upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-29 09:57:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7021 commits 24 branches 209 tags 132 MiB
Commit graph

238 commits

Author SHA1 Message Date
W.C.A. Wijngaards
3e03e2c26d - For #391: use struct timeval* start_time for callback information. 2021-01-08 09:47:46 +01:00
Frank Riley
e3abd772f7 Add start_time to reply callbacks so modules can compute the response time. 2021-01-01 15:44:21 -07:00
George Thessalonikefs
08968baec1 - Fix error cases when udp-connect is set and send() returns an error 
(modified patch from Xin Li @delphij).
 2020-12-16 17:11:41 +01:00
W.C.A. Wijngaards
3ab188ea21 zonemd, please doxygen 
zonemd, fix clang analyzer warning about null nsec3 salt pointer access.
 2020-10-29 08:40:22 +01:00
W.C.A. Wijngaards
94ac072f9b zonemd, zonemd-reject-absence config for an auth-zone rejects the zone if 
no ZONEMD is present.
 2020-10-26 15:37:43 +01:00
W.C.A. Wijngaards
165b048e07 zonemd, zonemd-permissive-mode: yes logs the failure but does not block 
the zone after a ZONEMD verification failure.
 2020-10-23 14:33:04 +02:00
W.C.A. Wijngaards
c72ca35f08 unbound-control auth_zone_reload sets zone to nonexpired and 
also updates the xfr soa values from the new zonefile contents.
 2020-10-23 11:44:28 +02:00
W.C.A. Wijngaards
40e713e121 zonemd, unlock xfr lock for auth zone verify of zonemd for mesh new callback. 2020-10-23 10:14:21 +02:00
W.C.A. Wijngaards
1cb7d5a194 zonemd, unit test for auth zone zonemd axfr 
zonemd, zonemds are checked after zone transfer.
 2020-10-23 09:12:51 +02:00
W.C.A. Wijngaards
54d8473ec6 zonemd, pass module stack as function argument. 2020-10-22 13:31:37 +02:00
W.C.A. Wijngaards
6ea1ae17f7 zonemd, fix to harden against failure in pickup zonemd lookups. 2020-10-22 13:20:00 +02:00
W.C.A. Wijngaards
e09873e0c8 zonemd, zonemds are checked at start 2020-10-22 12:10:46 +02:00
W.C.A. Wijngaards
4ba45c34ed zonemd, result of dnssec failures includes rrset and dnssec bogus reason. 2020-10-21 16:18:28 +02:00
W.C.A. Wijngaards
7ac4eb229d zonemd, unit tests for verifying DNSKEY with trust anchor failures. 2020-10-21 15:58:47 +02:00
W.C.A. Wijngaards
1245457967 zonemd, fix that zonemd absence in unsigned zone does not invalidate zone. 2020-10-21 11:56:41 +02:00
W.C.A. Wijngaards
e8d29f973d zonemd, fix that dnssec denial does not invalidate zone. 
zonemd, unit test of nsec and nsec3 denial.
 2020-10-21 11:51:30 +02:00
W.C.A. Wijngaards
f675077502 zonemd, unit test improved debug output and unit test dnssec verify zonemd 2020-10-20 16:49:49 +02:00
W.C.A. Wijngaards
0a238280b9 zonemd, unit test for dnssec verify, implement test. 2020-10-15 12:27:22 +02:00
W.C.A. Wijngaards
e6aab488c8 zonemd, fix anchor unlock. 
zonemd, unit test for dnssec verify function test harness.
 2020-10-15 09:17:57 +02:00
W.C.A. Wijngaards
cf6e1b6ea9 Merge branch 'master' into zonemd 2020-10-15 08:34:32 +02:00
W.C.A. Wijngaards
e35b1dfbd5 zonemd, nsec3 rr iterator is type int, like other nsec3 code. 2020-10-14 14:52:32 +02:00
W.C.A. Wijngaards
42d7cdb7d5 zonemd, region freed, and qstate not used when not in a query, and nsec 
and nsec3 bitmap checks.
 2020-10-14 14:46:59 +02:00
W.C.A. Wijngaards
890c8deb0f - Free up auth zone parse region after use for lookup of host 2020-10-14 14:20:16 +02:00
W.C.A. Wijngaards
22e82765f9 zonemd, dnssec verification routines. 2020-10-14 13:34:50 +02:00
W.C.A. Wijngaards
efc01c928c Formatting. 2020-10-09 16:47:49 +02:00
W.C.A. Wijngaards
754e6f1349 zonemd, routine to check zonemd hash if present 2020-10-09 16:46:20 +02:00
W.C.A. Wijngaards
0af62aba53 zonemd, defines for scheme and algorithm. 2020-10-09 15:14:27 +02:00
W.C.A. Wijngaards
cdf6544b46 zonemd, unit test, succeeds at verifying examples of zonemd draft-12. 2020-10-09 12:18:25 +02:00
W.C.A. Wijngaards
eb4932a463 zonemd, digest code calls, secalgo openssl sha384 and sha512. 2020-10-09 11:19:31 +02:00
W.C.A. Wijngaards
