upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-22 07:41:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6058 commits 23 branches 209 tags 123 MiB
Commit graph

3886 commits

Author SHA1 Message Date
Ralph Dolmans
5dc6798e75 Merge branch 'master' of github.com:NLnetLabs/unbound 2020-01-30 14:58:25 +01:00
Ralph Dolmans
4f5b934688 - Fix small memory leak in error condition remote.c 
- Fix double free in error condition view.c
 2020-01-30 14:56:48 +01:00
W.C.A. Wijngaards
a5f133ef2f - updated .gitignore for added contrib file. 2020-01-30 14:20:08 +01:00
W.C.A. Wijngaards
de5c0d4228 Changelog note for PR#151. 
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
  and Frzk.  Updates the unbound.service systemd file and adds
  a portable systemd service file.
 2020-01-30 14:11:41 +01:00
W.C.A. Wijngaards
20a2574da1 - Update contrib/fastrpz.patch for clean diff with current code. 2020-01-30 13:05:35 +01:00
W.C.A. Wijngaards
bf13191b87 - Fix subnet tests for disabled DSA algorithm by default. 2020-01-30 09:08:19 +01:00
Ralph Dolmans
4326b10169 - Add PR#156 merge to changelog (Added unbound-control view_local_datas_remove 
command)
 2020-01-29 15:46:05 +01:00
W.C.A. Wijngaards
079de39b46 - Fix #157: undefined reference to `htobe64'. 2020-01-29 11:56:29 +01:00
W.C.A. Wijngaards
6c0a863584 - Fix to silence the tls handshake errors for broken pipe and reset 
by peer, unless verbosity is set to 2 or higher.
 2020-01-28 14:32:06 +01:00
Ralph Dolmans
a930b94658 - Add PR#147 merge to changelog 2020-01-28 13:41:26 +01:00
W.C.A. Wijngaards
f6287fc718 - iana portlist updated. 2020-01-28 12:25:37 +01:00
Ralph Dolmans
0feee99055 - Add changelog entry for PR#148. 2020-01-27 16:06:06 +01:00
Ralph Dolmans
41621fb1df - Add changelog entry for RP#154 
- autoconf after PR#154
 2020-01-27 15:50:12 +01:00
W.C.A. Wijngaards
68ff1730ac - Fix #153: Disable validation for DSA algorithms. RFC 8624 
compliance.
 2020-01-27 09:40:18 +01:00
W.C.A. Wijngaards
82a6a2f8cc Changelog note for PR#155. 
- Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes
  to Libs/Requires for crypto library dependencies.
 2020-01-27 09:31:07 +01:00
W.C.A. Wijngaards
61456ff81d Changelog and contrib/README note for PR#150. 
- Merge PR#150 from Frzk: Systemd unit without chroot.  It add
  contrib/unbound_nochroot.service.in, a systemd file for use with
  chroot: "", see comments in the file, it uses systemd protections
  instead.
 2020-01-23 16:16:52 +01:00
W.C.A. Wijngaards
1e0c957dcd - Fix auth zone support for NSEC3 records without salt. 2020-01-14 16:03:29 +01:00
W.C.A. Wijngaards
ea26e5038e - Fix for memory leak when edns subnet config options are read when 
compiled without edns subnet support.
 2020-01-14 15:48:27 +01:00
W.C.A. Wijngaards
2c4be0c201 - Fix crash after reload where a stats lookup could reference old key 
cache and neg cache structures.
 2020-01-14 15:18:52 +01:00
W.C.A. Wijngaards
9b3f3101e3 - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, 
because dnscrypt-proxy (2.0.36) does not support the test setup
  any more, and also the config file format does not seem to have
  the appropriate keys to recreate that setup.
 2020-01-14 14:40:44 +01:00
W.C.A. Wijngaards
e149bc7046 - Fix unreachable code in ssl set options code. 2020-01-10 11:28:01 +01:00
W.C.A. Wijngaards
a8db52120b - Fix the relationship between serve-expired and prefetch options, 
patch from Saksham Manchanda from Secure64.
 2020-01-10 10:04:50 +01:00
Ralph Dolmans
92a525225b - Add changelog entry for fix #138 (stop binding pidfile inside chroot dir in 
systemd service file).
 2020-01-08 16:36:18 +01:00
W.C.A. Wijngaards
c4e199ecca - And update for more spare space. 2020-01-08 12:58:07 +01:00
W.C.A. Wijngaards
5ae1544583 - Updated sldns_bget_token_par fix for also space for the zero 
delimiter after the character.
 2020-01-08 11:55:42 +01:00
W.C.A. Wijngaards
05a5dc2d0d - Fix out-of-bounds null-byte write in sldns_bget_token_par while 
parsing type WKS, reported by Luis Merino from X41 D-Sec.
 2020-01-08 11:08:16 +01:00
W.C.A. Wijngaards
19473d95eb - Fix 'make test' to work for --disable-sha1 configure option. 2020-01-08 09:23:46 +01:00
George Thessalonikefs
8686b0abbf - Changes to compat/getentropy_solaris.c for, 
ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
 2020-01-07 15:19:15 +02:00
George Thessalonikefs
d68ece28c4 - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. 
The dl_iterate_phdr() function introduced in newer versions raises
  compilation errors on solaris 10.
 2020-01-07 15:06:14 +02:00
W.C.A. Wijngaards
453c84b237 - Fix #140: Document slave not downloading new zonefile upon update. 2020-01-06 16:36:44 +01:00
W.C.A. Wijngaards
20a3d3be5f (Changelog note for #135). 
- Merge #135 from Florian Obser: Use passed in neg and key cache
  if non-NULL.
 2020-01-06 16:18:46 +01:00
George Thessalonikefs
1d45b4a1e0 - Update mailing list URL. 2019-12-16 16:03:31 +01:00
Ralph Dolmans
90b42b56b6 - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by 
Florian Obser
 2019-12-12 13:05:09 +01:00
Ralph Dolmans
f1d5d5d682 Make master 1.9.7 in development. 2019-12-12 12:48:29 +01:00
W.C.A. Wijngaards
41d3e2027c - Fix to make auth zone IXFR to fallback to AXFR if a single 
response RR is received over TCP with the SOA in it.
 2019-12-10 13:09:50 +01:00
W.C.A. Wijngaards
e828d678ba - Fix Makefile.in for ipset module compile, from Adi Prasaja. 2019-12-06 11:31:34 +01:00
W.C.A. Wijngaards
f3c2d05728 - Fix ipsecmod compile. 2019-12-06 07:59:55 +01:00
W.C.A. Wijngaards
4b73b5f299 - tag for 1.9.6rc1. 2019-12-05 11:21:46 +01:00
W.C.A. Wijngaards
ff7d68ca53 - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 
replacements for unbound-fuzzme.c that gets created after applying
  the contrib/unbound-fuzzme.patch.  They are contributed by
  Eric Sesterhenn from X41 D-Sec.
 2019-12-05 09:10:49 +01:00
W.C.A. Wijngaards
3fb98a72d2 - Fix Make Test Fails when Configured With --enable-alloc-nonregional, 
reported by X41 D-Sec.
 2019-12-04 16:23:52 +01:00
W.C.A. Wijngaards
6e8b4a7796 - update contrib/fastrpz.patch to apply more cleanly. 2019-12-04 11:41:13 +01:00
W.C.A. Wijngaards
6f7eb3ea9f - Fix testbound for alloccheck runs, memory purify and lock checks. 2019-12-04 11:37:24 +01:00
W.C.A. Wijngaards
216747bb17 - Fix lock type for memory purify log lock deletion. 2019-12-04 09:44:31 +01:00
W.C.A. Wijngaards
8f79119826 - make depend 2019-12-03 17:28:51 +01:00
W.C.A. Wijngaards
4106308bd5 - Fix Hardcoded Constant, reported by X41 D-Sec. 2019-12-03 17:23:38 +01:00
W.C.A. Wijngaards
c4c1f9e5ef - Fix _vfixed not Used, removed from sbuffer code, 
reported by X41 D-Sec.
 2019-12-03 17:07:35 +01:00
W.C.A. Wijngaards
b6f0b1af86 - Fix compile error in dnscrypt. 2019-12-03 16:44:24 +01:00
W.C.A. Wijngaards
68027ab145 - Fix Client NONCE Generation used for Server NONCE, 
reported by X41 D-Sec.
 2019-12-03 16:42:14 +01:00
W.C.A. Wijngaards
4a7ebfabcf - Fix Bad Indentation, in dnscrypt.c, 
reported by X41 D-Sec.
 2019-12-03 16:34:53 +01:00
W.C.A. Wijngaards
9ce6119513 - Fix snprintf() supports the n-specifier, 
reported by X41 D-Sec.
 2019-12-03 16:29:18 +01:00
W.C.A. Wijngaards
534eac6ae5 Note what it did, lower to 256 max count. 2019-12-03 16:21:04 +01:00
W.C.A. Wijngaards
d3ff930b06 - Fix Hang in sldns_wire2str_pkt_scan(), 
reported by X41 D-Sec.
 2019-12-03 16:20:24 +01:00
W.C.A. Wijngaards
6c3a0b54ed - Fix Out of Bound Write Compressed Names in rdata_copy(), 
reported by X41 D-Sec.
 2019-12-03 16:18:47 +01:00
W.C.A. Wijngaards
