upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-23 00:00:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6058 commits 23 branches 209 tags 123 MiB
Commit graph

833 commits

Author SHA1 Message Date
Wouter Wijngaards
8ae9f26bce - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites 
options for unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5054 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 08:37:00 +00:00
Wouter Wijngaards
ef1baf94f7 Fix lint and unit test. 
git-svn-id: file:///svn/unbound/trunk@5051 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 13:35:33 +00:00
Wouter Wijngaards
8b18d1a0a4 - unbound-control stats has mem.streamwait that counts TCP and TLS 
waiting result buffers.


git-svn-id: file:///svn/unbound/trunk@5050 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 13:20:06 +00:00
Wouter Wijngaards
11d98df304 - Fix syntax in comment of local alias processing. 
git-svn-id: file:///svn/unbound/trunk@5029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-08 13:29:38 +00:00
Wouter Wijngaards
21d03697ca - ip-ratelimit-factor of 1 allows all traffic through, instead of the 
previous blocking everything.


git-svn-id: file:///svn/unbound/trunk@5015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 09:38:50 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
470806b097 - Add unbound-control view_local_datas command, like local_datas. 
git-svn-id: file:///svn/unbound/trunk@4977 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-26 13:37:23 +00:00
Wouter Wijngaards
692caffe2c - auth zone zonefiles can be in a chroot, the chroot directory 
components are removed before use.


git-svn-id: file:///svn/unbound/trunk@4972 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:51:09 +00:00
Wouter Wijngaards
c9955f9fdf - Fix #4152: Logs shows wrong time when using log-time-ascii: yes. 
git-svn-id: file:///svn/unbound/trunk@4957 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 13:52:13 +00:00
Wouter Wijngaards
216759e955 - Fix #4156: Fix systemd service manager state change notification. 
git-svn-id: file:///svn/unbound/trunk@4913 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-17 12:30:22 +00:00
Wouter Wijngaards
2e9d09b961 - initialize statistics totals for printout. 
- in authzone check that node exists before adding rrset.
	- in unbound-anchor, use readwrite memory BIO.
	- assertion in autotrust that packed rrset is formed correctly.


git-svn-id: file:///svn/unbound/trunk@4903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:20:41 +00:00
Wouter Wijngaards
9a82526b91 - exit log routine is annotated as noreturn function. 
- free memory leaks in config strlist and str2list insert functions.
- do not move unused argv variable after getopt.
- Remove unused if clause in testcode.


git-svn-id: file:///svn/unbound/trunk@4896 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 08:58:21 +00:00
Wouter Wijngaards
225a6d9c6e - Fix seed for random backup code to use explicit zero when wiped. 
git-svn-id: file:///svn/unbound/trunk@4895 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 07:49:51 +00:00
Wouter Wijngaards
87c8dd5434 - Fix initialisation in remote.c 
git-svn-id: file:///svn/unbound/trunk@4894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-11 14:11:50 +00:00
Wouter Wijngaards
194dc32059 explain ip-ratelimit-factor causes the log line and it is a per-query log line. 
git-svn-id: file:///svn/unbound/trunk@4885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-04 09:26:51 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
George Thessalonikefs
0171d06aa2 - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This 
gives access to reply information for the client's communication
  point when the callback is called before the mesh state (modules).
  Changes to C and Python's inplace_callback signatures were also
  necessary.


git-svn-id: file:///svn/unbound/trunk@4870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-22 10:51:13 +00:00
Wouter Wijngaards
00ba747be7 - #4146: num.query.subnet and num.query.subnet_cache counters. 
git-svn-id: file:///svn/unbound/trunk@4867 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 14:14:28 +00:00
Wouter Wijngaards
586b811b87 - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). 
This limits the number of simultaneous TCP client connections
  from a nominated netblock.
And a simple test for TCP connection limit.


git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 11:57:42 +00:00
Wouter Wijngaards
27023b3f21 - Fix for #4136: Fix to unconditionally call destroy in daemon.c. 
git-svn-id: file:///svn/unbound/trunk@4830 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-06 07:18:05 +00:00
George Thessalonikefs
749d1b9ebc - Expose if a query (or a subquery) was ratelimited (not src IP 
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Tidy pylib tests.