3163a93121 zonemd, loop over zone and canonicalize data, test call in unit test. 2020-10-06 17:07:24 +02:00
W.C.A. Wijngaards
b7b5952c3a - Fix lock dependency cycle in rpz zone config setup. 2020-07-17 17:15:55 +02:00
George Thessalonikefs
8a87fc6ae7 - Fix #220: auth-zone section in config may lead to segfault. 2020-04-15 17:57:02 +02:00
Willem Toorop
4f78b37c61 Down- and upstream padding a la RFC7830 & RFC8467 2020-04-02 18:34:03 +02:00
Ralph Dolmans
e4eb76a5f3 - Fix RPZ concurrency issue when using auth_zone_reload. 2020-03-26 19:11:57 +01:00
Ralph Dolmans
28e6c86e61 - Add check to make sure RPZ records are subdomain of configured zone origin. 2020-03-11 17:37:50 +01:00
W.C.A. Wijngaards
d000523b00 - Fix to create and destroy rpz_lock in auth_zones structure. 2020-02-06 11:51:17 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
1e0c957dcd - Fix auth zone support for NSEC3 records without salt. 2020-01-14 16:03:29 +01:00
Ralph Dolmans
ae4f6a259b Proccess more review feedback 2019-12-23 16:02:43 +01:00
W.C.A. Wijngaards
41d3e2027c - Fix to make auth zone IXFR to fallback to AXFR if a single 
response RR is received over TCP with the SOA in it.
 2019-12-10 13:09:50 +01:00
W.C.A. Wijngaards
5a66aecef9 - Fix similar code in auth_zone synth cname to add the extra checks. 2019-12-03 15:11:22 +01:00
W.C.A. Wijngaards
1718a8e6b5 - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. 2019-11-22 14:23:00 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
16bbfc3461 - Fix authzone printout buffer length check. 2019-11-19 10:09:44 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
Ralph Dolmans
4ac33aa104 - Merge clean up 
- revert dname2str off by one fix
- fix str2dname off by one at right location
 2019-09-09 17:13:08 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
W.C.A. Wijngaards
199e6c586b - Fix to return after failed auth zone http chunk write. 
- Fix to remove unused test for task_probe existance.
 2019-08-01 16:40:52 +02:00
W.C.A. Wijngaards
7d5ab2f4de - Add verbose log message when auth zone file is written, at level 4. 2019-07-29 09:25:49 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
W.C.A. Wijngaards
bf2307ca97 - Fix for #24: Fix abort due to scan of auth zone masters using old 
address from previous scan.
 2019-06-17 14:15:36 +02:00
Wouter Wijngaards
e60f92ea29
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:41:56 +02:00
Wouter Wijngaards
46b5e96c54
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:41:45 +02:00
Wouter Wijngaards
196654efec
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:09 +02:00
Wouter Wijngaards
5e4cfcc665
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:24:45 +02:00
Wouter Wijngaards
193cb2fcc4
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:23:23 +02:00
Wouter Wijngaards
b57a2f15db
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:23:11 +02:00
Wouter Wijngaards
ff026a1f3c
Merge branch 'master' into features/XoT 2019-04-29 10:32:27 +02:00
Ralph Dolmans
a7f68865e4 - Make IXFR deletion more robust 2019-04-25 20:00:56 +02:00
Ralph Dolmans
46acf0f99d Merge branch 'feature/rpz' of github.com:ralphdolmans/unbound into feature/rpz 2019-04-25 14:47:09 +02:00
Ralph Dolmans
ba67920f9a - IXFR/AXFR support for RPZ 2019-04-25 14:46:45 +02:00
Ralph Dolmans
186c9e8e82
Merge pull request #5 from NLnetLabs/master 
bring fork up to date
 2019-04-25 14:43:02 +02:00
Wouter Wijngaards
ead84a5a64 Nicer. 
git-svn-id: file:///svn/unbound/trunk@5156 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 13:51:08 +00:00
Wouter Wijngaards
c6369e9ffa - Fix that auth zone fails over to next master for timeout in tcp. 
git-svn-id: file:///svn/unbound/trunk@5155 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 13:41:53 +00:00
Wouter Wijngaards
474afc9016 - Fix that auth zone uses correct network type for sockets for 
SOA serial probes.  This fixes that probes fail because earlier
  probe addresses are unreachable.


