Fix #4193: Fix that prefetch failure does 
not overwrite valid cache entry with SERVFAIL.


git-svn-id: file:///svn/unbound/trunk@4982 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 10:56:45 +00:00
Wouter Wijngaards
0ff5c52657 - Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work. 
git-svn-id: file:///svn/unbound/trunk@4981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 10:29:14 +00:00
Wouter Wijngaards
8fcc82171a - Fix #4193: Fix that prefetch failure does not overwrite valid cache 
entry with SERVFAIL.


git-svn-id: file:///svn/unbound/trunk@4976 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-26 10:25:50 +00:00
Wouter Wijngaards
022d5131b3 Fixup. 
git-svn-id: file:///svn/unbound/trunk@4965 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-21 06:44:24 +00:00
Wouter Wijngaards
7458729d28 - Scrub NS records from NODATA responses as well. 
git-svn-id: file:///svn/unbound/trunk@4964 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-21 06:37:00 +00:00