git-svn-id: file:///svn/unbound/trunk@4828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 14:00:46 +00:00
Wouter Wijngaards
37e9f5591a - Revert previous change for #4136: because it introduces build 
problems.


git-svn-id: file:///svn/unbound/trunk@4826 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 09:47:53 +00:00
Wouter Wijngaards
3dbdde7fed - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options 
and implement option in client responses.


git-svn-id: file:///svn/unbound/trunk@4804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:18:34 +00:00
Wouter Wijngaards
6da37e5ecd - Error if EDNS Keepalive received over UDP. 
implement and add test.


git-svn-id: file:///svn/unbound/trunk@4803 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:16:25 +00:00
Wouter Wijngaards
007123ee2c - Sort out test runs when the build directory isn't the project 
root directory.
- Add config tcp-idle-timeout (default 30s). This applies to
  client connections only; the timeout on TCP connections upstream
  is unaffected.


git-svn-id: file:///svn/unbound/trunk@4802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:15:12 +00:00
Wouter Wijngaards
10c085f81d - Fix #4136: insufficiency from mismatch of FLEX capability between 
released tarball and build host.


git-svn-id: file:///svn/unbound/trunk@4801 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-30 09:58:05 +00:00
Wouter Wijngaards
40abe08ac8 - Fix use-systemd readiness signalling, only when use-systemd is yes 
and not in signal handler.


git-svn-id: file:///svn/unbound/trunk@4797 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-23 13:05:39 +00:00
Wouter Wijngaards
6de329359c better line about fix suggestion 
git-svn-id: file:///svn/unbound/trunk@4794 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-20 08:58:30 +00:00
Wouter Wijngaards
2e34a8f643 double spaces. 
git-svn-id: file:///svn/unbound/trunk@4793 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-20 08:56:47 +00:00
Wouter Wijngaards
bded93f69b - Fix #4130: print text describing -dd and unbound-checkconf on 
config file read error at startup, the errors may have been moved
  away by the startup process.


git-svn-id: file:///svn/unbound/trunk@4792 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-20 05:42:38 +00:00
Wouter Wijngaards
f8e585f308 nicer code, in function. 
git-svn-id: file:///svn/unbound/trunk@4790 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 15:07:09 +00:00
Wouter Wijngaards
5bda4f9822 Fixup cache size test for msg cache. 
git-svn-id: file:///svn/unbound/trunk@4789 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:56:02 +00:00
Wouter Wijngaards
41e5a66b73 Fixup 
git-svn-id: file:///svn/unbound/trunk@4785 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 12:30:53 +00:00
Wouter Wijngaards
cc5ab744c5 - Print error if SSL name verification configured but not available 
in the ssl library.


git-svn-id: file:///svn/unbound/trunk@4784 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 12:26:32 +00:00
Wouter Wijngaards
0ae750e552 - Fix #4127 unbound -h does not list -p help. 
git-svn-id: file:///svn/unbound/trunk@4783 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 07:03:37 +00:00
Wouter Wijngaards
755233c720 - num.queries.tls counter for queries over TLS. 
git-svn-id: file:///svn/unbound/trunk@4759 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-28 08:15:47 +00:00
Wouter Wijngaards
5106ad7a2c - #4108: systemd reload hang fix. 
git-svn-id: file:///svn/unbound/trunk@4747 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-21 07:11:12 +00:00
Wouter Wijngaards
8c044a616b - Fix windows unbound-control no cert bad file descriptor error. 
git-svn-id: file:///svn/unbound/trunk@4746 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-19 13:13:35 +00:00
Wouter Wijngaards
c15eae814f - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. 
git-svn-id: file:///svn/unbound/trunk@4738 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-18 09:04:35 +00:00
Wouter Wijngaards
abff4d1237 - unbound-control auth_zone_transfer _zone_ option starts the probe 
sequence for a master to transfer the zone from and transfers when
  a new zone version is available.


git-svn-id: file:///svn/unbound/trunk@4736 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 15:01:31 +00:00
Wouter Wijngaards
386f23334b - unbound-control auth_zone_reload _zone_ option rereads the zonefile. 
git-svn-id: file:///svn/unbound/trunk@4735 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 13:42:41 +00:00
Wouter Wijngaards
a6ec2c6fc7 - Fix nettle compile. 
git-svn-id: file:///svn/unbound/trunk@4731 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 12:08:09 +00:00
Wouter Wijngaards
9cb404ba5f - Fix that first control-interface determines if TLS is used. Warn 
when IP address interfaces are used without TLS.


