clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,789 Commits 27 Branches 196 Tags 104 MiB
master
Commit Graph

305 Commits

Author SHA1 Message Date
Ralph Dolmans
50b6dc4b81 - Qname minimisation default changed to yes. 
git-svn-id: file:///svn/unbound/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-17 10:33:19 +00:00
Wouter Wijngaards
676644d8e8 - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand. 
git-svn-id: file:///svn/unbound/trunk@4683 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-15 07:30:53 +00:00
Ralph Dolmans
4d06c36342 - Added root-key-sentinel support 
git-svn-id: file:///svn/unbound/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
Wouter Wijngaards
1b055c6ca7 - allow-notify: config statement for auth-zones. 
git-svn-id: file:///svn/unbound/trunk@4628 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 13:23:35 +00:00
Wouter Wijngaards
d41cdb6ce8 - low-rtt and low-rtt-pct in unbound.conf enable the server selection 
of fast servers for some percentage of the time.


git-svn-id: file:///svn/unbound/trunk@4612 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 13:27:28 +00:00
Wouter Wijngaards
6f4451b761 - nitpick fixes in example.conf. 
git-svn-id: file:///svn/unbound/trunk@4603 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 08:30:25 +00:00
Wouter Wijngaards
1d2d33d01a - Create additional tls service interfaces by opening them on other 
portnumbers and listing the portnumbers as additional-tls-port: nr.


git-svn-id: file:///svn/unbound/trunk@4588 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 14:19:02 +00:00
Wouter Wijngaards
e784758a21 - Add --with-libhiredis, unbound support for a new cached backend 
that uses a Redis server as the storage.  This implementation
  depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
  And unbound should be built with both --enable-cachedb and
  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
  should exist).  Patch from Jinmei Tatuya (Infoblox).


git-svn-id: file:///svn/unbound/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 12:33:51 +00:00
Wouter Wijngaards
a48abc2f8b - Fix #3727: Protocol name is TLS, options have been renamed but 
documentation is not consistent.


git-svn-id: file:///svn/unbound/trunk@4578 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-12 12:35:53 +00:00
Wouter Wijngaards
5e6c2e37ca - Added documentation for aggressive-nsec: yes. 
git-svn-id: file:///svn/unbound/trunk@4575 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-12 08:21:44 +00:00
Wouter Wijngaards
ccf1ff8f02 - local-zone noview can be used to break out of the view to the 
global local zone contents, for queries for that zone.


git-svn-id: file:///svn/unbound/trunk@4540 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-19 12:13:23 +00:00
Wouter Wijngaards
54bd1fdd62 - tls-cert-bundle option in unbound.conf enables TLS authentication. 
git-svn-id: file:///svn/unbound/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:09 +00:00
Wouter Wijngaards
d19f3c8c07 - auth zone url config. 
git-svn-id: file:///svn/unbound/trunk@4525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 16:11:27 +00:00
Wouter Wijngaards
a1b7abfb9f - auth-zone provides a way to configure RFC7706 from unbound.conf, 
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
  fallback-enabled: yes and masters or a zonefile with data.


git-svn-id: file:///svn/unbound/trunk@4510 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-05 14:21:46 +00:00
Wouter Wijngaards
4b4b1eec8b - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is 
also recognized and means the same.  Also for tls-port,
  tls-service-key, tls-service-pem, stub-tls-upstream and
  forward-tls-upstream.


git-svn-id: file:///svn/unbound/trunk@4444 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 08:35:44 +00:00
Ralph Dolmans
d918602521 - Fix qname-minimisation documentation (A QTYPE, not NS) 
git-svn-id: file:///svn/unbound/trunk@4419 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-12 09:23:13 +00:00
Wouter Wijngaards
b37bc47eaa - Work on local root zone code. 
git-svn-id: file:///svn/unbound/trunk@4376 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 15:16:31 +00:00
Ralph Dolmans
ac9b95ca0c - Set trust-anchor-signaling default to yes 
git-svn-id: file:///svn/unbound/trunk@4360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 10:17:25 +00:00
Wouter Wijngaards
c49226613b - Fix #1435: Please allow UDP to be disabled separately upstream and 
downstream.


git-svn-id: file:///svn/unbound/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:42:24 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Wouter Wijngaards
08ceb2a737 - Recommend 1472 buffer size in unbound.conf 
git-svn-id: file:///svn/unbound/trunk@4332 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-01 14:54:37 +00:00
Wouter Wijngaards
ae67923bab - Fix #1398: make cachedb secret configurable. 
git-svn-id: file:///svn/unbound/trunk@4295 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-08 09:04:51 +00:00
Wouter Wijngaards
c52c07c086 - Fix #1350: make cachedb backend configurable (from JINMEI Tatuya). 
git-svn-id: file:///svn/unbound/trunk@4275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-17 08:21:19 +00:00
Wouter Wijngaards
c8189d1018 - Fix #1344: RFC6761-reserved domains: test. and invalid. 
git-svn-id: file:///svn/unbound/trunk@4272 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-11 13:27:33 +00:00
George Thessalonikefs
491b0a26e4 - Implemented opportunistic IPsec support module (ipsecmod). 
- Some whitespace fixup.


