upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-23 07:02:55 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
7021 commits 24 branches 209 tags 130 MiB
Commit graph

406 commits

Author SHA1 Message Date
Anna Khaitovich
201c158377 KSK-2010 has been revoked 2020-04-21 13:40:24 +02:00
gthess
334498d9b9
Merge pull request #221 from NLnetLabs/more-SNI 
More SNI support on TLS
 2020-04-17 11:37:47 +02:00
George Thessalonikefs
d2055b83d8 - Enable SNI by default in unbound-anchor. 2020-04-17 11:33:12 +02:00
George Thessalonikefs
1db2ab678d Revert "- Remove SNI support from unbound-anchor; TLS is used only for" 
This reverts commit 9d197eb110.

Server-side software may use SNI to pick the correct virtual host.
 2020-04-17 11:27:39 +02:00
George Thessalonikefs
9d197eb110 - Remove SNI support from unbound-anchor; TLS is used only for 
encryption and not validation.
 2020-04-17 10:42:58 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
W.C.A. Wijngaards
3cd288a9f2 - Fix for posix shell syntax for trap in nsd-control-setup. 2020-04-16 13:14:50 +02:00
W.C.A. Wijngaards
eed157d36e - Fix help return code in unbound-control-setup script. 2020-04-16 11:47:27 +02:00
Gearnode
22ab255231 fix unbound-control-setup is not idempotent 2020-04-07 13:19:36 +02:00
W.C.A. Wijngaards
cca5cfc88f - Fix compile on Solaris for unbound-checkconf. 2020-03-23 17:26:06 +01:00
Jeffrey Walton
20dbd6339e
Sync with upstream 2020-03-17 06:32:13 -04:00
W.C.A. Wijngaards
e4268663e6 - Fix #192: In the unbound-checkconf tool, the module config of 
dns64 subnetcache respip validator iterator is whitelisted, it was
  reported it seems to work.
 2020-03-16 09:44:38 +01:00
W.C.A. Wijngaards
39c18add57 Fix #188: unbound-control.c:882:6: error: 'execlp' is unavailable: not available on tvOS 2020-03-11 08:39:48 +01:00
W.C.A. Wijngaards
614ed2717b Merge branch 'master' into framestreams 
Fixed bison and flex conflicts by regenerating the files.
 2020-02-28 14:31:24 +01:00
W.C.A. Wijngaards
b63032b4dd dnstap io, fixup fptr_wlist for unbound_dnstap_socket tool. 2020-02-28 08:55:10 +01:00
W.C.A. Wijngaards
318d4e91cc - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for 
using ipv4 filters, because the hosts ip6 netblock /64 is not owned
  by one operator, and thus reputation is shared.
 2020-02-25 09:55:59 +01:00
Ralph Dolmans
b770699319 typo fix 2020-02-17 13:38:01 +01:00
Ralph Dolmans
fe5370a98a - Add respip to supported module-config options in unbound-checkconf. 2020-02-17 13:36:30 +01:00
W.C.A. Wijngaards
2665ae0414 - Stop unbound-checkconf from insisting that auth-zone and rpz 
zonefiles have to exist.  They can not exist, and download later.
 2020-02-14 07:57:57 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
056176ec9a Merge branch 'master' into rpz 2020-01-30 15:57:34 +01:00
Ralph Dolmans
3609287344 - Fix RPZ stats RPZ_NO_OVERRIDE_ACTION check 2020-01-30 14:05:56 +01:00
Ralph Dolmans
5fcae2f0e0 - Fix misplaced parentheses from PR#156 2020-01-29 16:32:03 +01:00
Alexander Berkes
396d4223d9 Added unbound-control view_local_datas_remove command 2020-01-29 02:28:00 +01:00
PMunch
b7e8dc1182
Merge branch 'master' into master 2020-01-28 13:18:01 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
e149bc7046 - Fix unreachable code in ssl set options code. 2020-01-10 11:28:01 +01:00
Ralph Dolmans
bbb737ca5a processing RPZ review feedback 2019-11-22 12:56:24 +08:00
W.C.A. Wijngaards
7e3da817c3 - Adjust unbound-control to make stats_shm a read only operation. 2019-11-20 11:18:03 +01:00
W.C.A. Wijngaards
5d46bb3879 Cast to unsigned before comparison for assertion. 2019-11-19 15:26:57 +01:00
W.C.A. Wijngaards
79a6e9fbe2 - Fixes to please lint checks. 2019-11-19 12:10:03 +01:00
W.C.A. Wijngaards
57f2582790 - In unbound-host use separate variable for get_option to please 
code checkers.
 2019-11-18 10:45:47 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
W.C.A. Wijngaards
29b90c6e58 - Fix #109: check number of arguments for stdin-pipes in 
unbound-control and fail if too many arguments.
 2019-11-11 12:02:51 +01:00
PMunch
8eeb910e3d Improve dynlib module and add documentation 
Dynamic library module is now only a thin wrapper that loads dynamic
libraries and forwards all function calls directly to the loaded module.
This meant adding get_mem and clear, and get_mem calls have been added
in the expected places.

