W.C.A. Wijngaards
5e9b6296b7
- Add redis-command-timeout: 20 and redis-connect-timeout: 200,
...
that can set the timeout separately for commands and the
connection set up to the redis server. If they are not
specified, the redis-timeout value is used.
2024-09-17 13:10:34 +02:00
W.C.A. Wijngaards
1e0cf1e86b
- Merge patch to fix for glue that is outside of zone, with
...
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
Enabling this option protects the Unbound resolver against bad
glue, that is unverified out of zone glue, by resolving them.
It uses the records as last resort if there is no other working
glue.
2024-08-23 08:56:48 +02:00
W.C.A. Wijngaards
3d350fa73d
- Add iter-scrub-ns, iter-scrub-cname and max-global-quota
...
configuration options.
2024-08-20 14:08:52 +02:00
W.C.A. Wijngaards
79e4c57851
- Fix spelling for the cache-min-negative-ttl entry in the
...
example.conf.
2024-08-09 14:04:25 +02:00
Wouter Wijngaards
ad21dbd1c2
Cookie secret file ( #1090 )
...
* - cookie-secret-file, define struct.
* - cookie-secret-file, add config option, create, read and delete struct.
* - cookie-secret-file, check cookie secrets for cookie validation.
* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
activate_cookie_secret and print_cookie_secrets.
* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
staging cookies get a fresh cookie and spelling in error message.
* - cookie-secret-file, remove unused variable from cookie file unit test.
* Remove unshare and faketime dependencies for cookie_file test; documentation nits.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
2024-08-02 13:32:08 +02:00
Yorgos Thessalonikefs
c717debace
- For #935 and #1104 , clarify RPZ order and semantics.
2024-07-24 01:54:02 +02:00
W.C.A. Wijngaards
c3dd6a2dbd
- Add dnstap-sample-rate that logs only 1/N messages, for high volume
...
server environments. Thanks Dan Luther.
2024-07-19 10:04:40 +02:00
W.C.A. Wijngaards
c3206f4568
- Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li
...
from the Network and Information Security Lab of Tsinghua University
for reporting it.
2024-05-01 10:10:58 +02:00
W.C.A. Wijngaards
d98c7b9ae3
- Implement cachedb-check-when-serve-expired: yes option, default
...
is enabled. When serve expired is enabled with cachedb, it first
checks cachedb before serving the expired response.
2024-04-10 11:21:28 +02:00
Yorgos Thessalonikefs
708d5229ae
- Merge #1027 : Introduce 'cache-min-negative-ttl' option.
2024-04-05 11:44:37 +02:00
Yorgos Thessalonikefs
e36b5a099c
Clearer documentation for tcp-idle-timeout and edns-tcp-keepalive-timeout ( #1028 )
...
* - Clearer documentation for tcp-idle-timeout and
edns-tcp-keepalive-timeout.
* - Address review comment.
2024-03-12 14:52:00 +01:00
Yorgos Thessalonikefs
025881d0e9
- Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for
...
negative answers overriding 'cache-min-ttl'.
2024-03-12 11:24:59 +01:00
Petr Mensik
40fcb91206
Update b.root-servers.net also in example config file
...
Addition to commit a8739bad76
, which
updated only address specified in code. But addresses provided in
example configuration were not updated, I think they should be updated
too.
2024-01-16 16:14:13 +01:00
Yorgos Thessalonikefs
6c82f4ae9b
- Update example.conf with cookie options.
2023-12-22 11:42:20 +01:00
W.C.A. Wijngaards
3d1bc143af
- Fix #969 : [FR] distinguish Do53, DoT and DoH in the logs.
2023-12-05 10:05:51 +01:00
W.C.A. Wijngaards
4a211a9117
- cachedb-no-store, example conf and man page documentation.
2023-10-13 11:37:18 +02:00
Wouter Wijngaards
5c6c57ed89
Merge pull request #944 from NLnetLabs/disable-edns-do
...
Disable EDNS DO
2023-10-12 14:04:29 +02:00
George Thessalonikefs
e98b89651e
- Fix #850 : [FR] Ability to use specific database in Redis, with new
...
redis-logical-db configuration option.
2023-10-11 11:44:55 +02:00
W.C.A. Wijngaards
d1977c679b
- disable-edns-do, doc and add option disable-edns-do: no.
2023-09-13 13:11:53 +02:00
George Thessalonikefs
adb4aeb609
- For #722 : Minor fixes, formatting and refactoring.
2023-05-01 18:23:13 +02:00
George Thessalonikefs
e1ec3cf893
Merge branch 'nat64' of https://github.com/eqvinox/unbound into eqvinox-nat64
2023-04-26 15:14:39 +02:00
W.C.A. Wijngaards
144f29638c
- Fix for #882 : small changes, date updated in Copyright for
...
util/timeval_func.c and util/timeval_func.h. Man page entries and
example entry.
2023-04-26 13:49:33 +02:00
George Thessalonikefs
6bf677e7de
Fix #833 : [FR] Ability to set the Redis password.
