upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-21 07:10:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6058 commits 23 branches 209 tags 123 MiB
Commit graph

233 commits

Author SHA1 Message Date
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
94a6478e05 - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: file:///svn/unbound/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
e25ac1c2eb - Add local-zone type inform_deny, that logs query and drops answer. 
git-svn-id: file:///svn/unbound/trunk@3398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 08:23:06 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
77088b12ff - Add ip-transparent config option for bind to non-local addresses. 
git-svn-id: file:///svn/unbound/trunk@3369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-19 09:50:35 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
3ef33154e5 - infra-cache-min-rtt patch from Florian Riehm, for expected long 
uplink roundtrip times.


git-svn-id: file:///svn/unbound/trunk@3328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-02 08:46:22 +00:00
Wouter Wijngaards
df73be98bd - patch for remote control over local sockets, from Dag-Erling 
Smorgrav, Ilya Bakulin.  Use control-interface: /path/sock and
  control-use-cert: no.


git-svn-id: file:///svn/unbound/trunk@3304 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:12:59 +00:00
Wouter Wijngaards
1b44c9393e - local-zone: example.com inform makes unbound log a message with 
client IP for queries in that zone.  Eg. for finding infected hosts.


git-svn-id: file:///svn/unbound/trunk@3292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-12-09 11:29:17 +00:00
Wouter Wijngaards
e8fa4a9aff - parser with bison 2.7 
git-svn-id: file:///svn/unbound/trunk@3270 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-14 15:59:30 +00:00
Wouter Wijngaards
8ccba42b1f - dnstap support, with a patch from Farsight Security, written by 
Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
  It is BSD licensed (see dnstap/dnstap.c).
  Building with --enable-dnstap needs pkg-config with this patch.
- Noted dnstap in doc/README and doc/CREDITS.


git-svn-id: file:///svn/unbound/trunk@3206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-05 07:57:52 +00:00
Wouter Wijngaards
45022b6add - DNS64 from Viagenie (BSD Licensed), written by Simon Perrault. 
Initial commit of the patch from the FreeBSD base (with its fixes).
  This adds a module (for module-config in unbound.conf) dns64 that
  performs DNS64 processing, see README.DNS64.


git-svn-id: file:///svn/unbound/trunk@3198 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-31 07:15:33 +00:00
Wouter Wijngaards
bdc57e5be5 - Feature, unblock-lan-zones: yesno that you can use to make unbound 
perform 10.0.0.0/8 and other reverse lookups normally, for use if
  unbound is running service for localhost on localhost.


git-svn-id: file:///svn/unbound/trunk@3133 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-20 10:38:32 +00:00
Wouter Wijngaards
d8e5a83392 - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: file:///svn/unbound/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00
Wouter Wijngaards
60511959ab - so-reuseport: yesno option to distribute queries evenly over 
threads on Linux (Thanks Robert Edmonds).


git-svn-id: file:///svn/unbound/trunk@3049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 11:43:38 +00:00
Wouter Wijngaards
b9efb261da - Fix bug#536: acl_deny_non_local and refuse_non_local added. 
git-svn-id: file:///svn/unbound/trunk@3015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-12 10:08:54 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
a140d4a6aa review fixup. 
git-svn-id: file:///svn/unbound/trunk@2927 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-07-26 09:05:06 +00:00
Wouter Wijngaards
ff1dbe4fcc - Implement max-udp-size config option, default 4096 (thanks 
Daisuke Higashi).


git-svn-id: file:///svn/unbound/trunk@2893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 11:55:46 +00:00
Wouter Wijngaards
cf147df593 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and 
minimal-responses features.


git-svn-id: file:///svn/unbound/trunk@2658 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-04-10 09:16:39 +00:00
Wouter Wijngaards
1736d8078a - forward-first option. Tries without forward if a query fails. 
Also stub-first option that is similar.


git-svn-id: file:///svn/unbound/trunk@2637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-01 13:16:40 +00:00
Wouter Wijngaards
8f5596f643 ssl_port setting, so that the dnssec-trigger server can be on one host machine. 
git-svn-id: file:///svn/unbound/trunk@2539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-08 10:56:42 +00:00
Wouter Wijngaards
aa0536dcb5 - dns over ssl support, ssl-service-pem and ssl-service-key files 
can be given and then TCP queries are serviced wrapped in SSL.


git-svn-id: file:///svn/unbound/trunk@2530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-31 14:48:48 +00:00
Wouter Wijngaards
2479955f9f - lame-ttl and lame-size options no longer exist, it is integrated 
with the host info.  They are ignored (with verbose warning) if
  encountered to keep the config file backwards compatible.



