upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-21 15:21:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6058 commits 23 branches 209 tags 123 MiB
Commit graph

72 commits

Author SHA1 Message Date
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
W.C.A. Wijngaards
e99b5046eb - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL 
3.0.0-alpha4.
- Longer keys for the test set, this avoids weak crypto errors.
 2020-07-08 16:22:39 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
W.C.A. Wijngaards
398e260145 Fixup ssl authentication not available with check for it. 2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards
25a88d6d54 dnstap io, check peer verification in dtstream dtio_ssl_handshake. 2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
ad180402ea dnstap io, set tls auth name in outgoing ssl 2020-02-05 16:17:21 +01:00
Ralph Dolmans
14913d75c0 - processed RPZ review feedback 
- fix potential locking issue
  - add extra out of bound checks
 2020-01-15 22:45:29 +01:00
Ralph Dolmans
ae4f6a259b Proccess more review feedback 2019-12-23 16:02:43 +01:00
Ralph Dolmans
9843b836ee Merge branch 'master' into rpz 2019-09-09 17:17:43 +02:00
W.C.A. Wijngaards
1089fd6dc1 - squelch DNS over TLS errors 'ssl handshake failed crypto error' 
on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
 2019-09-03 09:47:27 +02:00
Ralph Dolmans
9ce7045413 - Fix doxygen issue 
- Fix memory leak
 - IANA ports update
 - merge littlehash ASAN changes
 2019-07-16 19:45:49 +02:00
Ralph Dolmans
395d83cfc8 Procedures to parse RPZ ip address notation. 2019-06-24 16:01:01 +02:00
Wouter Wijngaards
d3f397c686 More fixes, statistic counter at end of struct for backwards compatibility, man page, free at exit, indent. 
git-svn-id: file:///svn/unbound/trunk@5062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 10:19:04 +00:00
Wouter Wijngaards
011a7d8830 - Fixes for patch (includes, declarations, warnings). 
git-svn-id: file:///svn/unbound/trunk@5060 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:43:47 +00:00
Wouter Wijngaards
510606dd1c - Patch for TLS session resumption from Manabu Sonoda, 
enable with tls-session-ticket-keys in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:35:52 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
5a726fb61f - Add routine from getdns to add windows cert store to the SSL_CTX. 
git-svn-id: file:///svn/unbound/trunk@4697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 13:22:10 +00:00
Wouter Wijngaards
6fefbb4115 - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 
git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-02 06:36:02 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
4691979679 - Fix auth zone target lookup iterator. 
- notify with prefix


git-svn-id: file:///svn/unbound/trunk@4624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 13:14:24 +00:00
Wouter Wijngaards
3b87862c8a auth zone work. 
git-svn-id: file:///svn/unbound/trunk@4512 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-06 09:32:41 +00:00
Wouter Wijngaards
08a3461810 - enhancement for hardened-tls for DNS over TLS. Removed duplicated 
security settings.


git-svn-id: file:///svn/unbound/trunk@4255 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-29 11:45:43 +00:00
Wouter Wijngaards
c19f818c52 - Fix #545: improved logging, the ip address of the error is printed 
on the same log-line as the error.


git-svn-id: file:///svn/unbound/trunk@3112 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 14:40:20 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
f9762ba453 - Fix openssl race condition, initializes openssl locks, reported 
by Einar Lonn and Patrik Wallstrom.


git-svn-id: file:///svn/unbound/trunk@2733 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-01 11:31:29 +00:00
Wouter Wijngaards
cf147df593 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and 
minimal-responses features.


git-svn-id: file:///svn/unbound/trunk@2658 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-04-10 09:16:39 +00:00
Wouter Wijngaards
aa0536dcb5 - dns over ssl support, ssl-service-pem and ssl-service-key files 
can be given and then TCP queries are serviced wrapped in SSL.


git-svn-id: file:///svn/unbound/trunk@2530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-31 14:48:48 +00:00
Wouter Wijngaards
bc54fa3e58 addr_is_any 
git-svn-id: file:///svn/unbound/trunk@2279 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-13 07:59:55 +00:00
Wouter Wijngaards
9d66b48885 - openbsd-lint fixes: acl_list_get_mem used if debug-alloc enabled. 
iterator get_mem includes priv_get_mem.  delegpt nodup removed.
  listen_pushback, query_info_allocqname, write_socket, send_packet,
  comm_point_set_cb_arg and listen_resume removed.