2023-01-23 11:45:07 +01:00
W.C.A. Wijngaards
77f15428c9
- Add #835 : [FR] Ability to use Redis unix sockets.
2023-01-23 10:09:28 +01:00
Wouter Wijngaards
6a4a9435d1
Merge pull request #819 from pavel-odintsov/pavel/suppress_a
...
Added new static zone type block_a to suppress all A queries for specific zones
2023-01-20 16:18:05 +01:00
W.C.A. Wijngaards
c9233f8429
- Set default for harden-unknown-additional to no. So that it does
...
not hamper future protocol developments.
2023-01-19 15:45:10 +01:00
W.C.A. Wijngaards
8df1e58209
- Add harden-unknown-additional option. Default on and it removes
...
unknown records from the authority section and additional section.
Thanks to Xiang Li, from NISL Lab, Tsinghua University.
2023-01-19 14:59:18 +01:00
W.C.A. Wijngaards
d69f875261
- Set max-udp-size default to 1232. This is the same default value as
...
the default value for edns-buffer-size. It restricts client edns
buffer size choices, and makes unbound behave similar to other DNS
resolvers. The new choice, down from 4096 means it is harder to get
large responses from Unbound. Thanks to Xiang Li, from NISL Lab,
Tsinghua University.
2023-01-19 14:16:17 +01:00
Pavel Odintsov
d5b9a790fe
Added new static zone type block_a to suppress all A queries for specific zones
2023-01-03 19:17:51 +00:00
George Thessalonikefs
df411b3f28
- Updates for #461 (Add max-query-restarts option).
2022-12-13 15:29:22 +01:00
George Thessalonikefs
c61b2121b5
- Expose 'max-sent-count' as a configuration option; the
...
default value retains Unbound's behavior.
2022-12-13 13:57:07 +01:00
George Thessalonikefs
859d0f2dfe
- Expose 'statistics-inhibit-zero' as a configuration option; the
...
default value retains Unbound's behavior.
2022-12-13 10:47:37 +01:00
David Lamparter
64fb06f892
NAT64 support
...
This implements #721 . Includes documentation and some very basic tests.
Please refer to doc for further detail.
2022-11-07 11:37:50 +00:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support ( #760 )
2022-10-03 15:29:47 +02:00
George Thessalonikefs
aec33b3d63
Documentation for interface-* options.
2022-09-11 20:21:32 +02:00
George Thessalonikefs
c30bdff939
Initial commit for interface based ACL.
2022-09-11 20:21:32 +02:00
Wouter Wijngaards
ef9bb0213b
Merge pull request #718 from hunts/make_rtt_max_timeout_configurable
...
Introduce infra-cache-max-rtt option to config max retransmit timeout
2022-07-19 15:15:34 +02:00
George Thessalonikefs
309e23515e
- Update documentation for 'outbound-msg-retry:'.
2022-07-19 12:47:01 +02:00
Minghang Chen
249efd4285
Introduce infra-cache-max-rtt option to config max retransmit timeout
...
Added the option and let it default to 120 seconds so that it won't change
current behavior.
Related-to #717
2022-07-16 01:46:18 -07:00
George Thessalonikefs
233cb5c218
- Note in the unbound.conf text that NOTIFY is allowed from the url:
...
addresses for auth and rpz zones.
2022-06-14 17:59:56 +02:00
W.C.A. Wijngaards
e62b309959
- For #677 : Added tls-system-cert to config parser and documentation.
...
- Changelog note for #677 .
2022-05-12 16:30:19 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases ( #604 )
2022-05-06 12:48:53 +02:00
W.C.A. Wijngaards
a0feea393a
- Fix #618 : enabling interface-automatic disables DNS-over-TLS.
...
Adds the option to list interface-automatic-ports.
2022-02-11 10:58:53 +01:00
George Thessalonikefs
32c3bbd249
- Change aggressive-nsec default to yes.
2022-02-02 11:25:08 +01:00
George Thessalonikefs
52283194eb
- Update unbound.conf manpage and example.conf file for ratelimit
...
options.
2022-01-30 01:04:15 +01:00
W.C.A. Wijngaards
2996040c6c
- Add rpz: for-downstream: yesno option, where the RPZ zone is
...
authoritatively answered for, so the RPZ zone contents can be
checked with DNS queries directed at the RPZ zone.
2022-01-14 16:23:43 +01:00
W.C.A. Wijngaards
392c1f0f54
- Fix #596 : unset the RA bit when a query is blocked by an unbound
...
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
signal that a domain is externally blocked to clients when it
is blocked with NXDOMAIN by unsetting RA.
2022-01-04 13:40:07 +01:00
George Thessalonikefs
983c716feb
- Add missing configure flags for optional features in the
...
documentation.
- Fix Unbound capitalization in the documentation.
2021-12-13 12:46:08 +01:00
W.C.A. Wijngaards
ce39d5ad17
- Fix to add example.conf note for outbound-msg-retry.
2021-10-04 09:19:27 +02:00
W.C.A. Wijngaards
89510f4a0c
- Implement RFC8375: Special-Use Domain 'home.arpa.'.
2021-09-27 15:09:01 +02:00