upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6058 commits 23 branches 209 tags 123 MiB
Commit graph

70 commits

Author SHA1 Message Date
W.C.A. Wijngaards
ba0f382eee - CVE-2020-12662 Unbound can be tricked into amplifying an incoming 
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.
 2020-05-19 10:27:27 +02:00
Ralph Dolmans
03a37d1ff6 - Keep track of number of timeouts. Use this counter to determine if capsforid 
fallback should be started.
 2020-04-06 18:00:06 +02:00
Wouter Wijngaards
fd5e4e6019 - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, 
adds the option unknown-server-time-limit to unbound.conf that
  can be increased to avoid the problem.


git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 09:21:41 +00:00
Ralph Dolmans
3f2d186694 - Make capsforid fallback QNAME minimisation aware. 
git-svn-id: file:///svn/unbound/trunk@4840 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 12:43:49 +00:00
Wouter Wijngaards
bea3b6b72d unit test for auth zone lookup 
git-svn-id: file:///svn/unbound/trunk@4469 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-30 15:44:49 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Ralph Dolmans
7b18274d7e - Added stats for queries that have been ratelimited by domain recursion. 
git-svn-id: file:///svn/unbound/trunk@4292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 12:52:33 +00:00
Ralph Dolmans
de731edc0d - Remove unused iter_env member (ip6arpa_dname) 
git-svn-id: file:///svn/unbound/trunk@4290 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-03 09:29:21 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Ralph Dolmans
5b63c08c72 - Use QTYPE=A for QNAME minimisation. 
- Keep track of number of time-outs when performing QNAME minimisation.
  Stop minimising when number of time-outs for a QNAME/QTYPE pair is
  more than three.



git-svn-id: file:///svn/unbound/trunk@3782 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-13 13:06:35 +00:00
Wouter Wijngaards
3d60a6f446 - Fix #761: DNSSEC LAME false positive resolving nic.club. 
git-svn-id: file:///svn/unbound/trunk@3720 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-18 14:09:12 +00:00
Wouter Wijngaards
6062e896b9 note RFC number. 
git-svn-id: file:///svn/unbound/trunk@3691 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:35:58 +00:00
Ralph Dolmans
6362a12bd7 - Limit number of QNAME minimisation iterations. 
git-svn-id: file:///svn/unbound/trunk@3681 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-17 14:44:41 +00:00
Ralph Dolmans
a05bf09811 Implemented qname minimisation 
git-svn-id: file:///svn/unbound/trunk@3554 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-30 16:10:26 +00:00
Wouter Wijngaards
0735cf0e53 - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution 
failures.


git-svn-id: file:///svn/unbound/trunk@3494 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-28 07:21:48 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
7e50976476 - store caps_response with best response in case downgrade response 
happens to be the last one.


git-svn-id: file:///svn/unbound/trunk@3348 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-04 09:31:26 +00:00
Wouter Wijngaards
f7039d8a59 - Fix CVE-2014-8602: denial of service by making resolver chase 
endless series of delegations.


git-svn-id: file:///svn/unbound/trunk@3289 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-12-08 15:09:18 +00:00
Wouter Wijngaards
bc7f906590 - Fix caps-for-id fallback, and added fallback attempt when servers 
drop 0x20 perturbed queries.


git-svn-id: file:///svn/unbound/trunk@3146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-24 08:24:28 +00:00
Wouter Wijngaards
1a6515778d Remove unused define from iterator.h 
git-svn-id: file:///svn/unbound/trunk@3142 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-02 10:03:21 +00:00
Wouter Wijngaards
cddec24dd2 - Change MAX_SENT_COUNT from 16 to 32 to resolve some cases easier. 
git-svn-id: file:///svn/unbound/trunk@3127 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-06 12:37:37 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
fa3337d42a - new approach to NS fetches for DS lookup that works with 
cornercases, and is more robust and considers forwarders.


git-svn-id: file:///svn/unbound/trunk@2646 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-21 15:01:01 +00:00
Wouter Wijngaards
0d5441bd8a - fix to locate nameservers for DS lookup with NS fetches. 
git-svn-id: file:///svn/unbound/trunk@2645 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-19 15:44:21 +00:00
Wouter Wijngaards
8e1cb52458 - iter_hints is now thread-owned in module env, and thus threadsafe. 
git-svn-id: file:///svn/unbound/trunk@2629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 09:55:50 +00:00
Wouter Wijngaards
f82a0847eb - max sent count. EDNS1480 only for rtt < 5000. No promiscuous 
fetch if sentcount > 3, stop query if sentcount > 16.  Count is
reset when referral or CNAME happens.  This makes unbound better
at managing large NS sets, they are explored when there is continued
interest (in the form of queries).


