upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-21 15:21:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6058 commits 23 branches 209 tags 123 MiB
Commit graph

480 commits

Author SHA1 Message Date
Wouter Wijngaards
031caba9c0 - and also generic edns options for upstream messages (and replies). 
after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID),
  to insert use edns_opt_append(edns, region, code, len, bindata) on
  the opt_list passed to send_query, or in edns_opt_inplace_reply.


git-svn-id: file:///svn/unbound/trunk@3742 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:55:22 +00:00
Wouter Wijngaards
40dd2acfd9 - generic edns option parse and store code. 
git-svn-id: file:///svn/unbound/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00
Wouter Wijngaards
74603017b6 - Updated patch from Charles Walker. 
git-svn-id: file:///svn/unbound/trunk@3728 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-26 06:49:44 +00:00
Wouter Wijngaards
7fcec8102f - disable-dnssec-lame-check config option from Charles Walker. 
git-svn-id: file:///svn/unbound/trunk@3725 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-24 12:17:42 +00:00
Ralph Dolmans
f39692acc7 - No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC signed zones. 
git-svn-id: file:///svn/unbound/trunk@3722 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-20 14:04:27 +00:00
Wouter Wijngaards
3d60a6f446 - Fix #761: DNSSEC LAME false positive resolving nic.club. 
git-svn-id: file:///svn/unbound/trunk@3720 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-18 14:09:12 +00:00
Wouter Wijngaards
f101785ea1 - Fix #749: unbound-checkconf gets SIGSEGV when use against a 
malformatted conf file.


git-svn-id: file:///svn/unbound/trunk@3696 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-24 12:30:47 +00:00
Wouter Wijngaards
6062e896b9 note RFC number. 
git-svn-id: file:///svn/unbound/trunk@3691 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:35:58 +00:00
Ralph Dolmans
5d061f13f9 - Validate QNAME minimised NXDOMAIN responses. 
- If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
   harden-below-nxdomain.



git-svn-id: file:///svn/unbound/trunk@3682 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-18 15:44:41 +00:00
Ralph Dolmans
6362a12bd7 - Limit number of QNAME minimisation iterations. 
git-svn-id: file:///svn/unbound/trunk@3681 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-17 14:44:41 +00:00
Wouter Wijngaards
47e2026ca6 - Fix #746: Fix unbound sets CD bit on all forwards. 
If no trust anchors, it'll not set CD bit when forwarding to another
  server.  If a trust anchor, no CD bit on the first attempt to a
  forwarder, but CD bit thereafter on repeated attempts to get DNSSEC.


git-svn-id: file:///svn/unbound/trunk@3679 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-17 14:01:59 +00:00
Wouter Wijngaards
7d76a151b3 - Updated L root IPv6 address. 
git-svn-id: file:///svn/unbound/trunk@3652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-10 08:23:46 +00:00
Ralph Dolmans
d853b0841b Don't minimise forwarded requests. 
git-svn-id: file:///svn/unbound/trunk@3575 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-07 15:56:47 +00:00
Ralph Dolmans
3328dc4d68 Stop minimising after receiving rcode!=NOERROR 
git-svn-id: file:///svn/unbound/trunk@3573 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-03 15:45:52 +00:00
Ralph Dolmans
e47e31a69f Keep incrementing QNAME after receiving throwaway answer. 
git-svn-id: file:///svn/unbound/trunk@3568 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-03 12:09:45 +00:00
Ralph Dolmans
014142d7bf Qname minimisation review fixes 
git-svn-id: file:///svn/unbound/trunk@3561 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 13:14:00 +00:00
Wouter Wijngaards
3ee1dc25d5 yacced,lexed, include for undeclared function and make depend. 
git-svn-id: file:///svn/unbound/trunk@3555 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 08:11:48 +00:00
Ralph Dolmans
a05bf09811 Implemented qname minimisation 
git-svn-id: file:///svn/unbound/trunk@3554 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-30 16:10:26 +00:00
Wouter Wijngaards
152458c40b - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
Wouter Wijngaards
2d8d820e07 Remove debug print. 
git-svn-id: file:///svn/unbound/trunk@3532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-16 10:01:47 +00:00
Wouter Wijngaards
7c1131625c - Fix for lenient accept of reverse order DNAME and CNAME. 
git-svn-id: file:///svn/unbound/trunk@3530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-16 09:48:51 +00:00
Wouter Wijngaards
0735cf0e53 - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution 
failures.