2d444a5037 - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), 
reported by X41 D-Sec.
 2019-12-03 16:17:03 +01:00
W.C.A. Wijngaards
c99438c6a1 - Fix Out of Bounds Write in sldns_b64_pton(), 
fixed by check in sldns_str2wire_int16_data_buf(),
  reported by X41 D-Sec.
 2019-12-03 16:10:34 +01:00
W.C.A. Wijngaards
3f3cadd416 - Fix Out of Bounds Write in sldns_str2wire_str_buf(), 
reported by X41 D-Sec.
 2019-12-03 16:01:31 +01:00
W.C.A. Wijngaards
e183a66d60 - Fix OOB Read in sldns_wire2str_dname_scan(), 
reported by X41 D-Sec.
 2019-12-03 15:42:34 +01:00
W.C.A. Wijngaards
d2eb78e871 - Fix Assert Causing DoS in dname_pkt_copy(), 
reported by X41 D-Sec.
 2019-12-03 15:20:48 +01:00
W.C.A. Wijngaards
5a66aecef9 - Fix similar code in auth_zone synth cname to add the extra checks. 2019-12-03 15:11:22 +01:00
W.C.A. Wijngaards
f5e06689d1 - Fix Assert Causing DoS in synth_cname(), 
reported by X41 D-Sec.
 2019-12-03 15:10:36 +01:00
W.C.A. Wijngaards
5a00b31f86 - Fix text around serial arithmatic used for RRSIG times to refer 
to correct RFC number.
 2019-12-03 12:58:09 +01:00
W.C.A. Wijngaards
cdbf091c0d Changelog entry for merge of #124. 
- Merge pull request #124 from rmetrich: Changed log lock
  from 'quick' to 'basic' because this is an I/O lock.
 2019-12-03 10:03:44 +01:00
W.C.A. Wijngaards
aa64c58368 Changelog entry for #122. 
- Merge pull request #122 from he32: In tcp_callback_writer(),
  don't disable time-out when changing to read.
 2019-12-02 13:59:43 +01:00
W.C.A. Wijngaards
f82f971997 - Add make distclean that removes everything configure produced, 
and make maintainer-clean that removes bison and flex output.
 2019-11-22 15:10:02 +01:00
George Thessalonikefs
30b0fa1e8e Fix compiler warnings. 2019-11-22 14:30:56 +01:00
W.C.A. Wijngaards
1718a8e6b5 - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. 2019-11-22 14:23:00 +01:00
W.C.A. Wijngaards
ebad5416d7 - Fix comments for doxygen in dns64. 2019-11-20 15:22:20 +01:00
W.C.A. Wijngaards
8833d44d01 - Fix python examples/calc.py for eval, reported by X41 D-Sec. 2019-11-20 15:07:09 +01:00
W.C.A. Wijngaards
da4d6ffee3 - Fix Bad Randomness in Seed, reported by X41 D-Sec. 2019-11-20 14:40:50 +01:00
W.C.A. Wijngaards
981fedea0e - Fix NULL Pointer Dereference via Control Port, 
reported by X41 D-Sec.
 2019-11-20 14:37:13 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
3907876eac - Fix Unrequired Checks, reported by X41 D-Sec. 2019-11-20 14:05:54 +01:00
W.C.A. Wijngaards
fcd9b34bb5 - Fix Useless memset() in validator, reported by X41 D-Sec. 2019-11-20 14:02:58 +01:00
W.C.A. Wijngaards
d63ec2dfcb - Fix Terminating Quotes not Written, reported by X41 D-Sec. 2019-11-20 14:01:01 +01:00
W.C.A. Wijngaards
6139943428 - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. 2019-11-20 13:51:10 +01:00
W.C.A. Wijngaards
a76e43341f - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. 2019-11-20 13:30:27 +01:00
W.C.A. Wijngaards
d63536289c - Changes to compat/getentropy files for, 
no link to openssl if using nettle, and hence config.h for
  HAVE_NETTLE variable.
  compat definition of MAP_ANON, for older systems.
  ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
 2019-11-20 13:28:49 +01:00
W.C.A. Wijngaards
d085a0039b - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. 2019-11-20 13:12:36 +01:00
W.C.A. Wijngaards
3ebc480690 - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. 2019-11-20 13:11:05 +01:00
W.C.A. Wijngaards
20dd979d00 - Synchronize compat/getentropy_win.c with version 1.5 from 
OpenBSD, no changes but makes the file, comments, identical.
 2019-11-20 13:08:43 +01:00
W.C.A. Wijngaards
623dba975a - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. 2019-11-20 13:05:10 +01:00
W.C.A. Wijngaards
09707fc403 - Fix Integer Underflow in Regional Allocator, 
reported by X41 D-Sec.
 2019-11-20 13:00:56 +01:00
W.C.A. Wijngaards
2dcc7016ac - Fix Local Memory Leak in cachedb_init(), 
reported by X41 D-Sec.
 2019-11-20 12:56:39 +01:00
W.C.A. Wijngaards
f887552763 - Fix Config Injection in create_unbound_ad_servers.sh, 
reported by X41 D-Sec.
 2019-11-20 12:02:19 +01:00
W.C.A. Wijngaards
72d348de6a - Fix Out-of-Bounds Read in dname_valid(), 
reported by X41 D-Sec.
 2019-11-20 11:38:11 +01:00
W.C.A. Wijngaards
7646c96259 - Fix Randomness Error not Handled Properly, 
reported by X41 D-Sec.
 2019-11-20 11:35:07 +01:00
W.C.A. Wijngaards
d8809c672a - Fix Weak Entropy Used For Nettle, 
reported by X41 D-Sec.
 2019-11-20 11:28:53 +01:00
W.C.A. Wijngaards
7e3da817c3 - Adjust unbound-control to make stats_shm a read only operation. 2019-11-20 11:18:03 +01:00
W.C.A. Wijngaards
c54fe82886 - Fix Shared Memory World Writeable, 
reported by X41 D-Sec.
 2019-11-20 11:13:45 +01:00
W.C.A. Wijngaards
1fa40654d2 - Fix Race Condition in autr_tp_create(), 
reported by X41 D-Sec.
 2019-11-20 11:01:56 +01:00
W.C.A. Wijngaards
d79d75538b - Fix Out of Bounds Read in rrinternal_get_owner(), 
reported by X41 D-Sec.
 2019-11-20 08:28:12 +01:00
W.C.A. Wijngaards
fa23ee8f31 - Fix Out of Bounds Write in sldns_bget_token_par(), 
reported by X41 D-Sec.
 2019-11-19 16:54:44 +01:00
W.C.A. Wijngaards
51c23b0209 - Fix Out of Bounds Read in sldns_str2wire_dname(), 
reported by X41 D-Sec.
 2019-11-19 16:46:33 +01:00
W.C.A. Wijngaards
a3545867fc - Fix Integer Overflow to Buffer Overflow in 
sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
 2019-11-19 16:42:17 +01:00
W.C.A. Wijngaards
02080f6b18 - Fix Integer Overflows in Size Calculations, 
reported by X41 D-Sec.
 2019-11-19 16:32:40 +01:00
W.C.A. Wijngaards
07156bd5ea - Fix Out-of-bounds Read in rr_comment_dnskey(), 
reported by X41 D-Sec.
 2019-11-19 16:17:06 +01:00
W.C.A. Wijngaards
2a4e840be4 - Fix Unchecked NULL Pointer in dns64_inform_super() 
and ipsecmod_new(), reported by X41 D-Sec.
 2019-11-19 15:48:18 +01:00
W.C.A. Wijngaards
226298bbd3 - Fix Integer Overflow in Regional Allocator, 
reported by X41 D-Sec.
 2019-11-19 15:38:05 +01:00
W.C.A. Wijngaards
79a6e9fbe2 - Fixes to please lint checks. 2019-11-19 12:10:03 +01:00
W.C.A. Wijngaards
16bbfc3461 - Fix authzone printout buffer length check. 2019-11-19 10:09:44 +01:00
W.C.A. Wijngaards
d8090b8cae - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. 2019-11-19 10:06:12 +01:00
W.C.A. Wijngaards
09845779d5 - Fix CVE-2019-18934, shell execution in ipsecmod. 2019-11-19 10:05:18 +01:00
W.C.A. Wijngaards
cb8374cce5 - gitignore .source tempfile used for compatible make. 2019-11-18 15:58:19 +01:00
W.C.A. Wijngaards
442e95620e - Portable grep usage for reuseport configure test. 
- Check return type of HMAC_Init_ex for openssl 0.9.8.
 2019-11-18 15:53:47 +01:00
W.C.A. Wijngaards
af6f5a3f54 - Provide a prototype for compat malloc to remove compile warning. 2019-11-18 13:52:17 +01:00
W.C.A. Wijngaards
253d95a8ef - update to bison output of 3.4.1 in code repository. 2019-11-18 10:50:54 +01:00
W.C.A. Wijngaards
57f2582790 - In unbound-host use separate variable for get_option to please 
code checkers.
 2019-11-18 10:45:47 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
W.C.A. Wijngaards
d4c904d091 - contrib/fastrpz.patch updated to apply for current code. 2019-11-13 11:40:56 +01:00
W.C.A. Wijngaards
5ac9bf3f9b - iana portlist updated. 2019-11-13 11:37:06 +01:00
W.C.A. Wijngaards
f759fc5839 Changelog note and configure autoconf generated. 
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
 2019-11-11 14:46:24 +01:00
W.C.A. Wijngaards
29b90c6e58 - Fix #109: check number of arguments for stdin-pipes in 
unbound-control and fail if too many arguments.
