upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-06 06:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
4891 commits 23 branches 209 tags 124 MiB
Commit graph

771 commits

Author SHA1 Message Date
Ralph Dolmans
edcf2ddd12 - Fix locking issue 
- Fixes for compiler warnings
 2019-04-10 11:53:08 +02:00
Ralph Dolmans
c66e47c372 Initial RPZ commit - now with all files 2019-04-05 17:39:10 +02:00
Ralph Dolmans
9274d2630e Initial RPZ commit 2019-04-05 17:38:43 +02:00
Wouter Wijngaards
ce8167a3bb - Fix auth-zone NSEC3 response for wildcard nodata answers, 
include the closest encloser in the answer.


git-svn-id: file:///svn/unbound/trunk@5146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-03 06:36:40 +00:00
Wouter Wijngaards
8a0de6b519 - Fix for auth zone nsec3 ent fix for wildcard nodata. 
git-svn-id: file:///svn/unbound/trunk@5144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 14:28:36 +00:00
Wouter Wijngaards
59570b0413 - Fix auth-zone NSEC3 response for empty nonterminals with exact 
match nsec3 records.


git-svn-id: file:///svn/unbound/trunk@5142 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 12:21:41 +00:00
Wouter Wijngaards
ce0628ee55 - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482. 
git-svn-id: file:///svn/unbound/trunk@5137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 09:26:06 +00:00
Wouter Wijngaards
bb5251da66 - Add log message, at verbosity 4, that says the query is encrypted 
with TLS, if that is enabled for the query.


git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 08:41:39 +00:00
Wouter Wijngaards
c79a99a577 Fix to account for tabs as well. 
git-svn-id: file:///svn/unbound/trunk@5129 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-28 12:06:04 +00:00
Wouter Wijngaards
a82c0eeece - Print correct module that failed when module-config is wrong. 
git-svn-id: file:///svn/unbound/trunk@5128 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-28 09:56:45 +00:00
Wouter Wijngaards
225534e5ab - Fix #4227: pair event del and add for libevent for tcp_req_info. 
git-svn-id: file:///svn/unbound/trunk@5122 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-25 15:48:27 +00:00
Wouter Wijngaards
62428e17f6 - Fix the error for unknown module in module-config is understandable, 
and explains it was not compiled in and where to see the list.


git-svn-id: file:///svn/unbound/trunk@5119 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-21 09:40:25 +00:00
Wouter Wijngaards
91e863138b - Print query name and IP address when domain rate limit exceeded. 
git-svn-id: file:///svn/unbound/trunk@5117 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 15:53:02 +00:00
Wouter Wijngaards
d1e92a0ebd - Spaces instead of tabs in that log message. 
git-svn-id: file:///svn/unbound/trunk@5116 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 12:32:42 +00:00
Wouter Wijngaards
3949bf2c82 - Print query name with ip_ratelimit exceeded log lines. 
git-svn-id: file:///svn/unbound/trunk@5115 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 10:40:41 +00:00
Wouter Wijngaards
cae8361dcd - Fix #4225: clients seem to erroneously receive no answer with 
DNS-over-TLS and qname-minimisation.


git-svn-id: file:///svn/unbound/trunk@5108 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-08 15:05:24 +00:00
Wouter Wijngaards
fe97f25b75 - Fix that log-replies prints the correct name for local-alias 
names, for names that have a CNAME in local-data configuration.
  It logs the original query name, not the target of the CNAME.
- Add local-zone type inform_redirect, which logs like type inform,
  and redirects like type redirect.


git-svn-id: file:///svn/unbound/trunk@5099 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 09:51:27 +00:00
Ralph Dolmans
723845b350 - Fix case in which query timeout can result in marking delegation as 
edns_lame_known.


git-svn-id: file:///svn/unbound/trunk@5089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-30 13:44:19 +00:00
Wouter Wijngaards
ce65cdde71 - no lock when threads disabled in tcp request buffer count. 
git-svn-id: file:///svn/unbound/trunk@5076 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:54:40 +00:00
Wouter Wijngaards
3028fa50a8 - Patch from Florian Obser fixes some compiler warnings: 
include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c



git-svn-id: file:///svn/unbound/trunk@5072 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:05:00 +00:00
Wouter Wijngaards
649e265d6f - Fix for IXFR fallback to reset counter when IXFR does not timeout. 
git-svn-id: file:///svn/unbound/trunk@5066 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 11:52:17 +00:00
Wouter Wijngaards
55f560a3ca - Fix that auth zone after IXFR fallback tries the same master. 
git-svn-id: file:///svn/unbound/trunk@5053 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:44:09 +00:00
Wouter Wijngaards
51caffb454 - Fix for #4219: secondaries not updated after serial change, unbound 
falls back to AXFR after IXFR gives several timeout failures.


git-svn-id: file:///svn/unbound/trunk@5052 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:36:58 +00:00
Wouter Wijngaards
c10712a82b - Fix space calculation for tcp req buffer size. 
git-svn-id: file:///svn/unbound/trunk@5047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 08:27:49 +00:00
Wouter Wijngaards
d81e2c654f - Add stream-wait-size: 4m config option to limit the maximum 
memory used by waiting tcp and tls stream replies.  This avoids
  a denial of service where these replies use up all of the memory.