git-svn-id: file:///svn/unbound/trunk@2222 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-20 13:30:41 +00:00
Wouter Wijngaards
40f8fe2815 add and fix doxygen comments for doxygen-1.7.1. (which reports lots of 
spurious items as well, by the way).


git-svn-id: file:///svn/unbound/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-13 08:41:49 +00:00
Wouter Wijngaards
109fbe2350 - Squelch log message: sendto failed permission denied for 
255.255.255.255, it is visible in VERB_DETAIL (verbosity 2).


git-svn-id: file:///svn/unbound/trunk@2088 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-23 06:48:49 +00:00
Wouter Wijngaards
5b66f07e38 edns-buffer-size option. 
git-svn-id: file:///svn/unbound/trunk@1881 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-29 10:37:44 +00:00
Wouter Wijngaards
5d2e8e8e97 Retry mode, DS and prime. 
git-svn-id: file:///svn/unbound/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 07:52:02 +00:00
Wouter Wijngaards
455c3d130d Data retry on validation failure. 
git-svn-id: file:///svn/unbound/trunk@1859 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-06 08:31:47 +00:00
Wouter Wijngaards
c6da8de517 suppress ipv4mapped errors from logs. 
git-svn-id: file:///svn/unbound/trunk@1570 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-01 10:01:43 +00:00
Wouter Wijngaards
a2dcd9c019 forward command for unbound-control. 
git-svn-id: file:///svn/unbound/trunk@1482 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-13 15:26:37 +00:00
Wouter Wijngaards
636f742ef0 extended statistics. 
git-svn-id: file:///svn/unbound/trunk@1239 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-16 14:08:38 +00:00
Wouter Wijngaards
4a6d702edf - mingw32 porting. 
- test for sys/wait.h
          - WSAEWOULDBLOCK test after nonblocking TCP connect.
          - write_iov_buffer removed: unused and no struct iov on windows.
          - signed/unsigned warning fixup mini_event.
          - use ioctlsocket to set nonblocking I/O if fnctl is unavailable.
          - skip signals that are not defined
          - detect pwd.h.
          - detect getpwnam, getrlimit, setsid, sbrk, chroot.
          - default config has no chroot if chroot() unavailable.
          - if no kill() then no pidfile is read or written.
          - gmtime_r is replaced by nonthreadsafe alternative if unavail.
            used in rrsig time validation errors.


git-svn-id: file:///svn/unbound/trunk@1097 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-05-23 14:13:07 +00:00
Wouter Wijngaards
2b4ef794b9 logging nicer, removal of reply_iov. 
git-svn-id: file:///svn/unbound/trunk@911 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-01-30 14:46:01 +00:00
Wouter Wijngaards
76a31aacd3 test for ancillary data and fixes for lint and doxygen. 
git-svn-id: file:///svn/unbound/trunk@848 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-01-15 10:10:22 +00:00
Wouter Wijngaards
eda6528c14 access-control 
git-svn-id: file:///svn/unbound/trunk@769 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-19 15:32:55 +00:00
Wouter Wijngaards
435fbd1794 acl list setup. 8 to tab in net_help. 
git-svn-id: file:///svn/unbound/trunk@753 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-16 16:25:37 +00:00
Wouter Wijngaards
280352760c Fixup tests. 
git-svn-id: file:///svn/unbound/trunk@711 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-22 06:25:46 +00:00
Wouter Wijngaards
268ada0d33 errors have addresses with them. 
git-svn-id: file:///svn/unbound/trunk@692 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-18 09:04:55 +00:00
Wouter Wijngaards
4260a18fb1 assertions, zero termination for gethostname, log_hex without malloc. 
git-svn-id: file:///svn/unbound/trunk@679 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-16 12:26:09 +00:00
Wouter Wijngaards
fed59bca84 fixup addr6 check. 
git-svn-id: file:///svn/unbound/trunk@677 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-15 14:42:37 +00:00
Wouter Wijngaards
8351afe61a cname nxdomain fixup. 
git-svn-id: file:///svn/unbound/trunk@576 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-09-03 09:13:27 +00:00
Wouter Wijngaards
272096d611 Returns and caches validated replies. 
git-svn-id: file:///svn/unbound/trunk@536 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-21 13:12:10 +00:00
Wouter Wijngaards
1d29f79974 verify unit test. 
git-svn-id: file:///svn/unbound/trunk@522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-15 13:18:32 +00:00
Wouter Wijngaards
45f95a18af rrsig checks. 
git-svn-id: file:///svn/unbound/trunk@502 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-09 09:58:04 +00:00