git-svn-id: file:///svn/unbound/trunk@5154 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 08:00:33 +00:00
Wouter Wijngaards
c26fc84945 - verbose information about auth zone lookup process, also lookup 
start, timeout and fail.


git-svn-id: file:///svn/unbound/trunk@5150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 12:42:09 +00:00
Ralph Dolmans
c66e47c372 Initial RPZ commit - now with all files 2019-04-05 17:39:10 +02:00
Wouter Wijngaards
ce8167a3bb - Fix auth-zone NSEC3 response for wildcard nodata answers, 
include the closest encloser in the answer.


git-svn-id: file:///svn/unbound/trunk@5146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-03 06:36:40 +00:00
Wouter Wijngaards
8a0de6b519 - Fix for auth zone nsec3 ent fix for wildcard nodata. 
git-svn-id: file:///svn/unbound/trunk@5144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 14:28:36 +00:00
Wouter Wijngaards
59570b0413 - Fix auth-zone NSEC3 response for empty nonterminals with exact 
match nsec3 records.


git-svn-id: file:///svn/unbound/trunk@5142 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 12:21:41 +00:00
Willem Toorop
48ad6477eb AXFR over TLS 
Enable by specifying an auth name, like this:
```
auth-zone:
        name: nlnetlabs.nl
        master: 185.49.140.60#ns.nlnetlabs.nl
```
 2019-03-24 10:43:57 +01:00
Wouter Wijngaards
3028fa50a8 - Patch from Florian Obser fixes some compiler warnings: 
include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c



git-svn-id: file:///svn/unbound/trunk@5072 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:05:00 +00:00
Wouter Wijngaards
649e265d6f - Fix for IXFR fallback to reset counter when IXFR does not timeout. 
git-svn-id: file:///svn/unbound/trunk@5066 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 11:52:17 +00:00
Wouter Wijngaards
55f560a3ca - Fix that auth zone after IXFR fallback tries the same master. 
git-svn-id: file:///svn/unbound/trunk@5053 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:44:09 +00:00
Wouter Wijngaards
51caffb454 - Fix for #4219: secondaries not updated after serial change, unbound 
falls back to AXFR after IXFR gives several timeout failures.


git-svn-id: file:///svn/unbound/trunk@5052 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:36:58 +00:00
Wouter Wijngaards
db2557826a - Fix NSEC3 record that is returned in wildcard replies from 
auth-zone zones with NSEC3 and wildcards.


git-svn-id: file:///svn/unbound/trunk@5030 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-08 14:39:31 +00:00
Wouter Wijngaards
63dcbe3d75 - Fix chroot auth-zone fix to remove chroot prefix. 
git-svn-id: file:///svn/unbound/trunk@4992 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 08:27:47 +00:00
Wouter Wijngaards
3330d5296c - Fix leak in chroot fix for auth-zone. 
git-svn-id: file:///svn/unbound/trunk@4989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-28 12:37:52 +00:00
Wouter Wijngaards
60da4369a4 - stat count SERVFAIL downstream auth-zone queries for expired zones. 
git-svn-id: file:///svn/unbound/trunk@4984 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:42:59 +00:00
Wouter Wijngaards
b04e84ab9e - auth-zone give SERVFAIL when expired, fallback activates when 
expired, and this is documented in the man page.