git-svn-id: file:///svn/unbound/trunk@3494 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-28 07:21:48 +00:00
Wouter Wijngaards
44644a7e7c - Fix #702: New IPs for for h.root-servers.net. 
git-svn-id: file:///svn/unbound/trunk@3487 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-22 08:35:03 +00:00
Wouter Wijngaards
0884d263ef - Fix #677 Fix CNAME corresponding to a DNAME was checked incorrectly 
and was therefore always synthesized (thanks to Valentin Dietrich).


git-svn-id: file:///svn/unbound/trunk@3434 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-22 09:23:43 +00:00
Wouter Wijngaards
2910eec34c Check for out of memory. 
git-svn-id: file:///svn/unbound/trunk@3421 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 13:35:02 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
bc658e0361 Fixes. 
git-svn-id: file:///svn/unbound/trunk@3392 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 10:57:25 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
6feb8fb6a5 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: file:///svn/unbound/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
Wouter Wijngaards
7861314db3 And use best response in case 0x20 fallback done. 
git-svn-id: file:///svn/unbound/trunk@3349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-04 09:35:06 +00:00
Wouter Wijngaards
7e50976476 - store caps_response with best response in case downgrade response 
happens to be the last one.


git-svn-id: file:///svn/unbound/trunk@3348 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-04 09:31:26 +00:00
Wouter Wijngaards
54771e5b3d - many nameservers does not try to compare more than max-sent-count, 
parse failures start 0x20 fallback procedure.


git-svn-id: file:///svn/unbound/trunk@3347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-04 09:06:05 +00:00
Wouter Wijngaards
ab62061196 - 0x20 fallback improved, better handling of servfail responses, 
they do not count as missing comparisons (except if all are failed),
  and better handling of inability to find nameservers, no more
  nameservers can be found results in fallback acceptance.


git-svn-id: file:///svn/unbound/trunk@3346 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-04 08:30:17 +00:00
Wouter Wijngaards
025f36b169 - Fix scrubber with harden-glue turned off to reject NS (and other 
not-address) records.


git-svn-id: file:///svn/unbound/trunk@3330 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-10 14:01:45 +00:00
Wouter Wijngaards
3d66ef2b92 - Fix 0x20 capsforid fallback to omit gratuitous NS and additional 
section changes.


git-svn-id: file:///svn/unbound/trunk@3323 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-30 09:35:38 +00:00
Wouter Wijngaards
42cf616fae - print query name when max target count is exceeded. 
git-svn-id: file:///svn/unbound/trunk@3296 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-05 13:12:42 +00:00
Wouter Wijngaards
f7039d8a59 - Fix CVE-2014-8602: denial of service by making resolver chase 
endless series of delegations.


git-svn-id: file:///svn/unbound/trunk@3289 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-12-08 15:09:18 +00:00
Wouter Wijngaards
67a3c4933c - Fix cdflag dns64 processing. 
git-svn-id: file:///svn/unbound/trunk@3275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-19 08:43:08 +00:00
Wouter Wijngaards
b781f2d48d - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: file:///svn/unbound/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
Wouter Wijngaards
612a4e152f - Fix bug where forward or stub addresses with same address but 
different port number were not tried.


git-svn-id: file:///svn/unbound/trunk@3258 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-11 13:10:44 +00:00
Wouter Wijngaards
83f9f236d7 - Fix unbound capsforid fallback, it ignores TTLs in comparison. 
git-svn-id: file:///svn/unbound/trunk@3239 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-10 14:12:17 +00:00
Wouter Wijngaards
bc7f906590 - Fix caps-for-id fallback, and added fallback attempt when servers 
drop 0x20 perturbed queries.


git-svn-id: file:///svn/unbound/trunk@3146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-24 08:24:28 +00:00
Wouter Wijngaards
b4e45145cd - Add AAAA for B root server to default root hints. 
git-svn-id: file:///svn/unbound/trunk@3143 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-03 07:29:41 +00:00
Wouter Wijngaards
1a6515778d Remove unused define from iterator.h 
git-svn-id: file:///svn/unbound/trunk@3142 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-02 10:03:21 +00:00
Wouter Wijngaards
cddec24dd2 - Change MAX_SENT_COUNT from 16 to 32 to resolve some cases easier. 
git-svn-id: file:///svn/unbound/trunk@3127 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-06 12:37:37 +00:00
Wouter Wijngaards
eb5e9a89c4 - Fix #558: failed prefetch lookup does not remove cached response 
but delays next prefetch (in lieu of caching a SERVFAIL).


