clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,471 Commits 27 Branches 196 Tags 104 MiB
features/redis-replica
Commit Graph

7471 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yorgos Thessalonikefs
1868e344e1 Test for Redis replica. 2024-03-06 10:16:18 +01:00
Yorgos Thessalonikefs
9d27469ca1 Initial work for Redis read-only replica support. 2024-02-23 15:52:55 +01:00
W.C.A. Wijngaards
c6dd1e116d Set version to 1.19.1 for point release. 2024-02-13 13:04:07 +01:00
W.C.A. Wijngaards
92f2a1ca69 - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. 2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
W.C.A. Wijngaards
3352b1090e - Set version number to 1.19.0. 
- Tag for 1.19.0rc1 release.
 2023-11-02 08:40:20 +01:00
W.C.A. Wijngaards
c4d17dd231 - Fix compilation without openssl, remove unused function warning. 2023-11-01 17:09:37 +01:00
W.C.A. Wijngaards
5f78f67e39 - Fix SSL compile failure for other missing definitions in 
log_crypto_err_io_code_arg.
 2023-11-01 14:20:52 +01:00
W.C.A. Wijngaards
b1d99bb6b6 - Fix SSL compile failure for definition in log_crypto_err_io_code_arg. 2023-11-01 14:14:02 +01:00
George Thessalonikefs
8914e9fd03 - Mention flex and bison in README.md when building from repository 
source.
 2023-11-01 13:57:06 +01:00
George Thessalonikefs
8d1d728d88 - Fix #941: dnscrypt doesn't work after upgrade to 1.18 with 
suggestion by dukeartem to also fix the udp_ancil with dnscrypt.
 2023-10-31 22:41:06 +01:00
George Thessalonikefs
59c14c747a Changelog entry for #930 
- Merge #930 from Stuart Henderson: add void to
  log_ident_revert_to_default declaration.
 2023-10-30 12:18:01 +01:00
Yorgos Thessalonikefs
ccdf29a5f8
Merge pull request #930 from sthen/patch-1 
add void to log_ident_revert_to_default declaration
 2023-10-30 11:53:39 +01:00
W.C.A. Wijngaards
a7e079ea16 - autoconf. 2023-10-30 10:44:23 +01:00
George Thessalonikefs
a97bed9d22 - Clearer configure text for missing protobuf-c development libraries. 2023-10-24 16:34:12 +02:00
W.C.A. Wijngaards
0ce68e97a7 Changelog entry for #951. 
- Merge #951: Cachedb no store. The cachedb-no-store: yes option is
  used to stop cachedb from writing messages to the backend storage.
  It reads messages when data is available from the backend. The
  default is no.
 2023-10-20 17:01:13 +02:00
Wouter Wijngaards
3f66230874
Merge pull request #951 from NLnetLabs/cachedb-no-store 
Cachedb no store
 2023-10-20 17:00:13 +02:00
W.C.A. Wijngaards
35d0a8a843 - Fix to print detailed errors when an SSL IO routine fails via 
SSL_get_error.
 2023-10-19 11:17:32 +02:00
George Thessalonikefs
44c3d4d2dc - Changelog entry for: 
Merge #955 from buevsan: fix ipset wrong behavior.
- Update testdata/ipset.tdir test for ipset fix.
 2023-10-18 15:11:38 +02:00
Yorgos Thessalonikefs
167772fbca
Merge pull request #955 from buevsan/fix-ipset 
fix ipset wrong behavior
 2023-10-18 15:08:08 +02:00
George Thessalonikefs
2f0b11673a - Update the dns64_lookup.rpl test for the DNS64 fallback patch. 2023-10-18 12:59:54 +02:00
George Thessalonikefs
c5aa6a2286 - Changelog entry for DNS64 patches from Daniel Gröber. 2023-10-18 12:16:35 +02:00
George Thessalonikefs
d5522c3480 Fixes for dns64 fallback to plain AAAA when no A records: 
- Cleanup if condition.
- Rename variable for readability.
 2023-10-18 12:03:40 +02:00
Daniel Gröber via Unbound-users
c1e5e6781e dns64: Fall back to plain AAAA query with synthall but no A records 
Networks which only have tunneled IPv6 access but still want to go
IPv6-only internally can use unbound's DNS64 module together with the
dns64-synthall or dns64-ignore-aaaa options to direct most traffic (any
dualstack domain) to their NAT64.

There is only one problem with this setup, currently domains with only AAAA
records will fail to resolve.

To allow for this use-case arrange for the A sub-query to make the AAAA
super query advance along the module stack when no records are returned.

Signed-off-by: Daniel Gröber <dxld@darkboxed.org>
 2023-10-18 12:03:40 +02:00
George Thessalonikefs
dd086e5bfd Fixes for dns64 readability refactoring: 
- Move declarations to the top for C90 compliance.
- Save cycles by not calling (yet) unneeded functions.
- Possible use of uninitialised value.
- Consistent formatting.
 2023-10-18 12:03:40 +02:00
Daniel Gröber via Unbound-users
213bb7c6ed dns64: Fix misleading indentation 
Signed-off-by: Daniel Gröber <dxld@darkboxed.org>
 2023-10-18 12:03:40 +02:00
Daniel Gröber via Unbound-users
0c88f98a3b dns64: Refactor handle_event checks for readability 
No functional change intended.

