upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-12 17:52:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7574 commits 23 branches 209 tags 126 MiB
Commit graph

1991 commits

Author SHA1 Message Date
W.C.A. Wijngaards
2993437eaa - Fix that addrinfo is not kept around but copied and freed, so that 
log-destaddr uses a copy of the information, much like NSD does.
 2024-03-15 13:39:49 +01:00
W.C.A. Wijngaards
ccbe31c21f - Fix trim of EDE text from large udp responses from spinning cpu. 2024-02-22 16:22:31 +01:00
W.C.A. Wijngaards
56a2b564ef Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c' 2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9 Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae' 2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69 - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. 2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
W.C.A. Wijngaards
1f46d5945b - Fix for #997: Print details for SSL certificate failure. 2024-01-22 09:40:36 +01:00
dyunwei
eb7eb5ce68 Fix NLnetLabs#981: dump_cache truncates large records. 2024-01-09 14:17:31 +08:00
Wouter Wijngaards
f80f65d58c
Merge pull request #985 from k-akashi/dnstap_dot_doh 
Add DoH and DoT to dnstap message
 2024-01-03 10:36:38 +01:00
k-akashi
4b9cd8e81d Add DoH and DoT to dnstap message 2023-12-27 07:26:21 +09:00
Jacob Hoffman-Andrews
87644fa46b DoH: reject non-h2 early 
Previously, non-h2 connections would be accepted, and then error out
with a verbose message "http2: session_recv from ____ failed,
error: Received bad client magic byte string". Instead, we can detect
absence of h2 support at connection time and reject with a clearer
verbose message.
 2023-12-13 16:58:44 -08:00
W.C.A. Wijngaards
2b97442f2e - iana portlist update. 2023-12-06 13:22:35 +01:00
W.C.A. Wijngaards
3d1bc143af - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. 2023-12-05 10:05:51 +01:00
W.C.A. Wijngaards
c4d17dd231 - Fix compilation without openssl, remove unused function warning. 2023-11-01 17:09:37 +01:00
W.C.A. Wijngaards
5f78f67e39 - Fix SSL compile failure for other missing definitions in 
log_crypto_err_io_code_arg.
 2023-11-01 14:20:52 +01:00
W.C.A. Wijngaards
b1d99bb6b6 - Fix SSL compile failure for definition in log_crypto_err_io_code_arg. 2023-11-01 14:14:02 +01:00
George Thessalonikefs
8d1d728d88 - Fix #941: dnscrypt doesn't work after upgrade to 1.18 with 
suggestion by dukeartem to also fix the udp_ancil with dnscrypt.
 2023-10-31 22:41:06 +01:00
Yorgos Thessalonikefs
ccdf29a5f8
Merge pull request #930 from sthen/patch-1 
add void to log_ident_revert_to_default declaration
 2023-10-30 11:53:39 +01:00
Wouter Wijngaards
3f66230874
Merge pull request #951 from NLnetLabs/cachedb-no-store 
Cachedb no store
 2023-10-20 17:00:13 +02:00
W.C.A. Wijngaards
35d0a8a843 - Fix to print detailed errors when an SSL IO routine fails via 
SSL_get_error.
 2023-10-19 11:17:32 +02:00
W.C.A. Wijngaards
18ebe165ba Merge branch 'master' into cachedb-no-store 2023-10-12 14:51:12 +02:00
Wouter Wijngaards
5c6c57ed89
Merge pull request #944 from NLnetLabs/disable-edns-do 
Disable EDNS DO
 2023-10-12 14:04:29 +02:00
W.C.A. Wijngaards
47094fd83f Merge branch 'master' into cachedb-no-store 2023-10-11 13:51:34 +02:00
George Thessalonikefs
e98b89651e - Fix #850: [FR] Ability to use specific database in Redis, with new 
redis-logical-db configuration option.
 2023-10-11 11:44:55 +02:00
W.C.A. Wijngaards
ae96aa0a6d - cachedb-no-store, implement cachedb-no-store: yes configuration option. 2023-10-06 13:22:10 +02:00
W.C.A. Wijngaards
39df4f0923 - disable-edns-do, queriers receive no EDNS in response if the 
disable-edns-do option is enabled and they set the DO flag. And unit test
  for that.
 2023-10-04 13:54:05 +02:00
W.C.A. Wijngaards
eff3e01ec3 Merge branch 'master' into disable-edns-do 2023-10-04 13:34:47 +02:00
George Thessalonikefs
13d4504dfc - Merge #881: Generalise the proxy protocol code. 2023-10-03 14:51:50 +02:00
George Thessalonikefs
f804c087e4 proxy-protocol, review comments: 
- more generic switch statement for address families;
- comment the protocol values as such in their definitions;
- less hardcoded values for address family and protocol combinations.
 2023-09-29 17:31:52 +02:00
W.C.A. Wijngaards
9cd282e001 Merge branch 'master' into disable-edns-do 2023-09-20 13:18:26 +02:00
W.C.A. Wijngaards
bd5dc855af - Fix rpz tcp-only action with rpz triggers nsdname and nsip. 2023-09-18 09:55:39 +02:00
W.C.A. Wijngaards
31218166fc - Fix to remove two c99 notations. 2023-09-15 13:30:30 +02:00
W.C.A. Wijngaards
d1977c679b - disable-edns-do, doc and add option disable-edns-do: no. 2023-09-13 13:11:53 +02:00
W.C.A. Wijngaards
0ee44ef384 - Fix send of udp retries when ENOBUFS is returned. It stops looping 
and also waits for the condition to go away. Reported by Florian
  Obser.
 2023-09-08 13:35:42 +02:00
Philip Homburg
1c8f0e0fc5 Avoid calling comm_point_udp_ancil_callback from comm_point_create_udp 2023-09-07 16:35:22 +02:00
Philip Homburg
17a557dfd5 Fix #928 (1.18 doesn't start on macOS/SunOS) 2023-09-07 16:35:22 +02:00
W.C.A. Wijngaards
fdd5f8ff83 - Fix to add EDE text when RRs have been removed due to length. 2023-09-07 14:44:48 +02:00
W.C.A. Wijngaards
63616a5fce - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. 2023-09-07 11:29:53 +02:00
Florian Obser
2cd7c719ef Prevent warnings from -Wmissing-prototypes. 2023-09-05 17:35:30 +02:00
Stuart Henderson
ed00129866
add void to log_ident_revert_to_default declaration 
Avoid warning from LLVM 16:

util_log.c:190:33: warning: a function declaration without a prototype is deprecated in all versions of C             
[-Wstrict-prototypes]                                                                                                 
void log_ident_revert_to_default()                                                                                    
                                ^                                                                                     
                                 void
 2023-09-05 14:28:06 +00:00
W.C.A. Wijngaards
3795e37410 - Fix compile error on NetBSD in util/netevent.h. 2023-08-25 08:43:27 +02:00
W.C.A. Wijngaards
8756ad63dd - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg. 2023-08-18 13:18:46 +02:00
W.C.A. Wijngaards
4844fa3481 - Fix regional_alloc_init for potential unaligned source of the copy. 2023-08-17 15:22:54 +02:00
W.C.A. Wijngaards
1c85901cc4 - Fix out of bounds read in parse_edns_options_from_query, it would read 
8 bytes after a client option of length 8, and then ignore them to
  recreate a 24 byte response. The fixup does not read out of bounds,
  and puts zeroes in the buffer at that point, that then are ignored.
 2023-08-16 16:58:49 +02:00
W.C.A. Wijngaards
2b1028bdad - Fix possibly unaligned memory access. 2023-08-16 10:06:06 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
49e4258102 - For #762: Interaction between DNS Cookies and source IP ratelimiting 
by allowing Cookies to bypass the ratelimit, but still allowing
  ratelimit to valid DNS Cookie clients via the new
  ip-ratelimit-cookie option.
 2023-08-08 10:14:03 +02:00
George Thessalonikefs
81e219827e - For #762: Silence maybe-uninitialized compiler warning. 2023-08-07 11:20:48 +02:00
George Thessalonikefs
02ac374640 - For #762: Remove re-introduced files from merge (configlexer.c, configparser.c, configparser.h). 2023-08-07 11:12:49 +02:00
George Thessalonikefs
025d810b45 - For #762: annotate case statement fallthrough for gcc. 2023-08-07 11:04:23 +02:00