upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8148 commits 23 branches 209 tags 123 MiB
Commit graph

88 commits

Author SHA1 Message Date
Yorgos Thessalonikefs
024c921dbf - Fix #1366: Infra cache does not work correctly for NAT64, by
Some checks failed
ci / build (push) Has been cancelled
Details 
moving the NAT64 synthesis from the iterator when selecting a target
  address, to the delegation point itself when adding target
  addresses.
 2025-11-01 15:10:27 +01:00
Yorgos Thessalonikefs
499a3a7a61
Fix #1346: [FR] Please allow back TLS 1.2. (#1349) 
* 'tls-use-system-policy-versions' is introduced to allow Unbound to use
  any system available TLS version when serving TLS.

* Apply suggestions from code review

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-09-29 12:03:56 +02:00
Yorgos Thessalonikefs
e4483bbbd1
Unique DoT and DoH SSL contexts to allow for different ALPN (#1222) 2025-01-20 15:43:44 +01:00
Yorgos Thessalonikefs
61d7250b96
Create the SSL_CTX for QUIC before chroot and privilege drop (#1187) 
Fixes #1185 by creating the SSL_CTX for QUIC before chroot and
privilege drop, just like the other SSL_CTX creations.

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2024-12-03 14:20:33 +01:00
W.C.A. Wijngaards
9a63db344e - Fix #1154: Tag Incorrectly Applying for Other Interfaces 
Using the Same IP. This fix is not for 1.22.0.
 2024-10-16 15:56:33 +02:00
Wouter Wijngaards
ad21dbd1c2
Cookie secret file (#1090) 
* - cookie-secret-file, define struct.

* - cookie-secret-file, add config option, create, read and delete struct.

* - cookie-secret-file, check cookie secrets for cookie validation.

* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
  activate_cookie_secret and print_cookie_secrets.

* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
  staging cookies get a fresh cookie and spelling in error message.

* - cookie-secret-file, remove unused variable from cookie file unit test.

* Remove unshare and faketime dependencies for cookie_file test; documentation nits.

---------

Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
 2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards
95669855fb - Fix to squelch udp connect errors in the log at low verbosity about 
invalid argument for IPv6 link local addresses.
 2024-05-08 16:40:41 +02:00
W.C.A. Wijngaards
35d0a8a843 - Fix to print detailed errors when an SSL IO routine fails via 
SSL_get_error.
 2023-10-19 11:17:32 +02:00
W.C.A. Wijngaards
b2cba7b707 - Fix doxygen in addr_to_nat64 header definition. 2023-05-04 15:53:05 +02:00
George Thessalonikefs
adb4aeb609 - For #722: Minor fixes, formatting and refactoring. 2023-05-01 18:23:13 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
10a5a5880a - Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive 
operations, so that instruction reordering does not cause mistakenly
  blocking socket operations.
 2022-08-31 10:11:25 +02:00
W.C.A. Wijngaards
e656be63f9 - Fix header comment for doxygen for authextstrtoaddr. 2022-02-02 13:20:46 +01:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
George Thessalonikefs
ff6b527184 - Fix for #411, #439, #469: Reset the DNS message ID when moving queries 
between TCP streams.
- Refactor for uniform way to produce random DNS message IDs.
 2021-05-19 15:07:32 +02:00
André Cruz
e07f973938
Allow configuration of TCP timeout while waiting for response 
This allows us to configure how long Unbound will wait for a response
on a TCP connection.
 2021-04-28 16:20:46 +01:00
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
W.C.A. Wijngaards
e99b5046eb - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL 
3.0.0-alpha4.
- Longer keys for the test set, this avoids weak crypto errors.
 2020-07-08 16:22:39 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
W.C.A. Wijngaards
398e260145 Fixup ssl authentication not available with check for it. 2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards
25a88d6d54 dnstap io, check peer verification in dtstream dtio_ssl_handshake. 2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
ad180402ea dnstap io, set tls auth name in outgoing ssl 2020-02-05 16:17:21 +01:00
Ralph Dolmans
14913d75c0 - processed RPZ review feedback 
- fix potential locking issue
  - add extra out of bound checks
 2020-01-15 22:45:29 +01:00
Ralph Dolmans
ae4f6a259b Proccess more review feedback 2019-12-23 16:02:43 +01:00
Ralph Dolmans
9843b836ee Merge branch 'master' into rpz 2019-09-09 17:17:43 +02:00
W.C.A. Wijngaards
1089fd6dc1 - squelch DNS over TLS errors 'ssl handshake failed crypto error' 
on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
 2019-09-03 09:47:27 +02:00
Ralph Dolmans
9ce7045413 - Fix doxygen issue 
- Fix memory leak
 - IANA ports update
 - merge littlehash ASAN changes
 2019-07-16 19:45:49 +02:00
Ralph Dolmans
395d83cfc8 Procedures to parse RPZ ip address notation. 2019-06-24 16:01:01 +02:00
Wouter Wijngaards
d3f397c686 More fixes, statistic counter at end of struct for backwards compatibility, man page, free at exit, indent. 
git-svn-id: file:///svn/unbound/trunk@5062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 10:19:04 +00:00
Wouter Wijngaards
011a7d8830 - Fixes for patch (includes, declarations, warnings). 
git-svn-id: file:///svn/unbound/trunk@5060 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:43:47 +00:00
Wouter Wijngaards
510606dd1c - Patch for TLS session resumption from Manabu Sonoda, 
enable with tls-session-ticket-keys in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:35:52 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
5a726fb61f - Add routine from getdns to add windows cert store to the SSL_CTX. 
git-svn-id: file:///svn/unbound/trunk@4697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 13:22:10 +00:00
Wouter Wijngaards
6fefbb4115 - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 
git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-02 06:36:02 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
4691979679 - Fix auth zone target lookup iterator. 
- notify with prefix


