upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8148 commits 23 branches 209 tags 123 MiB
Commit graph

89 commits

Author SHA1 Message Date
Yorgos Thessalonikefs
2bb28fdf12 - Fix unused attribute warning in redis.c when threads are not 
supported.
 2025-10-24 14:44:58 +02:00
Yorgos Thessalonikefs
73e408f1d0 A few changes for TTL processing: 
- Cached messages that reach 0 TTL are considered expired. This prevents
  Unbound itself from issuing replies with TTL 0 and possibly causing a
  thundering herd at the last second. Upstream replies of TTL 0 still
  get the usual pass-through but they are not considered for caching
  from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
  TTL value of the record to try and make some sense when replying
  with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
  high-order bit means the value is positive instead of 0.
 2025-09-15 10:03:35 +02:00
Yorgos Thessalonikefs
d521135f66 Merge branch 'master' into features/no-ttl-zero-cacherep 2025-09-12 15:24:06 +02:00
Yorgos Thessalonikefs
a72177e73c - Update documentation for using "SET ... EX" in Redis. 
- Document max buffer sizes for Redis commands.
 2025-09-08 14:49:12 +02:00
W.C.A. Wijngaards
f8f4779f1f - Fix redis cachedb module gettimeofday init failure. 2025-07-28 09:32:55 +02:00
W.C.A. Wijngaards
424f86466a - Redis checks for server down and throttles reconnects. 2025-07-24 11:05:25 +02:00
Yorgos Thessalonikefs
90243a694a
Redis read-only replica support (#1019) 
* Set version to 1.19.1 for point release.

* Initial work for Redis read-only replica support.

* Test for Redis replica.

* Documentation for the Redis replica timeouts.

* redis replica, rewrite set_timeout()

* clean merge.

* Add new options for fast reload.

* Apply suggestions from code review

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>

* some more typos

---------

Co-authored-by: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-04-04 10:20:47 +02:00
W.C.A. Wijngaards
0eabc8d0f1 - Fix for #1253: Fix for redis cachedb backend to expect an integer 
reply for the EXPIRE command.
 2025-03-21 14:07:22 +01:00
W.C.A. Wijngaards
a42fb99508 - Fix #1253: Cache entries fail to be removed from Redis cachedb 
backend with unbound-control flush* +c.
 2025-03-21 12:56:21 +01:00
Yorgos Thessalonikefs
c5c5486261 - Fix hash calculation for cachedb to ignore case. Previously, cached 
records there were only relevant for same case queries (if not
  already in Unbound's internal cache).
 2025-02-24 14:47:13 +01:00
W.C.A. Wijngaards
50fcf71f04 - ttl-zero-cacherep, Responses in the last second of their cache TTL, 
get an extra second. That makes the TTL not 0, since they are from
  cache and can be cached by the client.
 2024-11-11 15:43:10 +01:00
Yorgos Thessalonikefs
36d8c6e778 - Fix SETEX check during Redis (re)initialization. 2024-11-05 12:18:55 +01:00
W.C.A. Wijngaards
60fd77b8f9 - Fix to log redis timeout error string on failure. 2024-11-05 11:41:41 +01:00
W.C.A. Wijngaards
d5e91d181b - Fix for the serve expired DNSSEC information fix, it would not allow 
current delegation information be updated in cache. The fix allows
  current delegation and validation recursion information to be
  updated, but as a consequence no longer has certain expired
  information around for later dnssec valid expired responses.
 2024-11-05 10:39:27 +01:00
W.C.A. Wijngaards
5f3f214da5 - Fix redis that during a reload it does not fail if the redis 
server does not connect or does not respond. It still logs the
  errors and if the server is up checks expiration features.
 2024-11-04 10:14:13 +01:00
W.C.A. Wijngaards
5679c8b1df - Fix to limit NSEC TTL for messages from cachedb. Fix to limit the 
prefetch ttl for messages after a CNAME with short TTL.
 2024-10-09 15:28:55 +02:00
Yorgos Thessalonikefs
2e398d51ba
Fix cache update when serve expired is used (#1143) 
- Fix cache update when serve expired is used in order to not evict
  still usable expired records. Modules are forbidden to update the
  cache if their answer is DNSSEC unchecked or bogus and a valid
  (expired) entry already exists. Bogus replies from the validator are
  also discarded in favor of existing (expired) valid replies.

