same time, the client info is copied for attach_sub and add_sub
calls. That makes respip work on dns64 synthesized answers, and
also makes RPZ work with DNS64. The order for the modules is
module-config: "respip dns64 validator iterator".
- Cached messages that reach 0 TTL are considered expired. This prevents
Unbound itself from issuing replies with TTL 0 and possibly causing a
thundering herd at the last second. Upstream replies of TTL 0 still
get the usual pass-through but they are not considered for caching
from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
TTL value of the record to try and make some sense when replying
with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
high-order bit means the value is positive instead of 0.
global cache if the querier used 0.0.0.0/0 and the name and address
do not receive subnet treatment. If the name and address are
configured for subnet, it is stored in the subnet cache.
- Fix NSEC3 code to not break on broken auth zones that include unsigned
out of zone (above apex) data. Could lead to hang while trying to
prove a wildcard answer.
Reported by Dmitrii Kuvaiskii from Amazon Web Services.
- Tests for NSEC3 auth zones with out of zone data.
* v1 EDER poc
* remove superfluous edns_list_get_option function
* create an EDER configurable
* Hackathon 114
* Fixes for version -04
* Generated configparser and configlexer are not versioned in master anymore
* Remove NOERROR DNS Error Reporting; not part of final RFC.
* Use assigned IANA EDNS0 Option Code for Report-Channel.
* Fix buffer protection and agent domain validity
* Use DNS Error Reporting instead of the eder nickname
* Update documentation.
* Fix typo.
* Bail out early if ede is not present.
* Forget previous EDNS options from upstream; this is what was
implicitly happening but not deterministacally.
* Don't report LDNS_EDE_OTHER and bail early if there is no reporting
agent.
* Only do DNS error reporting when a client asked for something that
went wrong.
* Add an error reporting agent in the parent that should be ignored.
* review feedback.
* fixup for fast reload
* Add 'num.dns_error_reports' to stats and test for it.
---------
Co-authored-by: TCY16 <tom@nlnetlabs.nl>
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
* Set version to 1.19.1 for point release.
* Initial work for Redis read-only replica support.
* Test for Redis replica.
* Documentation for the Redis replica timeouts.
* redis replica, rewrite set_timeout()
* clean merge.
* Add new options for fast reload.
* Apply suggestions from code review
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
* some more typos
---------
Co-authored-by: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
* - fast-reload, add unbound-control fast_reload
* - fast-reload, make a thread to service the unbound-control command.
* - fast-reload, communication sockets for information transfer.
* - fast-reload, fix compile for unbound-dnstap-socket.
* - fast-reload, set nonblocking communication to keep the server thread
responding to DNS requests.
* - fast-reload, poll routine to test for readiness, timeout fails connection.
* - fast-reload, detect loop in sock_poll_timeout routine.
* - fast-reload, send done and exited notification.
* - fast-reload, defines for constants in ipc.
* - fast-reload, ipc socket recv and send resists partial reads and writes and
can continue byte by byte. Also it can continue after an interrupt.
* - fast-reload, send exit command to thread when done.
* - fast-reload, output strings for client on string list.
* - fast-reload, add newline to terminal output.
* - fast-reload, send client string to remote client.
* - fast-reload, better debug output.
* - fast-reload, print queue structure, for output to the remote client.
* - fast-reload, move print items to print queue from fast_reload_thread struct.
* - fast-reload, keep list of pending print queue items in daemon struct.
* - fast-reload, comment explains in_list for printq to print remainder.
* - fast-reload, unit test testdata/fast_reload_thread.tdir that tests the
thread output.
* - fast-reload, fix test link for fast_reload_printq_list_delete function.
* - fast-reload, reread config file from disk.
* - fast-reload, unshare forwards, making the structure locked, with an rwlock.
* - fast-reload, for nonthreaded, the unbound-control commands forward,
forward_add and forward_delete should be distributed to other processes,
but when threaded, they should not be distributed to other threads because
the structure is not thread specific any more.
* - fast-reload, unshared stub hints, making the structure locked, with an rwlock.
