upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-09 08:12:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
7021 commits 23 branches 209 tags 126 MiB
Commit graph

554 commits

Author SHA1 Message Date
Wouter Wijngaards
8d1e4b3648 - Fix install of trust anchor when two anchors are present, makes both 
valid.  Checks hash of DS but not signature of new key.  This fixes
  installs between sep11 and oct11 2017.


git-svn-id: file:///svn/unbound/trunk@4302 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-21 08:57:44 +00:00
Wouter Wijngaards
6d8a924889 fix type cast. 
git-svn-id: file:///svn/unbound/trunk@4287 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 10:50:16 +00:00
Wouter Wijngaards
e396684a54 - Fix #1365: Add Ed25519 support using libnettle. 
git-svn-id: file:///svn/unbound/trunk@4286 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 10:44:30 +00:00
Wouter Wijngaards
6f4b0c4fa6 double fallthrough annotation to please gcc parser. 
git-svn-id: file:///svn/unbound/trunk@4284 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:58:00 +00:00
Wouter Wijngaards
cb0e3980d8 annotate fallthrough 
git-svn-id: file:///svn/unbound/trunk@4283 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:54:21 +00:00
Wouter Wijngaards
0992621839 Fixup compile for clean_additional changes 
git-svn-id: file:///svn/unbound/trunk@4211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-07 09:24:33 +00:00
Wouter Wijngaards
bfddc0dc64 - Fix that unbound-control can set val_clean_additional and val_permissive_mode. 
git-svn-id: file:///svn/unbound/trunk@4209 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-07 06:59:47 +00:00
Wouter Wijngaards
8c4e7ffb14 - Support for openssl EVP_DigestVerify. 
- Support for the ED25519 algorithm with openssl (from openssl 1.1.1).


git-svn-id: file:///svn/unbound/trunk@4198 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-30 12:28:25 +00:00
Wouter Wijngaards
658c759b3d - Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs. 
git-svn-id: file:///svn/unbound/trunk@4174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-18 07:15:16 +00:00
Ralph Dolmans
657948dd0c - Added mesh_add_sub to add detached mesh entries. 
- Use mesh_add_sub for key tag signaling queries.


git-svn-id: file:///svn/unbound/trunk@4144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-02 13:17:56 +00:00
Ralph Dolmans
cb253fafe7 regional_alloc + memcpy to regional_alloc_init 
git-svn-id: file:///svn/unbound/trunk@4136 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 15:03:32 +00:00
Ralph Dolmans
33001c8c4b please lint 
git-svn-id: file:///svn/unbound/trunk@4135 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 13:27:07 +00:00
Ralph Dolmans
a511d5d95e - Implemented trust anchor signaling using key tag query. 
git-svn-id: file:///svn/unbound/trunk@4134 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 12:58:13 +00:00
Wouter Wijngaards
4d7d32c846 - harden algo downgrade also makes unbound more lenient about digest 
algorithms in DS records.


git-svn-id: file:///svn/unbound/trunk@4104 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-10 13:38:50 +00:00
George Thessalonikefs
1163c6345b - Fix to prevent non-referal query from being cached as referal when the 
no_cache_store flag was set.


git-svn-id: file:///svn/unbound/trunk@4080 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-24 10:51:56 +00:00
Wouter Wijngaards
984c6c33bc prettier size_t and defines. 
git-svn-id: file:///svn/unbound/trunk@4062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:43:25 +00:00
Wouter Wijngaards
91bafce012 fix for lint 
git-svn-id: file:///svn/unbound/trunk@4060 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:18:10 +00:00
Wouter Wijngaards
cc31f2f6e9 fix layout. 
git-svn-id: file:///svn/unbound/trunk@4058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:10:08 +00:00
Wouter Wijngaards
a83c7764f5 fix comparison, unsigned does not become negative. 
git-svn-id: file:///svn/unbound/trunk@4057 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:07:34 +00:00
Wouter Wijngaards
f374268521 - trustanchor tags are sorted. reusable routine to fetch taglist. 
git-svn-id: file:///svn/unbound/trunk@4056 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:04:18 +00:00
Wouter Wijngaards
05215e8e7d - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and 
DS records.  NSEC3 is not disabled.
- fake-sha1 test option; print warning if used.  To make unit tests.