 2019-11-11 12:02:51 +01:00
W.C.A. Wijngaards
7dfbcdf276 - Fix #99: Memory leak in ub_ctx (event_base will never be freed). 2019-10-24 09:58:45 +02:00
George Thessalonikefs
941b324187 Add new configure option --enable-fully-static to enable full static build if 
requested; in relation to #91.
 2019-10-23 16:10:07 +02:00
W.C.A. Wijngaards
21472c2393 Changelog note for #97. 
- Merge #97: manpage: Add missing word on unbound.conf,
  from Erethon.
 2019-10-23 07:56:17 +02:00
W.C.A. Wijngaards
e6a179e27a - drop-tld.diff: adds option drop-tld: yesno that drops 2 label 
queries, to stop random floods.  Apply with
  patch -p1 < contrib/drop-tld.diff and compile.
  From Saksham Manchanda (Secure64).  Please note that we think this
  will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
  lookups for downstream clients.
 2019-10-22 10:32:37 +02:00
W.C.A. Wijngaards
eb2283332b - Add doxygen comments to unbound-anchor source address code, in #86. 2019-10-07 09:50:04 +02:00
W.C.A. Wijngaards
b2c3b4758b For #86, note credit for Lukas Wunner. 2019-10-03 16:29:45 +02:00
W.C.A. Wijngaards
8bfbd81fec Changelog entry for #86 and whitespace fix. 
- Merge #86 from psquarejho: Added -b source address option to
  smallapp/unbound-anchor.c.
 2019-10-03 16:22:42 +02:00
W.C.A. Wijngaards
facc6c6541 - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866. 
- Continue with development of 1.9.5.
 2019-10-03 11:40:13 +02:00
W.C.A. Wijngaards
82dffb1023 Changelog entry for Merge #90. 
- Merge #90 from vcunat: fix build with nettle-3.5.
 2019-10-03 08:59:16 +02:00
W.C.A. Wijngaards
7963c9f463 Changelog note for #87. 
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
  Drop CAP_KILL, use + prefix for ExecReload= instead.
 2019-09-26 13:17:46 +02:00
W.C.A. Wijngaards
55bb4c1275 - The unbound.conf includes are sorted ascending, for include 
statements with a '*' from glob.
 2019-09-25 16:50:30 +02:00
W.C.A. Wijngaards
06a91b0eaa Changelog entry for fix #84 and #85. 
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
  service file to fix that systemctl reload fails.
 2019-09-23 09:20:12 +02:00
W.C.A. Wijngaards
f635b47ade Changelog entry for #83 
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
  into the background.
 2019-09-20 12:59:41 +02:00
W.C.A. Wijngaards
1b62399a6e Changelog entry for #81. 
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
  of /dev/random in scripts and docs.
 2019-09-20 07:44:43 +02:00
W.C.A. Wijngaards
aefd2df51f (Changelog entry for #82). 
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
  in unbound.service.
 2019-09-20 07:38:34 +02:00
W.C.A. Wijngaards
1dcc88b6e8 - Merge #80 from stasic: Improve wording in man page. 
(Changelog entry for merge)
 2019-09-19 16:56:14 +02:00
W.C.A. Wijngaards
9f0b260c49 - Fix wrong response ttl for prepended short CNAME ttls, this would 
create a wrong zero_ttl response count with serve-expired enabled.
 2019-09-19 16:29:51 +02:00
W.C.A. Wijngaards
ab53baa6f5 - Fix for oss-fuzz build warning. 2019-09-19 10:09:49 +02:00
W.C.A. Wijngaards
554e4a939c - Fix fix for #78 to also free service callback struct. 2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
45b3215594 - oss-fuzz badge on README.md. 2019-09-19 09:55:23 +02:00
W.C.A. Wijngaards
3cb1cdeebd - Merge pull request #76 from Maryse47: Improvements and fixes for 
systemd unbound.service.
(Changelog note for merge of #76).
 2019-09-19 09:53:21 +02:00
W.C.A. Wijngaards
1a4eaaabc5 - Fix #78: Memory leak in outside_network.c. 2019-09-19 09:11:23 +02:00
W.C.A. Wijngaards
13d96540de - Use explicit bzero for wiping clear buffer of hash in cachedb, 
reported by Eric Sesterhenn from X41 D-Sec.
 2019-09-11 15:31:03 +02:00
W.C.A. Wijngaards
e45e9f1ce0 - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default 
LOG_DAEMON (as before) can set the syslog facility that the server
  uses to log messages.
 2019-09-09 14:27:55 +02:00
W.C.A. Wijngaards
05b9f4fd28 - Fix #71: fix openssl error squelch commit compilation error. 2019-09-04 08:44:19 +02:00
W.C.A. Wijngaards
1089fd6dc1 - squelch DNS over TLS errors 'ssl handshake failed crypto error' 
on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
 2019-09-03 09:47:27 +02:00
W.C.A. Wijngaards
366296ec14 - updated Makefile dependencies. 2019-09-02 15:56:24 +02:00
W.C.A. Wijngaards
7f9aa6734a - ipset: refactor long routine into three smaller ones. 2019-09-02 15:17:25 +02:00
W.C.A. Wijngaards
9902a5f81d - ipset module #28: log that an address is added, when verbosity high. 2019-09-02 13:50:42 +02:00
W.C.A. Wijngaards
cd0a2b1af1 - Master is 1.9.4 in development. 2019-08-27 09:56:20 +02:00
W.C.A. Wijngaards
a374dfb669 - Fix contrib/fastrpz.patch asprintf return value checks. 2019-08-23 08:41:46 +02:00
W.C.A. Wijngaards
79fa94834e - 1.9.3rc2 release candidate tag. 2019-08-22 14:50:49 +02:00
W.C.A. Wijngaards
06847ff3be - Fix that pkg-config is setup before --enable-systemd needs it. 2019-08-22 12:22:25 +02:00
W.C.A. Wijngaards
80c2c69fa7 - Fix log_dns_msg to log irrespective of minimal responses config. 2019-08-21 17:41:29 +02:00
Ralph Dolmans
8b752e359e - Document limitation of pidfile removal outside of chroot directory. 2019-08-19 13:27:19 +02:00
W.C.A. Wijngaards
d3b3d64ef3 - Remove warning about unknown cast-function-type warning pragma. 2019-08-16 12:52:58 +02:00
W.C.A. Wijngaards
c602ba7319 - Fixup contrib/fastrpz.patch 2019-08-16 12:37:13 +02:00
W.C.A. Wijngaards
bdb6c153e4 - Please doxygen's parser for "@" occurrence in doxygen comment. 2019-08-16 12:21:40 +02:00
W.C.A. Wijngaards
d8a8730cac - Fix unittest valgrind false positive uninitialised value report, 
where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
  issues an uninitialised value for the token buffer at the str2wire.c
  rrinternal_get_owner() strcmp with the '@' value.  Rewritten to use
  straight character comparisons removes the false positive.  Also
  valgrinds --expensive-definedness-checks=yes can stop this false
  positive.
 2019-08-16 12:18:23 +02:00
W.C.A. Wijngaards
0532cdd357 - (for later release): -V prints if TCP fastopen is available. 2019-08-15 17:04:38 +02:00
W.C.A. Wijngaards
e84b913585 - 1.9.3rc1 release candidate tag. 2019-08-15 15:49:15 +02:00
W.C.A. Wijngaards
a5027f5f56 - Fix character buffer size in ub_ctx_hosts. 2019-08-15 15:11:04 +02:00
W.C.A. Wijngaards
06a58ca248 - escape commandline contents for -V. 2019-08-15 15:05:02 +02:00
W.C.A. Wijngaards
4700d79024 - avoid warning about upcast on 32bit systems for autotrust. 2019-08-15 14:25:46 +02:00
W.C.A. Wijngaards
9d9884c442 - Fix autotrust temp file uniqueness windows compile. 2019-08-15 14:02:14 +02:00
W.C.A. Wijngaards
c1c75929fa - iana portlist updated. 2019-08-15 13:07:26 +02:00
W.C.A. Wijngaards
8cb3656b3e - Fix warning for unused variable for compilation without systemd. 2019-08-14 16:08:19 +02:00
George Thessalonikefs
a90f173875 - Fix #59, when compiled with systemd support check that we can properly 
communicate with systemd through the `NOTIFY_SOCKET`.
 2019-08-14 15:51:28 +02:00
gthess
fd415d8833
Merge branch 'master' into show-build-options 2019-08-14 11:45:41 +02:00
W.C.A. Wijngaards
b5a52f8c86 - Generate configlexer with newer flex. 2019-08-14 11:40:35 +02:00
George Thessalonikefs
008813f0a2 - Introduce -V option to print the version number and build options. 
Previously reported build options like linked libs and linked modules
  are now moved from `-h` to `-V` as well for consistency.
- PACKAGE_BUGREPORT now also includes link to GitHub issues.
 2019-08-12 17:52:43 +02:00
W.C.A. Wijngaards
