W.C.A. Wijngaards
4b2799fdd6
- Fix #533 : Negative responses get cached even when setting
...
cache-max-negative-ttl: 1
2021-08-27 10:33:21 +02:00
Wouter Wijngaards
74f1f0addd
Merge pull request #401 from NLnetLabs/rpz-triggers
...
RPZ triggers
2021-08-25 10:14:12 +02:00
tcarpay
d9a947f267
Merge branch 'master' into features/rfc8914-ede
2021-08-20 16:28:27 +02:00
W.C.A. Wijngaards
54b7554b5a
Changelog note for #529 and nicer layout.
...
- Fix #529 : Fix: log_assert does nothing if UNBOUND_DEBUG is
undefined.
2021-08-20 14:32:13 +02:00
Shchelkunov Artem
4ea9651624
Fix: log_assert does nothing if UNBOUND_DEBUG is undefined
...
Found by static analyzer svace
Static analyzer message: Integer value 'len' obtained from untrusted
source at tube.c:374 by passing as 2nd parameter to function 'read'
at tube.c:340 without checking its higher bound is used as a loop bound
at tube.c:374.
on-behalf-of: @ideco-team <github@ideco.ru>
2021-08-20 17:16:39 +05:00
W.C.A. Wijngaards
a9de6879b8
Merge branch 'master' into rpz-triggers
2021-08-18 09:53:35 +02:00
Tom Carpay
a9e6f6bc23
add variable bogus reason
2021-08-17 14:10:48 +00:00
W.C.A. Wijngaards
d88f554503
- Fix #527 : not sending quad9 cert to syslog (and may be more).
2021-08-17 13:03:33 +02:00
Tom Carpay
6b5f314a3a
Show reason when returning EDE_DNSSEC_BOGUS
2021-08-16 13:36:45 +00:00
W.C.A. Wijngaards
ad45e9b89e
- Fix for #431 : Squelch permission denied errors for udp connect,
...
and udp send, they are visible at higher verbosity settings.
2021-08-13 09:27:58 +02:00
W.C.A. Wijngaards
de31bcdf2e
- Support using system-wide crypto policies.
2021-08-13 09:21:47 +02:00
W.C.A. Wijngaards
2f828ec720
- For #519 : yacc and lex. And fix python bindings, and test program
...
unbound-dnstap-socket.
2021-08-12 15:12:55 +02:00
Wouter Wijngaards
0ace659fe2
Merge pull request #519 from ziollek/tcp_upstream_option
...
Support for selective enabling tcp-upstream for stub/forward zones
2021-08-12 15:03:57 +02:00
Wouter Wijngaards
79df099f4c
Merge pull request #523 from Shchelk/bugfix
...
fix: free() call more than once with the same pointer
2021-08-12 13:45:00 +02:00
Shchelkunov Artem
e20b2c1aaf
fix: free() call more than once with the same pointer
2021-08-11 15:14:43 +05:00
Artem Egorenkov
0d8dd6ec33
- memory management violations fixed
2021-08-06 14:11:12 +02:00
liheng562653799
edbf9c21ee
Update mini_event.c
...
When in heavy load, unbound opens many outside_network sockets for out going queries to delegation servers, which may result in a big fd(maxfd) value(for thread A 65500, for thread B 65501, for thread C ...).
There are situations when thread A has a max fd num 65500 where maxfd is of course 65500, thread B has max fd num 20 for now but maxfd is still 65501. Though linux kernel checks whether maxfd+1 passed by select syscall is really the process' maxfd+1. Linux kernel can not tell maxfd+1 passed by thread B select syscall is much bigger(65501+1 or 65500+1 after trimed by kerne) than it should be (20+1).
In this situation, when kernel do_select() for thread B, much work is wasted.
2021-08-06 12:00:56 +08:00
W.C.A. Wijngaards
f232562430
Merge branch 'master' into rpz-triggers
2021-08-05 13:37:22 +02:00
Tomasz Ziolkowski
ae45f46b9e
Add (stub|forward)-tcp-upstream options which enable using tcp transport only for specified stub/forward zones
2021-08-05 08:44:18 +02:00
gthess
bdaecd942d
Merge pull request #415 from sibeream/master
...
Use /proc/sys/net/ipv4/ip_local_port_range to determine available outgoing ports
2021-08-04 10:42:12 +02:00
W.C.A. Wijngaards
2a0df9e72e
- Annotate assertion into error printout; we think it may be an
...
error, but the situation looks harmless.
2021-08-03 14:08:30 +02:00
Wouter Wijngaards
5196ee03e6
Merge pull request #517 from dyunwei/master
...
#420 breaks the mesh reply list function that need to reuse the dns answer.