git-svn-id: file:///svn/unbound/trunk@3111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 13:56:16 +00:00
Wouter Wijngaards
b6c714c979 - C.ROOT-SERVERS.NET has an IPv6 address, and we updated the root 
hints (patch from Anand Buddhdev).


git-svn-id: file:///svn/unbound/trunk@3102 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-07 08:18:39 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
3de090dadb Fix linking of sldns and ldns, unique identifiers for global variables. 
git-svn-id: file:///svn/unbound/trunk@3021 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-30 11:03:55 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
c1ce3e10d8 - Fix #528: if very high logging (4 or more) segfault on allow_snoop. 
git-svn-id: file:///svn/unbound/trunk@2994 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-22 12:01:51 +00:00
Wouter Wijngaards
de07375a9c review fixes. 
git-svn-id: file:///svn/unbound/trunk@2940 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 14:14:08 +00:00
Wouter Wijngaards
f1fd2b53eb - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: file:///svn/unbound/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
Wouter Wijngaards
5dbb2ce669 Fix uninit variable in fix#516. 
git-svn-id: file:///svn/unbound/trunk@2934 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-14 07:53:33 +00:00
Wouter Wijngaards
c8d22543f3 - Fix#516 dnssec lameness detection for answers that are improper. 
git-svn-id: file:///svn/unbound/trunk@2933 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-08 09:29:33 +00:00
Wouter Wijngaards
bcf5b23273 - Fix#501: forward-first does not recurse, when forward name is ".". 
git-svn-id: file:///svn/unbound/trunk@2907 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-06-10 12:25:10 +00:00
Wouter Wijngaards
d88911eed5 - Fix queries leaking up for stubs and forwards, if the configured 
nameservers all fail to answer.


git-svn-id: file:///svn/unbound/trunk@2882 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-11 10:08:34 +00:00
Wouter Wijngaards
f9137645fb - Fix crash in previous private address fixup of 22 March. 
git-svn-id: file:///svn/unbound/trunk@2880 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-09 07:38:24 +00:00
Wouter Wijngaards
2ad6ee3c72 - Fix resolve of names that use a mix of public and private addresses. 
git-svn-id: file:///svn/unbound/trunk@2868 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-03-22 09:36:33 +00:00
Wouter Wijngaards
6fe9aab1c2 - printout name of zone with duplicate fwd and hint errors. 
git-svn-id: file:///svn/unbound/trunk@2828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-29 08:13:57 +00:00
Wouter Wijngaards
6c0c8fd672 - Change of D.ROOT-SERVERS.NET A address in default root hints. 
git-svn-id: file:///svn/unbound/trunk@2794 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-12-14 08:08:59 +00:00
Wouter Wijngaards
4b3fd4f789 - Fix unbound-control forward disables configured stubs below it. 
git-svn-id: file:///svn/unbound/trunk@2781 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-11-09 15:35:18 +00:00
Wouter Wijngaards
217ef3d9a3 - Fix forward-first option where it sets the RD flag wrongly. 
git-svn-id: file:///svn/unbound/trunk@2731 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-31 12:53:53 +00:00
Wouter Wijngaards
3c55073799 - implemented forward_first for the root. 
git-svn-id: file:///svn/unbound/trunk@2722 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-23 13:42:07 +00:00
Wouter Wijngaards
0f1aa80123 - Fix bug#452 and another assertion failure in mesh.c, makes 
assertions in mesh.c resist duplicates.  Fixes DS NS search to
  not generate duplicate sub queries.


git-svn-id: file:///svn/unbound/trunk@2718 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-20 13:08:19 +00:00
Wouter Wijngaards
1467c5de52 - code review: return value of cache_store can be ignored for better 
performance in out of memory conditions.