git-svn-id: file:///svn/unbound/trunk@2527 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-27 08:33:02 +00:00
Wouter Wijngaards
05e118b7d5 tcp upstream option. 
git-svn-id: file:///svn/unbound/trunk@2480 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 13:58:40 +00:00
Wouter Wijngaards
8def9c1043 - log-queries: yesno option, default is no, prints querylog. 
git-svn-id: file:///svn/unbound/trunk@2429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-16 13:15:57 +00:00
Wouter Wijngaards
ca38a8bd55 - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers. 
git-svn-id: file:///svn/unbound/trunk@2414 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 11:20:14 +00:00
Wouter Wijngaards
0b0a580422 - give config parse error for multiple names on a stub or forward zone. 
git-svn-id: file:///svn/unbound/trunk@2398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:59:27 +00:00
Wouter Wijngaards
dd8e44ac37 - feature typetransparent localzone, does not block other RR types. 
git-svn-id: file:///svn/unbound/trunk@2350 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-02 12:39:33 +00:00
Wouter Wijngaards
78cc3d8ae1 harden-below-nxdomain option taken from draft-vixie-dnsext-resimprove. 
Default off (for now), as some older software that gives nxdomain for ENT
would be incompatible.  But that would only happen in the reverse tree, and
such software (nonDNSSEC) may go out of style, so in the future a default yes
could be possible.



git-svn-id: file:///svn/unbound/trunk@2347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-18 08:49:15 +00:00
Wouter Wijngaards
8c5b3d3c8f - so-sndbuf option for very busy servers, a bit like so-rcvbuf. 
git-svn-id: file:///svn/unbound/trunk@2344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-15 14:30:34 +00:00
Wouter Wijngaards
271445fa4d - Fix bug#308: spelling error in variable name in parser and lexer. 
git-svn-id: file:///svn/unbound/trunk@2110 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-06 05:23:49 +00:00
Wouter Wijngaards
bcd1ac7599 prefetch-key feature. 
git-svn-id: file:///svn/unbound/trunk@1956 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-13 13:33:18 +00:00
Wouter Wijngaards
43d228c5bc Doc fix and work on prefetch feature. 
git-svn-id: file:///svn/unbound/trunk@1951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-07 14:38:18 +00:00
Wouter Wijngaards
5b66f07e38 edns-buffer-size option. 
git-svn-id: file:///svn/unbound/trunk@1881 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-29 10:37:44 +00:00
Wouter Wijngaards
d59a8baec2 so-rcvbuf option. 
git-svn-id: file:///svn/unbound/trunk@1851 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-25 08:54:50 +00:00
Wouter Wijngaards
7d90b75ce8 autotrust options 
git-svn-id: file:///svn/unbound/trunk@1776 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 08:46:33 +00:00
Wouter Wijngaards
3251765048 autotrust work 
git-svn-id: file:///svn/unbound/trunk@1758 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-12 15:26:47 +00:00
Wouter Wijngaards
538ca28828 OpenSSL config() and small memory leak. No more ENGINE_load_gost(). 
git-svn-id: file:///svn/unbound/trunk@1750 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-07 15:23:35 +00:00
Wouter Wijngaards
72aa0bad92 Log option for bogus only. 
git-svn-id: file:///svn/unbound/trunk@1734 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-07-20 14:22:29 +00:00
Wouter Wijngaards
e49e0539d8 newer bison. 
git-svn-id: file:///svn/unbound/trunk@1677 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-19 07:47:46 +00:00
Wouter Wijngaards
768c4b2643 min-ttl option and tests for min-ttl and max-ttl. 
git-svn-id: file:///svn/unbound/trunk@1598 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-14 10:10:11 +00:00
Wouter Wijngaards
4ad2eb2549 detect gost. 
git-svn-id: file:///svn/unbound/trunk@1595 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-09 15:23:14 +00:00
Wouter Wijngaards
1e1ac9900a signature clock skew code. 
git-svn-id: file:///svn/unbound/trunk@1590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-06 14:09:33 +00:00
Wouter Wijngaards
0799d77798 python contribution from Zdenek Vasicek and Marek Vavrusa (BSD licensed). 
git-svn-id: file:///svn/unbound/trunk@1556 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-25 14:47:47 +00:00
Wouter Wijngaards
97a73402fc inverse trust anchor. 
git-svn-id: file:///svn/unbound/trunk@1533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-18 14:02:46 +00:00
Wouter Wijngaards
5f27e00a19 doxygen, lex, yacc. 
git-svn-id: file:///svn/unbound/trunk@1525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-13 09:27:37 +00:00
Wouter Wijngaards
363a4712b2 Parser allows syslog on windows. 
git-svn-id: file:///svn/unbound/trunk@1519 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-11 11:53:47 +00:00
Wouter Wijngaards
63d3cb7ff4 log-time-ascii option 
git-svn-id: file:///svn/unbound/trunk@1465 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-06 12:51:45 +00:00
Wouter Wijngaards
6c7416128c fixup memleaks. 
git-svn-id: file:///svn/unbound/trunk@1331 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-05 10:38:22 +00:00
Wouter Wijngaards
6cebdd2baf unwanted reply threshold like in the draft. 
git-svn-id: file:///svn/unbound/trunk@1321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-22 14:36:46 +00:00
Wouter Wijngaards
83a017d3d1 stub-prime option. 
git-svn-id: file:///svn/unbound/trunk@1319 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-22 12:01:40 +00:00
Wouter Wijngaards
351ef6e252 Option for DOS protection on slower links. 
git-svn-id: file:///svn/unbound/trunk@1282 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-06 09:28:50 +00:00
Wouter Wijngaards
896e4fea2a local data PTR shorthand. 
git-svn-id: file:///svn/unbound/trunk@1277 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-30 15:04:32 +00:00
Wouter Wijngaards
f0b77ed022 extended stats option. 
git-svn-id: file:///svn/unbound/trunk@1238 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-16 09:08:45 +00:00
Wouter Wijngaards
121cb15d67 remote control setup, port binding and service. 
git-svn-id: file:///svn/unbound/trunk@1227 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-10 15:23:01 +00:00
Wouter Wijngaards
ff1a7ec42e private address and private domain config option read and store. 
git-svn-id: file:///svn/unbound/trunk@1223 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-03 14:40:09 +00:00
Wouter Wijngaards
01cabbebc1 do not allow cache snooping by default. 
git-svn-id: file:///svn/unbound/trunk@1220 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-01 13:48:24 +00:00
Wouter Wijngaards
a66e16cb31 new NS queries is not an option (off by default). 
git-svn-id: file:///svn/unbound/trunk@1219 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-29 14:46:08 +00:00
Wouter Wijngaards
21cd9936d8 dlv negative cache size option. 
git-svn-id: file:///svn/unbound/trunk@1213 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-27 13:02:22 +00:00
Wouter Wijngaards
a7cfe2bf65 Test DLV anchor. 
git-svn-id: file:///svn/unbound/trunk@1202 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-21 14:58:39 +00:00
Wouter Wijngaards
080d9d6540 - ldns snapshot r2699 taken (includes DLV type). 
- DLV work, config file element, trust anchor read in.