git-svn-id: file:///svn/unbound/trunk@4730 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 08:14:43 +00:00
Wouter Wijngaards
d6ed0e868f remove unreachable point for portablity 
git-svn-id: file:///svn/unbound/trunk@4727 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 13:02:52 +00:00
Wouter Wijngaards
21af42a281 Continue to read also when signals are sent. 
git-svn-id: file:///svn/unbound/trunk@4723 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 10:50:51 +00:00
Wouter Wijngaards
4df697b4b7 Accurate printout in status output. 
git-svn-id: file:///svn/unbound/trunk@4719 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 08:05:03 +00:00
Wouter Wijngaards
7fd32916e8 - #4102 for NSD, but for Unbound. Named unix pipes do not use 
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 07:43:52 +00:00
Wouter Wijngaards
8d1af17449 - Patch from Syzdek: Add ability to ignore RD bit and treat all 
requests as if the RD bit is set.


git-svn-id: file:///svn/unbound/trunk@4701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-30 09:33:21 +00:00
Wouter Wijngaards
5a726fb61f - Add routine from getdns to add windows cert store to the SSL_CTX. 
git-svn-id: file:///svn/unbound/trunk@4697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 13:22:10 +00:00
Wouter Wijngaards
85bf0bd994 - Fix that unbound-control reload frees the rrset keys and returns 
the memory pages to the system.


git-svn-id: file:///svn/unbound/trunk@4669 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-01 14:00:06 +00:00
Wouter Wijngaards
2951f21dab - Fix for crash in daemon_cleanup with dnstap during reload, 
from Saksham Manchanda.
- Also that for dnscrypt.


git-svn-id: file:///svn/unbound/trunk@4663 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-26 06:59:49 +00:00
Ralph Dolmans
4d06c36342 - Added root-key-sentinel support 
git-svn-id: file:///svn/unbound/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
Wouter Wijngaards
ea6266f736 - list_auth_zones unbound-control command. 
git-svn-id: file:///svn/unbound/trunk@4650 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 14:42:30 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
e4c8085408 - unit test for allow-notify 
git-svn-id: file:///svn/unbound/trunk@4629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 14:58:43 +00:00
Wouter Wijngaards
2d6715878d - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 14:24:57 +00:00
Wouter Wijngaards
85994fb61c Fix doxygen 
git-svn-id: file:///svn/unbound/trunk@4620 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 15:06:02 +00:00
Wouter Wijngaards
ad9784c5e8 - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 14:57:38 +00:00
Ralph Dolmans
c239c3f395 cast neg cache stats to long long 
git-svn-id: file:///svn/unbound/trunk@4618 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 11:48:05 +00:00
Ralph Dolmans
6ef9cafc0e - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics 
counters


git-svn-id: file:///svn/unbound/trunk@4616 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 11:39:23 +00:00
Wouter Wijngaards
89ad258515 - num.query.authzone.up and num.query.authzone.down statistics counters. 
- Fix downstream auth zone, only fallback when auth zone fails to
  answer and fallback is enabled.


git-svn-id: file:///svn/unbound/trunk@4610 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 10:15:06 +00:00
Wouter Wijngaards
0e5abca6b7 - Fix that flush_zone sets prefetch ttl expired, so that with 
serve-expired enabled it'll start prefetching those entries.


git-svn-id: file:///svn/unbound/trunk@4609 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 07:39:59 +00:00
Wouter Wijngaards
c515215eea - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 
tls_choose_sigalg routine does not allow the ciphers for the pipe,
  so use TLSv1.2.


