upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7711 commits 23 branches 209 tags 123 MiB
Commit graph

470 commits

Author SHA1 Message Date
Wouter Wijngaards
ced9762b14
Merge pull request #1041 from NLnetLabs/stubfwd-unshare 
Stub and Forward unshare
 2024-04-25 11:11:00 +02:00
W.C.A. Wijngaards
cccf5e73c0 - Fixup compile without cachedb. 2024-04-10 11:33:52 +02:00
W.C.A. Wijngaards
d98c7b9ae3 - Implement cachedb-check-when-serve-expired: yes option, default 
is enabled. When serve expired is enabled with cachedb, it first
  checks cachedb before serving the expired response.
 2024-04-10 11:21:28 +02:00
Yorgos Thessalonikefs
fb4a7d65d7 - Fix #369: dnstap showing extra responses; for client responses 
right from the cache when replying with expired data or
  prefetching.
 2024-04-03 15:18:13 +02:00
W.C.A. Wijngaards
48113cfaba - fast-reload, unshared stub hints, making the structure locked, with an rwlock. 2024-04-03 13:55:57 +02:00
W.C.A. Wijngaards
f2fb498c69 - fast-reload, unshare forwards, making the structure locked, with an rwlock. 2024-04-03 13:55:54 +02:00
W.C.A. Wijngaards
2993437eaa - Fix that addrinfo is not kept around but copied and freed, so that 
log-destaddr uses a copy of the information, much like NSD does.
 2024-03-15 13:39:49 +01:00
W.C.A. Wijngaards
ec0b510f1c - Fix for #1022: Fix ede prohibited in access control refused answers. 2024-03-05 13:39:29 +01:00
Willem Toorop
e1229e375f
Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage (#1010) 
* Mention REFUSED with TC with unmatched allow_cookie acl in manpage

Also moved the part about bypassing ip-ratelimit to the ip-ratelimit
description as it will be bypassed with a valid DNS-Cookie regardless of the
allow_cookie acl.