git-svn-id: file:///svn/unbound/trunk@2499 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 14:11:12 +00:00
Wouter Wijngaards
46eeced066 - Fix operation in ipv6 only (do-ip4: no) mode. 
git-svn-id: file:///svn/unbound/trunk@2487 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-07 14:34:10 +00:00
Wouter Wijngaards
2bdb094f7b - Fix bug where fallback_tcp causes wrong roundtrip and edns 
observation to be noted in cache.  Fix bug where EDNSprobe halted
  exponential backoff if EDNS status unknown.
- new unresponsive host method, exponentially increasing block backoff.
- iana portlist updated.


git-svn-id: file:///svn/unbound/trunk@2303 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-21 15:11:39 +00:00
Wouter Wijngaards
f042f0dd5d - Neat function prototypes, unshadowed local declarations. 
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
Wouter Wijngaards
cb3b649707 - Max referral count from 30 to 130, because 128 one character domains 
is valid DNS.


git-svn-id: file:///svn/unbound/trunk@2152 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-15 10:50:20 +00:00
Wouter Wijngaards
d7fec82eaa - Fix to use one pointer less for iterator query state store_parent_NS. 
git-svn-id: file:///svn/unbound/trunk@2150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-15 09:47:11 +00:00
Wouter Wijngaards
b014aac438 fix 
git-svn-id: file:///svn/unbound/trunk@2146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-11 14:24:25 +00:00
Wouter Wijngaards
6d77834955 parent-child misconfigured data lookup. 
git-svn-id: file:///svn/unbound/trunk@2119 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-28 14:15:29 +00:00
Wouter Wijngaards
7276cf7dd0 - Fix dnssec-missing detection that was turned off by server selection. 
git-svn-id: file:///svn/unbound/trunk@2107 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-04 08:39:04 +00:00
Wouter Wijngaards
ab9bd76768 Answer qclass=ANY. 
git-svn-id: file:///svn/unbound/trunk@1938 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:10:04 +00:00
Wouter Wijngaards
c42056b9aa Blacklist when 16 queries fail in a row. 
git-svn-id: file:///svn/unbound/trunk@1764 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-17 12:43:23 +00:00
Wouter Wijngaards
a2dcd9c019 forward command for unbound-control. 
git-svn-id: file:///svn/unbound/trunk@1482 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-13 15:26:37 +00:00
Wouter Wijngaards
a46c9197c4 EDNS fallback fixed for error cache. 
git-svn-id: file:///svn/unbound/trunk@1434 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-14 09:56:41 +00:00
Wouter Wijngaards
dbaa5194a6 Recursion lame is detected and last resort is used to resolve. 
git-svn-id: file:///svn/unbound/trunk@1294 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-13 09:11:42 +00:00
Wouter Wijngaards
939fabd809 0x20 fallback code. 
git-svn-id: file:///svn/unbound/trunk@1285 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-06 14:46:22 +00:00
Wouter Wijngaards
ff1a7ec42e private address and private domain config option read and store. 
git-svn-id: file:///svn/unbound/trunk@1223 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-03 14:40:09 +00:00
Wouter Wijngaards
64627b1a63 RTT banding, more spoof resistance randomness. 
git-svn-id: file:///svn/unbound/trunk@1019 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-03-25 15:33:24 +00:00
Wouter Wijngaards
633daf4bc7 dnssec lame detection. 
git-svn-id: file:///svn/unbound/trunk@714 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-22 15:25:37 +00:00
Wouter Wijngaards
907ab3d99a failover to next server. 
git-svn-id: file:///svn/unbound/trunk@691 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-17 19:23:01 +00:00
Wouter Wijngaards
482658b1cc Faster timeouts, based on extracts of our logs. 
git-svn-id: file:///svn/unbound/trunk@689 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-17 17:40:35 +00:00
Wouter Wijngaards
24d1ed15c4 please gcc more. 
git-svn-id: file:///svn/unbound/trunk@663 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-05 13:02:50 +00:00
Wouter Wijngaards
8e55996b7c function pointer whitelist for module operations. completing fptr work. 
git-svn-id: file:///svn/unbound/trunk@661 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-05 12:42:25 +00:00
Wouter Wijngaards
91786f4cc6 fixup AUTH prepend list. 
git-svn-id: file:///svn/unbound/trunk@587 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-09-04 14:06:43 +00:00
Wouter Wijngaards
56916e48fb prime flag moved. 
git-svn-id: file:///svn/unbound/trunk@470 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-01 12:59:37 +00:00