git-svn-id: file:///svn/unbound/trunk@4624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 13:14:24 +00:00
Wouter Wijngaards
3b87862c8a auth zone work. 
git-svn-id: file:///svn/unbound/trunk@4512 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-06 09:32:41 +00:00
Wouter Wijngaards
08a3461810 - enhancement for hardened-tls for DNS over TLS. Removed duplicated 
security settings.


git-svn-id: file:///svn/unbound/trunk@4255 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-29 11:45:43 +00:00
Wouter Wijngaards
c19f818c52 - Fix #545: improved logging, the ip address of the error is printed 
on the same log-line as the error.


git-svn-id: file:///svn/unbound/trunk@3112 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 14:40:20 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
f9762ba453 - Fix openssl race condition, initializes openssl locks, reported 
by Einar Lonn and Patrik Wallstrom.


git-svn-id: file:///svn/unbound/trunk@2733 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-01 11:31:29 +00:00
Wouter Wijngaards
cf147df593 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and 
minimal-responses features.


git-svn-id: file:///svn/unbound/trunk@2658 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-04-10 09:16:39 +00:00
Wouter Wijngaards
aa0536dcb5 - dns over ssl support, ssl-service-pem and ssl-service-key files 
can be given and then TCP queries are serviced wrapped in SSL.


git-svn-id: file:///svn/unbound/trunk@2530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-31 14:48:48 +00:00
Wouter Wijngaards
bc54fa3e58 addr_is_any 
git-svn-id: file:///svn/unbound/trunk@2279 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-13 07:59:55 +00:00
Wouter Wijngaards
9d66b48885 - openbsd-lint fixes: acl_list_get_mem used if debug-alloc enabled. 
iterator get_mem includes priv_get_mem.  delegpt nodup removed.
  listen_pushback, query_info_allocqname, write_socket, send_packet,
  comm_point_set_cb_arg and listen_resume removed.


git-svn-id: file:///svn/unbound/trunk@2222 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-20 13:30:41 +00:00
Wouter Wijngaards
40f8fe2815 add and fix doxygen comments for doxygen-1.7.1. (which reports lots of 
spurious items as well, by the way).


git-svn-id: file:///svn/unbound/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-13 08:41:49 +00:00
Wouter Wijngaards
109fbe2350 - Squelch log message: sendto failed permission denied for 
255.255.255.255, it is visible in VERB_DETAIL (verbosity 2).


git-svn-id: file:///svn/unbound/trunk@2088 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-23 06:48:49 +00:00
Wouter Wijngaards
5b66f07e38 edns-buffer-size option. 
git-svn-id: file:///svn/unbound/trunk@1881 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-29 10:37:44 +00:00
Wouter Wijngaards
5d2e8e8e97 Retry mode, DS and prime. 
git-svn-id: file:///svn/unbound/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 07:52:02 +00:00
Wouter Wijngaards
455c3d130d Data retry on validation failure. 
git-svn-id: file:///svn/unbound/trunk@1859 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-06 08:31:47 +00:00