git-svn-id: file:///svn/unbound/trunk@4043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-09 13:18:08 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Ralph Dolmans
4f487cf746 Add DSA support for OpenSSL 1.1 
git-svn-id: file:///svn/unbound/trunk@3954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-07 12:58:47 +00:00
George Thessalonikefs
7b948b0647 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
Ralph Dolmans
3e5cf4da0b - Make access-control-tag-data RDATA absolute. This makes the RDATA origin 
consistent between local-data and access-control-tag-data.
- Fix NSEC ENT wildcard check. Matching wildcard does not have to be a subdomain
  of the NSEC owner.



git-svn-id: file:///svn/unbound/trunk@3930 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-22 10:10:48 +00:00
Wouter Wijngaards
27182d614b - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled 
with the undocumented switch 'fake-dsa'.  It logs a warning.


git-svn-id: file:///svn/unbound/trunk@3909 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-26 07:38:00 +00:00
Wouter Wijngaards
2785225a43 - Fixup query_info local_alias init. 
git-svn-id: file:///svn/unbound/trunk@3901 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 15:05:30 +00:00
Wouter Wijngaards
cfef4ba047 - Fix DNSSEC validation of query type ANY with DNAME answers. 
git-svn-id: file:///svn/unbound/trunk@3898 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 14:27:13 +00:00
Wouter Wijngaards
503df095b2 - Patch that resolves CNAMEs entered in local-data conf statements that 
point to data on the internet, from Jinmei Tatuya (Infoblox).


git-svn-id: file:///svn/unbound/trunk@3885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-18 13:18:20 +00:00
Ralph Dolmans
0b3138e1bf - Fix #1117: spelling errors, from Robert Edmonds 
git-svn-id: file:///svn/unbound/trunk@3877 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:56:05 +00:00
Wouter Wijngaards
cd842fafb9 - Fix #835: fix --disable-dsa with nettle verify. 
git-svn-id: file:///svn/unbound/trunk@3864 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-20 12:22:07 +00:00
Ralph Dolmans
e2e34ad273 fix potential memory leak in daemon/remote.c and nullpointer dereference in 
validator/autotrust.


git-svn-id: file:///svn/unbound/trunk@3856 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-15 08:39:59 +00:00
Ralph Dolmans
19ebdbf6a6 Take configured minimum TTL into consideration when reducing TTL to original 
TTL from RRSIG.


git-svn-id: file:///svn/unbound/trunk@3849 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-05 12:30:46 +00:00
Wouter Wijngaards
ca5eca9567 - Fix #777: OpenSSL 1.1.0 compatibility, patch from Sebastian A. Siewior. 
git-svn-id: file:///svn/unbound/trunk@3837 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-08-29 07:05:19 +00:00
Wouter Wijngaards
eaa6e239f7 - Fix #788 for nettle 3.0: Failed to build with Nettle >= 3.0 and 
--with-libunbound-only --with-nettle.