2021-08-03 13:11:01 +02:00
George Thessalonikefs
a519009378
Merge branch 'master' of github.com:NLnetLabs/unbound
2021-08-03 12:20:45 +02:00
George Thessalonikefs
ca67691092
- Listen to read or write events after the SSL handshake.
...
Sticky events on windows would stick on read when write was needed.
2021-08-03 12:18:58 +02:00
daiyunwei
0784ad7a11
#420
...
clear the c->buffer in the comm_point_send_reply does resolve the "can't fit qbuffer in c->buffer" issue, but it breaks the mesh reply list function that need to reuse the answer. because the c->buffer is cleared in the comm_point_send_reply, it cannot be resued again. it means that it is not inappropriate to clear c->buffer in the comm_point_send_reply.
After some investigation, i found it is appropriate to clear c->buffer before use in the http2_query_read_done.
2021-08-03 11:40:30 +08:00
W.C.A. Wijngaards
89e2f2f753
- iana portlist update.
2021-08-02 15:26:20 +02:00
W.C.A. Wijngaards
b6abcb1508
- For #515 : Fix compilation with openssl 3.0.0 beta2, lib64 dir and
...
SSL_get_peer_certificate.
- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
2021-07-30 13:54:43 +02:00
Artem Egorenkov
d9153cb35b
Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux
2021-07-20 14:46:43 +02:00
George Thessalonikefs
ca4d68c64c
- Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
2021-07-16 14:32:18 +02:00
W.C.A. Wijngaards
8180ca192f
- Fix for #510 : in depth, use ifdefs for windows api event calls.
2021-07-16 09:12:06 +02:00
Nick Porter
2c3f764d61
Don't call a function which hasn't been defined
2021-07-15 17:55:33 +01:00
W.C.A. Wijngaards
3f7e164751
- iana portlist update.
2021-07-06 15:15:43 +02:00
Willem Toorop
a8d78b2083
Simple EDE example
2021-06-24 12:55:46 +02:00
W.C.A. Wijngaards
79209823ac
- Fix a number of warnings reported by the gcc analyzer.
2021-06-18 18:12:26 +02:00
George Thessalonikefs
d02e956da0
- Changelog entry for #486 : Make VAL_MAX_RESTART_COUNT configurable.
...
- Generetated lexer and parser for #486 ; updated example.conf.
2021-06-09 12:32:58 +02:00
gthess
45be341267
Merge pull request #486 from fobser/val-max-restart
...
Make VAL_MAX_RESTART_COUNT configurable.
2021-06-09 12:09:27 +02:00
W.C.A. Wijngaards
cf0aad9fb6
Merge branch 'master' into rpz-triggers
2021-05-28 15:00:55 +02:00
W.C.A. Wijngaards
ea4f1ee8a6
- zonemd-check: yesno option, default no, enables the processing
...
of ZONEMD records for that zone.
2021-05-27 14:20:53 +02:00
Jim Hague
6066a24405
Use build system endianness if available, otherwise try to work it out.
...
The getdns build system provides the endianness, enabling building on
Windows native. This change is a convenience for getdns maintainers.
2021-05-27 10:57:35 +01:00
W.C.A. Wijngaards
11b3ebc386
- Move the NSEC3 max iterations count in line with the 150 value
...
used by BIND, Knot and PowerDNS. This sets the default value
for it in the configuration to 150 for all key sizes.
2021-05-25 14:35:19 +02:00
W.C.A. Wijngaards
e5cb48c432
Merge branch 'master' into rpz-triggers
2021-05-21 14:09:30 +02:00
George Thessalonikefs
ff6b527184
- Fix for #411 , #439 , #469 : Reset the DNS message ID when moving queries
...
between TCP streams.
- Refactor for uniform way to produce random DNS message IDs.
2021-05-19 15:07:32 +02:00
W.C.A. Wijngaards
355526da7d
- rpz-triggers, the added soa for client ip modified answers is affected
...
by the minimal-responses config option.
2021-05-14 16:34:38 +02:00
W.C.A. Wijngaards
50dcadd495
- rpz-triggers, for clientip modified answers the rpz SOA is added to the
...
additional section with the serial number and name of the rpz zone that
was applied.
2021-05-14 15:34:48 +02:00
W.C.A. Wijngaards
32d82fac9b
Merge branch 'master' into rpz-triggers
2021-05-14 08:47:56 +02:00
Florian Obser
d4314cad33
Make VAL_MAX_RESTART_COUNT configurable.
...
unbound tries very hard (up to 6 authoritative servers) to find a
validating answer. This is not always desirable, for example on high
latency links.
2021-05-08 16:56:32 +02:00
W.C.A. Wijngaards
80f06ae9b1
- Rerun flex and bison.