* - fast-reload, helpful comments for hints lookup function return value.
* - fast-reload, fix bug in fast reload printout, the strlist appendlist routine,
and printout time statistics after the reload is done.
* - fast-reload, keep track of reloadtime and deletestime and print them.
* - fast-reload, keep track of constructtime and print it.
* - fast-reload, construct new items.
* - fast-reload, better comment.
* - fast-reload, reload the config and swap trees for forwards and stub hints.
* - fast-reload, in forwards_swap_tree set protection of trees with locks.
* - fast-reload, in hints_swap_tree also swap the node count of the trees.
* - fast-reload, reload ipc to stop and start threads.
* - fast-reload, unused forward declarations removed.
* - fast-reload, unit test that fast reload works with forwards and stubs.
* - fast-reload, fix clang analyzer warnings.
* - fast-reload, small documentation entry in unbound-control -h output.
* - fast-reload, printout memory use by fast reload, in bytes.
* - fast-reload, compile without threads.
* - fast-reload, document fast_reload in man page.
* - fast-reload, print ok when done successfully.
* - fast-reload, option for fast-reload commandline, +v verbosity option,
with timing and memory use output.
* - fast-reload, option for fast-reload commandline, +p does not pause threads.
* - fast-reload, option for fast-reload commandline, +d drops mesh queries.
* - fast-reload, fix to poll every thread with nopause to make certain that
resources are not held by the threads and can be deleted.
* - fast-reload, fix to use atomic store for config variables with nopause.
* - fast-reload, reload views.
* - fast-reload, when tag defines are different, it drops the queries.
* - fast-reload, fix tag define check.
* - fast-reload, document that tag change causes drop of queries.
* - fast-reload, fix space in documentation man page.
* - fast-reload, copy respip client information to query state, put views tree
in module env for lookup.
* - fast-reload, nicer respip view comparison.
* - fast-reload, respip global set is in module env.
* - fast-reload, document that respip_client_info acl info is copied.
* - fast-reload, reload the respip_set.
* - fast-reload, document no pause and pick up of use_response_ip boolean.
* - fast-reload, fix test compile.
* - fast-reload, reload local zones.
* Update locking management for iter_fwd and iter_hints methods. (#1054)
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
* - fast-reload, reload access-control.
* - fast-reload, reload access control interface, such as interface-action.
* - fast-reload, reload tcp-connection-limit.
* - fast-reload, improve comments on acl_list and tcl_list swap tree.
* - fast-reload, fixup references to old tcp connection limits in open tcp
connections.
* - fast-reload, fixup to clean tcp connection also for different linked order.
* - fast-reload, if no tcp connection limits existed, no need to remove
references for that.
* - fast-reload, document more options that work and do not work.
* - fast-reload, reload auth_zone and rpz data.
* - fast-reload, fix auth_zones_get_mem.
* - fast-reload, fix compilation of testbound for the new comm_timer_get_mem
reference in remote control.
* - fast-reload, change use_rpz with reload.
* - fast-reload, list changes in auth zones and stop zonemd callbacks for
deleted auth zones.
* - fast-reload, note xtree is not swapped, and why it is not swapped.
* - fast-reload, for added auth zones, pick up zone transfer and zonemd tasks.
* - fast-reload, unlock xfr when done with transfer pick up.
* - fast-reload, unlock z when picking up the xfr for it during transfer task
pick up.
* - fast-reload, pick up task changes for added, deleted and modified auth zones.
* - fast-reload, remove xfr of auth zone deletion without tasks.
* - fast-reload, pick up zone transfer config.
* - fast-reload, the main worker thread picks up the transfer tasks and also
performs setup of the xfer struct.
* - fast-reload, keep writelock on newzone when auth zone changes.
* - fast-reload, change cachedb_enabled setting.
* - fast-reload, pick up edns-strings config.
* - fast-reload, note that settings are not updated.
* - fast-reload, pick up dnstap config.
* - fast-reload, dnstap options that need to be loaded without +p.
* - fast-reload, fix auth zone reload
* - fast-reload, remove debug for auth zone test.