git-svn-id: file:///svn/unbound/trunk@4606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 13:43:05 +00:00
Wouter Wijngaards
3b25c475f5 - Attempt to remove warning about trailing whitespace. 
git-svn-id: file:///svn/unbound/trunk@4568 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:52:18 +00:00
Wouter Wijngaards
cd955fa34d - more robust cachedump rrset routine. 
git-svn-id: file:///svn/unbound/trunk@4549 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 15:25:19 +00:00
Wouter Wijngaards
54bd1fdd62 - tls-cert-bundle option in unbound.conf enables TLS authentication. 
git-svn-id: file:///svn/unbound/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:09 +00:00
Wouter Wijngaards
30891d6fff - Fix unfreed locks in log and arc4random at exit of unbound. 
git-svn-id: file:///svn/unbound/trunk@4491 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 09:27:16 +00:00
Wouter Wijngaards
ca60143bdf cleanup without losing zone contents, and also backoff for nonresponsive 
masters while zone data is available.


git-svn-id: file:///svn/unbound/trunk@4480 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 12:52:40 +00:00
Wouter Wijngaards
c834b5eecd pickup worker events, and free them. 
exponential backoff for continuously failing zones.


git-svn-id: file:///svn/unbound/trunk@4479 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 12:33:19 +00:00
Wouter Wijngaards
657753aac2 auth zone for downstream 
git-svn-id: file:///svn/unbound/trunk@4474 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 08:30:32 +00:00
Wouter Wijngaards
0362614f94 auth zone, make depend, fallback, create and delete, and lease_time, 
and lock fixes.


git-svn-id: file:///svn/unbound/trunk@4466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-30 10:35:20 +00:00
Wouter Wijngaards
7eddb38162 - Print fatal errors about remote control setup before log init, 
so that it is printed to console.


git-svn-id: file:///svn/unbound/trunk@4448 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-23 15:59:18 +00:00
Ralph Dolmans
b2943670ca - Copy query and correctly set flags on REFUSED answers when cache snooping is 
not allowed.


git-svn-id: file:///svn/unbound/trunk@4436 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-04 15:16:19 +00:00
Ralph Dolmans
d016f85110 - Fix #1949: [dnscrypt] make provider name mismatch more obvious. 
git-svn-id: file:///svn/unbound/trunk@4387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-25 10:13:35 +00:00
Wouter Wijngaards
6f88df1fc8 authzone work. 
git-svn-id: file:///svn/unbound/trunk@4380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-19 15:11:20 +00:00
Wouter Wijngaards
bdb6a5501a - authzone work, probe timer setup. 
git-svn-id: file:///svn/unbound/trunk@4378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-19 09:03:36 +00:00
Wouter Wijngaards
ee8f07a686 - Fix #1440: [dnscrypt] client nonce cache. 
git-svn-id: file:///svn/unbound/trunk@4351 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:55:08 +00:00
Wouter Wijngaards
c49226613b - Fix #1435: Please allow UDP to be disabled separately upstream and 
downstream.


git-svn-id: file:///svn/unbound/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:42:24 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Wouter Wijngaards
425dec3037 - Fix #1417: [dnscrypt] shared secret cache counters, and works when 
dnscrypt is not enabled.


git-svn-id: file:///svn/unbound/trunk@4326 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 08:06:17 +00:00
Wouter Wijngaards
f5a2cb3593 - zero qinfo in handle_request, this zeroes local_alias and also the 
qname member.


git-svn-id: file:///svn/unbound/trunk@4317 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 07:31:45 +00:00
Wouter Wijngaards
1624efa939 - Fix #1414: fix segfault on parse failure and log_replies. 
git-svn-id: file:///svn/unbound/trunk@4316 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-29 07:28:29 +00:00
Wouter Wijngaards
80f310e2a4 - Fix #1415: patch to free dnscrypt environment on reload. 
git-svn-id: file:///svn/unbound/trunk@4310 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-28 07:49:42 +00:00
Wouter Wijngaards
6e23e40a2f better text. 
git-svn-id: file:///svn/unbound/trunk@4299 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-10 07:26:09 +00:00
Wouter Wijngaards
61605c1dfa - Patch to show DNSCrypt status in help output, from Carsten 
Strotmann.