git-svn-id: file:///svn/unbound/trunk@4983 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:31:37 +00:00
Wouter Wijngaards
068c52d8f5 - Fix that empty zonefile means the zonefile is not set and not used. 
git-svn-id: file:///svn/unbound/trunk@4973 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:55:18 +00:00
Wouter Wijngaards
692caffe2c - auth zone zonefiles can be in a chroot, the chroot directory 
components are removed before use.


git-svn-id: file:///svn/unbound/trunk@4972 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:51:09 +00:00
Wouter Wijngaards
d967ceb98b Remove that fix, analyzer is for debug with assertions. 
- Fix clang analyzer for optimize compile analysis.


git-svn-id: file:///svn/unbound/trunk@4929 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-02 12:32:33 +00:00
Wouter Wijngaards
2e9d09b961 - initialize statistics totals for printout. 
- in authzone check that node exists before adding rrset.
	- in unbound-anchor, use readwrite memory BIO.
	- assertion in autotrust that packed rrset is formed correctly.


git-svn-id: file:///svn/unbound/trunk@4903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:20:41 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
George Thessalonikefs
0171d06aa2 - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This 
gives access to reply information for the client's communication
  point when the callback is called before the mesh state (modules).
  Changes to C and Python's inplace_callback signatures were also
  necessary.


git-svn-id: file:///svn/unbound/trunk@4870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-22 10:51:13 +00:00
Wouter Wijngaards
1958d9fbd5 - Fix segfault in auth-zone read and reorder of RRSIGs. 
git-svn-id: file:///svn/unbound/trunk@4853 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-15 09:26:13 +00:00
George Thessalonikefs
749d1b9ebc - Expose if a query (or a subquery) was ratelimited (not src IP 
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Tidy pylib tests.


git-svn-id: file:///svn/unbound/trunk@4828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 14:00:46 +00:00
Wouter Wijngaards
a31d45b13e - Fix that auth-zone master reply with current SOA serial does not 
stop scan of masters for an updated zone.


git-svn-id: file:///svn/unbound/trunk@4755 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-26 13:48:36 +00:00
Wouter Wijngaards
abff4d1237 - unbound-control auth_zone_transfer _zone_ option starts the probe 
sequence for a master to transfer the zone from and transfers when
  a new zone version is available.


git-svn-id: file:///svn/unbound/trunk@4736 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 15:01:31 +00:00
Wouter Wijngaards
12251022ec - #4103: Fix that auth-zone does not insist on SOA record first in 
file for url downloads.


git-svn-id: file:///svn/unbound/trunk@4729 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 07:09:01 +00:00
Wouter Wijngaards
1cadc5d677 - Fix deadlock caused by incoming notify for auth-zone. 
git-svn-id: file:///svn/unbound/trunk@4704 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-04 09:01:55 +00:00
Wouter Wijngaards
ea6266f736 - list_auth_zones unbound-control command. 
git-svn-id: file:///svn/unbound/trunk@4650 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 14:42:30 +00:00
Wouter Wijngaards
0d18256828 - Fix sldns parse failure for CDS alternate delete syntax empty hex. 
git-svn-id: file:///svn/unbound/trunk@4646 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 10:35:35 +00:00
Wouter Wijngaards
abe18e41bc - auth zone http download stores exact copy of downloaded file, 
including comments in the file.


git-svn-id: file:///svn/unbound/trunk@4645 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 10:13:50 +00:00
Wouter Wijngaards
2e70e3a0d3 - Delete auth zone when removed from config. 
git-svn-id: file:///svn/unbound/trunk@4642 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 14:40:07 +00:00
Wouter Wijngaards
7ff459af13 - Fix #4091: Fix that reload of auth-zone does not merge the zonefile 
with the previous contents.


git-svn-id: file:///svn/unbound/trunk@4641 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 14:15:34 +00:00
Wouter Wijngaards
913de80cbc - Fix auth-zone retry timer to be on schedule with retry timeout, 
with backoff.  Also time a refresh at the zone expiry.


git-svn-id: file:///svn/unbound/trunk@4630 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-18 06:43:02 +00:00
Wouter Wijngaards
1b055c6ca7 - allow-notify: config statement for auth-zones. 
git-svn-id: file:///svn/unbound/trunk@4628 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 13:23:35 +00:00
Wouter Wijngaards
630600e70d - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4627 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 12:18:34 +00:00