git-svn-id: file:///svn/unbound/trunk@3810 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-05 14:00:33 +00:00
Wouter Wijngaards
2a39f48deb Fixup _get_osfhandle calls 
git-svn-id: file:///svn/unbound/trunk@3809 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-05 07:46:16 +00:00
Wouter Wijngaards
941b31f90b - Fixes for 64bit windows compile. 
git-svn-id: file:///svn/unbound/trunk@3808 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-05 07:40:13 +00:00
Wouter Wijngaards
230ef2110b - Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures. 
git-svn-id: file:///svn/unbound/trunk@3766 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-07 13:02:02 +00:00
Wouter Wijngaards
8336eab1e1 - Fix distinction between free and CRYPTO_free in dsa and ecdsa alloc. 
git-svn-id: file:///svn/unbound/trunk@3745 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-02 08:31:17 +00:00
Wouter Wijngaards
40dd2acfd9 - generic edns option parse and store code. 
git-svn-id: file:///svn/unbound/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00
Wouter Wijngaards
7fdde81b8f - cachedb module event handling design. 
git-svn-id: file:///svn/unbound/trunk@3700 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-15 14:19:00 +00:00
Wouter Wijngaards
fd07245a0a Stop memory leak on error condition. 
git-svn-id: file:///svn/unbound/trunk@3694 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 09:18:29 +00:00
Wouter Wijngaards
fe4760787e please lint. 
git-svn-id: file:///svn/unbound/trunk@3693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:42:18 +00:00
Wouter Wijngaards
b8df3634cc please lint. 
git-svn-id: file:///svn/unbound/trunk@3692 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:37:27 +00:00
Wouter Wijngaards
038f4ca8b5 please lint. 
git-svn-id: file:///svn/unbound/trunk@3690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:32:17 +00:00
Wouter Wijngaards
fbae76885a - OpenSSL 1.1.0 portability, --disable-dsa configure option. 
git-svn-id: file:///svn/unbound/trunk@3689 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:19:49 +00:00
Wouter Wijngaards
718e98b1cd - Fix that NSEC3 negative cache is used when there is no salt. 
git-svn-id: file:///svn/unbound/trunk@3639 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-24 15:02:35 +00:00
Wouter Wijngaards
e9f954b828 - load gost algorithm if digest is seen before key algorithm. 
git-svn-id: file:///svn/unbound/trunk@3630 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:17:03 +00:00
Wouter Wijngaards
134924c4da Remove lint warning. 
git-svn-id: file:///svn/unbound/trunk@3629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:16:27 +00:00
Wouter Wijngaards
2c94a5b312 - Print understandable debug log when unusable DS record is seen. 
git-svn-id: file:///svn/unbound/trunk@3627 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 10:48:23 +00:00
Wouter Wijngaards
785697de82 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: file:///svn/unbound/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
Wouter Wijngaards
152458c40b - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
Wouter Wijngaards
ffb5a2d9eb Document ASN contents. 
git-svn-id: file:///svn/unbound/trunk@3542 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 14:36:10 +00:00
Wouter Wijngaards
4e3ae5505e cast to please lint. 
git-svn-id: file:///svn/unbound/trunk@3541 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 14:27:49 +00:00
Wouter Wijngaards
39dc5be222 - Fixup DER encoded DSA signatures for libnettle. 
git-svn-id: file:///svn/unbound/trunk@3540 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 13:31:22 +00:00
Wouter Wijngaards
2756b0f873 Repair // style comments for portability. 
git-svn-id: file:///svn/unbound/trunk@3539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 12:46:47 +00:00
Wouter Wijngaards
fa57a6c6e8 use digest_nettle function for nsec3_hash calls. 
git-svn-id: file:///svn/unbound/trunk@3537 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:39:58 +00:00
Wouter Wijngaards
3433a30878 please lint. 
git-svn-id: file:///svn/unbound/trunk@3536 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:32:04 +00:00
Wouter Wijngaards
2a73ccd5b4 - refactor nsec3 hash implementation to be more library-portable. 
git-svn-id: file:///svn/unbound/trunk@3535 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:30:04 +00:00
Wouter Wijngaards
2bdea62a9e - Fix #594. libunbound: optionally use libnettle for crypto. 
Contributed by Luca Bruno.  Added --with-nettle for use with
  --with-libunbound-only.


