Robert Edmonds
fceb4e8585
Mesh reply counters ( #1374 )
...
* Statistics counter for number of queries dropped by limit on reply addresses
Request list entries can be associated with multiple pending "reply
addresses". Basically each request list entry keeps its own list of
clients that should receive the response once the recursion is finished.
This requires keeping allocations around for each client, and there is
a global limit on the number of *additional* reply addresses that can
be allocated. (Each new request list entry seems to get its own initial
reply address which is not counted against the limit.)
This commit adds a statistics counter "num_queries_replyaddr_limit" that
counts the number of incoming client queries that have been dropped due
to the restriction on allocating additional reply addresses. This allows
distinguishing these drops from other kinds of drops.
* Statistics counter for number of mesh reply entries
Request list entries can be associated with multiple pending "reply
addresses". Since there is a limit on the number of additional reply
addresses that can be allocated which can cause incoming queries to be
dropped if exceeded, it would be nice to be able to track this number.
This commit basically exports the mesh_area's internal counter
`num_reply_addrs` as "threadX.requestlist.current.replies" /
"total.requestlist.current.replies".
2025-11-13 09:33:05 +01:00
W.C.A. Wijngaards
98f4257890
- iana portlist updated.
ci / build (push) Waiting to run
2025-11-12 11:49:21 +01:00
W.C.A. Wijngaards
0a15118aff
- Fix that when discard timeout drops packet, they are accounted as
...
less reply addresses in use in the mesh area.
2025-11-12 11:49:04 +01:00
W.C.A. Wijngaards
e887a79a92
- Fix configure test for nonstring attribute so that it does not
...
ci / build (push) Has been cancelled
accept when the compiler prints a warning about an unknown
attribute.
2025-11-06 15:03:17 +01:00
W.C.A. Wijngaards
f9b9050ab8
- Fix configure test for noreturn attribute so it compiles without
...
warning.
2025-11-06 15:00:08 +01:00
W.C.A. Wijngaards
94735384fd
- Fix add comment to worker_handle_request function that explain it.
2025-11-06 14:32:56 +01:00
W.C.A. Wijngaards
5dab0609e5
- Fix dns64 log output to log the default instead of a null string.
ci / build (push) Has been cancelled
2025-11-04 10:19:03 +01:00
Yorgos Thessalonikefs
024c921dbf
- Fix #1366 : Infra cache does not work correctly for NAT64, by
...
ci / build (push) Has been cancelled
moving the NAT64 synthesis from the iterator when selecting a target
address, to the delegation point itself when adding target
addresses.
2025-11-01 15:10:27 +01:00
Yorgos Thessalonikefs
1a808e2978
- Fix typo; spotted by T3rm1.
ci / build (push) Has been cancelled
2025-10-28 14:42:20 +01:00
Yorgos Thessalonikefs
56ded934de
- Fix #1165 , document the possible circular dependency when using
...
ci / build (push) Waiting to run
host names instead of IP addresses for name servers in stub/forward
zones and log a warning when spotted in the configuration.
2025-10-27 14:01:10 +01:00
Yorgos Thessalonikefs
98952f11d1
Changelog entry for #1331 :
...
ci / build (push) Waiting to run
- Merge #1331 from Jitka Plesníková: Replace deprecated $function by
new $action, for SWIG.
2025-10-27 09:59:35 +01:00
Yorgos Thessalonikefs
cb4b3de62f
Merge pull request #1331 from jplesnik/master
...
Replace deprecated $function by new $action
2025-10-27 09:57:59 +01:00
Yorgos Thessalonikefs
c8dcfc0853
- For #1364 , use OPENSSL_VERSION_TEXT instead of OPENSSL_VERSION_NUMBER
...
ci / build (push) Has been cancelled
for part of the configure script. OPENSSL_VERSION_TEXT is more
consistent across versions.
2025-10-24 15:43:22 +02:00
Yorgos Thessalonikefs
2bb28fdf12
- Fix unused attribute warning in redis.c when threads are not
...
supported.
2025-10-24 14:44:58 +02:00
Yorgos Thessalonikefs
6ad26909dd
- Note Havard Eidnes for his suggestions on the mailing list.
2025-10-24 14:26:08 +02:00
Yorgos Thessalonikefs
9602973c86
- unbound.conf man page updates to include a preview of the section
...
clauses and some reformatting around the use of "clause", "option"
and "attributes".
2025-10-24 14:23:53 +02:00
Yorgos Thessalonikefs
713b1783d4
- Tag for 1.24.1 release.
...
ci / build (push) Has been cancelled
The repository continues with version 1.24.2.
2025-10-22 12:49:29 +02:00
Yorgos Thessalonikefs
e06b7eb3f1
Merge branch 'branch-1.24.1'
2025-10-22 12:44:59 +02:00
Yorgos Thessalonikefs
a33f0638e1
- Fix CVE-2025-11411 (possible domain hijacking attack), reported by Yuxiao Wu,
...
Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University.
2025-10-22 10:54:57 +02:00
Yorgos Thessalonikefs
bbeee42e25
- Set version to 1.24.1.
2025-10-22 10:50:18 +02:00
Yorgos Thessalonikefs
1cb9595a42
- Update the unbound.conf online man page link and some text
...
ci / build (push) Has been cancelled
reformatting in README.md.
2025-10-20 14:34:40 +02:00
Wouter Wijngaards
aa21e38b3a
Fix for analysis and ports workflows iOS, Windows ( #1361 )
...
ci / build (push) Has been cancelled
* - Remove SDK_VERSION and only run failed jobs, echo windows config.log
* Use commented out to fix syntax of ci.
* - Turn off succeeded tests, only link libssp for cross compile, use
no-shared for openssl ios.
* - Remove iPhone armv7s, and iPhoneSimulator i386 from ios ci.