fa506e3cda - Check repinfo in worker_handle_request, if null, drop it. 2019-08-01 16:57:36 +02:00
W.C.A. Wijngaards
df0c844eed - Fix to timeval_add for remaining second in microseconds. 2019-08-01 16:48:41 +02:00
W.C.A. Wijngaards
199e6c586b - Fix to return after failed auth zone http chunk write. 
- Fix to remove unused test for task_probe existance.
 2019-08-01 16:40:52 +02:00
W.C.A. Wijngaards
21f740d313 - Fix #52 #53, fix for example fail program. 2019-08-01 09:34:44 +02:00
W.C.A. Wijngaards
e860d39f54 - For #52 #53, second context does not close logfile override. 2019-08-01 09:15:33 +02:00
W.C.A. Wijngaards
27811ffaa9 - Add hex print of trust anchor pointer to trust anchor file temp 
name to make it unique, for libunbound created multiple contexts.
 2019-07-29 16:51:40 +02:00
W.C.A. Wijngaards
7d5ab2f4de - Add verbose log message when auth zone file is written, at level 4. 2019-07-29 09:25:49 +02:00
W.C.A. Wijngaards
5f5c00203e - Fix question section mismatch in local zone redirect. 2019-07-23 14:01:59 +02:00
W.C.A. Wijngaards
c94e13220b - Fix #49: Set no renegotiation on the SSL context to stop client 
session renegotiation.
 2019-07-19 08:18:06 +02:00
W.C.A. Wijngaards
368386c011 - Fix #48: Unbound returns additional records on NODATA response, 
if minimal-responses is enabled, also the additional for negative
  responses is removed.
 2019-07-12 14:34:35 +02:00
Ralph Dolmans
d5ebc63add - Fix in respip addrtree selection. Absence of addr_tree_init_parents() call 
made it impossible to go up the tree when the matching netmask is too
   specific.
 2019-07-09 14:58:36 +02:00
Ralph Dolmans
d323e1bda8 - Fix for possible assertion failure when answering respip CNAME from cache. 2019-07-05 16:52:03 +02:00
W.C.A. Wijngaards
da46ea24d5 - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf 
when do-not-query-localhost is turned on, or at default on,
  unbound-checkconf prints a warning if it is found in forward-addr or
  stub-addr statements.
 2019-06-25 14:50:49 +02:00
W.C.A. Wijngaards
1aa1facabc - Fix memleak in unit test, reported from the clang 8.0 static analyzer. 2019-06-24 10:53:27 +02:00
W.C.A. Wijngaards
78b2f1cc20 - Fix python dict reference and double free in config. 2019-06-18 17:25:08 +02:00
W.C.A. Wijngaards
164f302011 - Merge PR #6: Python module: support multiple instances 
- Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
- Merge PR #4: Python module: assign something useful to the
  per-query data store 'qdata'
Noted in Changelog.
 2019-06-18 17:11:31 +02:00
W.C.A. Wijngaards
0f3eac4a0e - Added documentation to the ipset files (for doxygen output). 2019-06-18 16:25:11 +02:00
W.C.A. Wijngaards
72738471f1 - make depend 2019-06-18 15:59:10 +02:00
W.C.A. Wijngaards
c1e75c0369 - Fix to make unbound-control with ipset, remove unused variable, 
use unsigned type because of comparison, and assign null instead
  of compare with it.  Remade lex and yacc output.
 2019-06-18 15:57:28 +02:00
W.C.A. Wijngaards
b16c872a60 - PR #28: IPSet module, by Kevin Chou. Created a module to support 
the ipset that could add the domain's ip to a list easily.
  Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
- Fix to omit RRSIGs from addition to the ipset.
 2019-06-18 15:38:37 +02:00
W.C.A. Wijngaards
bf2307ca97 - Fix for #24: Fix abort due to scan of auth zone masters using old 
address from previous scan.
 2019-06-17 14:15:36 +02:00
W.C.A. Wijngaards
1ec96d8f07 - Fix #39: In libunbound, leftover logfile is close()d unpredictably. 2019-06-17 12:13:12 +02:00
W.C.A. Wijngaards
3499d3c647 - Master contains version 1.9.3 in development. 2019-06-17 11:42:19 +02:00
W.C.A. Wijngaards
ee06aaaad9 - 1.9.2rc3 release candidate tag. 2019-06-14 08:38:37 +02:00
W.C.A. Wijngaards
af6c5dea43 - Fix another spoolbuf storage code point, in prefetch. 2019-06-12 08:32:45 +02:00
W.C.A. Wijngaards
b57771d42b - 1.9.2rc1 release candidate tag. 2019-06-11 12:46:44 +02:00
W.C.A. Wijngaards
6067ce6d2b - Fix that fixes the Fix that spoolbuf is not used to store tcp 
pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
 2019-06-11 12:15:43 +02:00
W.C.A. Wijngaards
081fd4fdae - 1.9.2rc1 release candidate tag. 2019-06-06 09:32:53 +02:00
W.C.A. Wijngaards
09a0e6ee30 - iana portlist updated. 2019-06-04 12:21:21 +02:00
W.C.A. Wijngaards
a4f4d7b6ba - Fix to guard _OPENBSD_SOURCE from redefinition. 2019-05-29 13:28:03 +02:00
W.C.A. Wijngaards
e2a2dcdfd5 - gitignore config.h.in~. 2019-05-28 11:12:41 +02:00
W.C.A. Wijngaards
14b11384a4 - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. 2019-05-28 11:12:05 +02:00
W.C.A. Wijngaards
a03f0a388e - Fix double file close in tcp pipelined response code. 2019-05-27 11:23:41 +02:00
Wouter Wijngaards
0b77c9d676 - Fix that spoolbuf is not used to store tcp pipelined response 
between mesh send and callback end.
 2019-05-24 09:35:38 +02:00
W.C.A. Wijngaards
1c3ba0cef7 - Note that so-reuseport at extreme load is better turned off, 
otherwise queries are not distributed evenly, on Linux 4.4.x.
 2019-05-20 11:57:09 +02:00
W.C.A. Wijngaards
310396190b - Fix #31: swig 4.0 and python module. 2019-05-16 11:06:01 +02:00
W.C.A. Wijngaards
a08fe8ca60 - Attempt to fix malformed tcp response. 2019-05-13 15:39:59 +02:00
W.C.A. Wijngaards
a95f5fd5cb - Squelch log messages from tcp send about connection reset by peer. 
They can be enabled with verbosity at higher values for diagnosing
  network connectivity issues.
 2019-05-13 10:39:39 +02:00
W.C.A. Wijngaards
a922a19d70 - Revert fix for oss-fuzz, error is in that build script that 
unconditionally includes .o files detected by configure, also
  when the machine architecture uses different LIBOBJS files.
 2019-05-09 17:07:01 +02:00
W.C.A. Wijngaards
a8d0177b36 - Attempt to fix build failure in oss-fuzz 
because of reallocarray.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14648.
Does not omit compile flags from commandline.
 2019-05-08 14:43:56 +02:00
W.C.A. Wijngaards
779b86fb22 - Fix doxygen output error on readme markdown vignettes. 2019-05-07 16:11:15 +02:00
W.C.A. Wijngaards
e3453711e5 - Fix edns-subnet locks, in error cases the lock was not unlocked. 2019-05-07 16:10:22 +02:00
W.C.A. Wijngaards
f1c23891ab - Fix #30: AddressSanitizer finding in lookup3.c. 
This sets the hash function to use a slower but better auditable code
that does not read beyond array boundaries.  This makes code better
security checkable, and is better for security.  It is fixed to be
slower, but not read outside of the array.
 2019-05-06 09:44:01 +02:00
W.C.A. Wijngaards
9b7843f879 - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64. 2019-05-06 09:26:23 +02:00
W.C.A. Wijngaards
bd5eeff364 - And gitignore unit test generated files, and generated doc files. 2019-05-02 16:14:03 +02:00
W.C.A. Wijngaards
2fea5663bd - Fix .gitignore, add pythonmod and dnstap generated files. 2019-05-02 16:01:56 +02:00
W.C.A. Wijngaards
f46c238552 - contrib/fastrpz.patch updated for code changes, and with git diff. 2019-05-02 11:17:41 +02:00
W.C.A. Wijngaards
ee0087d5c7 - PR #16: XoT support, AXFR over TLS 
Turn it on with master: <ip>#<authname> in unbound.conf.  This uses TLS to
download the AXFR (or IXFR).
 2019-05-01 16:41:09 +02:00
W.C.A. Wijngaards
5c5ddbe859 - Nicer travis output for clang analysis. 2019-05-01 13:34:45 +02:00
W.C.A. Wijngaards
c6db87d81d - Update makedist for git. 2019-05-01 12:27:19 +02:00
Wouter Wijngaards
2a78803049 - Fix wrong query name in local zone redirect answers with a CNAME, 
the copy of the local alias is in unpacked form.


