upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-22 07:41:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
2343 commits 23 branches 209 tags 123 MiB
Commit graph

141 commits

Author SHA1 Message Date
Wouter Wijngaards
daab92e954 - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
Wouter Wijngaards
e9582487d9 Work on validation of multiple algorithms. 
git-svn-id: file:///svn/unbound/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00
Wouter Wijngaards
488aee467a - Fix validation failure for parent and child on same server with an 
insecure childzone and a CNAME from parent to child.


git-svn-id: file:///svn/unbound/trunk@2321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-29 13:10:26 +00:00
Wouter Wijngaards
46345c0809 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
Wouter Wijngaards
e399b79baa - DLV has downgrade protection again, because the RFC says so. 
git-svn-id: file:///svn/unbound/trunk@2238 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-17 08:54:16 +00:00
Wouter Wijngaards
8b274b92aa - Algorithm rollover operational reality intrudes, for trust-anchor, 
5011-store, and DLV-anchor if one key matches it's good enough.


git-svn-id: file:///svn/unbound/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:40:26 +00:00
Wouter Wijngaards
c3f180eebb - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout. 
git-svn-id: file:///svn/unbound/trunk@2233 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-15 07:08:09 +00:00
Wouter Wijngaards
6df29c32e4 - iana portlist updated. 
- Fix validation of qtype DNSKEY when a key-cache entry exists but
  no rr-cache entry is used (it expired or prefetch), it then goes
  back up to the DS or trust-anchor to validate the DNSKEY.


git-svn-id: file:///svn/unbound/trunk@2189 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-09 15:00:35 +00:00
Wouter Wijngaards
f042f0dd5d - Neat function prototypes, unshadowed local declarations. 
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
Wouter Wijngaards
b4b641807b Fix various compiler warnings from the clang llvm compiler. 
git-svn-id: file:///svn/unbound/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-18 12:37:04 +00:00
Wouter Wijngaards
0720e1a9a1 - Fix chain of trust with CNAME at an intermediate step, for the DS 
processing proof.



git-svn-id: file:///svn/unbound/trunk@2075 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-09 14:28:32 +00:00
Wouter Wijngaards
147d47eee7 Move includes to code files. 
git-svn-id: file:///svn/unbound/trunk@2035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-12 15:17:48 +00:00
Wouter Wijngaards
8c7781fb24 spelling fix 
git-svn-id: file:///svn/unbound/trunk@2029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-11 16:17:45 +00:00
Wouter Wijngaards
6888c78e1e Fix for Roy. 
git-svn-id: file:///svn/unbound/trunk@1982 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-15 10:49:03 +00:00
Wouter Wijngaards
67a4310b36 Retry in case of validation failure less, cached per-zone not per-query. 
git-svn-id: file:///svn/unbound/trunk@1981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-12 15:24:42 +00:00
Wouter Wijngaards
e7da8f089e remove warning on format string. 
git-svn-id: file:///svn/unbound/trunk@1964 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-27 20:29:07 +00:00
Wouter Wijngaards
5b0fd59e76 work on prefetch: store the updated results in the cache. 
git-svn-id: file:///svn/unbound/trunk@1954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-08 15:59:36 +00:00
Wouter Wijngaards
43d228c5bc Doc fix and work on prefetch feature. 
git-svn-id: file:///svn/unbound/trunk@1951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-07 14:38:18 +00:00
Wouter Wijngaards
7094eab574 fixes and new ldns tarball. 
git-svn-id: file:///svn/unbound/trunk@1939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:31:39 +00:00
Wouter Wijngaards
ab9bd76768 Answer qclass=ANY. 
git-svn-id: file:///svn/unbound/trunk@1938 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:10:04 +00:00
Wouter Wijngaards
c68aebb3d7 - Fix SOA excluded from negative DS responses. Reported by Hauke 
Lampe.  The negative cache did not include proper SOA records for
	  negative qtype DS responses which makes BIND barf on it, such
	  responses are now only used internally.
	- Fix negative cache lookup of closestencloser check of DS type bit.



git-svn-id: file:///svn/unbound/trunk@1932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 14:55:19 +00:00
Wouter Wijngaards
e19f71ffa0 Fixup to clean errinf on restart so no extremely long printouts. 
git-svn-id: file:///svn/unbound/trunk@1900 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-12 15:07:38 +00:00
Wouter Wijngaards
ff33e077de Fix crash bug with DLV and dnssec-retry for the domain registered in it. 
git-svn-id: file:///svn/unbound/trunk@1895 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-10 10:42:50 +00:00
Wouter Wijngaards
9890caff91 and error 
git-svn-id: file:///svn/unbound/trunk@1894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-10 08:15:08 +00:00
Wouter Wijngaards
45c07da4a0 debug code 
git-svn-id: file:///svn/unbound/trunk@1893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-09 16:26:24 +00:00
Wouter Wijngaards
f42d27e1a2 - Made new validator error string available from libunbound for 
applications.  It is in result->why_bogus, a zero-terminated string.
	  unbound-host prints it by default if a result is bogus.
	  Also the errinf is public in module_qstate (for other modules).
	Binary API different. bumped library ABI version.