2021-05-04 16:24:16 +02:00
George Thessalonikefs
e9a5f5ab3f
- Add more logging for out-of-memory cases.
2021-05-04 15:39:06 +02:00
André Cruz
e07f973938
Allow configuration of TCP timeout while waiting for response
...
This allows us to configure how long Unbound will wait for a response
on a TCP connection.
2021-04-28 16:20:46 +01:00
George Thessalonikefs
45328d37b1
- Fix compiler warning for signed/unsigned comparison for
...
max_reuse_tcp_queries.
2021-04-28 16:15:52 +02:00
W.C.A. Wijngaards
4604f30d70
- Fix #474 : always_null and others inside view.
2021-04-28 14:05:23 +02:00
Wouter Wijngaards
646d6b9bce
Merge pull request #470 from edevil/configurable_tcp
...
Allow configuration of persistent TCP connections
2021-04-26 16:07:16 +02:00
W.C.A. Wijngaards
25425d9aa7
- Fix #468 : OpenSSL 1.0.1 can no longer build Unbound.
2021-04-22 09:00:15 +02:00
André Cruz
75875d4d1c
Allow configuration of persistent TCP connections
...
Added 2 new options to configure previously hardcoded
values: max-reuse-tcp-queries and tcp-reuse-timeout. These
allow fine-grained control over how unbound uses persistent
TCP connections to authority servers.
2021-04-21 13:50:45 +01:00
Felipe Gasper
0efccaa1eb
Support OpenSSLs that lack SSL_get0_alpn_selected.
2021-04-19 13:05:50 -04:00
W.C.A. Wijngaards
b366441157
Merge branch 'master' into rpz-triggers
2021-04-14 09:39:41 +02:00
George Thessalonikefs
13e445d50b
- Remove unused functions worker_handle_reply and
...
libworker_handle_reply.
2021-04-13 14:54:26 +02:00
W.C.A. Wijngaards
addd21f750
- Fix permission denied sendto log, squelch the log messages
...
unless high verbosity is set.
2021-04-12 11:18:23 +02:00
W.C.A. Wijngaards
1c75e62804
- rpz-triggers, separate cache storage of RPZ records from network records.
2021-04-01 12:06:14 +02:00
W.C.A. Wijngaards
49d9e91492
Merge branch 'master' into rpz-triggers
2021-03-25 17:28:53 +01:00
W.C.A. Wijngaards
ff0c5f863d
- Fix #429 : Also fix end of transfer for http download of auth zones.
2021-03-25 12:18:49 +01:00
W.C.A. Wijngaards
5b782d0a22
- iana portlist update.
2021-03-22 09:12:41 +01:00
W.C.A. Wijngaards
57d4c3a8a4
- Fix for #447 : squelch connection refused tcp connection failures
...
from the log, unless verbosity is high.
2021-03-19 17:43:36 +01:00
W.C.A. Wijngaards
6f507eb036
Merge branch 'master' into rpz-triggers
2021-03-12 09:04:54 +01:00
W.C.A. Wijngaards
9753f36463
- iana portlist update.
2021-03-04 10:14:32 +01:00
Wouter Wijngaards
209dc32624
Merge pull request #367 from NLnetLabs/dnstap-log-local-addr
...
DNSTAP log local address
2021-02-25 11:58:36 +01:00
W.C.A. Wijngaards
6612974d12
- spelling fix in header.
2021-02-24 16:56:57 +01:00
W.C.A. Wijngaards
a9e15f36d8
- Fix unit test for added ulimit checks.
2021-02-24 15:30:12 +01:00
W.C.A. Wijngaards
40fbc3fa8a
- Fix #431 : Squelch permission denied errors for tcp connect
2021-02-22 08:24:04 +01:00
W.C.A. Wijngaards
bc4bdbabea
- Fix #429 : rpz: url: with https: broken (regression in 1.13.1).
2021-02-19 14:42:02 +01:00
W.C.A. Wijngaards
f5339ec7e5
Merge branch 'master' into dnstap-log-local-addr
2021-02-18 13:12:09 +01:00
W.C.A. Wijngaards
3b24d845ff
- Fix doxygen and pydoc warnings.
2021-02-18 11:39:06 +01:00
W.C.A. Wijngaards
c906401597
Merge branch 'master' into zonemd
2021-02-12 17:21:51 +01:00
yunwei
5d5e4579de
Merge pull request #1 from NLnetLabs/master
...
synchronize the code.
2021-02-10 09:03:38 +08:00
W.C.A. Wijngaards
b7a633fdc0
Merge branch 'master' into zonemd
2021-02-04 16:08:11 +01:00
W.C.A. Wijngaards
ad8104bb7c
- Fix empty clause warning in edns pass for padding.