git-svn-id: file:///svn/unbound/trunk@5175 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-25 14:07:42 +00:00
Ralph Dolmans
edf1ad369a - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain 
answers.
 - For harden-below-nxdomain: do not consider a name to be non-exitent when
   message contains a CNAME record.


git-svn-id: file:///svn/unbound/trunk@5174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 15:09:15 +00:00
Wouter Wijngaards
99f36a4e1e - travis build file. 
git-svn-id: file:///svn/unbound/trunk@5162 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 09:30:35 +00:00
Wouter Wijngaards
61a28c2ee5 - iana portlist updated. 
git-svn-id: file:///svn/unbound/trunk@5161 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-16 13:21:22 +00:00
Wouter Wijngaards
2552a81b40 - Better braces in if statement in TCP fastopen code. 
git-svn-id: file:///svn/unbound/trunk@5160 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-16 12:53:50 +00:00
Wouter Wijngaards
ab6f1d0fc7 - Fix tls write event for read state change to re-call SSL_write and 
not resume the TLS handshake.


git-svn-id: file:///svn/unbound/trunk@5159 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-15 11:52:21 +00:00
Wouter Wijngaards
c8a56bfa8f - Squelch SSL read and write connection reset by peer and broken pipe 
messages.  Verbosity 2 and higher enables them.


git-svn-id: file:///svn/unbound/trunk@5158 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 15:04:32 +00:00
George Thessalonikefs
d1150541bb - Update python documentation for init_standard(). 
- Typos.


git-svn-id: file:///svn/unbound/trunk@5157 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 15:03:04 +00:00
Wouter Wijngaards
c6369e9ffa - Fix that auth zone fails over to next master for timeout in tcp. 
git-svn-id: file:///svn/unbound/trunk@5155 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 13:41:53 +00:00
Wouter Wijngaards
474afc9016 - Fix that auth zone uses correct network type for sockets for 
SOA serial probes.  This fixes that probes fail because earlier
  probe addresses are unreachable.


git-svn-id: file:///svn/unbound/trunk@5154 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 08:00:33 +00:00
Wouter Wijngaards
bd3c02bd59 - Fix to wipe ssl ticket keys from memory with explicit_bzero, 
if available.


git-svn-id: file:///svn/unbound/trunk@5153 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 14:42:08 +00:00
Wouter Wijngaards
32b1d900ff Add explanation to changelog. 
git-svn-id: file:///svn/unbound/trunk@5152 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 14:36:00 +00:00
Wouter Wijngaards
4eac399dfd - Fix #17: Add python module example from Jan Janak, that is a 
plugin for the Unbound DNS resolver to resolve DNS records in
  multicast DNS [RFC 6762] via Avahi.


git-svn-id: file:///svn/unbound/trunk@5151 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 14:34:58 +00:00
Wouter Wijngaards
c26fc84945 - verbose information about auth zone lookup process, also lookup 
start, timeout and fail.


git-svn-id: file:///svn/unbound/trunk@5150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 12:42:09 +00:00
Wouter Wijngaards
2b47ca080e - Fix to use event_assign with libevent for thread-safety. 
git-svn-id: file:///svn/unbound/trunk@5149 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 11:02:34 +00:00
Wouter Wijngaards
348cbab016 - Fix to reinit event structure for accepted TCP (and TLS) sockets. 
git-svn-id: file:///svn/unbound/trunk@5148 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-05 14:11:28 +00:00
Wouter Wijngaards
a777329b7f - Fix spelling error in log output for event method. 
git-svn-id: file:///svn/unbound/trunk@5147 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-04 14:28:39 +00:00
Wouter Wijngaards
ce8167a3bb - Fix auth-zone NSEC3 response for wildcard nodata answers, 
include the closest encloser in the answer.


git-svn-id: file:///svn/unbound/trunk@5146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-03 06:36:40 +00:00
Wouter Wijngaards
937523285a - Move goto label in answer_from_cache to the end of the function 
where it is more visible.


git-svn-id: file:///svn/unbound/trunk@5145 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-03 05:32:28 +00:00
Wouter Wijngaards
8a0de6b519 - Fix for auth zone nsec3 ent fix for wildcard nodata. 
git-svn-id: file:///svn/unbound/trunk@5144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 14:28:36 +00:00
Wouter Wijngaards
e338143639 - Fix for out of bounds integers, thanks to OSTIF audit. It is in 
allocation debug code.