git-svn-id: file:///svn/unbound/trunk@1874 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 17:05:53 +00:00
Wouter Wijngaards
7782cf2b97 More detailed errors. 
git-svn-id: file:///svn/unbound/trunk@1871 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 07:23:49 +00:00
Wouter Wijngaards
a909fa9a3a neater explanation for unsigned or signatureless negative DS replies. 
git-svn-id: file:///svn/unbound/trunk@1870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:57:23 +00:00
Wouter Wijngaards
e0b639accd More vallog reason. Doxygen. 
git-svn-id: file:///svn/unbound/trunk@1869 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:35:14 +00:00
Wouter Wijngaards
ce45cbda6d - moved version number to 1.4.0 because of 1.3.4 release with only 
the NSEC3 patch.
	- val-log-level: 2 shows extended error information for validation
	  failures, but still one (longish) line per failure.  For example:
	  validation failure <example.com. DNSKEY IN>: signature expired from
	  192.0.2.4 for trust anchor example.com. while building chain of trust
	  validation failure <www.example.com. A IN>: no signatures from
	  192.0.2.6 for key example.com. while building chain of trust



git-svn-id: file:///svn/unbound/trunk@1868 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 16:45:47 +00:00
Wouter Wijngaards
5ff6b1c5fb retry mode: empty non terminal. 
git-svn-id: file:///svn/unbound/trunk@1862 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 08:53:09 +00:00
Wouter Wijngaards
4d49d792c3 retry mode: DNSKEY. 
git-svn-id: file:///svn/unbound/trunk@1861 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 08:22:27 +00:00
Wouter Wijngaards
5d2e8e8e97 Retry mode, DS and prime. 
git-svn-id: file:///svn/unbound/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 07:52:02 +00:00
Wouter Wijngaards
455c3d130d Data retry on validation failure. 
git-svn-id: file:///svn/unbound/trunk@1859 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-06 08:31:47 +00:00
Wouter Wijngaards
dcb11b2ee4 Fixup TTL too large bug for bogus responses. 
git-svn-id: file:///svn/unbound/trunk@1822 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-10 10:01:36 +00:00
Wouter Wijngaards
415236c002 active probe 
git-svn-id: file:///svn/unbound/trunk@1802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-01 14:47:57 +00:00
Wouter Wijngaards
568253e4ff Fixup DS query handling. 
git-svn-id: file:///svn/unbound/trunk@1785 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 15:15:10 +00:00
Wouter Wijngaards
1cd84ce84e make better use of the cache. 
git-svn-id: file:///svn/unbound/trunk@1763 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-14 14:15:08 +00:00
Wouter Wijngaards
948567bea8 Fix bug in DLV. Iana portlist. 
git-svn-id: file:///svn/unbound/trunk@1762 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-14 13:58:54 +00:00
Wouter Wijngaards
21e791248f autotrust work 
git-svn-id: file:///svn/unbound/trunk@1760 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-13 15:32:04 +00:00
Wouter Wijngaards
72aa0bad92 Log option for bogus only. 
git-svn-id: file:///svn/unbound/trunk@1734 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-07-20 14:22:29 +00:00
Wouter Wijngaards
f73ce55c6e nicer error message 
git-svn-id: file:///svn/unbound/trunk@1733 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-07-20 13:31:45 +00:00
Wouter Wijngaards
d453b4a43b More lenient checks. 
git-svn-id: file:///svn/unbound/trunk@1691 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-30 12:50:57 +00:00
Wouter Wijngaards
7bd415ffdd Removed debug prints. 
git-svn-id: file:///svn/unbound/trunk@1690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-30 08:24:19 +00:00
Wouter Wijngaards
b6406cae1e Better wrongly truncated check. And debug statements. 
git-svn-id: file:///svn/unbound/trunk@1687 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-29 10:15:27 +00:00
Wouter Wijngaards
efee0803d0 debugprint for wrongly_truncated 
git-svn-id: file:///svn/unbound/trunk@1685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-29 08:52:58 +00:00
Wouter Wijngaards
4d97a3a400 documentation 
git-svn-id: file:///svn/unbound/trunk@1679 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-19 11:40:44 +00:00
Wouter Wijngaards
e0bc4f2c97 extremely lenient for truncated positive replies 
git-svn-id: file:///svn/unbound/trunk@1670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-18 10:59:59 +00:00
Wouter Wijngaards
3898abde02 Fixup DLV lookups and pickup responses from cache. 
git-svn-id: file:///svn/unbound/trunk@1657 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-15 13:27:53 +00:00
Wouter Wijngaards
1e1ac9900a signature clock skew code. 
git-svn-id: file:///svn/unbound/trunk@1590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-06 14:09:33 +00:00