git-svn-id: file:///svn/unbound/trunk@4298 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-10 07:13:44 +00:00
Ralph Dolmans
3de694be05 Do not add rrset_bogus and query ratelimiting stats per thread. 
git-svn-id: file:///svn/unbound/trunk@4293 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 15:32:24 +00:00
Ralph Dolmans
7b18274d7e - Added stats for queries that have been ratelimited by domain recursion. 
git-svn-id: file:///svn/unbound/trunk@4292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 12:52:33 +00:00
Ralph Dolmans
9f49585a63 - Do not reset rrset.bogus stats when called using stats_noreset. 
git-svn-id: file:///svn/unbound/trunk@4291 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 10:50:46 +00:00
Wouter Wijngaards
4f9236ae55 - Fix #1394: mix of serve-expired and response-ip could cause a crash. 
git-svn-id: file:///svn/unbound/trunk@4289 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 07:13:12 +00:00
Wouter Wijngaards
62e88b46cc - remove warning from windows compile. 
git-svn-id: file:///svn/unbound/trunk@4280 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:30:12 +00:00
Wouter Wijngaards
abb6cfdebd - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), 
config.sub(2016-09-05).
- annotate case statement fallthrough for gcc 7.1.1.
- flex output from flex 2.6.1.
- snprintf of thread number does not warn about truncated string.


git-svn-id: file:///svn/unbound/trunk@4278 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:04:18 +00:00
Wouter Wijngaards
feb890564b please doxygen 
git-svn-id: file:///svn/unbound/trunk@4277 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-17 08:31:59 +00:00
Wouter Wijngaards
1d3e6758b2 - Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor). 
With the -p option unbound does not create a pidfile.


git-svn-id: file:///svn/unbound/trunk@4276 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-17 08:26:49 +00:00
Wouter Wijngaards
522bff52fe - Fix 1332: Bump verbosity of failed chown'ing of the control socket. 
git-svn-id: file:///svn/unbound/trunk@4262 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-05 06:59:45 +00:00
Wouter Wijngaards
d514a9c709 Fixup 
git-svn-id: file:///svn/unbound/trunk@4261 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-03 13:44:17 +00:00
Wouter Wijngaards
67f54eea66 - Fix openssl 1.1.0 load of ssl error strings from ssl init. 
git-svn-id: file:///svn/unbound/trunk@4260 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-03 13:37:37 +00:00
Wouter Wijngaards
08a3461810 - enhancement for hardened-tls for DNS over TLS. Removed duplicated 
security settings.


git-svn-id: file:///svn/unbound/trunk@4255 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-29 11:45:43 +00:00
Wouter Wijngaards
50b7b2113e - Fix that infra cache host hash does not change after reconfig. 
git-svn-id: file:///svn/unbound/trunk@4252 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-27 15:23:17 +00:00
Wouter Wijngaards
5573d7508b - unbound-control dump_infra prints port number for address if not 53. 
git-svn-id: file:///svn/unbound/trunk@4248 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-26 12:31:49 +00:00
Wouter Wijngaards
311264b960 - Fix lintian typo. 
git-svn-id: file:///svn/unbound/trunk@4239 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-20 13:34:01 +00:00
Ralph Dolmans
486edb10db - Fix #1269: inconsistent use of built-in local zones with views. 
- Add defaults for new local-zone trees added to views using unbound-control.


git-svn-id: file:///svn/unbound/trunk@4199 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-30 13:04:19 +00:00
Wouter Wijngaards
8b2397542e - Fix assertion for low buffer size and big edns payload when worker 
overrides udpsize.


git-svn-id: file:///svn/unbound/trunk@4195 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-29 07:32:45 +00:00
Wouter Wijngaards
92d625b648 - better module memory lookup, fix of unbound-control shm names for 
module memory printout of statistics.


git-svn-id: file:///svn/unbound/trunk@4161 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 14:16:59 +00:00
George Thessalonikefs
491b0a26e4 - Implemented opportunistic IPsec support module (ipsecmod). 
- Some whitespace fixup.


git-svn-id: file:///svn/unbound/trunk@4158 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 12:39:24 +00:00
Ralph Dolmans
657948dd0c - Added mesh_add_sub to add detached mesh entries. 
- Use mesh_add_sub for key tag signaling queries.


git-svn-id: file:///svn/unbound/trunk@4144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-02 13:17:56 +00:00
Wouter Wijngaards
7940e854e6 - Fix #1259: "--disable-ecdsa" argument overwritten 
by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".


