same time, the client info is copied for attach_sub and add_sub
calls. That makes respip work on dns64 synthesized answers, and
also makes RPZ work with DNS64. The order for the modules is
module-config: "respip dns64 validator iterator".
current delegation information be updated in cache. The fix allows
current delegation and validation recursion information to be
updated, but as a consequence no longer has certain expired
information around for later dnssec valid expired responses.
- Fix cache update when serve expired is used in order to not evict
still usable expired records. Modules are forbidden to update the
cache if their answer is DNSSEC unchecked or bogus and a valid
(expired) entry already exists. Bogus replies from the validator are
also discarded in favor of existing (expired) valid replies.
- serve-expired-ttl-reset should try to keep expired records in the
cache in case they are reset.
Networks which only have tunneled IPv6 access but still want to go
IPv6-only internally can use unbound's DNS64 module together with the
dns64-synthall or dns64-ignore-aaaa options to direct most traffic (any
dualstack domain) to their NAT64.
There is only one problem with this setup, currently domains with only AAAA
records will fail to resolve.
To allow for this use-case arrange for the A sub-query to make the AAAA
super query advance along the module stack when no records are returned.
Signed-off-by: Daniel Gröber <dxld@darkboxed.org>
- Move declarations to the top for C90 compliance.
- Save cycles by not calling (yet) unneeded functions.
- Possible use of uninitialised value.
- Consistent formatting.
Found by static analyzer svace
Static analyzer message: Return value of a function 'reply_info_copy'
is dereferenced at dns64.c:923 without checking, but it is usually
checked for this function (4/5).
on-behalf-of: @ideco-team <github@ideco.ru>
The original algorithm assumed that any prefix length would be valid
and did not skip over bits 64 to 71 and set them to zero.
This means that only dns64 prefixes with length 32 and 96 generated
embedded addresses according to RFC6052, cf. Figure 1 in 2.2.
other threads from picking up the wrong data. The module restores
the previous no_cache_store setting when the the module is finished.
git-svn-id: file:///svn/unbound/trunk@4979 be551aaa-1e26-0410-a405-d3ace91eadb9
config.sub(2016-09-05).
- annotate case statement fallthrough for gcc 7.1.1.
- flex output from flex 2.6.1.
- snprintf of thread number does not warn about truncated string.
git-svn-id: file:///svn/unbound/trunk@4278 be551aaa-1e26-0410-a405-d3ace91eadb9
bypassing the cache response stage and uniquifying mesh states. Four EDNS
option lists were added to module_qstate (module_qstate.edns_opts_*) to
store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
functions can be called just before replying with local data or Chaos,
replying from cache, replying with SERVFAIL, replying with a resolved
query, sending a query to a nameserver. The functions can inspect the
available data and maybe change response/query related data (i.e. append
EDNS options).
- Updated Python module for the above.
- Updated Python documentation.
git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