git-svn-id: file:///svn/unbound/trunk@3533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 09:43:07 +00:00
Wouter Wijngaards
bdb24c91b2 - Fix #716: nodata proof with empty non-terminals and wildcards. 
git-svn-id: file:///svn/unbound/trunk@3526 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-29 13:08:15 +00:00
Wouter Wijngaards
dd174820dc windows portability. 
git-svn-id: file:///svn/unbound/trunk@3521 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-27 15:35:08 +00:00
Wouter Wijngaards
40c139cd8f - Fix #712: unbound-anchor appears to not fsync root.key. 
git-svn-id: file:///svn/unbound/trunk@3512 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-22 07:06:31 +00:00
Wouter Wijngaards
e3351c3606 - Remove confusion comment from canonical_compare() function. 
git-svn-id: file:///svn/unbound/trunk@3488 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-22 08:43:56 +00:00
Wouter Wijngaards
934954375e configuration option affects autotrust. 
git-svn-id: file:///svn/unbound/trunk@3472 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-13 12:52:51 +00:00
Wouter Wijngaards
08e6883578 - 5011 implementation does not insist on all algorithms, when 
harden-algo-downgrade is turned off.


git-svn-id: file:///svn/unbound/trunk@3471 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-13 12:03:53 +00:00
Wouter Wijngaards
771e7295ac - Fix 5011 anchor update timer after reload. 
git-svn-id: file:///svn/unbound/trunk@3466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 11:56:37 +00:00
Wouter Wijngaards
7166c1ad36 no zero waiting times. 
git-svn-id: file:///svn/unbound/trunk@3464 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 14:01:04 +00:00
Wouter Wijngaards
814ddc5d48 fixup. 
git-svn-id: file:///svn/unbound/trunk@3463 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 12:02:18 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
b5f391d845 - DLV is going to be decommissioned. Advice to stop using it, and 
put text in the example configuration and man page to that effect.


git-svn-id: file:///svn/unbound/trunk@3424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-20 06:24:06 +00:00
Wouter Wijngaards
bfd78a8c23 - Change syntax of particular validator error to be easier for 
machine parse, swap rrset and ip adres info so it looks like:
  validation failure <www.example.nl. TXT IN>: signature crypto
  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>


git-svn-id: file:///svn/unbound/trunk@3422 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-10 12:04:22 +00:00
Wouter Wijngaards
32f808fcfa - Unbound exits with a fatal error when the auto-trust-anchor-file 
fails to be writable.  This is seconds after startup.  You can
  load a readonly auto-trust-anchor-file with trust-anchor-file.
  The file has to be writable to notice the trust anchor change,
  without it, a trust anchor change will be unnoticed and the system
  will then become unoperable.


git-svn-id: file:///svn/unbound/trunk@3387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 12:03:05 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
7a9ccf858c - If unknown trust anchor algorithm, and libressl is used, error 
message encourages upgrade of the libressl package.


git-svn-id: file:///svn/unbound/trunk@3378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-25 16:04:05 +00:00
Wouter Wijngaards
6feb8fb6a5 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: file:///svn/unbound/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
Wouter Wijngaards
63b5d109f8 - Use reallocarray for integer overflow protection, patch submitted 
by Loganaden Velvindron.


git-svn-id: file:///svn/unbound/trunk@3365 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-17 08:24:24 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
e08aa7c5e1 - Fix validation failure in case upstream forwarder (ISC BIND) does 
not have the same trust anchors and decides to insert unsigned NS
  record in authority section.


git-svn-id: file:///svn/unbound/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-09 11:44:46 +00:00
Wouter Wijngaards
15d16580a8 - Fix unintended use of gcc extension for incomplete enum types, 
compile with pedantic c99 compliance (from Daniel Dickman).


git-svn-id: file:///svn/unbound/trunk@3321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-26 08:46:40 +00:00
Wouter Wijngaards
67a3c4933c - Fix cdflag dns64 processing. 
git-svn-id: file:///svn/unbound/trunk@3275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-19 08:43:08 +00:00
Wouter Wijngaards
b781f2d48d - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: file:///svn/unbound/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
Wouter Wijngaards
f1bcc1032f More casts. 
git-svn-id: file:///svn/unbound/trunk@3244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 09:23:12 +00:00
Wouter Wijngaards
339a6be27d More unsigned chasts for toupper/tolower/ctype 
git-svn-id: file:///svn/unbound/trunk@3242 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 08:35:00 +00:00
Matthijs Mekking
dab0af8d87 Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is received. 
This is okay according 4035, but not after revising existence in 4592. 
NSEC empty non-terminals exist and thus the RCODE should have been NOERROR.