git-svn-id: file:///svn/unbound/trunk@5143 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 12:28:20 +00:00
Wouter Wijngaards
59570b0413 - Fix auth-zone NSEC3 response for empty nonterminals with exact 
match nsec3 records.


git-svn-id: file:///svn/unbound/trunk@5142 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 12:21:41 +00:00
Wouter Wijngaards
78adebf8ec - Fix crash if tls-servic-pem not filled in when necessary. 
git-svn-id: file:///svn/unbound/trunk@5141 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-25 08:51:17 +00:00
Wouter Wijngaards
b75c37252c - Fix that tls-session-ticket-keys: "" on its own in unbound.conf 
disables the tls session ticker key calls into the OpenSSL API.


git-svn-id: file:///svn/unbound/trunk@5140 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-25 08:47:14 +00:00
Wouter Wijngaards
296f28e8d0 - Fix #4240: Fix whitespace cleanup in example.conf. 
git-svn-id: file:///svn/unbound/trunk@5139 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-21 12:14:20 +00:00
Wouter Wijngaards
83e2cade5b - add type CAA to libpyunbound (accessing libunbound from python). 
git-svn-id: file:///svn/unbound/trunk@5138 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-19 12:14:52 +00:00
Wouter Wijngaards
ce0628ee55 - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482. 
git-svn-id: file:///svn/unbound/trunk@5137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 09:26:06 +00:00
Wouter Wijngaards
bb5251da66 - Add log message, at verbosity 4, that says the query is encrypted 
with TLS, if that is enabled for the query.


git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 08:41:39 +00:00
Wouter Wijngaards
bfd0c5ec85 1.9.1 on 12 March 2019. Trunk has 1.9.2 in development. 
git-svn-id: file:///svn/unbound/trunk@5135 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-12 09:33:18 +00:00
Wouter Wijngaards
8092cd6331 - Fix for #4233: guard use of NDEBUG, so that it can be passed in 
CFLAGS into configure.


git-svn-id: file:///svn/unbound/trunk@5133 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-07 08:34:00 +00:00
Wouter Wijngaards
7105ea9293 - Tag release 1.9.1rc1. 
git-svn-id: file:///svn/unbound/trunk@5132 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-05 08:48:15 +00:00
Wouter Wijngaards
16cc196bf2 - output forwarder log in ssl_req_order test. 
git-svn-id: file:///svn/unbound/trunk@5130 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-01 12:38:53 +00:00
Wouter Wijngaards
a82c0eeece - Print correct module that failed when module-config is wrong. 
git-svn-id: file:///svn/unbound/trunk@5128 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-28 09:56:45 +00:00
Wouter Wijngaards
a62c1135fe - Remove memory leak on pythonmod python2 script file init. 
- Remove swig gcc8 python function cast warnings, they are ignored.


git-svn-id: file:///svn/unbound/trunk@5127 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-28 09:12:54 +00:00
Wouter Wijngaards
7c1f9699d8 - Fix for python module on Windows, fix fopen. 
git-svn-id: file:///svn/unbound/trunk@5125 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-27 14:14:08 +00:00
Wouter Wijngaards
33a814683b - Fix #14: contrib/unbound.init: Fix wrong comparison judgment 
before copying.


git-svn-id: file:///svn/unbound/trunk@5124 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-27 06:58:10 +00:00
Wouter Wijngaards
beebe5ba0c - Fix #4229: Unbound man pages lack information, about access-control 
order and local zone tags, and elements in views.


git-svn-id: file:///svn/unbound/trunk@5123 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-27 06:56:21 +00:00
Wouter Wijngaards
225534e5ab - Fix #4227: pair event del and add for libevent for tcp_req_info. 
git-svn-id: file:///svn/unbound/trunk@5122 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-25 15:48:27 +00:00
Wouter Wijngaards
3599fd9c60 - In man page and example config explain that most modules have to 
be listed at the start of module-config.


git-svn-id: file:///svn/unbound/trunk@5121 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-21 10:03:11 +00:00
Wouter Wijngaards
5b162ead92 - In example.conf explain where to put cachedb module in module-config. 
git-svn-id: file:///svn/unbound/trunk@5120 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-21 09:48:38 +00:00
Wouter Wijngaards
62428e17f6 - Fix the error for unknown module in module-config is understandable, 
and explains it was not compiled in and where to see the list.


git-svn-id: file:///svn/unbound/trunk@5119 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-21 09:40:25 +00:00
Wouter Wijngaards
079253670e - Fix pythonmod include and sockaddr_un ifdefs for compile on 
Windows, and for libunbound.


git-svn-id: file:///svn/unbound/trunk@5118 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-20 15:19:58 +00:00
Wouter Wijngaards
91e863138b - Print query name and IP address when domain rate limit exceeded. 
git-svn-id: file:///svn/unbound/trunk@5117 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 15:53:02 +00:00
Wouter Wijngaards
d1e92a0ebd - Spaces instead of tabs in that log message. 
git-svn-id: file:///svn/unbound/trunk@5116 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 12:32:42 +00:00
Wouter Wijngaards
3949bf2c82 - Print query name with ip_ratelimit exceeded log lines. 
git-svn-id: file:///svn/unbound/trunk@5115 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 10:40:41 +00:00
Wouter Wijngaards
a41375411e - Fix capsforid canonical sort qsort callback. 
git-svn-id: file:///svn/unbound/trunk@5114 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-14 08:16:15 +00:00
Wouter Wijngaards
030832cf12 - make depend, with newer gcc, nicer layout. 
git-svn-id: file:///svn/unbound/trunk@5113 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-11 10:02:45 +00:00
Wouter Wijngaards
49a36d98bb - Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for 
cert name matching, from man page.


git-svn-id: file:///svn/unbound/trunk@5112 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-11 09:59:47 +00:00
Wouter Wijngaards
19193fd534 - Fix recursion lame test for qname minimisation asked queries, 
that were not present in the set of prepared answers.


git-svn-id: file:///svn/unbound/trunk@5110 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-11 09:49:13 +00:00
Wouter Wijngaards
4e249c96e8 - Note default for module-config in man page. 
git-svn-id: file:///svn/unbound/trunk@5109 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-11 08:53:59 +00:00
Wouter Wijngaards
cae8361dcd - Fix #4225: clients seem to erroneously receive no answer with 
DNS-over-TLS and qname-minimisation.


git-svn-id: file:///svn/unbound/trunk@5108 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-08 15:05:24 +00:00
Wouter Wijngaards
429e130768 - Fix that qname minimisation does not skip a label when missing 
nameserver targets need to be fetched.


git-svn-id: file:///svn/unbound/trunk@5107 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-08 13:30:51 +00:00
Wouter Wijngaards
20d57ec58b - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2. 
git-svn-id: file:///svn/unbound/trunk@5106 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-07 08:34:28 +00:00
Wouter Wijngaards
64c4e69b07 Release version numbers. 
git-svn-id: file:///svn/unbound/trunk@5102 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-05 08:17:36 +00:00
Wouter Wijngaards
99994a26b0 - Perform canonical sort for 0x20 capsforid compare of replies, 
this sorts rrsets in the authority and additional section before
  comparison, so that out of order rrsets do not cause failure.


git-svn-id: file:///svn/unbound/trunk@5100 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 15:22:08 +00:00
Wouter Wijngaards
fe97f25b75 - Fix that log-replies prints the correct name for local-alias 
names, for names that have a CNAME in local-data configuration.
  It logs the original query name, not the target of the CNAME.
- Add local-zone type inform_redirect, which logs like type inform,
  and redirects like type redirect.


git-svn-id: file:///svn/unbound/trunk@5099 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 09:51:27 +00:00
Wouter Wijngaards
281030d576 - Wipe TLS session key data from memory on exit. 
git-svn-id: file:///svn/unbound/trunk@5098 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 15:25:27 +00:00
Wouter Wijngaards
8992e8c91f note ticker number. 
git-svn-id: file:///svn/unbound/trunk@5097 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 12:35:33 +00:00
Wouter Wijngaards
8cf5eae166 - Fix OpenSSL without ENGINE support compilation. 
git-svn-id: file:///svn/unbound/trunk@5095 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 11:34:11 +00:00
Wouter Wijngaards
df8f236b62 - For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks, 
still supports the set_id_callback previous API.  And for 1.1.0
  no locking callbacks are needed.


