clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,789 Commits 27 Branches 196 Tags 104 MiB
master
Commit Graph

999 Commits

Author SHA1 Message Date
W.C.A. Wijngaards
0f2f6025e7 - Fix that alloc stats for forwards and hints are printed, and when 
alloc stats is enabled, the unit test for unbound control waits for
  reloads to complete.
 2024-08-02 15:51:40 +02:00
Wouter Wijngaards
ad21dbd1c2
Cookie secret file (#1090) 
* - cookie-secret-file, define struct.

* - cookie-secret-file, add config option, create, read and delete struct.

* - cookie-secret-file, check cookie secrets for cookie validation.

* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
  activate_cookie_secret and print_cookie_secrets.

* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
  staging cookies get a fresh cookie and spelling in error message.

* - cookie-secret-file, remove unused variable from cookie file unit test.

* Remove unshare and faketime dependencies for cookie_file test; documentation nits.

---------

Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
 2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards
92be76fb89 - Fix that the worker mem report with alloc stats does not attempt 
to print memory use of forwards and hints if they have been
  deleted already.
 2024-08-01 17:15:07 +02:00
Wouter Wijngaards
92b6c2a7b9
Merge pull request #1098 from NLnetLabs/ipset-pf-support 
Ipset pf support
 2024-07-03 14:49:16 +02:00
W.C.A. Wijngaards
a335e601e4 ipset-pf-support, move startup and destartup to the front of the module 
func block functions, modstack call deinit function names, and detect
module change when no startup functions are needed.
 2024-07-03 13:53:44 +02:00
W.C.A. Wijngaards
2fe4e2ec3e - Fix compile warning in worker pthread id printout. 2024-07-02 09:44:58 +02:00
W.C.A. Wijngaards
e54928a628 - Fix unused variable warning in do_cache_remove. 2024-07-02 09:33:22 +02:00
W.C.A. Wijngaards
65e7253d19 ipset-pf-support, simplification of code. 2024-07-02 09:08:27 +02:00
W.C.A. Wijngaards
ff653a7ef8 Call module init init again, and new function startup and destartup. 
NULL can be used if the function is not used. Open shared ports during
reload. Deinit is called during reload.
 2024-07-01 16:10:07 +02:00
W.C.A. Wijngaards
3953f827fb Merge branch 'master' of https://github.com/madroach/unbound into ipset-pf-support 2024-07-01 14:36:33 +02:00
Yorgos Thessalonikefs
486985fbdf - Fix memory leak when reload_keep_cache is used and num-threads changes. 2024-05-31 12:09:35 +02:00
Martin Vopatek
8ff1baf585 Only check old pid if no username 
Do as the comment says and only check old pid if there is no username
configured.
 2024-05-29 14:16:18 +02:00
Yorgos Thessalonikefs
7f184c8ca8
Fix unbound-control stdin commands for multi-process Unbounds (#1069) 
- Fix unbound-control commands that read stdin in multi-process
  operation (local_zones_remove, local_zones, local_datas_remove,
  local_datas, view_local_datas_remove, view_local_datas). They will
  be properly distributed to all processes. dump_cache and load_cache
  are no longer supported in multi-process operation.

 - Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir
  now checks both single and multi process/thread operation.

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2024-05-17 10:25:24 +02:00
W.C.A. Wijngaards
da2b307aa3 - Fix #1071: [FR] Clear both in-memory and cachedb module cache with 
`unbound-control flush*` commands.
 2024-05-16 16:56:58 +02:00
W.C.A. Wijngaards
7c5e765b3b - Fix cachedb with serve-expired-client-timeout disabled. The edns 
subnet module deletes global cache and cachedb cache when it
  stores a result, and serve-expired is enabled, so that the global
  reply, that is older than the ecs reply, does not return after
  the ecs reply expires.
 2024-04-26 13:32:15 +02:00
Wouter Wijngaards
ced9762b14
Merge pull request #1041 from NLnetLabs/stubfwd-unshare 
Stub and Forward unshare
 2024-04-25 11:11:00 +02:00
Yorgos Thessalonikefs
9b9bba9f02
Update locking management for iter_fwd and iter_hints methods. (#1054) 
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2024-04-25 11:05:58 +02:00
W.C.A. Wijngaards
cccf5e73c0 - Fixup compile without cachedb. 2024-04-10 11:33:52 +02:00
W.C.A. Wijngaards
d98c7b9ae3 - Implement cachedb-check-when-serve-expired: yes option, default 
is enabled. When serve expired is enabled with cachedb, it first
  checks cachedb before serving the expired response.
 2024-04-10 11:21:28 +02:00
Yorgos Thessalonikefs
fb4a7d65d7 - Fix #369: dnstap showing extra responses; for client responses 
right from the cache when replying with expired data or
  prefetching.
 2024-04-03 15:18:13 +02:00
W.C.A. Wijngaards
48113cfaba - fast-reload, unshared stub hints, making the structure locked, with an rwlock. 2024-04-03 13:55:57 +02:00
W.C.A. Wijngaards
c0b5754ef7 - fast-reload, for nonthreaded, the unbound-control commands forward, 
forward_add and forward_delete should be distributed to other processes,
  but when threaded, they should not be distributed to other threads because
  the structure is not thread specific any more.
 2024-04-03 13:55:57 +02:00
W.C.A. Wijngaards
f2fb498c69 - fast-reload, unshare forwards, making the structure locked, with an rwlock. 2024-04-03 13:55:54 +02:00
W.C.A. Wijngaards
6d1e61173b - Fix #1034: DoT forward-zone via unbound-control. 2024-03-28 09:58:03 +01:00
W.C.A. Wijngaards
6f82b5be4a - Fix that the server does not chown the pidfile. 2024-03-27 14:52:25 +01:00
W.C.A. Wijngaards
192f1b0e2b - Fix that when the server truncates the pidfile, it does not follow 
symbolic links.
 2024-03-27 14:07:54 +01:00
W.C.A. Wijngaards
2993437eaa - Fix that addrinfo is not kept around but copied and freed, so that 
log-destaddr uses a copy of the information, much like NSD does.
 2024-03-15 13:39:49 +01:00
W.C.A. Wijngaards
ec0b510f1c - Fix for #1022: Fix ede prohibited in access control refused answers. 2024-03-05 13:39:29 +01:00
Willem Toorop
e1229e375f
Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage (#1010) 
* Mention REFUSED with TC with unmatched allow_cookie acl in manpage