If this occurs, and the RRsets are secure, we set the RCODE to NOERROR and
the security status of the reponse is also considered secure.



git-svn-id: file:///svn/unbound/trunk@3089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-20 09:46:50 +00:00
Matthijs Mekking
492a5ca681 only whitespace changes 
git-svn-id: file:///svn/unbound/trunk@3088 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-18 13:54:19 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
2bb8f893cc - Fix #547: no trustanchor written if filesystem full, fclose checked. 
git-svn-id: file:///svn/unbound/trunk@3044 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-21 10:14:55 +00:00
Wouter Wijngaards
3ce7b4a6fa - Windows port, adjust %lld to %I64d, and warning in win_event.c. 
git-svn-id: file:///svn/unbound/trunk@3040 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 16:01:37 +00:00
Wouter Wijngaards
67f5157e45 - fix #544: Fixed +i causes segfault when running with module conf "iterator". 
git-svn-id: file:///svn/unbound/trunk@3038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 13:04:34 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
3de090dadb Fix linking of sldns and ldns, unique identifiers for global variables. 
git-svn-id: file:///svn/unbound/trunk@3021 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-30 11:03:55 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
c9438d938e fix lint, more time_t 
git-svn-id: file:///svn/unbound/trunk@2950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 14:45:33 +00:00
Wouter Wijngaards
3e41dedfc5 remove bool. 
git-svn-id: file:///svn/unbound/trunk@2949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:47:23 +00:00
Wouter Wijngaards
bf67dc2a0d remove bool. 
git-svn-id: file:///svn/unbound/trunk@2948 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:46:41 +00:00
Wouter Wijngaards
50e68cbcda more time_t 
git-svn-id: file:///svn/unbound/trunk@2947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 11:44:33 +00:00
Wouter Wijngaards
5db366f99f - review fixes from Willem. 
git-svn-id: file:///svn/unbound/trunk@2945 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-22 14:10:29 +00:00
Wouter Wijngaards
c845aceee4 - more fixes that I overlooked. 
git-svn-id: file:///svn/unbound/trunk@2944 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-22 07:33:51 +00:00
Wouter Wijngaards
8ba21bd7e7 - Fix#520: Errors found by static analysis from Tomas Hozza(redhat). 
git-svn-id: file:///svn/unbound/trunk@2942 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-21 13:31:09 +00:00
Wouter Wijngaards
f1fd2b53eb - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: file:///svn/unbound/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
Wouter Wijngaards
021f32ebf9 - Fix memleak in testcode for testbound (if it fails). 
- Fix NSS returned arrays out of setup function to be statics.


git-svn-id: file:///svn/unbound/trunk@2930 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-07-29 07:32:35 +00:00
Wouter Wijngaards
416df19f6d - Fix use-after-free in out-of-memory handling code (thanks Jake 
Montgomery).


git-svn-id: file:///svn/unbound/trunk@2900 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-05-16 07:36:37 +00:00
Wouter Wijngaards
fbedfb7429 - Robust checks on dname validity from rdata for dname compare. 
git-svn-id: file:///svn/unbound/trunk@2892 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 10:28:25 +00:00
Wouter Wijngaards
ffab065d1e - includes and have_ssl fixes for nss. 
git-svn-id: file:///svn/unbound/trunk@2830 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-30 13:15:03 +00:00
Wouter Wijngaards
ed6b39c095 fixup for doxygen 1.8.3 
git-svn-id: file:///svn/unbound/trunk@2827 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-28 13:44:38 +00:00
Matthijs Mekking
79ffc1ab81 Fix validation for responses with CNAME and wildcard expanded CNAME in 
ANSWER section.