git-svn-id: file:///svn/unbound/trunk@4158 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 12:39:24 +00:00
Wouter Wijngaards
5febdd39a1 - document trust-anchor-signaling in example config file. 
git-svn-id: file:///svn/unbound/trunk@4157 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 07:50:42 +00:00
Wouter Wijngaards
7c9584e408 - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then 
enabled in the config file from Manu Bretelle.


git-svn-id: file:///svn/unbound/trunk@4065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-20 14:55:31 +00:00
Wouter Wijngaards
52dd15dd87 - Patch for view functionality for local-data-ptr from Björn Ketelaars. 
git-svn-id: file:///svn/unbound/trunk@4063 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-17 08:01:40 +00:00
Wouter Wijngaards
6c456aa15e - Add trustanchor.unbound CH TXT that gets a response with a number 
of TXT RRs with a string like "example.com. 2345 1234" with
  the trust anchors and their keytags.


git-svn-id: file:///svn/unbound/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:17:58 +00:00
Wouter Wijngaards
35ae8ef313 - Patch from Luiz Fernando Softov for Stats Shared Memory. 
- unbound-control stats_shm command prints stats using shared memory,
  which uses less cpu.


git-svn-id: file:///svn/unbound/trunk@4020 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-23 12:05:05 +00:00
Wouter Wijngaards
3a1ffe4c69 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: file:///svn/unbound/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
Wouter Wijngaards
9b4b0de746 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
Wouter Wijngaards
cd7db58ce3 - configure --enable-systemd and lets unbound use systemd sockets if 
you enable use-systemd: yes in unbound.conf.
  Also there are contrib/unbound.socket and contrib/unbound.service:
  systemd files for unbound, install them in /usr/lib/systemd/system.
  Contributed by Sami Kerola and Pavel Odintsov.



git-svn-id: file:///svn/unbound/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-03 13:43:29 +00:00
Wouter Wijngaards
b7a314a7dc - Fix #1170: document that 'inform' local-zone uses local-data. 
git-svn-id: file:///svn/unbound/trunk@3944 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-05 12:59:08 +00:00
Ralph Dolmans
efe248c46a - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: file:///svn/unbound/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
Wouter Wijngaards
680e14cb65 - log-identity: config option to set sys log identity, patch from 
"Robin H. Johnson" <robbat2@gentoo.org>


git-svn-id: file:///svn/unbound/trunk@3917 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 08:51:40 +00:00
Wouter Wijngaards
a9a65800b8 - serve-expired config option: serve expired responses with TTL 0. 
git-svn-id: file:///svn/unbound/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:43:20 +00:00
Wouter Wijngaards
4621d209ca - Fix #1130: whitespace in example.conf.in more consistent. 
git-svn-id: file:///svn/unbound/trunk@3894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-19 07:15:41 +00:00
Ralph Dolmans
9c0944ec1e - Added qname-minimisation-strict config option. 
git-svn-id: file:///svn/unbound/trunk@3878 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-11 11:32:50 +00:00
Ralph Dolmans
b587c7f72d Added views functionality. 
git-svn-id: file:///svn/unbound/trunk@3876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:36:25 +00:00
Wouter Wijngaards
ab4be7357f - nicer ratelimit-below-domain explanation. 
git-svn-id: file:///svn/unbound/trunk@3825 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-26 13:37:30 +00:00
Wouter Wijngaards
3cbc01e51f caps-whitelist entry. 
git-svn-id: file:///svn/unbound/trunk@3818 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-18 07:53:49 +00:00
Wouter Wijngaards
17023457a9 - access-control-tag-data implemented. verbose(4) prints tag debug. 
git-svn-id: file:///svn/unbound/trunk@3811 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-07 10:20:05 +00:00
Wouter Wijngaards
fe80669639 More docs for enabling the netblock option. 
git-svn-id: file:///svn/unbound/trunk@3805 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 15:00:30 +00:00
Wouter Wijngaards
3e54a83820 - Document always_transparent, always_refuse, always_nxdomain types. 
git-svn-id: file:///svn/unbound/trunk@3802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-30 07:36:36 +00:00
Wouter Wijngaards
5d2dc481ef - document directory immediate fix and allow EXECUTABLE syntax in it 
on windows.