git-svn-id: file:///svn/unbound/trunk@5094 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 11:31:55 +00:00
Wouter Wijngaards
273ff1201b - fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of 
conditional section, fixes systemd builds, from Enrico Scholz.


git-svn-id: file:///svn/unbound/trunk@5093 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 10:21:54 +00:00
Wouter Wijngaards
91f585ed38 - improve documentation for forward-first. 
git-svn-id: file:///svn/unbound/trunk@5092 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 09:37:06 +00:00
Wouter Wijngaards
b9b226bdea - improve documentation for tls-service-key. 
git-svn-id: file:///svn/unbound/trunk@5091 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 09:22:48 +00:00
Wouter Wijngaards
8fffdca2a6 - Set ub_ctx_set_tls call signature in ltrace config file for 
libunbound in contrib/libunbound.so.conf.


git-svn-id: file:///svn/unbound/trunk@5090 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 09:16:15 +00:00
Ralph Dolmans
723845b350 - Fix case in which query timeout can result in marking delegation as 
edns_lame_known.


git-svn-id: file:///svn/unbound/trunk@5089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-30 13:44:19 +00:00
Wouter Wijngaards
31b677b35f - Fix locking for libunbound context setup with broken port config. 
git-svn-id: file:///svn/unbound/trunk@5088 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-29 16:07:07 +00:00
Wouter Wijngaards
c2e3baa81a - Fix #4224: auth_xfr_notify.rpl test broken due to typo 
git-svn-id: file:///svn/unbound/trunk@5087 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-29 14:37:35 +00:00
Wouter Wijngaards
7273b35243 - Fix spelling of tls-ciphers in example.conf.in. 
git-svn-id: file:///svn/unbound/trunk@5086 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-29 12:43:56 +00:00
Wouter Wijngaards
dfe8e0dfa2 - set version to 1.9.0 for release. 
git-svn-id: file:///svn/unbound/trunk@5084 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-29 08:07:50 +00:00
Wouter Wijngaards
7ad8ffccf5 - List example config for root zone copy locally hosted with auth-zone 
as suggested from draft-ietf-dnsop-7706-bis-02.  But with updated
  B root address.



git-svn-id: file:///svn/unbound/trunk@5083 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-28 08:49:12 +00:00
Wouter Wijngaards
065c7c5dd8 - List d.root-servers.net as a host that allows AXFR in example.conf 
config file, as suggested from draft-ietf-dnsop-7706-bis-02.


git-svn-id: file:///svn/unbound/trunk@5082 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-28 08:39:50 +00:00
Wouter Wijngaards
71744b8bb2 - Set build system for added call in the libunbound API. 
git-svn-id: file:///svn/unbound/trunk@5081 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-28 08:26:10 +00:00
Wouter Wijngaards
3d2dfc4769 - ub_ctx_set_tls call for libunbound that enables DoT for the machines 
set with ub_ctx_set_fwd.  Patch from Florian Obser.


git-svn-id: file:///svn/unbound/trunk@5080 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-28 08:22:08 +00:00
Wouter Wijngaards
5e4f0d65ce Fix year on recent commit messages. 
git-svn-id: file:///svn/unbound/trunk@5079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 16:19:37 +00:00
Wouter Wijngaards
aae44940c7 - output of newer lex 2.6.1 and bison 3.0.5. 
git-svn-id: file:///svn/unbound/trunk@5078 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 13:00:09 +00:00
Wouter Wijngaards
062c2cacfc - remove compile warnings from libnettle compile. 
git-svn-id: file:///svn/unbound/trunk@5077 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:58:06 +00:00
Wouter Wijngaards
ce65cdde71 - no lock when threads disabled in tcp request buffer count. 
git-svn-id: file:///svn/unbound/trunk@5076 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:54:40 +00:00
Wouter Wijngaards
b005fcd87b - updated contrib/fastrpz.patch to cleanly diff. 
git-svn-id: file:///svn/unbound/trunk@5075 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:50:45 +00:00
Wouter Wijngaards
f11d6653d6 - Fix that tcp for auth zone and outgoing does not remove and 
then gets the ssl read again applied to the deleted commpoint.


git-svn-id: file:///svn/unbound/trunk@5074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:46:15 +00:00
Wouter Wijngaards
20d5e35576 - Moved includes and make depend. 
git-svn-id: file:///svn/unbound/trunk@5073 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:10:05 +00:00
Wouter Wijngaards
3028fa50a8 - Patch from Florian Obser fixes some compiler warnings: 
include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c



git-svn-id: file:///svn/unbound/trunk@5072 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:05:00 +00:00
Wouter Wijngaards
d48abb9a84 clang analysis fixes, assert arc4random buffer in init, 
no check for already checked delegation pointer in iterator,
in testcode check for NULL packet matches, in perf do not copy
from NULL start list when growing capacity.  Adjust host and file
only when present in test header read to please checker.  In
testcode for unknown macro operand give zero result. Initialise the
passed argv array in test code.  In test code add EDNS data
segment copy only when nonempty.


git-svn-id: file:///svn/unbound/trunk@5070 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 11:55:10 +00:00
Wouter Wijngaards
37361a1d10 - Fix unit test for python 3.7 new keyword 'async'. 
git-svn-id: file:///svn/unbound/trunk@5069 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 09:37:57 +00:00
Wouter Wijngaards
299cc0c689 - Newer aclocal and libtoolize used for generating configure scripts, 
aclocal 1.16.1 and libtoolize 2.4.6.


git-svn-id: file:///svn/unbound/trunk@5068 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 08:57:47 +00:00
Wouter Wijngaards
649e265d6f - Fix for IXFR fallback to reset counter when IXFR does not timeout. 
git-svn-id: file:///svn/unbound/trunk@5066 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 11:52:17 +00:00
Wouter Wijngaards
68a57554a6 For TLS session keys, keep config options in order read from file to keep the first one as the first one. 
git-svn-id: file:///svn/unbound/trunk@5064 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 10:41:03 +00:00
Wouter Wijngaards
011a7d8830 - Fixes for patch (includes, declarations, warnings). 
git-svn-id: file:///svn/unbound/trunk@5060 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:43:47 +00:00
Wouter Wijngaards
510606dd1c - Patch for TLS session resumption from Manabu Sonoda, 
enable with tls-session-ticket-keys in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:35:52 +00:00
Wouter Wijngaards
4e59c8344f - Fix configure to detect SSL_CTX_set_ciphersuites, for better 
library compatibility when compiling.


git-svn-id: file:///svn/unbound/trunk@5058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 08:57:49 +00:00
Wouter Wijngaards
5d82b7c421 - Fixes for the patch, and man page entry. 
git-svn-id: file:///svn/unbound/trunk@5055 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 08:45:16 +00:00
Wouter Wijngaards
8ae9f26bce - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites 
options for unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5054 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 08:37:00 +00:00
Wouter Wijngaards
55f560a3ca - Fix that auth zone after IXFR fallback tries the same master. 
git-svn-id: file:///svn/unbound/trunk@5053 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:44:09 +00:00
Wouter Wijngaards
51caffb454 - Fix for #4219: secondaries not updated after serial change, unbound 
falls back to AXFR after IXFR gives several timeout failures.


git-svn-id: file:///svn/unbound/trunk@5052 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:36:58 +00:00
Wouter Wijngaards
8b18d1a0a4 - unbound-control stats has mem.streamwait that counts TCP and TLS 
waiting result buffers.


git-svn-id: file:///svn/unbound/trunk@5050 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 13:20:06 +00:00
Wouter Wijngaards
dec68aa9a9 - Doc for stream-wait-size and unit test. 
git-svn-id: file:///svn/unbound/trunk@5048 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 08:52:23 +00:00
Wouter Wijngaards
c10712a82b - Fix space calculation for tcp req buffer size. 
git-svn-id: file:///svn/unbound/trunk@5047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 08:27:49 +00:00
Wouter Wijngaards
d81e2c654f - Add stream-wait-size: 4m config option to limit the maximum 
memory used by waiting tcp and tls stream replies.  This avoids
  a denial of service where these replies use up all of the memory.