git-svn-id: file:///svn/unbound/trunk@1187 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-13 14:30:35 +00:00
Wouter Wijngaards
0f80e5e78a - removed base_port. 
- created 256-port ephemeral space for the OS, 59802 available.


git-svn-id: file:///svn/unbound/trunk@1030 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-04-11 14:10:16 +00:00
Wouter Wijngaards
f0cf79146c config available ports, iana assigned ports list. 
git-svn-id: file:///svn/unbound/trunk@1025 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-04-09 15:07:37 +00:00
Wouter Wijngaards
7eeb7cc78c statistics cumulative option. 
git-svn-id: file:///svn/unbound/trunk@1024 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-04-09 12:29:53 +00:00
Wouter Wijngaards
822422cbfb confixlexer and parser from linux are a little more portable (despite the 
signed/unsigned comparison warning).


git-svn-id: file:///svn/unbound/trunk@1008 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-29 10:59:26 +00:00
Wouter Wijngaards
c5ef04b7b4 lexer and parser from freebsd. 
git-svn-id: file:///svn/unbound/trunk@1006 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-29 10:23:52 +00:00
Wouter Wijngaards
d90c162edf config file option for draft-0x20. 
git-svn-id: file:///svn/unbound/trunk@995 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-27 09:39:27 +00:00
Wouter Wijngaards
0627d1a43e do-daemonize 
git-svn-id: file:///svn/unbound/trunk@972 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-20 07:26:03 +00:00
Wouter Wijngaards
967793aad3 statistics-interval config setting. 
git-svn-id: file:///svn/unbound/trunk@917 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-05 10:23:44 +00:00
Wouter Wijngaards
179273a13a interface-automatic (IP6mapped, good for anycast service and so on). 
git-svn-id: file:///svn/unbound/trunk@847 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-01-15 09:45:30 +00:00
Wouter Wijngaards
5cc518f114 inverse. 
git-svn-id: file:///svn/unbound/trunk@844 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-01-11 13:49:59 +00:00
Wouter Wijngaards
1315edc5e9 Nicer sizes possible in config file. 
git-svn-id: file:///svn/unbound/trunk@843 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-01-11 13:20:22 +00:00
Wouter Wijngaards
416129dedb localzone and localdata configuration setup. 
git-svn-id: file:///svn/unbound/trunk@771 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-20 14:48:33 +00:00
Wouter Wijngaards
eda6528c14 access-control 
git-svn-id: file:///svn/unbound/trunk@769 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-19 15:32:55 +00:00
Wouter Wijngaards
a06131872d Harden dnssec stripped zones. 
git-svn-id: file:///svn/unbound/trunk@730 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-01 15:32:27 +00:00
Wouter Wijngaards
fe44f5918a max ttl option. 
git-svn-id: file:///svn/unbound/trunk@721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-31 07:46:30 +00:00
Wouter Wijngaards
280352760c Fixup tests. 
git-svn-id: file:///svn/unbound/trunk@711 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-22 06:25:46 +00:00
Wouter Wijngaards
253a6e0143 root-hints can be read from file. 
git-svn-id: file:///svn/unbound/trunk@708 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-19 14:02:53 +00:00
Wouter Wijngaards
c8c099960a outgoing interfaces setting possible. 
git-svn-id: file:///svn/unbound/trunk@704 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-19 08:32:36 +00:00
Wouter Wijngaards
f22716c237 Added yacc and lex files. 
git-svn-id: file:///svn/unbound/trunk@701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-18 22:49:08 +00:00