git-svn-id: file:///svn/unbound/trunk@2777 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-10-29 14:06:00 +00:00
Wouter Wijngaards
a8e468fc67 - ignore trusted-keys globs that have no files (from Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@2770 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-10-01 07:18:49 +00:00
Wouter Wijngaards
5e5e89b9f5 - RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled. 
git-svn-id: file:///svn/unbound/trunk@2753 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-30 12:02:53 +00:00
Wouter Wijngaards
07470115e5 - fix bogus nodata cname chain not reported as bogus by validator, 
(Thanks Peter van Dijk).


git-svn-id: file:///svn/unbound/trunk@2727 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-27 13:38:00 +00:00
Wouter Wijngaards
f82edc1b64 - review fix for libnss, check hash prefix allocation size. 
git-svn-id: file:///svn/unbound/trunk@2723 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-25 14:32:37 +00:00
Wouter Wijngaards
85c915f116 - fix missing break for GOST DS hash function. 
- make depend


git-svn-id: file:///svn/unbound/trunk@2721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-23 12:27:04 +00:00
Wouter Wijngaards
d4f49a7a40 - Fix validation of qtype DS queries that result in no data for 
non-optout NSEC3 zones.


git-svn-id: file:///svn/unbound/trunk@2712 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-06 13:56:44 +00:00
Wouter Wijngaards
097c70be91 - detect if openssl has FIPS_mode. 
git-svn-id: file:///svn/unbound/trunk@2703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-28 06:54:16 +00:00
Wouter Wijngaards
87ded67cb6 - disable RSAMD5 if in FIPS mode (for openssl and for libnss). 
git-svn-id: file:///svn/unbound/trunk@2702 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-25 15:13:44 +00:00
Wouter Wijngaards
98b6f90637 - disable RSAMD5 if in FIPS mode (when compiled with openssl). 
git-svn-id: file:///svn/unbound/trunk@2701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-25 15:02:52 +00:00
Wouter Wijngaards
b9ed797a22 Test for ECC support for libNSS. 
git-svn-id: file:///svn/unbound/trunk@2700 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-22 15:20:56 +00:00
Wouter Wijngaards
25096aa3ab implement DNSSEC with libNSS: NSEC3, RSA, DSA, ECDSA, and DS hashes. 
make test succeeds.


git-svn-id: file:///svn/unbound/trunk@2699 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-22 14:31:29 +00:00
Wouter Wijngaards
cd8e4a0bc5 RSA with nss. 
git-svn-id: file:///svn/unbound/trunk@2697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 15:19:16 +00:00
Wouter Wijngaards
d051dfaf19 remove double free. 
git-svn-id: file:///svn/unbound/trunk@2696 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 12:01:34 +00:00
Wouter Wijngaards
f2da5c6867 - nss check for verification failure. 
git-svn-id: file:///svn/unbound/trunk@2695 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 12:00:48 +00:00
Wouter Wijngaards
6ba973a8bd - fix error handling of alloc failure during rrsig verification. 
git-svn-id: file:///svn/unbound/trunk@2693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 07:22:01 +00:00
Wouter Wijngaards
ccf4099366 - work on --with-nss build option (for now, --with-libunbound-only). 
git-svn-id: file:///svn/unbound/trunk@2690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-20 15:11:53 +00:00
Wouter Wijngaards
15aacbe89b code review. 
git-svn-id: file:///svn/unbound/trunk@2688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-18 14:22:29 +00:00
Wouter Wijngaards
06a3f735d7 - The key-cache bad key ttl is now 60 seconds. 
git-svn-id: file:///svn/unbound/trunk@2685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-15 12:25:29 +00:00
Wouter Wijngaards
0a1195f690 - Protect if statements in val_anchor for compilate without locks. 
git-svn-id: file:///svn/unbound/trunk@2670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-16 10:54:52 +00:00
Wouter Wijngaards
2bf79c2e65 - Fix validation of nodata for DS query in NSEC zones, reported by 
Ondrej Mikle.