git-svn-id: file:///svn/unbound/trunk@2704 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-28 14:18:41 +00:00
Wouter Wijngaards
15aacbe89b code review. 
git-svn-id: file:///svn/unbound/trunk@2688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-18 14:22:29 +00:00
Wouter Wijngaards
452b7fce3a - code review. 
git-svn-id: file:///svn/unbound/trunk@2687 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-15 19:44:09 +00:00
Wouter Wijngaards
159d5a18b6 - Review comments from Yuri, removed duplicate memset to zero in delegpt. 
git-svn-id: file:///svn/unbound/trunk@2675 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-18 15:04:08 +00:00
Wouter Wijngaards
43ab18d6ed fix alloccheck 
git-svn-id: file:///svn/unbound/trunk@2672 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-16 11:55:30 +00:00
Wouter Wijngaards
eb926f15da lint fixes. 
git-svn-id: file:///svn/unbound/trunk@2649 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-21 15:34:44 +00:00
Wouter Wijngaards
8e20d58fa8 fixup include. 
git-svn-id: file:///svn/unbound/trunk@2647 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-21 15:05:34 +00:00
Wouter Wijngaards
fa3337d42a - new approach to NS fetches for DS lookup that works with 
cornercases, and is more robust and considers forwarders.


git-svn-id: file:///svn/unbound/trunk@2646 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-21 15:01:01 +00:00
Wouter Wijngaards
0d5441bd8a - fix to locate nameservers for DS lookup with NS fetches. 
git-svn-id: file:///svn/unbound/trunk@2645 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-19 15:44:21 +00:00
Wouter Wijngaards
82ebbe32d1 comment for explanation of bit toggle. 
git-svn-id: file:///svn/unbound/trunk@2638 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-01 13:38:28 +00:00
Wouter Wijngaards
1736d8078a - forward-first option. Tries without forward if a query fails. 
Also stub-first option that is similar.


git-svn-id: file:///svn/unbound/trunk@2637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-01 13:16:40 +00:00
Wouter Wijngaards
773d8e3b84 Fix prefetch and stickyness. 
git-svn-id: file:///svn/unbound/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 11:04:53 +00:00
Wouter Wijngaards
8e1cb52458 - iter_hints is now thread-owned in module env, and thus threadsafe. 
git-svn-id: file:///svn/unbound/trunk@2629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 09:55:50 +00:00
Wouter Wijngaards
d64b14cff9 - unbound-control forward_add, forward_remove, stub_add, stub_remove 
can modify stubs and forwards for running unbound (on mobile computer)
  they can also add and remove domain-insecure for the zone.


git-svn-id: file:///svn/unbound/trunk@2623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:35:28 +00:00
Wouter Wijngaards
943f8f43b9 hints uses malloc for more dynamicity. 
git-svn-id: file:///svn/unbound/trunk@2622 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 09:38:34 +00:00
Wouter Wijngaards
7a58fdcebc - Fix forward-zone memory, uses malloc and frees original root dp. 
git-svn-id: file:///svn/unbound/trunk@2621 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 08:50:17 +00:00
Wouter Wijngaards
db6cd0a635 - iter forwards uses malloc inside for more dynamicity. 
git-svn-id: file:///svn/unbound/trunk@2620 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-14 15:41:09 +00:00
Wouter Wijngaards
6dd2c0467e - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
Wouter Wijngaards
0916e1d0ea - Fix for VU#209659 CVE-2011-4528: Unbound denial of service 
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.


git-svn-id: file:///svn/unbound/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-19 10:55:32 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
11f5e16932 infra cache consolidated and stores per zone, IP. 
git-svn-id: file:///svn/unbound/trunk@2525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-26 15:46:23 +00:00
Wouter Wijngaards
7ea69fe9c2 - Fix resolve of partners.extranet.microsoft.com with a fix for the 
server selection for choosing out of a (particular) list of bad choices.


git-svn-id: file:///svn/unbound/trunk@2522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-24 08:34:59 +00:00
Wouter Wijngaards
881f0ad30f - Fix classification of NS set in answer section, where there is a 
parent-child server, and the answer has the AA flag for dir.slb.com.
  Thanks to Amanda Constant from Secure64.


git-svn-id: file:///svn/unbound/trunk@2501 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-20 07:42:04 +00:00
Wouter Wijngaards
d9ceec4005 better sent count handling 
git-svn-id: file:///svn/unbound/trunk@2500 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 14:15:13 +00:00
Wouter Wijngaards
f82a0847eb - max sent count. EDNS1480 only for rtt < 5000. No promiscuous 
fetch if sentcount > 3, stop query if sentcount > 16.  Count is
reset when referral or CNAME happens.  This makes unbound better
at managing large NS sets, they are explored when there is continued
interest (in the form of queries).