git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 16:20:14 +00:00
Wouter Wijngaards
be4583ac84 - Fix that multiple dns fragments can be carried in one TLS frame. 
git-svn-id: file:///svn/unbound/trunk@5043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 13:41:13 +00:00
Wouter Wijngaards
068374740c - Unit tests for ssl out of order processing. 
git-svn-id: file:///svn/unbound/trunk@5042 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 13:26:21 +00:00
Wouter Wijngaards
f7d63b0927 - Unit test for tcp request reorder and timeouts. 
git-svn-id: file:///svn/unbound/trunk@5041 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 13:04:08 +00:00
Wouter Wijngaards
9087b18234 - Fix tcp idle timeout test, for difference in the tcp reply code. 
git-svn-id: file:///svn/unbound/trunk@5040 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 09:36:01 +00:00
Wouter Wijngaards
19a3907657 - increase mesh max activation count for capsforid long fetches. 
git-svn-id: file:///svn/unbound/trunk@5039 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-17 08:58:09 +00:00
Wouter Wijngaards
762920232a - For caps-for-id fallback, use the whitelist to avoid timeout 
starting a fallback sequence for it.


git-svn-id: file:///svn/unbound/trunk@5038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-17 08:50:25 +00:00
Ralph Dolmans
f30fe71395 - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query 
without EDNS after timeout.


git-svn-id: file:///svn/unbound/trunk@5037 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-16 10:23:13 +00:00
Wouter Wijngaards
0d2efc3f3f - Review fixes in out of order processing. 
git-svn-id: file:///svn/unbound/trunk@5035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 10:27:00 +00:00
Wouter Wijngaards
bb480068fa - In the out of order processing, reset byte count for (potential) 
partial read.


git-svn-id: file:///svn/unbound/trunk@5034 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 09:24:00 +00:00
Wouter Wijngaards
ae9fe1a10e - streamtcp option -a send queries consecutively and prints answers 
as they arrive.
- Fix for out of order processing administration quit cleanup.
- unit test for tcp out of order processing.


git-svn-id: file:///svn/unbound/trunk@5033 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-14 15:52:50 +00:00
Wouter Wijngaards
dd19026e91 - Initial commit for out-of-order processing for TCP and TLS. 
git-svn-id: file:///svn/unbound/trunk@5032 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-11 14:12:27 +00:00
Wouter Wijngaards
42d2c04ae1 - Log query name for looping module errors. 
git-svn-id: file:///svn/unbound/trunk@5031 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-09 13:57:14 +00:00
Wouter Wijngaards
db2557826a - Fix NSEC3 record that is returned in wildcard replies from 
auth-zone zones with NSEC3 and wildcards.


git-svn-id: file:///svn/unbound/trunk@5030 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-08 14:39:31 +00:00
Wouter Wijngaards
11d98df304 - Fix syntax in comment of local alias processing. 
git-svn-id: file:///svn/unbound/trunk@5029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-08 13:29:38 +00:00
Wouter Wijngaards
ec84fd2ca6 - Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews, 
the patch adds a program used for fuzzing.


git-svn-id: file:///svn/unbound/trunk@5028 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-07 15:01:24 +00:00
Wouter Wijngaards
fe6eb5f665 - Document interaction between the tls-upstream option in the server 
section and forward-tls-upstream option in the forward-zone sections.


git-svn-id: file:///svn/unbound/trunk@5027 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-07 10:52:08 +00:00
Wouter Wijngaards
90b00dfe57 - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, 
and server tcp fastopen is enabled at compile time.


git-svn-id: file:///svn/unbound/trunk@5026 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-07 09:06:41 +00:00
Wouter Wijngaards
023411f975 - Fix for crash in dns64 module if response is null. 
git-svn-id: file:///svn/unbound/trunk@5025 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-12 16:03:05 +00:00
Wouter Wijngaards
9c2a45c59e svn trunk 1.8.2, Which became 1.8.3 on 11 december with only the dns64 fix of 6 dec. 
Trunk then became 1.8.4 in development.


git-svn-id: file:///svn/unbound/trunk@5020 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-11 09:44:16 +00:00
Wouter Wijngaards
1b72e814e7 - Fixup openssl 1.0.2 compile 
git-svn-id: file:///svn/unbound/trunk@5019 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:36:43 +00:00
Wouter Wijngaards
71b078611f - Fix #4206: support openssl 1.0.2 for TLS hostname verification, 
alongside the 1.1.0 and later support that is already there.


git-svn-id: file:///svn/unbound/trunk@5018 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:27:24 +00:00
Wouter Wijngaards
6b8e316663 - Fix for FreeBSD port make with dnscrypt and dnstap enabled. 
git-svn-id: file:///svn/unbound/trunk@5016 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 10:41:33 +00:00
Wouter Wijngaards
21d03697ca - ip-ratelimit-factor of 1 allows all traffic through, instead of the 
previous blocking everything.


git-svn-id: file:///svn/unbound/trunk@5015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 09:38:50 +00:00
Wouter Wijngaards
4c7f824e0a - Fix config parser memory leaks. 
git-svn-id: file:///svn/unbound/trunk@5014 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 09:27:49 +00:00
Wouter Wijngaards
42244e1b4d - Fix dns64 allocation in wrong region for returned internal queries. 
git-svn-id: file:///svn/unbound/trunk@5013 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-06 08:04:37 +00:00
Wouter Wijngaards
2981adac66 trunk has 1.8.3 in development. 
git-svn-id: file:///svn/unbound/trunk@5012 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-04 09:30:03 +00:00
Wouter Wijngaards
198a7ce74d - cache-max-ttl also defines upperbound of initial TTL in response. 
git-svn-id: file:///svn/unbound/trunk@5007 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-03 14:50:47 +00:00
Wouter Wijngaards
a9b7194485 - Fix icon, no ragged edges and nicer resolutions available, for eg. 
Win 7 and Windows 10 display.


git-svn-id: file:///svn/unbound/trunk@5001 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-03 08:30:55 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
ac8dc59341 - Patch for typo in unbound.conf man page. 
git-svn-id: file:///svn/unbound/trunk@4999 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 08:33:50 +00:00
Wouter Wijngaards
c1c1cd97e7 - Remove clang analysis warnings. 
git-svn-id: file:///svn/unbound/trunk@4998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 14:39:26 +00:00
Wouter Wijngaards
b23c373f4d - Refuse to start with no ports. 
git-svn-id: file:///svn/unbound/trunk@4997 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 14:26:16 +00:00
Wouter Wijngaards
81ded6124d - Fix that unbound-checkconf does not complains if the config file 
is not placed inside the chroot.


git-svn-id: file:///svn/unbound/trunk@4995 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 12:55:13 +00:00
Wouter Wijngaards
c417f733af - tag for 1.8.2rc1. 
git-svn-id: file:///svn/unbound/trunk@4994 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 09:27:19 +00:00
Wouter Wijngaards
63dcbe3d75 - Fix chroot auth-zone fix to remove chroot prefix. 
git-svn-id: file:///svn/unbound/trunk@4992 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 08:27:47 +00:00
Wouter Wijngaards
fb342b73d3 - iana portlist updated. 
git-svn-id: file:///svn/unbound/trunk@4991 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 08:27:22 +00:00
Wouter Wijngaards
cccb5094a4 - Fix clang analysis for outside directory build test. 
git-svn-id: file:///svn/unbound/trunk@4990 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-28 13:34:31 +00:00
Wouter Wijngaards
3330d5296c - Fix leak in chroot fix for auth-zone. 
git-svn-id: file:///svn/unbound/trunk@4989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-28 12:37:52 +00:00
Wouter Wijngaards
f95f98b12a - Update contrib fastrpz patch for latest release. 
git-svn-id: file:///svn/unbound/trunk@4988 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 15:47:52 +00:00
Wouter Wijngaards
ca33c52086 - Fix windows compile for new rrset roundrobin fix. 
git-svn-id: file:///svn/unbound/trunk@4986 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 13:35:29 +00:00