git-svn-id: file:///svn/unbound/trunk@2662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-02 11:58:27 +00:00
Wouter Wijngaards
773d8e3b84 Fix prefetch and stickyness. 
git-svn-id: file:///svn/unbound/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 11:04:53 +00:00
Wouter Wijngaards
682ff957ed lint and doxygen fixes. 
git-svn-id: file:///svn/unbound/trunk@2631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 10:08:07 +00:00
Wouter Wijngaards
718dcce317 fix race condition. 
git-svn-id: file:///svn/unbound/trunk@2625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 15:03:36 +00:00
Wouter Wijngaards
08835e01ee free unsupported trust anchors. 
git-svn-id: file:///svn/unbound/trunk@2624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:53:45 +00:00
Wouter Wijngaards
d64b14cff9 - unbound-control forward_add, forward_remove, stub_add, stub_remove 
can modify stubs and forwards for running unbound (on mobile computer)
  they can also add and remove domain-insecure for the zone.


git-svn-id: file:///svn/unbound/trunk@2623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:35:28 +00:00
Wouter Wijngaards
c352ee2e85 - workaround for openssl 0.9.8 ecdsa sha2 and evp problem. 
git-svn-id: file:///svn/unbound/trunk@2608 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 16:40:46 +00:00
Wouter Wijngaards
924789d877 - implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This 
implementation is experimental at this time and not recommended
  for use on the public internet (the protocol numbers have not
  been assigned).  Needs recent ldns with --enable-ecdsa.
- fix memory leak in errorcase for DSA signatures.


git-svn-id: file:///svn/unbound/trunk@2606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 13:22:44 +00:00
Wouter Wijngaards
8c2f658cd1 - fix for windows, rename() is not posix compliant on windows. 
git-svn-id: file:///svn/unbound/trunk@2605 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-03 14:56:09 +00:00
Wouter Wijngaards
9c8ac75026 - Fix to write key files completely to a temporary file, and if that 
succeeds, replace the real key file.  So failures leave a useful file.


git-svn-id: file:///svn/unbound/trunk@2590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-19 14:17:22 +00:00
Wouter Wijngaards
2e26ec2d01 - Fix bug where canonical_compare of RRSIG did not downcase the 
signer-name.  This is mostly harmless because RRSIGs do not have
  to be sorted in canonical order, usually.


git-svn-id: file:///svn/unbound/trunk@2586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-17 09:06:18 +00:00
Wouter Wijngaards
6dd2c0467e - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
Wouter Wijngaards
0916e1d0ea - Fix for VU#209659 CVE-2011-4528: Unbound denial of service 
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.


git-svn-id: file:///svn/unbound/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-19 10:55:32 +00:00
Wouter Wijngaards
e0fd0ef80c - Fix to constrain signer_name to be a parent of the lookupname. 
git-svn-id: file:///svn/unbound/trunk@2571 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-13 12:37:47 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
b72d40f3dd - fix various compiler warnings (reported by Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@2497 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 11:35:01 +00:00
Wouter Wijngaards
22290ac234 - Fix validation of . DS query. 
git-svn-id: file:///svn/unbound/trunk@2474 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-17 14:28:32 +00:00
Wouter Wijngaards
7359d84e2f - Fix wildcard expansion no-data reply under an optout NSEC3 zone is 
validated as insecure, reported by Jia Li (lijia@cnnic.cn).


git-svn-id: file:///svn/unbound/trunk@2461 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-07-11 09:03:18 +00:00
Wouter Wijngaards
784d659e91 - Fix TTL of SOA so negative TTL is separately cached from normal TTL. 
git-svn-id: file:///svn/unbound/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 12:34:47 +00:00
Wouter Wijngaards
3922eed584 val-override-date: -1 ignores dates entirely, for NTP usage. 
git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 14:06:46 +00:00
Wouter Wijngaards
b4a089ff0d - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. 
git-svn-id: file:///svn/unbound/trunk@2397 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:48:45 +00:00
Wouter Wijngaards
003658eea0 test and cleanup. 
git-svn-id: file:///svn/unbound/trunk@2360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-22 09:41:38 +00:00
Wouter Wijngaards
daab92e954 - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
Wouter Wijngaards
e9582487d9 Work on validation of multiple algorithms. 
git-svn-id: file:///svn/unbound/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00