Also moved the part about bypassing ip-ratelimit to the ip-ratelimit
description as it will be bypassed with a valid DNS-Cookie regardless of the
allow_cookie acl.

* Apply suggestions from code review

* Update doc/unbound.conf.5.in

* DNS-Cookies should bypass ip-ratelimit setting
 2024-02-20 15:29:34 +01:00
dyunwei
eb7eb5ce68 Fix NLnetLabs#981: dump_cache truncates large records. 2024-01-09 14:17:31 +08:00
W.C.A. Wijngaards
b9b488b6d3 - Remove unneeded newlines and improve indentation in remote control 
code.
 2024-01-04 17:06:15 +01:00
k-akashi
4b9cd8e81d Add DoH and DoT to dnstap message 2023-12-27 07:26:21 +09:00
W.C.A. Wijngaards
3d1bc143af - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. 2023-12-05 10:05:51 +01:00
Wouter Wijngaards
c4e0354876
Merge pull request #971 from dukeartem/master 
fix 'WARNING: Message has 41 extra bytes at end'
 2023-12-05 09:09:23 +01:00
Artem
389e820878
fix 'WARNING: Message has 41 extra bytes at end' 2023-12-05 09:43:15 +03:00
W.C.A. Wijngaards
35d0a8a843 - Fix to print detailed errors when an SSL IO routine fails via 
SSL_get_error.
 2023-10-19 11:17:32 +02:00
George Thessalonikefs
07149f576a - Better fix for infinite loop when reading multiple lines of input on 
a broken remote control socket, by treating a zero byte line the
  same as transmission end. Addesses #947 and #948.
 2023-10-13 14:58:16 +02:00
Wouter Wijngaards
5c6c57ed89
Merge pull request #944 from NLnetLabs/disable-edns-do 
Disable EDNS DO
 2023-10-12 14:04:29 +02:00
George Thessalonikefs
516f90abdb - Fix infinite loop when reading multiple lines of input on a broken 
remote control socket. Addesses #947 and #948.
 2023-10-10 15:17:48 +02:00
W.C.A. Wijngaards
39df4f0923 - disable-edns-do, queriers receive no EDNS in response if the 
disable-edns-do option is enabled and they set the DO flag. And unit test
  for that.
 2023-10-04 13:54:05 +02:00
George Thessalonikefs
13d4504dfc - Merge #881: Generalise the proxy protocol code. 2023-10-03 14:51:50 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
49e4258102 - For #762: Interaction between DNS Cookies and source IP ratelimiting 
by allowing Cookies to bypass the ratelimit, but still allowing
  ratelimit to valid DNS Cookie clients via the new
  ip-ratelimit-cookie option.
 2023-08-08 10:14:03 +02:00
George Thessalonikefs
4ccb613396 Merge branch 'master' into features/downstream-cookies 2023-08-05 20:37:48 +02:00
George Thessalonikefs
fbc0256825 - For #762: Cleaner manpage text and uniform use of the term DNS 
Cookies.
 2023-08-05 20:00:37 +02:00
George Thessalonikefs
b6e2f4dbf8 - For #762: Formatting. 2023-08-04 19:03:23 +02:00
George Thessalonikefs
d4145772b5 - Move a cache reply callback in worker.c closer to the cache reply 
generation.
 2023-08-02 12:33:52 +02:00
George Thessalonikefs
2cc9563cf8 - Fix to use the now cached EDE, if any, for CD_bit queries. 2023-08-01 15:23:25 +02:00
George Thessalonikefs
6819c1e444 - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. 2023-07-30 11:48:04 +02:00
George Thessalonikefs
50ea4a1072 Address review comments for #759: 
- Decrease allocations for "" EDE strings when loading the cachedump.
- Check for existence of EDE code before attaching.
 2023-07-28 12:56:13 +02:00