git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 16:20:14 +00:00
Wouter Wijngaards
be4583ac84 - Fix that multiple dns fragments can be carried in one TLS frame. 
git-svn-id: file:///svn/unbound/trunk@5043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 13:41:13 +00:00
Wouter Wijngaards
19a3907657 - increase mesh max activation count for capsforid long fetches. 
git-svn-id: file:///svn/unbound/trunk@5039 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-17 08:58:09 +00:00
Ralph Dolmans
f30fe71395 - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query 
without EDNS after timeout.


git-svn-id: file:///svn/unbound/trunk@5037 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-16 10:23:13 +00:00
Wouter Wijngaards
ec6f4bab46 comment fixes after review. 
git-svn-id: file:///svn/unbound/trunk@5036 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 13:42:22 +00:00
Wouter Wijngaards
0d2efc3f3f - Review fixes in out of order processing. 
git-svn-id: file:///svn/unbound/trunk@5035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 10:27:00 +00:00
Wouter Wijngaards
bb480068fa - In the out of order processing, reset byte count for (potential) 
partial read.


git-svn-id: file:///svn/unbound/trunk@5034 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 09:24:00 +00:00
Wouter Wijngaards
ae9fe1a10e - streamtcp option -a send queries consecutively and prints answers 
as they arrive.
- Fix for out of order processing administration quit cleanup.
- unit test for tcp out of order processing.


git-svn-id: file:///svn/unbound/trunk@5033 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-14 15:52:50 +00:00
Wouter Wijngaards
dd19026e91 - Initial commit for out-of-order processing for TCP and TLS. 
git-svn-id: file:///svn/unbound/trunk@5032 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-11 14:12:27 +00:00
Wouter Wijngaards
42d2c04ae1 - Log query name for looping module errors. 
git-svn-id: file:///svn/unbound/trunk@5031 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-09 13:57:14 +00:00
Wouter Wijngaards
db2557826a - Fix NSEC3 record that is returned in wildcard replies from 
auth-zone zones with NSEC3 and wildcards.


git-svn-id: file:///svn/unbound/trunk@5030 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-08 14:39:31 +00:00
Wouter Wijngaards
90b00dfe57 - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, 
and server tcp fastopen is enabled at compile time.


git-svn-id: file:///svn/unbound/trunk@5026 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-07 09:06:41 +00:00
Wouter Wijngaards
1b72e814e7 - Fixup openssl 1.0.2 compile 
git-svn-id: file:///svn/unbound/trunk@5019 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:36:43 +00:00
Wouter Wijngaards
71b078611f - Fix #4206: support openssl 1.0.2 for TLS hostname verification, 
alongside the 1.1.0 and later support that is already there.


git-svn-id: file:///svn/unbound/trunk@5018 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:27:24 +00:00
Wouter Wijngaards
b23c373f4d - Refuse to start with no ports. 
git-svn-id: file:///svn/unbound/trunk@4997 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 14:26:16 +00:00
Wouter Wijngaards
63dcbe3d75 - Fix chroot auth-zone fix to remove chroot prefix. 
git-svn-id: file:///svn/unbound/trunk@4992 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 08:27:47 +00:00
Wouter Wijngaards
3330d5296c - Fix leak in chroot fix for auth-zone. 
git-svn-id: file:///svn/unbound/trunk@4989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-28 12:37:52 +00:00
Wouter Wijngaards
60da4369a4 - stat count SERVFAIL downstream auth-zone queries for expired zones. 
git-svn-id: file:///svn/unbound/trunk@4984 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:42:59 +00:00
Wouter Wijngaards
b04e84ab9e - auth-zone give SERVFAIL when expired, fallback activates when 
expired, and this is documented in the man page.


git-svn-id: file:///svn/unbound/trunk@4983 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:31:37 +00:00
Wouter Wijngaards
068c52d8f5 - Fix that empty zonefile means the zonefile is not set and not used. 
git-svn-id: file:///svn/unbound/trunk@4973 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:55:18 +00:00
Wouter Wijngaards
692caffe2c - auth zone zonefiles can be in a chroot, the chroot directory 
components are removed before use.


git-svn-id: file:///svn/unbound/trunk@4972 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:51:09 +00:00
Wouter Wijngaards
069b0b8c90 - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes 
option in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4960 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-19 09:36:27 +00:00
Wouter Wijngaards
23505d30a5 - Fix #4190: Please create a "ANY" deny option, adds the option 
deny-any: yes in unbound.conf.  This responds with an empty message
  to queries of type ANY.


git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:07:37 +00:00
Wouter Wijngaards
2d28fba3bf - Squelch log of failed to tcp initiate after TCP Fastopen failure. 
git-svn-id: file:///svn/unbound/trunk@4937 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-08 13:27:53 +00:00
Wouter Wijngaards
945452bff4 - Squelch EADDRNOTAVAIL errors when the interface goes away, 
this omits 'can't assign requested address' errors unless
  verbosity is set to a high value.


git-svn-id: file:///svn/unbound/trunk@4931 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-05 06:29:05 +00:00
Wouter Wijngaards
d967ceb98b Remove that fix, analyzer is for debug with assertions. 
- Fix clang analyzer for optimize compile analysis.


git-svn-id: file:///svn/unbound/trunk@4929 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-02 12:32:33 +00:00