Documentation has also been added to the example.conf and the
unbound.conf manpage.
 2019-10-21 14:20:33 +02:00
W.C.A. Wijngaards
eb2283332b - Add doxygen comments to unbound-anchor source address code, in #86. 2019-10-07 09:50:04 +02:00
W.C.A. Wijngaards
8bfbd81fec Changelog entry for #86 and whitespace fix. 
- Merge #86 from psquarejho: Added -b source address option to
  smallapp/unbound-anchor.c.
 2019-10-03 16:22:42 +02:00
Jens Hoffrichter
b966dd8e06 Added -b / source address option to smallapp/unbound-anchor.c 2019-09-24 14:42:36 +00:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
W.C.A. Wijngaards
bdb6c153e4 - Please doxygen's parser for "@" occurrence in doxygen comment. 2019-08-16 12:21:40 +02:00
Ralph Dolmans
a16111d471 Prevent potential double free 2019-08-16 12:13:30 +02:00
W.C.A. Wijngaards
b4b0065554 Fixup space in error message. 2019-07-19 12:51:37 +02:00
W.C.A. Wijngaards
c94e13220b - Fix #49: Set no renegotiation on the SSL context to stop client 
session renegotiation.
 2019-07-19 08:18:06 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
W.C.A. Wijngaards
36819adcc2 Nicer spelling and layout. 2019-06-25 15:14:07 +02:00
W.C.A. Wijngaards
da46ea24d5 - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf 
when do-not-query-localhost is turned on, or at default on,
  unbound-checkconf prints a warning if it is found in forward-addr or
  stub-addr statements.
 2019-06-25 14:50:49 +02:00
Kevin Chu
1a48bdebb5 Add support for ipset 2019-05-02 19:43:30 +08:00
Ralph Dolmans
74f11b852c - apply chroot to auth-zone zonefile in unbound-checkconf 2019-04-11 15:07:49 +02:00
Wouter Wijngaards
510606dd1c - Patch for TLS session resumption from Manabu Sonoda, 
enable with tls-session-ticket-keys in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:35:52 +00:00
Wouter Wijngaards
8b18d1a0a4 - unbound-control stats has mem.streamwait that counts TCP and TLS 
waiting result buffers.


git-svn-id: file:///svn/unbound/trunk@5050 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 13:20:06 +00:00
Wouter Wijngaards
81ded6124d - Fix that unbound-checkconf does not complains if the config file 
is not placed inside the chroot.


git-svn-id: file:///svn/unbound/trunk@4995 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 12:55:13 +00:00
Wouter Wijngaards
59e6f149a7 - Fix that unbound-control can send file for view_local_datas. 
git-svn-id: file:///svn/unbound/trunk@4978 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-26 13:55:36 +00:00
Wouter Wijngaards
470806b097 - Add unbound-control view_local_datas command, like local_datas. 
git-svn-id: file:///svn/unbound/trunk@4977 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-26 13:37:23 +00:00
Wouter Wijngaards
6429b5c298 - Fix #4192: unbound-control-setup generates keys not readable by 
group.


git-svn-id: file:///svn/unbound/trunk@4942 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-22 10:07:13 +00:00
Wouter Wijngaards
d275505df6 - annotate exit functions with noreturn in unbound-control. 
git-svn-id: file:///svn/unbound/trunk@4906 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 14:43:43 +00:00
Wouter Wijngaards
f7516e6b2b - nicer bio free code in unbound-anchor. 
git-svn-id: file:///svn/unbound/trunk@4905 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:49:37 +00:00
Wouter Wijngaards
2e9d09b961 - initialize statistics totals for printout. 
- in authzone check that node exists before adding rrset.
	- in unbound-anchor, use readwrite memory BIO.
	- assertion in autotrust that packed rrset is formed correctly.