* - fast-reload, fix auth zone reload with zone transfer.
* - fast-reload, fix auth zone reload lock order.
* - fast-reload, remove debug from fast reload test.
* - fast-reload, remove unused function.
* - fast-reload, fix the worker trust anchor probe timer lock acquisition in
the probe answer callback routine for trust anchor probes.
* - fast-reload, reload trust anchors.
* - fast-reload, fix trust anchor reload lock on autr global data and test
for trust anchor reload.
* - fast-reload, adjust cache sizes.
* - fast-reload, reload cache sizes when changed.
* - fast-reload, reload validator env changes.
* - fast-reload, reload mesh changes.
* - fast-reload, check for incompatible changes.
* - fast-reload, improve error text for incompatible change.
* - fast-reload, fix check config option compatibility.
* - fast-reload, improve error text for nopause change.
* - fast-reload, fix spelling of incompatible options.
* - fast-reload, reload target-fetch-policy, outbound-msg-retry, max-sent-count
and max-query-restarts.
* - fast-reload, check nopause config change for target-fetch-policy.
* - fast-reload, reload do-not-query-address, private-address and capt-exempt.
* - fast-reload, check nopause config change for do-not-query-address,
private-address and capt-exempt.
* - fast-reload, check fast reload not possible due to interface and
outgoing-interface changes.
* - fast-reload, reload nat64 settings.
* - fast-reload, reload settings stored in the infra structure.
* - fast-reload, fix modstack lookup and remove outgoing-range check.
* - fast-reload, more explanation for config parse failure.
* - fast-reload, reload worker outside network changes.
* - fast-reload, detect incompatible changes in network settings.
* fast-reload, commit test files.
* - fast-reload, fix warnings for call types in windows compile.
* - fast-reload, fix warnings and comm_point_internal for tcp wouldblock calls.
* - fast-reload, extend lock checks for repeat thread ids.
* - fast-reload, additional test cases, cache change and tag changes.
* - fast-reload, fix documentation for auth_zone_verify_zonemd_with_key.
* - fast-reload, fix copy_cfg type casts and memory leak on config parse failure.
* - fast-reload, fix use of WSAPoll.
* Review comments for the fast reload feature (#1259)
* - fast-reload review, respip set can be null from a view.
* - fast-reload review, typos.
* - fast-reload review, keep clang static analyzer happy.
* - fast-reload review, don't forget to copy tag_actions.
* - fast-reload review, less indentation.
* - fast-reload review, don't leak respip_actions when reloading.
* - fast-reload review, protect NULL pointer dereference in get_mem
functions.
* - fast-reload review, add fast_reload_most_options.tdir to test most
options with high verbosity when fast reloading.
* - fast-reload review, don't skip new line on long error printouts.
* - fast-reload review, typo.
* - fast-reload review, use new_z for consistency.
* - fast-reload review, nit for unlock ordering to make eye comparison
with the lock counterpart easier.
* - fast-reload review, in case of error the sockets are already closed.
* - fast-reload review, identation.
* - fast-reload review, add static keywords.
* - fast-reload review, update unbound-control usage text.
* - fast-reload review, updates to the man page.
* - fast-reload, the fast-reload command is experimental.
* - fast-reload, fix compile of doqclient for fast reload functions.
* Changelog comment for #1042
- Merge #1042: Fast Reload. The unbound-control fast_reload is added.
It reads changed config in a thread, then only briefly pauses the
service threads, that keep running. DNS service is only interrupted
briefly, less than a second.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
- Fixes a regression bug with serve-expired that appeared in 1.22.0
and would not allow the iterator to update the cache with
not-yet-validated entries resulting in increased outgoing traffic.
- Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records.
- Try to use expired answers instead of SERVFAIL if serve-expired is
enabled even without serve-expired-client-timeout.
- Add suggestion to refresh the cached norec_ttl and expired_ttl when a
response cannot update the usable expired entry.
current delegation information be updated in cache. The fix allows
current delegation and validation recursion information to be
updated, but as a consequence no longer has certain expired
information around for later dnssec valid expired responses.