- serve-expired-ttl-reset should try to keep expired records in the
  cache in case they are reset.
 2024-09-24 16:47:04 +02:00
W.C.A. Wijngaards
5e9b6296b7 - Add redis-command-timeout: 20 and redis-connect-timeout: 200, 
that can set the timeout separately for commands and the
  connection set up to the redis server. If they are not
  specified, the redis-timeout value is used.
 2024-09-17 13:10:34 +02:00
W.C.A. Wijngaards
a335e601e4 ipset-pf-support, move startup and destartup to the front of the module 
func block functions, modstack call deinit function names, and detect
module change when no startup functions are needed.
 2024-07-03 13:53:44 +02:00
W.C.A. Wijngaards
ff653a7ef8 Call module init init again, and new function startup and destartup. 
NULL can be used if the function is not used. Open shared ports during
reload. Deinit is called during reload.
 2024-07-01 16:10:07 +02:00
W.C.A. Wijngaards
3953f827fb Merge branch 'master' of https://github.com/madroach/unbound into ipset-pf-support 2024-07-01 14:36:33 +02:00
W.C.A. Wijngaards
fbdc06ebc4 - Fix for #1064: Fix that cachedb expired messages are considered 
insecure, and thus can be served to clients when dnssec is enabled.
 2024-05-21 17:06:18 +02:00
W.C.A. Wijngaards
da2b307aa3 - Fix #1071: [FR] Clear both in-memory and cachedb module cache with 
`unbound-control flush*` commands.
 2024-05-16 16:56:58 +02:00
W.C.A. Wijngaards
7c5e765b3b - Fix cachedb with serve-expired-client-timeout disabled. The edns 
subnet module deletes global cache and cachedb cache when it
  stores a result, and serve-expired is enabled, so that the global
  reply, that is older than the ecs reply, does not return after
  the ecs reply expires.
 2024-04-26 13:32:15 +02:00
Wouter Wijngaards
ced9762b14
Merge pull request #1041 from NLnetLabs/stubfwd-unshare 
Stub and Forward unshare
 2024-04-25 11:11:00 +02:00
W.C.A. Wijngaards
491b56d051 - Fixup cachedb to not refetch when serve-expired-client-timeout is 
used.
 2024-04-12 14:22:18 +02:00
W.C.A. Wijngaards
08fb9a9209 - Fix cachedb for serve-expired with serve-expired-client-timeout. 2024-04-12 11:26:53 +02:00
W.C.A. Wijngaards
04ff2672b5 - Fix to not reply serve expired unless enabled for cachedb. 2024-04-10 17:06:01 +02:00
W.C.A. Wijngaards
d47849a26e - Fix cachedb for serve-expired with serve-expired-reply-ttl. 2024-04-10 17:01:57 +02:00
W.C.A. Wijngaards
d98c7b9ae3 - Implement cachedb-check-when-serve-expired: yes option, default 
is enabled. When serve expired is enabled with cachedb, it first
  checks cachedb before serving the expired response.
 2024-04-10 11:21:28 +02:00
W.C.A. Wijngaards
f2fb498c69 - fast-reload, unshare forwards, making the structure locked, with an rwlock. 2024-04-03 13:55:54 +02:00
W.C.A. Wijngaards
47094fd83f Merge branch 'master' into cachedb-no-store 2023-10-11 13:51:34 +02:00
W.C.A. Wijngaards
f2528dc3ac - Fix that cachedb does not warn when serve-expired is disabled about 
use of serve-expired-reply-ttl and serve-expired-client-timeout.
 2023-10-11 13:29:56 +02:00
George Thessalonikefs
e98b89651e - Fix #850: [FR] Ability to use specific database in Redis, with new 
redis-logical-db configuration option.
 2023-10-11 11:44:55 +02:00
W.C.A. Wijngaards
ae96aa0a6d - cachedb-no-store, implement cachedb-no-store: yes configuration option. 2023-10-06 13:22:10 +02:00
W.C.A. Wijngaards
3160d6ac08 - Fix for #925: unbound.service: Main process exited, code=killed, 
status=11/SEGV. Fixes cachedb configuration handling.
 2023-08-21 11:28:49 +02:00
Yorgos Thessalonikefs
5f76e201f0
- For #790: Update formatting in cachedb/cachedb.c 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2023-07-31 10:13:01 +02:00
George Thessalonikefs
f97927a47e Merge branch 'master' into features/ede-caching-cachedb 2023-07-30 14:17:52 +02:00
George Thessalonikefs
c15cfb4bd9 - Review for #790: Address Wouter's comments. 2023-07-28 16:55:51 +02:00
mibere
ef9f7f113f Log established connection to Redis 2023-07-21 14:41:26 +02:00
mibere
2d33bba3c0 Changed verbosity level for Redis init & deinit 
Redis init & deinit are basic (operational) information
 2023-07-21 14:39:34 +02:00
George Thessalonikefs
3c3fd7a795 - More predictable testing for cachedb. 2023-05-30 23:33:48 +02:00
George Thessalonikefs
4f52be4db9 - Introduce num.query.cachedb to track cache hits for the external cache. 2023-05-30 17:49:50 +02:00
George Thessalonikefs
6bf677e7de Fix #833: [FR] Ability to set the Redis password. 2023-01-23 11:45:07 +01:00
W.C.A. Wijngaards
77f15428c9 - Add #835: [FR] Ability to use Redis unix sockets. 2023-01-23 10:09:28 +01:00
George Thessalonikefs
896f7a8306 - Ignore expired error responses. 2022-11-22 17:44:55 +01:00
TCY16
6dcba49ff1 add cachedb support 2022-11-21 13:23:00 +01:00
W.C.A. Wijngaards
17e5dd6131 - Fix that cachedb does not store failures in the external cache. 2022-10-21 10:11:47 +02:00
W.C.A. Wijngaards
f6753a0f10 - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. 2022-08-01 13:24:40 +02:00
Tom Carpay
e899b4cefe Make explicit whether edns options are parsed from queries or responses 2021-11-15 13:40:51 +00:00