git-svn-id: file:///svn/unbound/trunk@4903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:20:41 +00:00
Wouter Wijngaards
9a82526b91 - exit log routine is annotated as noreturn function. 
- free memory leaks in config strlist and str2list insert functions.
- do not move unused argv variable after getopt.
- Remove unused if clause in testcode.


git-svn-id: file:///svn/unbound/trunk@4896 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 08:58:21 +00:00
Wouter Wijngaards
00ba747be7 - #4146: num.query.subnet and num.query.subnet_cache counters. 
git-svn-id: file:///svn/unbound/trunk@4867 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 14:14:28 +00:00
Wouter Wijngaards
a07337fd6d Breakout at end. 
git-svn-id: file:///svn/unbound/trunk@4845 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-09 09:07:31 +00:00
Wouter Wijngaards
c580e0e33c Fixup 
git-svn-id: file:///svn/unbound/trunk@4843 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-09 08:46:13 +00:00
Wouter Wijngaards
d2f7999b4e - unbound-checkconf checks if modules exist and prints if they are 
not compiled in the name of the wrong module.


git-svn-id: file:///svn/unbound/trunk@4842 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-09 08:33:56 +00:00
Wouter Wijngaards
586b811b87 - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). 
This limits the number of simultaneous TCP client connections
  from a nominated netblock.
And a simple test for TCP connection limit.


git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 11:57:42 +00:00
George Thessalonikefs
749d1b9ebc - Expose if a query (or a subquery) was ratelimited (not src IP 
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Tidy pylib tests.


git-svn-id: file:///svn/unbound/trunk@4828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 14:00:46 +00:00
Wouter Wijngaards
c887ae1022 - Fix #4139: Fix unbound-host leaks memory on ANY. 
git-svn-id: file:///svn/unbound/trunk@4821 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 11:58:19 +00:00
Wouter Wijngaards
38e77d50f2 - Fix #4129 unbound-control error message with wrong cert permissions 
is too cryptic.


git-svn-id: file:///svn/unbound/trunk@4791 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-19 06:22:11 +00:00
Wouter Wijngaards
81e9f82a8d - Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass 
if DNSSEC is not enabled.  New option -R allows fallback from
  resolv.conf to direct queries.


git-svn-id: file:///svn/unbound/trunk@4770 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-04 10:02:16 +00:00
Wouter Wijngaards
755233c720 - num.queries.tls counter for queries over TLS. 
git-svn-id: file:///svn/unbound/trunk@4759 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-28 08:15:47 +00:00
Wouter Wijngaards
025fdd0049 Document behaviour. 
git-svn-id: file:///svn/unbound/trunk@4753 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-21 12:51:14 +00:00
Wouter Wijngaards
5bb6dbe21c And moved -C to front. 
git-svn-id: file:///svn/unbound/trunk@4752 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-21 12:39:49 +00:00
Wouter Wijngaards
c225ced1a9 - Fix usage printout for unbound-host, hostname has to be last 
argument on BSDs and Windows.


git-svn-id: file:///svn/unbound/trunk@4751 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-21 12:31:42 +00:00
Wouter Wijngaards
8c044a616b - Fix windows unbound-control no cert bad file descriptor error. 
git-svn-id: file:///svn/unbound/trunk@4746 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-19 13:13:35 +00:00
Wouter Wijngaards
7b092127cb - Fix for unbound-control on Windows and set TCP socket parameters 
more closely.


git-svn-id: file:///svn/unbound/trunk@4743 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-19 09:40:59 +00:00
Wouter Wijngaards
b26257248d - Fix unbound-checkconf for control-use-cert. 
git-svn-id: file:///svn/unbound/trunk@4742 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-18 12:15:21 +00:00
Wouter Wijngaards
c15eae814f - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. 
git-svn-id: file:///svn/unbound/trunk@4738 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-18 09:04:35 +00:00
Wouter Wijngaards
abff4d1237 - unbound-control auth_zone_transfer _zone_ option starts the probe 
sequence for a master to transfer the zone from and transfers when
  a new zone version is available.


git-svn-id: file:///svn/unbound/trunk@4736 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 15:01:31 +00:00
Wouter Wijngaards
386f23334b - unbound-control auth_zone_reload _zone_ option rereads the zonefile. 
git-svn-id: file:///svn/unbound/trunk@4735 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 13:42:41 +00:00
Wouter Wijngaards
9cb404ba5f - Fix that first control-interface determines if TLS is used. Warn 
when IP address interfaces are used without TLS.


