upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-22 07:41:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7711 commits 23 branches 209 tags 123 MiB
Commit graph

409 commits

Author SHA1 Message Date
W.C.A. Wijngaards
a335e601e4 ipset-pf-support, move startup and destartup to the front of the module 
func block functions, modstack call deinit function names, and detect
module change when no startup functions are needed.
 2024-07-03 13:53:44 +02:00
W.C.A. Wijngaards
ff653a7ef8 Call module init init again, and new function startup and destartup. 
NULL can be used if the function is not used. Open shared ports during
reload. Deinit is called during reload.
 2024-07-01 16:10:07 +02:00
W.C.A. Wijngaards
3953f827fb Merge branch 'master' of https://github.com/madroach/unbound into ipset-pf-support 2024-07-01 14:36:33 +02:00
W.C.A. Wijngaards
47956de897 - Fix to enable that SERVFAIL is cached, for a short period, for more 
cases. In the cases where limits are exceeded.
 2024-05-27 13:53:16 +02:00
W.C.A. Wijngaards
7de009f99a - Fix when the mesh jostle is exceeded that nameserver targets are 
marked as resolved, so that the lookup is not stuck on the
  requestlist.
 2024-05-10 09:50:35 +02:00
Yorgos Thessalonikefs
63a6b7b255 - Cleanup unnecessary strdup calls for EDE strings. 2024-04-29 10:15:19 +02:00
Wouter Wijngaards
ced9762b14
Merge pull request #1041 from NLnetLabs/stubfwd-unshare 
Stub and Forward unshare
 2024-04-25 11:11:00 +02:00
Yorgos Thessalonikefs
9b9bba9f02
Update locking management for iter_fwd and iter_hints methods. (#1054) 
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2024-04-25 11:05:58 +02:00
Yorgos Thessalonikefs
3ec74d1e3a - When a granchild delegation is returned, remove any cached child delegations 
up to parent to not cause delegation invalidation because of an
  expired child delegation that would never be updated. Most likely to
  happen without qname-minimisation. Reported by Roland van Rijswijk-Deij.
 2024-04-22 15:46:06 +02:00
W.C.A. Wijngaards
48113cfaba - fast-reload, unshared stub hints, making the structure locked, with an rwlock. 2024-04-03 13:55:57 +02:00
W.C.A. Wijngaards
f2fb498c69 - fast-reload, unshare forwards, making the structure locked, with an rwlock. 2024-04-03 13:55:54 +02:00
W.C.A. Wijngaards
fef974ca5c - Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that 
clientip and nsip can give a CNAME.
 2024-03-19 09:32:53 +01:00
W.C.A. Wijngaards
8dbf46913b - Fix rpz for qtype CNAME after nameserver trigger. 2024-03-18 14:36:29 +01:00
W.C.A. Wijngaards
79e25e192c - Fix that rpz CNAME content is limited to the max number of cnames. 2024-03-18 11:25:29 +01:00
W.C.A. Wijngaards
4b54d8e15e - Fix rpz for cname override action after nsdname and nsip triggers. 2024-03-13 17:14:14 +01:00
W.C.A. Wijngaards
e361f6b284 - Fix qname minimisation for reply with a DNAME for qtype CNAME that 
answers it.
 2024-03-08 16:33:17 +01:00
W.C.A. Wijngaards
be626f7c53 - Fix edns subnet replies for scope zero answers to not get stored 
in the global cache, and in cachedb, when the upstream replies
  without an EDNS record.
 2024-03-04 13:20:13 +01:00
W.C.A. Wijngaards
0f78bea4a3 - Fix #954: Inconsistent RPZ handling for A record returned along with 
CNAME.
 2023-10-17 16:47:04 +02:00
W.C.A. Wijngaards
1e85749e6e Merge branch 'master' into disable-edns-do 2023-10-05 15:57:41 +02:00
W.C.A. Wijngaards
b865aca03a - Fix #946: Forwarder returns servfail on upstream response noerror no 
data.
 2023-10-04 18:16:22 +02:00
W.C.A. Wijngaards
9aaafddf04 - disable-edns-do, the option turns of the EDNS DO flag when a message is 
sent from the iterator.
 2023-09-20 13:28:06 +02:00
W.C.A. Wijngaards
fdd5f8ff83 - Fix to add EDE text when RRs have been removed due to length. 2023-09-07 14:44:48 +02:00
W.C.A. Wijngaards
be53e37b15 - Fix #923: processQueryResponse() THROWAWAY should be mindful of 
fail_reply.
 2023-08-21 14:32:13 +02:00
George Thessalonikefs
6819c1e444 - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. 2023-07-30 11:48:04 +02:00
George Thessalonikefs
f5a2a58ce3 Review for #759: 
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
  0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
 2023-07-17 17:26:31 +02:00
George Thessalonikefs
15b8d8b96a Merge branch 'master' into features/ede-caching 2023-07-13 11:25:59 +02:00
Boris VANHOOF
17559c737b typo in comments 2023-05-23 09:21:58 +02:00
George Thessalonikefs
adb4aeb609 - For #722: Minor fixes, formatting and refactoring. 2023-05-01 18:23:13 +02:00
George Thessalonikefs
e1ec3cf893 Merge branch 'nat64' of https://github.com/eqvinox/unbound into eqvinox-nat64 2023-04-26 15:14:39 +02:00
W.C.A. Wijngaards
c7618a9b80 - Fix #870: NXDOMAIN instead of NOERROR rcode when asked for existing 
CNAME record.
 2023-04-04 10:06:16 +02:00
George Thessalonikefs
eb81761b13 - Clean up iterator/iterator.c::error_response_cache() and allow for 
better interaction with serve-expired, prefetch and cached error
  responses.
 2023-02-10 16:51:07 +01:00
George Thessalonikefs
1c1c5d72d3 Changelog entry for 
- Allow TTL refresh of expired error responses.
 2023-02-09 10:52:56 +01:00
George Thessalonikefs
87a8c80fcb - Allow TTL refresh of expired error responses. 2023-02-09 10:47:46 +01:00
W.C.A. Wijngaards
b12ab31ae3 - Fix not following cleared RD flags potentially enables amplification 
DDoS attacks, reported by Xiang Li and Wei Xu from NISL Lab,
  Tsinghua University. The fix stops query loops, by refusing to send
  RD=0 queries to a forwarder, they still get answered from cache.
 2023-01-18 13:18:47 +01:00
George Thessalonikefs
71db243b0d Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf 2022-12-13 14:35:01 +01:00
George Thessalonikefs
c61b2121b5 - Expose 'max-sent-count' as a configuration option; the 
default value retains Unbound's behavior.
 2022-12-13 13:57:07 +01:00
TCY16
8b4a8493d0 Merge branch 'master' of github.com:NLnetLabs/unbound into features/ede-caching 2022-11-21 11:34:36 +01:00
David Lamparter
64fb06f892 NAT64 support 
This implements #721.  Includes documentation and some very basic tests.
Please refer to doc for further detail.
 2022-11-07 11:37:50 +00:00
George Thessalonikefs
e9107907e5 - Clarify the use of MAX_SENT_COUNT in the iterator code. 2022-10-18 12:29:07 +02:00
W.C.A. Wijngaards
b043bc5eb4 - Fix to stop responses with TC flag from resulting in partial 
responses. It retries to fetch the data elsewhere, or fails the
  query and in depth fix removes the TC flag from the cached item.
 2022-10-06 10:01:09 +02:00
Yorgos Thessalonikefs
f1d263a318
Leniency for target discovery when under load (for NRDelegation changes) (#764) 
* - Introduce leniency for target discovery when under load.