The lib system does not provide symbols for it on the new macos
runner.
- Fix to exclude libssp for windows compiles.
2025-10-15 16:12:39 +02:00
W.C.A. Wijngaards
964848b94a
- Fix unbound.conf man page entry for root-hints to say it can
...
be used without strongly recommending it.
2025-10-15 15:40:47 +02:00
Yorgos Thessalonikefs
a4dd321fd8
- Remove extra gpg instructions from makedist.sh output.
2025-10-15 14:59:48 +02:00
Yorgos Thessalonikefs
d23a28a693
- ci: don't fail fast for the analysis_port workflow.
ci / build (push) Waiting to run
2025-10-15 14:10:20 +02:00
W.C.A. Wijngaards
5423c0a8e9
Update ios ci with older sdk version to use.
2025-10-15 13:41:36 +02:00
W.C.A. Wijngaards
6a5385f291
- Fix to update openssl version in ios ci.
2025-10-15 12:25:44 +02:00
W.C.A. Wijngaards
16f3478048
- Add extended dns error code for invalid query type to definition
...
list.
2025-10-15 11:39:58 +02:00
W.C.A. Wijngaards
c8860a5fb6
- Fix to reply with SERVFAIL when the wait-limit is exceeded.
2025-10-15 11:36:29 +02:00
W.C.A. Wijngaards
735c96aac7
- Fix to drop UDP for discard-timeout, but not stream connections.
2025-10-15 11:04:22 +02:00
W.C.A. Wijngaards
a75ea01a15
- Fix #1358 Enabling FIPS in OpenSSL causes unit test to fail.
ci / build (push) Has been cancelled
2025-10-10 09:17:08 +02:00
Yorgos Thessalonikefs
21f02a0865
- Note clearly that 'wait-limit: 0' disables all wait limits.
...
- 'wait-limit-cookie: 0' can now disable cookie validated wait
limits.
2025-10-03 16:44:44 +02:00
Yorgos Thessalonikefs
e017d66fc1
- Note 'respip' and 'dns64' module order in the unbound.conf
...
man page.
2025-10-03 11:27:26 +02:00
W.C.A. Wijngaards
adaf5dab49
- Fix that https is set up as enabled when the port is listed in
...
interface-automatic-ports. Also for the set up of quic it is
enabled when listed there.
2025-10-02 10:16:06 +02:00
W.C.A. Wijngaards
feeebc95f8
- Fix for #1344 : Fix that respip and dns64 can be enabled at the
...
same time, the client info is copied for attach_sub and add_sub
calls. That makes respip work on dns64 synthesized answers, and
also makes RPZ work with DNS64. The order for the modules is
module-config: "respip dns64 validator iterator".
2025-09-30 11:28:15 +02:00
W.C.A. Wijngaards
187aa52859
- Fix #1344 : module conf 'respip dns64 validator cachedb iterator'
...
is not known to work.
2025-09-29 16:11:50 +02:00
W.C.A. Wijngaards
f1fea8dc46
- Fix #1353 : auth-zone can not use empty label for $ORIGIN when
...
http download.
2025-09-29 14:24:31 +02:00
Yorgos Thessalonikefs
0c01257d1d
Changelog entry for #1351 :
...
- Merge #1351 : ac_cv_func_malloc_0_nonnull for malloc(0) check.
2025-09-29 13:14:07 +02:00
W.C.A. Wijngaards
50a11ebcc8
- Rebuild configure script from its sources.
2025-09-29 13:13:15 +02:00
Yorgos Thessalonikefs
1e2dc657a1
ac_cv_func_malloc_0_nonnull for malloc(0) check ( #1351 )
...
- For #1339 , use the standard variable ac_cv_func_malloc_0_nonnull for
the malloc(0) check during configure; patch from Helmut Grohne.
2025-09-29 13:12:27 +02:00
Yorgos Thessalonikefs
843124852f
Changelog entry for #1349 :
...
- Merge #1349 : Fix #1346 : [FR] Please allow back TLS 1.2.
2025-09-29 12:10:34 +02:00
W.C.A. Wijngaards
5e2fdff8e5
- Fix fr_atomic_copy_cfg.
2025-09-29 12:08:30 +02:00
Yorgos Thessalonikefs
499a3a7a61
Fix #1346 : [FR] Please allow back TLS 1.2. ( #1349 )
...
* 'tls-use-system-policy-versions' is introduced to allow Unbound to use
any system available TLS version when serving TLS.
* Apply suggestions from code review
---------
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
2025-09-29 12:03:56 +02:00
W.C.A. Wijngaards
2024c1d050
- Neaten up the change in acx_nlnetlabs.m4 to version 49.
2025-09-29 11:40:14 +02:00
W.C.A. Wijngaards
6cd595a816
- Fix modstack_call_init to use the original string when it has
...
changed, to call modstack_config with. And skip the changed name
in the string correctly. Thanks to Jan Komissar.
2025-09-29 11:31:50 +02:00
W.C.A. Wijngaards
74cf81e9a7
- Rebuild configure script from its sources.
2025-09-29 10:02:54 +02:00
Yorgos Thessalonikefs
35f6fd47fb
- Test for nonstring attribute in configure and add
...
nonstring attribute annotations.
2025-09-26 16:23:55 +02:00
Alex Band
270e099aab
Update Mastodon shield
2025-09-25 21:39:39 +02:00
Yorgos Thessalonikefs
64645e1401
- Avoid calling mesh_detect_cycle_found() when there is no mesh state
...
to begin with.
2025-09-24 14:30:24 +02:00
Yorgos Thessalonikefs
421d317a64
- For #1350 , same CAP_NET_ADMIN change for unbound_portable.service.in
...
as well.
2025-09-23 17:42:41 +02:00