git-svn-id: file:///svn/unbound/trunk@4730 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 08:14:43 +00:00
Wouter Wijngaards
7153c94bd7 Fixup error print for unix pipe. 
git-svn-id: file:///svn/unbound/trunk@4720 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 08:15:44 +00:00
Wouter Wijngaards
7fd32916e8 - #4102 for NSD, but for Unbound. Named unix pipes do not use 
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 07:43:52 +00:00
Wouter Wijngaards
6b28c8ace2 - unbound-host initializes ssl (for potential DNS-over-TLS usage 
inside libunbound).


git-svn-id: file:///svn/unbound/trunk@4690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-24 12:30:13 +00:00
Wouter Wijngaards
ea6266f736 - list_auth_zones unbound-control command. 
git-svn-id: file:///svn/unbound/trunk@4650 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 14:42:30 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Ralph Dolmans
6ef9cafc0e - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics 
counters


git-svn-id: file:///svn/unbound/trunk@4616 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 11:39:23 +00:00
Wouter Wijngaards
89ad258515 - num.query.authzone.up and num.query.authzone.down statistics counters. 
- Fix downstream auth zone, only fallback when auth zone fails to
  answer and fallback is enabled.


git-svn-id: file:///svn/unbound/trunk@4610 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 10:15:06 +00:00
Wouter Wijngaards
c515215eea - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 
tls_choose_sigalg routine does not allow the ciphers for the pipe,
  so use TLSv1.2.


git-svn-id: file:///svn/unbound/trunk@4606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 13:43:05 +00:00
Wouter Wijngaards
0362614f94 auth zone, make depend, fallback, create and delete, and lease_time, 
and lock fixes.


git-svn-id: file:///svn/unbound/trunk@4466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-30 10:35:20 +00:00
Wouter Wijngaards
c54dfcade9 - Fix that unbound-checkconf -f flag works with auto-trust-anchor-file 
for startup scripts to get the full pathname(s) of anchor file(s).


git-svn-id: file:///svn/unbound/trunk@4447 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-23 14:20:17 +00:00
Wouter Wijngaards
bdb6a5501a - authzone work, probe timer setup. 
git-svn-id: file:///svn/unbound/trunk@4378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-19 09:03:36 +00:00
Wouter Wijngaards
b37bc47eaa - Work on local root zone code. 
git-svn-id: file:///svn/unbound/trunk@4376 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 15:16:31 +00:00
Wouter Wijngaards
ee8f07a686 - Fix #1440: [dnscrypt] client nonce cache. 
git-svn-id: file:///svn/unbound/trunk@4351 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:55:08 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Wouter Wijngaards
ce1f757ce0 - Fix unbound-host to report error for DNSSEC state of failed lookups. 
git-svn-id: file:///svn/unbound/trunk@4343 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:11:43 +00:00
Wouter Wijngaards
0b7d3bfd30 - Add dns64 for client-subnet in unbound-checkconf. 
git-svn-id: file:///svn/unbound/trunk@4340 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-12 05:43:46 +00:00
Wouter Wijngaards
425dec3037 - Fix #1417: [dnscrypt] shared secret cache counters, and works when 
dnscrypt is not enabled.


git-svn-id: file:///svn/unbound/trunk@4326 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 08:06:17 +00:00
Wouter Wijngaards
3dc206c721 - Fix #1407: Add ECS options check to unbound-checkconf. 
git-svn-id: file:///svn/unbound/trunk@4307 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-22 07:43:59 +00:00
Ralph Dolmans
7b18274d7e - Added stats for queries that have been ratelimited by domain recursion. 
git-svn-id: file:///svn/unbound/trunk@4292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 12:52:33 +00:00
Wouter Wijngaards
abb6cfdebd - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), 
config.sub(2016-09-05).
- annotate case statement fallthrough for gcc 7.1.1.
- flex output from flex 2.6.1.
- snprintf of thread number does not warn about truncated string.


git-svn-id: file:///svn/unbound/trunk@4278 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:04:18 +00:00
Wouter Wijngaards
67f54eea66 - Fix openssl 1.1.0 load of ssl error strings from ssl init. 
git-svn-id: file:///svn/unbound/trunk@4260 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-03 13:37:37 +00:00
Wouter Wijngaards
5fba7e4339 - Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned 
on.


git-svn-id: file:///svn/unbound/trunk@4257 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-03 07:14:37 +00:00