* Apply suggestions from code review

* Update doc/unbound.conf.5.in

* DNS-Cookies should bypass ip-ratelimit setting
 2024-02-20 15:29:34 +01:00
k-akashi
4b9cd8e81d Add DoH and DoT to dnstap message 2023-12-27 07:26:21 +09:00
W.C.A. Wijngaards
3d1bc143af - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. 2023-12-05 10:05:51 +01:00
Wouter Wijngaards
c4e0354876
Merge pull request #971 from dukeartem/master 
fix 'WARNING: Message has 41 extra bytes at end'
 2023-12-05 09:09:23 +01:00
Artem
389e820878
fix 'WARNING: Message has 41 extra bytes at end' 2023-12-05 09:43:15 +03:00
W.C.A. Wijngaards
39df4f0923 - disable-edns-do, queriers receive no EDNS in response if the 
disable-edns-do option is enabled and they set the DO flag. And unit test
  for that.
 2023-10-04 13:54:05 +02:00
George Thessalonikefs
13d4504dfc - Merge #881: Generalise the proxy protocol code. 2023-10-03 14:51:50 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
49e4258102 - For #762: Interaction between DNS Cookies and source IP ratelimiting 
by allowing Cookies to bypass the ratelimit, but still allowing
  ratelimit to valid DNS Cookie clients via the new
  ip-ratelimit-cookie option.
 2023-08-08 10:14:03 +02:00
George Thessalonikefs
4ccb613396 Merge branch 'master' into features/downstream-cookies 2023-08-05 20:37:48 +02:00
George Thessalonikefs
b6e2f4dbf8 - For #762: Formatting. 2023-08-04 19:03:23 +02:00
George Thessalonikefs
d4145772b5 - Move a cache reply callback in worker.c closer to the cache reply 
generation.
 2023-08-02 12:33:52 +02:00
George Thessalonikefs
2cc9563cf8 - Fix to use the now cached EDE, if any, for CD_bit queries. 2023-08-01 15:23:25 +02:00
George Thessalonikefs
50ea4a1072 Address review comments for #759: 
- Decrease allocations for "" EDE strings when loading the cachedump.
- Check for existence of EDE code before attaching.
 2023-07-28 12:56:13 +02:00
George Thessalonikefs
f5a2a58ce3 Review for #759: 
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
  0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
 2023-07-17 17:26:31 +02:00
George Thessalonikefs
15b8d8b96a Merge branch 'master' into features/ede-caching 2023-07-13 11:25:59 +02:00
George Thessalonikefs
a952ac17be Merge branch 'tilan7663-subnet_cache_prefetch' into subnet_cache_prefetch 2023-07-07 16:50:58 +02:00
George Thessalonikefs
40e47bf767 - For #664: easier code flow for subnetcache prefetching. 
- For #664: add testcase.
 2023-07-06 22:22:21 +02:00
George Thessalonikefs
0f1ea7e490 - Properly handle all return values of worker_check_request during 
early EDE code.
- Do not check the incoming request more than once.
 2023-06-14 11:40:59 +02:00
W.C.A. Wijngaards
2a2598dbf2 - Fix #888: [FR] Use kernel timestamps for dnstap. 2023-05-16 08:50:38 +02:00
W.C.A. Wijngaards
70c2b587fc - Fix RPZ IP responses with trigger rpz-drop on cache entries, that 
they are dropped.
 2023-05-01 09:26:17 +02:00
Vadim Fedorenko
263096d1f6 stats: add query max wait time metric 
Add new statistic value to know the size of the queue in microseconds.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-26 03:27:25 -07:00
Vadim Fedorenko
e577ab105e stats: add counter for timed out queries 
Add counter `num_queries_timed_out` meaning queries that were sitting in the
socket queue and waiting to being processed too long. There is no reason
to process such queries, so let's drop it in the very beginning of the
pipeline.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-26 03:27:25 -07:00
Vadim Fedorenko
2e6ddd6032 netevent: parse and store rcv timestamp from sock 
Add special field in comm_point to store the software receive timestamp
for every particular UDP packet. Aux data parser is updated to read
values and the whole callback is switched to use recvmsg form.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-26 03:26:51 -07:00
Vadim Fedorenko
648ad4db6f Linting change. 
Remove config parser/lexer code as it's rebuilded every time but can
break adding new config options.
Also clean up the code base to avoid mixing actual code changes and lint
issues.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-25 17:05:00 -07:00
George Thessalonikefs
b5cc8b6c59 - Generalise the proxy protocol code 2023-04-24 16:15:56 +02:00
George Thessalonikefs
857d6ce3a1 Merge branch 'reuse-caches-on-reload' of https://github.com/jinmeiib/unbound-1 into jinmeiib-reuse-caches-on-reload 2022-12-13 16:42:38 +01:00
George Thessalonikefs
896f7a8306 - Ignore expired error responses. 2022-11-22 17:44:55 +01:00
TCY16
8b4a8493d0 Merge branch 'master' of github.com:NLnetLabs/unbound into features/ede-caching 2022-11-21 11:34:36 +01:00
TCY16
b65ff768bc remove superfluous variables 2022-11-18 11:30:11 +01:00
Willem Toorop
8df26b132b Merge branch 'master' into devel/merge-master-into-downstream-cookies 2022-11-07 17:09:20 +00:00
W.C.A. Wijngaards
6b8181acb7 - Fix dnscrypt compile for proxy protocol code changes. 2022-10-05 14:09:12 +02:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
Willem Toorop
75f3fbdd65 Downstream DNS Cookies a la RFC7873 and RFC9018 
Create server cookies for clients that send client cookies.
Needs to be turned on in the config file with:

	answer-cookie: yes

A cookie-secret can be configured for anycast setups.
Also adds an access control list that will allow queries with
either a valid cookie or over a stateful transport.
 2022-09-28 10:28:19 +02:00
Willem Toorop
71f23ef354 extended_error_encode() for extended errors 2022-09-28 09:57:56 +02:00
TCY16
d731fa2e21 use correct edns_list attach function 2022-09-21 16:19:38 +02:00
TCY16
dcfcde2ec8 add cached EDE strings 2022-09-21 11:21:33 +02:00
George Thessalonikefs
7e9fd2114b Cleared error messages for interface-* options. 2022-09-11 20:21:32 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
57230d7f22 - Fix to log a verbose message at operational notice level if a 
thread is not responding, to stats requests. It is logged with
  thread identifiers.
 2022-09-01 15:14:20 +02:00
TCY16
5f309d0018 Add caching EDEs 2022-09-01 14:10:14 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00