Signed-off-by: Daniel Gröber <dxld@darkboxed.org>
 2023-10-18 12:03:40 +02:00
Alexander V. Buev
23ae0a9838 fix ipset wrong behavior 
Issue description:

    If local zone directive is assigned as following:

      "local-zone domain.com ipset"

    then any answers for query with names such as
    "anytext1domain.com" or "example2domain.com"
    will be added to ipset.

  This commit fixes this issue.
 2023-10-17 18:35:42 +03:00
W.C.A. Wijngaards
0f78bea4a3 - Fix #954: Inconsistent RPZ handling for A record returned along with 
CNAME.
 2023-10-17 16:47:04 +02:00
George Thessalonikefs
4b627bd29e - Update pymod tests for the new Python script variable. 2023-10-16 16:32:09 +02:00
George Thessalonikefs
e4510c76e5 - For multi Python module setups, clean previously parsed module 
functions in __main__'s dictionary, if any, so that only current
  module functions are registered.
 2023-10-16 16:03:11 +02:00
George Thessalonikefs
122dd6c11e - Expose the configured listening and outgoing interfaces, if any, as 
a list of strings in the Python 'config_file' class instead of the
  current Swig object proxy; fixes #79.
 2023-10-16 15:53:47 +02:00
George Thessalonikefs
63a5280f8f - Expose the script filename in the Python module environment 'mod_env' 
instead of the config_file structure which includes the linked list
  of scripts in a multi Python module setup; fixes #79.
 2023-10-16 15:47:18 +02:00
George Thessalonikefs
07149f576a - Better fix for infinite loop when reading multiple lines of input on 
a broken remote control socket, by treating a zero byte line the
  same as transmission end. Addesses #947 and #948.
 2023-10-13 14:58:16 +02:00
Wouter Wijngaards
dbd2a43ab1
Apply suggestions from code review 
Co-authored-by: Yorgos Thessalonikefs <george@nlnetlabs.nl>
 2023-10-13 13:46:52 +02:00
W.C.A. Wijngaards
4a211a9117 - cachedb-no-store, example conf and man page documentation. 2023-10-13 11:37:18 +02:00
W.C.A. Wijngaards
18ebe165ba Merge branch 'master' into cachedb-no-store 2023-10-12 14:51:12 +02:00
W.C.A. Wijngaards
908e1cb11a Changelog note for #944. 
- Merge #944: Disable EDNS DO.
  Disable the EDNS DO flag in upstream requests. This can be helpful
  for devices that cannot handle DNSSEC information. But it should not
  be enabled otherwise, because that would stop DNSSEC validation. The
  DNSSEC validation would not work for Unbound itself, and also not
  for downstream users. Default is no. The option
  is disable-edns-do: no
 2023-10-12 14:05:31 +02:00
Wouter Wijngaards
5c6c57ed89
Merge pull request #944 from NLnetLabs/disable-edns-do 
Disable EDNS DO
 2023-10-12 14:04:29 +02:00
W.C.A. Wijngaards
47094fd83f Merge branch 'master' into cachedb-no-store 2023-10-11 13:51:34 +02:00
W.C.A. Wijngaards
67153f897e - Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x. 2023-10-11 13:47:28 +02:00
W.C.A. Wijngaards
f2528dc3ac - Fix that cachedb does not warn when serve-expired is disabled about 
use of serve-expired-reply-ttl and serve-expired-client-timeout.
 2023-10-11 13:29:56 +02:00
W.C.A. Wijngaards
935bc162e1 - cachedb-no-store, unit test cachedb_no_store.tdir. 2023-10-11 12:01:55 +02:00
W.C.A. Wijngaards
d5954aff08 - Fix #949: "could not create control compt". 2023-10-11 11:59:26 +02:00
George Thessalonikefs
e98b89651e - Fix #850: [FR] Ability to use specific database in Redis, with new 
redis-logical-db configuration option.
 2023-10-11 11:44:55 +02:00
George Thessalonikefs
516f90abdb - Fix infinite loop when reading multiple lines of input on a broken 
remote control socket. Addesses #947 and #948.
 2023-10-10 15:17:48 +02:00
W.C.A. Wijngaards
c09320c651 - Fix that printout of EDNS options shows the EDNS cookie option by 
name.
 2023-10-09 12:36:54 +02:00
W.C.A. Wijngaards
6d0812b567 - Fix edns subnet so that queries with a source prefix of zero cause 
the recursor send no edns subnet option to the upstream.
 2023-10-09 12:21:22 +02:00
Wouter Wijngaards
b05154218c
Update doc/unbound.conf.5.in 
Co-authored-by: Yorgos Thessalonikefs <george@nlnetlabs.nl>
 2023-10-06 16:40:34 +02:00
Wouter Wijngaards
c8ae3de610
Update validator/validator.c 
Co-authored-by: Yorgos Thessalonikefs <george@nlnetlabs.nl>
 2023-10-06 16:39:33 +02:00