git-svn-id: file:///svn/unbound/trunk@2499 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 14:11:12 +00:00
Wouter Wijngaards
af93d6033c revert earlier commit. 
git-svn-id: file:///svn/unbound/trunk@2488 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-12 11:28:14 +00:00
Wouter Wijngaards
46eeced066 - Fix operation in ipv6 only (do-ip4: no) mode. 
git-svn-id: file:///svn/unbound/trunk@2487 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-07 14:34:10 +00:00
Wouter Wijngaards
d56aef7b33 - Fix validation failures due to EDNS backoff retries, the retry 
for fetch of data has want_dnssec because the iter_indicate_dnssec
         function returns true when validation failure retry happens, and
         then the serviced query code does not fallback to noEDNS, even if
         the cache says it has this.  This helps for DLV deployment when
         the DNSSEC status is not known for sure before the lookup concludes.


git-svn-id: file:///svn/unbound/trunk@2483 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-26 09:00:43 +00:00
Wouter Wijngaards
d265c02f69 - Fix that internally, CNAMEs with NXDOMAIN have that as rcode. 
git-svn-id: file:///svn/unbound/trunk@2478 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 12:11:54 +00:00
Wouter Wijngaards
17e5bba504 Fix validation of qtype ANY responses with CNAMEs (thanks Cathy Zhang and Luo Ce). 
git-svn-id: file:///svn/unbound/trunk@2477 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 12:02:50 +00:00
Wouter Wijngaards
608f82a1cd IPv6 service address for d.root-servers.net (2001:500:2D::D) 
git-svn-id: file:///svn/unbound/trunk@2426 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-12 09:51:00 +00:00
Wouter Wijngaards
eed924d7be - Fix remove private address does not throw away entire response. 
git-svn-id: file:///svn/unbound/trunk@2386 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-28 16:11:49 +00:00
Wouter Wijngaards
790cb51775 - Fix prefetch so it does not get stuck on old server for moved names. 
git-svn-id: file:///svn/unbound/trunk@2372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-13 10:13:01 +00:00
Wouter Wijngaards
4a746142cf - Fix insecure CNAME sequence marked as secure, reported by Bert Hubert. 
git-svn-id: file:///svn/unbound/trunk@2369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-11 12:32:29 +00:00
Wouter Wijngaards
a72fe210ca remove lost and backoff values. 
git-svn-id: file:///svn/unbound/trunk@2309 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-26 13:30:37 +00:00
Wouter Wijngaards
2bdb094f7b - Fix bug where fallback_tcp causes wrong roundtrip and edns 
observation to be noted in cache.  Fix bug where EDNSprobe halted
  exponential backoff if EDNS status unknown.
- new unresponsive host method, exponentially increasing block backoff.
- iana portlist updated.


git-svn-id: file:///svn/unbound/trunk@2303 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-21 15:11:39 +00:00
Wouter Wijngaards
e238b47b0a Fix for request list growth. 
git-svn-id: file:///svn/unbound/trunk@2298 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-19 14:53:29 +00:00
Wouter Wijngaards
46345c0809 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
Wouter Wijngaards
95db04a64c - bug#327: Fix for cannot access stub zones until the root is primed. 
git-svn-id: file:///svn/unbound/trunk@2228 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-13 09:25:52 +00:00
Wouter Wijngaards
f26b55ea7e fixup yesterdays fix 
git-svn-id: file:///svn/unbound/trunk@2227 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-10 11:16:12 +00:00
Wouter Wijngaards
8ec31ebbcc - unresponsive servers are not completely blacklisted (because of 
firewalls), but also not probed all the time (because of the request
            list size it generates).  The probe rate is 1%.


git-svn-id: file:///svn/unbound/trunk@2225 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-09 14:56:51 +00:00
Wouter Wijngaards
9d66b48885 - openbsd-lint fixes: acl_list_get_mem used if debug-alloc enabled. 
iterator get_mem includes priv_get_mem.  delegpt nodup removed.
  listen_pushback, query_info_allocqname, write_socket, send_packet,
  comm_point_set_cb_arg and listen_resume removed.


git-svn-id: file:///svn/unbound/trunk@2222 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-20 13:30:41 +00:00
Wouter Wijngaards
89845bca03 - Fix bug#321: resolution of rs.ripe.net artifacts with 0x20. 
Delegpt structures checked for duplicates always.
         No more nameserver lookups generated when depth is full anyway.


git-svn-id: file:///svn/unbound/trunk@2219 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-19 13:00:21 +00:00
Wouter Wijngaards
40f8fe2815 add and fix doxygen comments for doxygen-1.7.1. (which reports lots of 
spurious items as well, by the way).