git-svn-id: file:///svn/unbound/trunk@4137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-01 07:34:48 +00:00
Ralph Dolmans
89c2383c71 - Fix #1252: more indentation inconsistencies. 
git-svn-id: file:///svn/unbound/trunk@4125 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-18 09:00:52 +00:00
Wouter Wijngaards
582a7f449e lint. 
git-svn-id: file:///svn/unbound/trunk@4124 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-13 13:29:38 +00:00
Wouter Wijngaards
8d853b7eb6 more lint for stats 
git-svn-id: file:///svn/unbound/trunk@4123 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-13 13:24:26 +00:00
Wouter Wijngaards
a482b5cf12 no lint for timeval. 
git-svn-id: file:///svn/unbound/trunk@4122 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-13 13:17:51 +00:00
Wouter Wijngaards
0f8b560bd5 more lint. 
git-svn-id: file:///svn/unbound/trunk@4121 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-13 13:11:54 +00:00
Wouter Wijngaards
17dd3370fc - (for 1.6.3:) unbound.h exports the shm stats structures. They use 
type long long and no ifdefs, and ub_ before the typenames.


git-svn-id: file:///svn/unbound/trunk@4117 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-13 12:47:29 +00:00
Ralph Dolmans
8fedcffc02 - Display ECS module memory usage. 
git-svn-id: file:///svn/unbound/trunk@4106 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-11 13:10:30 +00:00
Ralph Dolmans
a2bc93547f - Generalise inplace callback (de)registration 
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event


git-svn-id: file:///svn/unbound/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-06 13:13:06 +00:00
Wouter Wijngaards
897635b32b - Fix #1217: Add metrics to unbound-control interface showing 
crypted, cert request, plaintext and malformed queries (from
  Manu Bretelle).


git-svn-id: file:///svn/unbound/trunk@4084 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-03 09:03:32 +00:00
Wouter Wijngaards
78fecfe558 - Fix #1238: segmentation fault when adding through the remote 
interface a per-view local zone to a view with no previous
  (configured) local zones.


git-svn-id: file:///svn/unbound/trunk@4077 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-22 07:19:38 +00:00
Wouter Wijngaards
451e1900a9 more fixups. 
git-svn-id: file:///svn/unbound/trunk@4067 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-20 15:16:19 +00:00
Wouter Wijngaards
7c9584e408 - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then 
enabled in the config file from Manu Bretelle.


git-svn-id: file:///svn/unbound/trunk@4065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-20 14:55:31 +00:00
Wouter Wijngaards
984c6c33bc prettier size_t and defines. 
git-svn-id: file:///svn/unbound/trunk@4062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:43:25 +00:00
Wouter Wijngaards
84be084384 Fixup array reference 
git-svn-id: file:///svn/unbound/trunk@4061 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:24:14 +00:00
Wouter Wijngaards
77b328475a one less include and make depend 
git-svn-id: file:///svn/unbound/trunk@4059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:15:04 +00:00
Wouter Wijngaards
f374268521 - trustanchor tags are sorted. reusable routine to fetch taglist. 
git-svn-id: file:///svn/unbound/trunk@4056 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:04:18 +00:00
Wouter Wijngaards
2042facc8b fixup 
git-svn-id: file:///svn/unbound/trunk@4054 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:29:59 +00:00
Wouter Wijngaards
df947d4056 fix doxygen annotation 
git-svn-id: file:///svn/unbound/trunk@4053 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:28:19 +00:00
Wouter Wijngaards
3d6783e38c remove debug print out 
git-svn-id: file:///svn/unbound/trunk@4052 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:27:08 +00:00
Wouter Wijngaards
6c456aa15e - Add trustanchor.unbound CH TXT that gets a response with a number 
of TXT RRs with a string like "example.com. 2345 1234" with
  the trust anchors and their keytags.


git-svn-id: file:///svn/unbound/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:17:58 +00:00
Wouter Wijngaards
cae9809e11 - Response actions based on IP address from Jinmei Tatuya (Infoblox). 
git-svn-id: file:///svn/unbound/trunk@4035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-07 14:58:51 +00:00
Wouter Wijngaards
689fdc1d0b - For #1227: if we have sha256, set the cipher list to have no 
known vulns.


