upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-02 12:59:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7874 commits 23 branches 209 tags 124 MiB
Commit graph

7874 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yorgos Thessalonikefs
f52b2a6ea2 - Add resolver.arpa and service.arpa to the default locally served 
zones.
 2025-01-14 17:18:32 +01:00
Yorgos Thessalonikefs
c3b5bff311 - Fix typo. 2025-01-13 12:32:16 +01:00
Yorgos Thessalonikefs
62a0e03801 - Fix #1213: Misleading error message on default access control causing 
refuse.
 2025-01-13 11:33:24 +01:00
Yorgos Thessalonikefs
716f3df385 Changelog entry for #1214: 
- Merge #1214: Use TCP_NODELAY on TLS sockets to speed up the TLS
  handshake.
 2025-01-10 13:54:49 +01:00
Yorgos Thessalonikefs
7e4f7ec5be
Merge pull request #1214 from NLnetLabs/bugfix/tls-handshake 
Use TCP_NODELAY on TLS sockets to speed up the TLS handshake.
 2025-01-10 13:53:46 +01:00
Yorgos Thessalonikefs
7559d26c93 - Use TCP_NODELAY on TLS sockets to speed up the TLS handshake. 2025-01-10 12:11:59 +01:00
Yorgos Thessalonikefs
eb36c880de Changelog entry for #1174: 
- Merge #1174: Serve expired cache update fixes. Fixes a regression bug
  with serve-expired that appeared in 1.22.0 and would not allow the
  iterator to update the cache with not-yet-validated entries resulting
  in increased outgoing traffic.
 2024-12-31 16:30:35 +01:00
Yorgos Thessalonikefs
fff9f62a1e
Serve expired cache update fixes (#1174) 
- Fixes a regression bug with serve-expired that appeared in 1.22.0
  and would not allow the iterator to update the cache with
  not-yet-validated entries resulting in increased outgoing traffic.

- Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records.
- Try to use expired answers instead of SERVFAIL if serve-expired is
  enabled even without serve-expired-client-timeout.
- Add suggestion to refresh the cached norec_ttl and expired_ttl when a
  response cannot update the usable expired entry.
 2024-12-31 16:28:12 +01:00
Yorgos Thessalonikefs
e57e537c85 - For #1207: [FR] Support for RESINFO RRType 261 (RFC9606), add 
LDNS_RR_TYPE_RESINFO similar to LDNS_RR_TYPE_TXT.
 2024-12-20 15:04:34 +01:00
Yorgos Thessalonikefs
71d821fde9 Changelog entry for #1204: 
- Merge #1204: ci: set persist-credentials: false for actions/checkout
  per zizmor suggestion.
 2024-12-13 13:43:29 +01:00
Yorgos Thessalonikefs
df5ab5624d
Merge pull request #1204 from NLnetLabs/zizmor-improvements 2024-12-13 13:42:31 +01:00
Maarten Aertsen
eb08dc617a set persist-credentials: false per zizmor suggestion 2024-12-13 13:12:03 +01:00
Yorgos Thessalonikefs
ded4c82ced - Fix typo in log_servfail.tdir test. 2024-12-03 16:03:05 +01:00
Yorgos Thessalonikefs
e82a691efe Changelog entry for #1187: 
- Merge #1187: Create the SSL_CTX for QUIC before chroot and privilege
  drop.
 2024-12-03 14:21:34 +01:00
Yorgos Thessalonikefs
61d7250b96
Create the SSL_CTX for QUIC before chroot and privilege drop (#1187) 
Fixes #1185 by creating the SSL_CTX for QUIC before chroot and
privilege drop, just like the other SSL_CTX creations.