2021-01-28 09:15:45 +01:00
W.C.A. Wijngaards
3a19ceaae6
- Fix to use correct type for label count in ipdnametoaddr rpz routine.
2021-01-28 09:14:19 +01:00
W.C.A. Wijngaards
cb55b5906a
- Fix empty clause warning in config_file nsid parse.
2021-01-28 09:11:46 +01:00
George Thessalonikefs
515df834a5
Merge branch 'rijswijk-orig_ttl'
2021-01-26 12:58:38 +01:00
George Thessalonikefs
707eb6108d
Merge branch 'yacc-clashes' of https://github.com/fobser/unbound into fobser-yacc-clashes
2021-01-25 20:56:36 +01:00
George Thessalonikefs
f5b7169729
Merge branch 'orig_ttl' of https://github.com/rijswijk/unbound into rijswijk-orig_ttl
2021-01-25 17:39:24 +01:00
Willem Toorop
ca2139bf3d
Some review nits from George
2021-01-25 15:13:54 +01:00
Roland van Rijswijk-Deij
d253db04fd
Addressed review comment from @wcawijngaards
2021-01-22 18:56:09 +00:00
Roland van Rijswijk-Deij
c4c849d878
Rebase on master
2021-01-22 16:44:56 +00:00
Willem Toorop
48ecf95108
Merge branch 'master' into features/padding
2021-01-22 10:29:50 +01:00
yunwei
0215500261
Update netevent.c
...
#386
I found the root cause of this issue. r_buffer is r->query_reply.c->buffer, used to fill the reply in the mesh_send_reply function, then call comm_point_send_reply, and then call http2_submit_dns_response to send the DOH response. However, the buffer is not cleared after use. If the query length is greater than the last response length, the next dns query in the same H2 session will encounter an error.
This is bug!!!
Clear the buffer after use.
2021-01-20 14:12:51 +08:00
Florian Obser
68d92b7bbb
Prevent a few more yacc clashes.
2021-01-19 17:13:00 +01:00
Willem Toorop
a152c7f907
Merge branch 'master' into features/nsid
2021-01-19 14:21:18 +01:00
W.C.A. Wijngaards
c125fe67bc
- Fix #404 : DNS query with small edns bufsize fail.
2021-01-18 08:29:52 +01:00
W.C.A. Wijngaards
cdb60adcdc
Merge branch 'rpz' of https://github.com/magenbluten/unbound into magenbluten-rpz
...
Conflict fixed for rpz.disabled check added.
2021-01-14 12:11:29 +01:00
xiangbao227
93e5705259
I found that in function lruhash_remove, table was locked at first ,then lru_remove the entry , then unlock the table, and then markdel entry , but in function rrset_cache_touch , the entry will be touched to lru again before markdelling entry in function lruhash_remove. This is a bug!
2021-01-13 10:33:41 +08:00
W.C.A. Wijngaards
d1b92a6ce2
- Fix so local zone types always_nodata and always_deny can be used
...
from the config file.
2021-01-12 13:39:07 +01:00
W.C.A. Wijngaards
3322f631e5
- Fix #397 : [Feature request] add new type always_null to local-zone
...
similar to always_nxdomain.
2021-01-12 13:35:05 +01:00
W.C.A. Wijngaards
d9dd7bc36f
- Add comment documentation.
2021-01-08 11:01:06 +01:00
W.C.A. Wijngaards
ee2545d939
- For #391 : fix indentation.
2021-01-08 09:53:52 +01:00
W.C.A. Wijngaards
3e03e2c26d
- For #391 : use struct timeval* start_time for callback information.
2021-01-08 09:47:46 +01:00
Wouter Wijngaards
48724de155
Merge pull request #391 from fhriley/reply_cb_start_time
...
Add start_time to reply callbacks so modules can compute the response…
2021-01-08 09:35:07 +01:00
Anton Lindqvist
422213c171
add missing null check
...
I have a unbound forward zone configured on my router for my $DAYJOB.
The address associated with the zone is only accessible when the router
is connected to a VPN. If the VPN connection is absent, trying to
resolve any domain that must be handled by the zone crashes unbound.
Turns out there's a missing NULL check in `comm_point_send_udp_msg()`.
The same routine already has `if (addr) {} else {}` branches so I guess
protecting the call to `log_addr()` using the same conditional is
reasonable
I have also committed the same fix to unbound shipped with OpenBSD[1].
[1] https://marc.info/?l=openbsd-cvs&m=160993335615698&w=2
2021-01-06 12:44:26 +01:00
W.C.A. Wijngaards
44075a06a5
- Fix #379 : zone loading over HTTP appears to have buffer issues.
2021-01-06 10:36:23 +01:00
W.C.A. Wijngaards
64cccdb8d5
- iana portlist updated.
2021-01-04 14:18:24 +01:00