git-svn-id: file:///svn/unbound/trunk@4030 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-28 08:23:25 +00:00
Wouter Wijngaards
791767d62f - Fix #1227: Fix that Unbound control allows weak ciphersuits. 
git-svn-id: file:///svn/unbound/trunk@4029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-27 15:24:58 +00:00
Wouter Wijngaards
3289d8482c - Fix #1227: Fix that Unbound control allows weak ciphersuits. 
git-svn-id: file:///svn/unbound/trunk@4027 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-27 14:40:30 +00:00
Wouter Wijngaards
35ae8ef313 - Patch from Luiz Fernando Softov for Stats Shared Memory. 
- unbound-control stats_shm command prints stats using shared memory,
  which uses less cpu.


git-svn-id: file:///svn/unbound/trunk@4020 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-23 12:05:05 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Wouter Wijngaards
ef80a99397 - Fix to also block meta types 128 through to 248 with formerr. 
git-svn-id: file:///svn/unbound/trunk@3985 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-12 08:12:39 +00:00
Wouter Wijngaards
e5431ca7e5 - Fix #1201: Fix missing unlock in answer_from_cache error condition. 
git-svn-id: file:///svn/unbound/trunk@3983 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-06 15:50:39 +00:00
Wouter Wijngaards
3a1ffe4c69 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: file:///svn/unbound/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
Wouter Wijngaards
9b4b0de746 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
Wouter Wijngaards
a3441215f1 and ratelimit the formerr. 
git-svn-id: file:///svn/unbound/trunk@3979 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 10:22:13 +00:00
Wouter Wijngaards
5adb2dc4cf - Fix to return formerr for queries for meta-types, to avoid 
packet amplification if this meta-type is sent on to upstream.


git-svn-id: file:///svn/unbound/trunk@3978 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 08:14:34 +00:00
Wouter Wijngaards
cd7db58ce3 - configure --enable-systemd and lets unbound use systemd sockets if 
you enable use-systemd: yes in unbound.conf.
  Also there are contrib/unbound.socket and contrib/unbound.service:
  systemd files for unbound, install them in /usr/lib/systemd/system.
  Contributed by Sami Kerola and Pavel Odintsov.



git-svn-id: file:///svn/unbound/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-03 13:43:29 +00:00
Ralph Dolmans
f761bc3cdd - Fix remote control without certificate for LibreSSL 
git-svn-id: file:///svn/unbound/trunk@3956 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-07 14:13:01 +00:00
George Thessalonikefs
3ac8cf0380 please lint again. 
git-svn-id: file:///svn/unbound/trunk@3951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 14:41:14 +00:00
George Thessalonikefs
9323fa7688 please lint again. 
git-svn-id: file:///svn/unbound/trunk@3950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 14:33:08 +00:00
George Thessalonikefs
7b948b0647 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
Ralph Dolmans
61b23e3811 - Added local-zones and local-data bulk addition and removal functionality in 
unbound-control (local_zones, local_zones_remove, local_datas and
  local_datas_remove).                                   
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3941 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-30 11:22:29 +00:00
Wouter Wijngaards
c604b9c6a9 Fixup for windows compile. 
git-svn-id: file:///svn/unbound/trunk@3940 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-29 15:49:37 +00:00
Wouter Wijngaards
92bff79d3d - Fix that with openssl 1.1 control-use-cert: no uses less cpu, by 
using no encryption over the unix socket.


git-svn-id: file:///svn/unbound/trunk@3936 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-25 16:14:14 +00:00
Wouter Wijngaards
a6e3ed1025 - patch from Dag-Erling Smorgrav that removes code that relies 
on sbrk().


git-svn-id: file:///svn/unbound/trunk@3934 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-22 15:50:07 +00:00
Ralph Dolmans
11031a7d36 pass ssl_upstream as int to (lib)worker_send_query 
git-svn-id: file:///svn/unbound/trunk@3924 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 14:02:22 +00:00
Ralph Dolmans
efe248c46a - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: file:///svn/unbound/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
Wouter Wijngaards
fa81710d16 - configure detects ssl security level API function in the autoconf 
manner.  Every function on its own, so that other libraries (eg.
  LibreSSL) can develop their API without hindrance.


git-svn-id: file:///svn/unbound/trunk@3921 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 08:05:42 +00:00