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2024-12-03 14:20:33 +01:00
Yorgos Thessalonikefs
b4a9c8bb05 - Safeguard alias loop while looking in the cache for expired answers. 2024-12-03 14:10:17 +01:00
Yorgos Thessalonikefs
be92752368 - Merge #1198: Fix log-servfail with serve expired and no useful cache 
contents.
 2024-12-03 14:05:12 +01:00
Yorgos Thessalonikefs
1512945c79
Merge pull request #1198 from NLnetLabs/bugfix/log-servfail-serve-expired 
Fix log-servfail with serve expired and no useful cache contents
 2024-12-03 14:02:03 +01:00
Yorgos Thessalonikefs
9de159b96b - For #1175, the default value of serve-expired-ttl is set to 86400 
(1 day) as suggested by RFC8767.
 2024-12-03 13:09:51 +01:00
Yorgos Thessalonikefs
bd2e66de1e Changelog entry for #1189, #1197: 
- Merge #1189: Fix the dname_str method to cause conversion errors
  when the domain name length is 255.
- Merge #1197: dname_str() fixes.
 2024-12-03 11:58:06 +01:00
Yorgos Thessalonikefs
9770e855d2
Merge pull request #1197 from NLnetLabs/dname_str-more-tests 
dname_str() fixes
 2024-12-03 11:55:41 +01:00
Yorgos Thessalonikefs
c124f67f33 - For #1193, introduce log-servfail.tdir and cleanup the log-servfail 
setting from other tests.
 2024-12-02 12:30:11 +01:00
Yorgos Thessalonikefs
c55490c1e6 - Fix #1193: log-servfail fails to log host SERVFAIL responses in 
Unbound 1.19.2 on Ubuntu 24.04.1 LTS, by not considering cached
  failures when trying to reply with expired data.
 2024-12-02 12:28:11 +01:00
Yorgos Thessalonikefs
f46acec35f - For #1189, homogenize the input buffer size for dname_str(). 2024-12-02 11:53:56 +01:00
Yorgos Thessalonikefs
1cd2fb3b9d - For #1189, add unit tests for dname_str() and debug check the input 
buffer size.
 2024-12-02 10:03:35 +01:00
wenxuan70
06fb30d0a0 Fix the dname_str method to cause conversion errors when the domain name length is 255 2024-11-24 17:53:23 +08:00
Yorgos Thessalonikefs
9e3c50ec9e - For #1175, update serve-expired tests. 2024-11-22 16:14:02 +01:00
Yorgos Thessalonikefs
eefdbb341f - Fix #1175: serve-expired does not adhere to secure-by-default 
principle. The default value of serve-expired-client-timeout
  is set to 1800 as suggested by RFC8767.
 2024-11-22 15:32:34 +01:00
Yorgos Thessalonikefs
e75da7d954 - Fix comparison to help static analyzer. 2024-11-20 10:53:45 +01:00
Yorgos Thessalonikefs
9a3a1bc221 Changelog entry for #1169: 
- Merge #1169 from Sergey Kacheev, fix: lock-free counters for
  auth_zone up/down queries.
 2024-11-19 17:01:34 +01:00
Yorgos Thessalonikefs
c1e9d7be7f
Merge pull request #1169 from sakateka/lock-free-az-counters 
fix: lock-free counters for auth_zone up/down queries
 2024-11-19 17:00:01 +01:00
Sergey Kacheev
2c72a4970b
fix: lock-free counters for auth_zone up/down queries 2024-11-19 18:55:31 +03:00
W.C.A. Wijngaards
4cf7fae50c - Fix for #1183: release nsec3 hashes per test file. 2024-11-15 10:47:27 +01:00
W.C.A. Wijngaards
a2ac980737 - Fix #1183: the data being used is released in method 
nsec3_hash_test_entry.
 2024-11-15 10:37:35 +01:00
Yorgos Thessalonikefs
733d5f7161 - Complete fix for max-global-quota to 200. 2024-11-08 17:34:28 +01:00
Yorgos Thessalonikefs
fe288a9b06 - More descriptive text for 'harden-algo-downgrade'. 2024-11-08 13:56:04 +01:00
Yorgos Thessalonikefs
fd1a1d5fa0 - Increase the default of max-global-quota to 200 from 128 after 
operational feedback. Still keeping the possible amplification
  factor (CAMP related issues) in the hundreds.
 2024-11-06 16:28:37 +01:00
Yorgos Thessalonikefs
3c4b87636a Changelog entry for: 
- Fix SETEX check during Redis (re)initialization.
 2024-11-05 12:20:25 +01:00
Yorgos Thessalonikefs
36d8c6e778 - Fix SETEX check during Redis (re)initialization. 2024-11-05 12:18:55 +01:00
W.C.A. Wijngaards
60fd77b8f9 - Fix to log redis timeout error string on failure. 2024-11-05 11:41:41 +01:00
W.C.A. Wijngaards
d5e91d181b - Fix for the serve expired DNSSEC information fix, it would not allow 
current delegation information be updated in cache. The fix allows
  current delegation and validation recursion information to be
  updated, but as a consequence no longer has certain expired
  information around for later dnssec valid expired responses.
 2024-11-05 10:39:27 +01:00
W.C.A. Wijngaards
7985d17b57 Changelog note for #1167 
- Merge #1167: Makefile.in: fix occasional parallel build failures
  around bison rule.
 2024-11-04 13:26:27 +01:00
Sergei Trofimovich
46cfbf313d
Makefile.in: fix occasional parallel build failures around bison rule (#1167) 
Without the change `make -j16 --shuffle` occasinally fails to build as:

    $ make -j16 --shuffle
    ...
    bison -y -d -o util/configparser.c ./util/configparser.y
    ...
    /libtool --tag=CC --mode=compile gcc -I.  -I...-openssl-3.3.2-dev/include -I...-libevent-2.1.12-dev/include -I...-expat-2.6.3-dev/include -DSRCDIR=. -g -O2 -flto -fPIE -pthread  -o configparser.lo -c util/configparser.c
    ...
    util/configparser.c:755:3: error: expected ',' or '}' at end of input
  755 |   YYSYMBOL_server_low_rtt = 626,           /* server_low_rtt  */
      |   ^

The build failure happens due to this `Makefile.in` rule:

    util/configparser.c util/configparser.h:  $(srcdir)/util/configparser.y
        @-if test ! -d util; then $(INSTALL) -d util; fi
        $(YACC) -d -o util/configparser.c $(srcdir)/util/configparser.y

For GNU make that means that each of the targets will attempt the rule
execution when the file is missing: one for .c file and another for .h
file:

    https://www.gnu.org/software/make/manual/html_node/Multiple-Targets.html

The workaround is to only run $(YACC) for .c target and use .c as a
pre-requisite for an .h file.

Before the change the build fails about every 10-th run.
After the change no build failures after 100 successful builds.
 2024-11-04 13:26:05 +01:00
W.C.A. Wijngaards
533c3b0514 - Fix redis that during a reload it does not fail if the redis 
server does not connect or does not respond. It still logs the
  errors and if the server is up checks expiration features.
 2024-11-04 10:14:26 +01:00
W.C.A. Wijngaards
5f3f214da5 - Fix redis that during a reload it does not fail if the redis 
server does not connect or does not respond. It still logs the
  errors and if the server is up checks expiration features.
 2024-11-04 10:14:13 +01:00
Yorgos Thessalonikefs
11b8157a98 Changelog entry for #1157: 
- Merge #1157 from Liang Zhu, Fix heap corruption when calling
  ub_ctx_delete in Windows.
 2024-11-01 16:27:06 +01:00
Liang Zhu
1c24cd79cc
Fix heap corruption when calling ub_ctx_delete in Windows (#1157) 2024-11-01 16:26:05 +01:00
Yorgos Thessalonikefs
d34fb3ed77 Changelog entry for #1170: 
- Merge #1170 from Melroy van den Berg, Fix chroot manpage
  description.
 2024-11-01 16:12:07 +01:00
Melroy van den Berg
c37833c943
Fix chroot manpage description (#1170) 2024-11-01 16:10:57 +01:00
Yorgos Thessalonikefs
8a6a4bd7f3 - Add test case for #1159. 
- Some clean up for stat_values.test.
 2024-11-01 15:57:52 +01:00