* - Allow for easier testing (to be reverted).

* - Happy compiler.

* - Precheck access to target_fetch_policy.

* - Do not mark a nameserver as resolved when one of A/AAAA is negative.

* - Update fetch_glue.rpl test for (possible) outstanding queries.

* - Update fetch_glue_cname.rpl test for possible outstanding queries.

* - Better fix for fetch_glue_cname.rpl.

* - Fix iter_emptydp_for_glue.rpl to match the referral.

* - Disabled the nxns tests for now (to be reverted).

* - Update iter_recurse.rpl for possible outstanding queries.

* Revert "- Disabled the nxns tests for now (to be reverted)."

This reverts commit 34a9c13a90.

* Revert "- Allow for easier testing (to be reverted)."

This reverts commit b6dfe35e1d.
 2022-10-04 22:21:08 +02:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
W.C.A. Wijngaards
a102fb1df8 - Fix to remove erroneous TC flag from TCP upstream. 2022-10-03 09:53:41 +02:00
TCY16
dcfcde2ec8 add cached EDE strings 2022-09-21 11:21:33 +02:00
W.C.A. Wijngaards
137719522a - Patch for CVE-2022-3204 Non-Responsive Delegation Attack. 2022-09-21 11:10:38 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
Minghang Chen
249efd4285 Introduce infra-cache-max-rtt option to config max retransmit timeout 
Added the option and let it default to 120 seconds so that it won't change
current behavior.

Related-to #717
 2022-07-16 01:46:18 -07:00
George Thessalonikefs
2dbaba7d73 - Improved logging for NXNS fallback. 2022-07-01 16:18:33 +02:00
George Thessalonikefs
923eb7d474 - Allow fallback to the parent side when MAX_TARGET_NX is reached. 
This will also allow MAX_TARGET_NX more NXDOMAINs.
 2022-06-29 17:32:29 +02:00
George Thessalonikefs
58b21e4fca - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. 2022-06-29 17:26:09 +02:00