git-svn-id: file:///svn/unbound/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-13 08:41:49 +00:00
Wouter Wijngaards
b701d70147 - Return NXDOMAIN after chain of CNAMEs ends at name-not-found. 
git-svn-id: file:///svn/unbound/trunk@2208 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-05 14:31:52 +00:00
Wouter Wijngaards
f042f0dd5d - Neat function prototypes, unshadowed local declarations. 
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
Wouter Wijngaards
654d66d6a7 - log if a server is skipped because it is on the donotquery list, 
at verbosity 4, to enable diagnosis why no queries to 127.0.0.1.


git-svn-id: file:///svn/unbound/trunk@2174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-05 07:45:20 +00:00
Wouter Wijngaards
14f178e486 Fix for lame reply corner case. 
git-svn-id: file:///svn/unbound/trunk@2168 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-25 08:32:51 +00:00
Wouter Wijngaards
6325974a0b root hints from ftp.internic.net. 
git-svn-id: file:///svn/unbound/trunk@2158 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-18 07:18:22 +00:00
Wouter Wijngaards
d1a68958a9 - Add AAAA to root hints for I.ROOT-SERVERS.NET. 
git-svn-id: file:///svn/unbound/trunk@2157 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-17 19:17:09 +00:00
Wouter Wijngaards
cb3b649707 - Max referral count from 30 to 130, because 128 one character domains 
is valid DNS.


git-svn-id: file:///svn/unbound/trunk@2152 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-15 10:50:20 +00:00
Wouter Wijngaards
d7fec82eaa - Fix to use one pointer less for iterator query state store_parent_NS. 
git-svn-id: file:///svn/unbound/trunk@2150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-15 09:47:11 +00:00
Wouter Wijngaards
b014aac438 fix 
git-svn-id: file:///svn/unbound/trunk@2146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-11 14:24:25 +00:00
Wouter Wijngaards
1f0f85b59a - When retry to parent the retrycount is not wiped, so failed 
nameservers are not tried again.
       - iana portlist updated.


git-svn-id: file:///svn/unbound/trunk@2145 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-11 14:09:56 +00:00
Wouter Wijngaards
b9603c178a - Fix bug where a long loop could be entered, now cycle detection 
has a loop-counter and maximum search amount.


git-svn-id: file:///svn/unbound/trunk@2144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-10 14:10:17 +00:00
Wouter Wijngaards
1f9172697c more last resort lookup options. 
git-svn-id: file:///svn/unbound/trunk@2139 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-03 15:06:50 +00:00
Wouter Wijngaards
b65fa84ea5 review fixes. 
git-svn-id: file:///svn/unbound/trunk@2138 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-03 13:38:09 +00:00
Wouter Wijngaards
ba4ff40d9d - Fix storage of negative parent glue if that last resort fails. 
git-svn-id: file:///svn/unbound/trunk@2127 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-01 09:33:25 +00:00
Wouter Wijngaards
1bd8583d3f Force off bit Z. 
git-svn-id: file:///svn/unbound/trunk@2126 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-01 06:48:15 +00:00
Wouter Wijngaards
d9e6fd3bac - fix parentside and querytargets modulestate, for dump_requestlist. 
git-svn-id: file:///svn/unbound/trunk@2123 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-31 14:01:32 +00:00
Wouter Wijngaards
153fd4a7f6 - parentside names are dispreferred but not said to be dnssec-lame. 
- parentside check for cached newname glue.


git-svn-id: file:///svn/unbound/trunk@2122 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-31 13:03:58 +00:00
Wouter Wijngaards
6ef058f9b0 - Fix AD flag handling, it could in some cases mistakenly copy the AD 
flag from upstream servers.


git-svn-id: file:///svn/unbound/trunk@2120 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-31 07:36:01 +00:00
Wouter Wijngaards
6d77834955 parent-child misconfigured data lookup. 
git-svn-id: file:///svn/unbound/trunk@2119 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-28 14:15:29 +00:00
Wouter Wijngaards
4cc482e222 - Fix resolution for domains like safesvc.com.cn. If the iterator 
can not recurse further and it finds the delegation in a state
         where it would otherwise have rejected it outhand if so received
         from a cache lookup, then it can try to ask higherup (with loop
         protection).
       - Fix comments in iter_utils:dp_is_useless.


git-svn-id: file:///svn/unbound/trunk@2114 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-19 12:59:27 +00:00
Wouter Wijngaards
807a1c5b74 - Fix resolution for domains like safesvc.com.cn. If the iterator 
can not recurse further and it finds the delegation in a state
         where it would otherwise have rejected it outhand if so received
         from a cache lookup, then it can try to ask higherup (with loop
         protection).


git-svn-id: file:///svn/unbound/trunk@2113 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-19 12:55:49 +00:00
Wouter Wijngaards
b4b641807b Fix various compiler warnings from the clang llvm compiler. 
git-svn-id: file:///svn/unbound/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-18 12:37:04 +00:00
Wouter Wijngaards
7276cf7dd0 - Fix dnssec-missing detection that was turned off by server selection. 
git-svn-id: file:///svn/unbound/trunk@2107 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-04 08:39:04 +00:00
Wouter Wijngaards
5c4fbf10b1 fix for key cache lookup 
git-svn-id: file:///svn/unbound/trunk@2105 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-29 12:52:44 +00:00
Wouter Wijngaards
cccba6e2c7 dnssec lameness detection looks in key cache if dnssec is expected. 
git-svn-id: file:///svn/unbound/trunk@2104 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-29 12:36:12 +00:00
Wouter Wijngaards
a29b2ad908 Fix harden-referral-path so it does not generate lookup failures. 
git-svn-id: file:///svn/unbound/trunk@2101 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-27 14:15:19 +00:00
Wouter Wijngaards
339d94b643 - fix retry sequence if prime hints are recursion-lame. 
git-svn-id: file:///svn/unbound/trunk@2099 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-27 11:10:35 +00:00
Wouter Wijngaards
3a754ae461 Fix bug#307: 0x20 fallback outstanding query count, together with rec_lame, 
and canonical rrset comparison.


git-svn-id: file:///svn/unbound/trunk@2097 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-26 14:59:44 +00:00
Wouter Wijngaards
f12b7a8dd9 - More strict scrubber (Thanks to George Barwood for the idea): 
NS set must be pertinent to the query (qname subdomain nsname).


git-svn-id: file:///svn/unbound/trunk@2096 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-26 13:40:37 +00:00
Wouter Wijngaards
35f3d4ecb1 - Fix to fetch data as last resort more tenaciously. When cycle 
targets cause the server selection to believe there are more options
	  when they really are not there, the server selection is reinitiated.
	- Fix fetch from blacklisted dnssec lame servers as last resort.  The
	  servers IP address is then given in validator errors as well.



git-svn-id: file:///svn/unbound/trunk@2089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-23 09:07:05 +00:00
Wouter Wijngaards
18a7df3d5c - Fix EDNS probe for .de DNSSEC testbed failure, where the infra 
cache timeout coincided with a server update, the current EDNS 
  backoff is less sensitive, and does not cache the backoff unless 
  the backoff actually works and the domain is not expecting DNSSEC.


git-svn-id: file:///svn/unbound/trunk@2063 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-06 08:35:37 +00:00
Wouter Wijngaards
75565262f7 Fixed random numbers for port, interface and server selection. 
Removed very small bias.
Also some lint fixes.



git-svn-id: file:///svn/unbound/trunk@2049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-18 14:42:22 +00:00
Wouter Wijngaards
147d47eee7 Move includes to code files. 
git-svn-id: file:///svn/unbound/trunk@2035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-12 15:17:48 +00:00
Wouter Wijngaards
867dfc0563 remove unnecessary if statement 
git-svn-id: file:///svn/unbound/trunk@2009 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-04 15:24:34 +00:00
Wouter Wijngaards
38fe29b9fd Nicer debug output. 
git-svn-id: file:///svn/unbound/trunk@1999 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-01 13:00:00 +00:00
Wouter Wijngaards
5dcbb54e63 - Fix scrubber bug that potentially let NS records through. Reported 
by Amanda Constant.
        - Also delete potential poison references from additional.
        - Fix: no classification of a forwarder as lame, throwaway instead.


git-svn-id: file:///svn/unbound/trunk@1993 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-24 13:27:47 +00:00
Wouter Wijngaards
eeefe9ac45 Stops blacklisting because of strange firewalls. 
git-svn-id: file:///svn/unbound/trunk@1987 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-18 11:21:11 +00:00
Wouter Wijngaards
38c6664caf A little more strict DS scrubbing. 
git-svn-id: file:///svn/unbound/trunk@1986 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-18 09:47:08 +00:00