git-svn-id: file:///svn/unbound/trunk@3779 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-10 13:37:14 +00:00
Wouter Wijngaards
0e97374466 - access-control-tag-action and access-control-tag-data config 
directives.
- make depend


git-svn-id: file:///svn/unbound/trunk@3759 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 13:47:24 +00:00
Wouter Wijngaards
65bcb9b0ca - local-zone-override config directive. 
git-svn-id: file:///svn/unbound/trunk@3758 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 10:00:25 +00:00
Wouter Wijngaards
44889af074 move define-tags before access-control-tag in example config 
git-svn-id: file:///svn/unbound/trunk@3757 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:53:18 +00:00
Wouter Wijngaards
c6e54c4b1f better example config 
git-svn-id: file:///svn/unbound/trunk@3755 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:41:23 +00:00
Wouter Wijngaards
415fc52b08 - access-control-tag config directive. 
git-svn-id: file:///svn/unbound/trunk@3754 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:33:59 +00:00
Wouter Wijngaards
1618b3c040 - re-documented localzone tags in example.conf. 
git-svn-id: file:///svn/unbound/trunk@3751 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-02 15:07:10 +00:00
Wouter Wijngaards
d98cd61ec9 - un-document localzone tags. 
git-svn-id: file:///svn/unbound/trunk@3747 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-02 12:13:30 +00:00
Wouter Wijngaards
7fcec8102f - disable-dnssec-lame-check config option from Charles Walker. 
git-svn-id: file:///svn/unbound/trunk@3725 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-24 12:17:42 +00:00
Wouter Wijngaards
46d476b0c2 define-tag and local-zone-tag configuration. 
git-svn-id: file:///svn/unbound/trunk@3708 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-21 09:49:02 +00:00
Wouter Wijngaards
a7e6f630d7 - Document permit-small-holddown for 5011 debug. 
git-svn-id: file:///svn/unbound/trunk@3695 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-24 08:10:40 +00:00
Wouter Wijngaards
575fe62425 And documentation. 
git-svn-id: file:///svn/unbound/trunk@3674 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-15 09:42:56 +00:00
Wouter Wijngaards
85de673b6b - ip-transparent option for FreeBSD with IP_BINDANY socket option. 
git-svn-id: file:///svn/unbound/trunk@3623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-15 08:17:54 +00:00
Wouter Wijngaards
785697de82 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: file:///svn/unbound/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
Wouter Wijngaards
5cb0a1d8ed - Support RFC7686: handle ".onion" Special-Use Domain. It is blocked 
by default, and can be unblocked with "nodefault" localzone config.


git-svn-id: file:///svn/unbound/trunk@3593 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 14:02:45 +00:00
Wouter Wijngaards
5d0ad681a2 - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: file:///svn/unbound/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
Wouter Wijngaards
3b0a763367 - Removed unneeded whitespace from example.conf. 
git-svn-id: file:///svn/unbound/trunk@3574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-04 08:01:37 +00:00
Ralph Dolmans
014142d7bf Qname minimisation review fixes 
git-svn-id: file:///svn/unbound/trunk@3561 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 13:14:00 +00:00
Wouter Wijngaards
ac32f19928 - Change example.conf: ftp.internic.net to https://www.internic.net 
git-svn-id: file:///svn/unbound/trunk@3529 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-06 09:00:01 +00:00
Wouter Wijngaards
f24c3229ea - Fix #714: Document config to block private-address for IPv4 
mapped IPv6 addresses.


git-svn-id: file:///svn/unbound/trunk@3513 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-23 07:13:45 +00:00
Wouter Wijngaards
c3a45dde15 - Default for ssl-port is port 853, the temporary port assignment 
for secure domain name system traffic.
  If you used to rely on the older default of port 443, you have
  to put a clause in unbound.conf for that.  The new value is likely
  going to be the standardised port number for this traffic.


git-svn-id: file:///svn/unbound/trunk@3502 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-09 07:55:21 +00:00
Wouter Wijngaards
e65fdc31aa - Change default of harden-algo-downgrade to off. This is lenient 
for algorithm rollover.


git-svn-id: file:///svn/unbound/trunk@3478 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-24 15:05:10 +00:00
Wouter Wijngaards
bc58e8cb15 - Document in the manual more text about configuring locally served 
zones.


git-svn-id: file:///svn/unbound/trunk@3465 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 10:34:29 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
94a6478e05 - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: file:///svn/unbound/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
Wouter Wijngaards
bd89f4e7d5 - documentation proposes ratelimit of 1000 (closer to what upstream 
servers expect from us).


git-svn-id: file:///svn/unbound/trunk@3427 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-21 12:06:41 +00:00
Wouter Wijngaards
b5f391d845 - DLV is going to be decommissioned. Advice to stop using it, and 
put text in the example configuration and man page to that effect.


git-svn-id: file:///svn/unbound/trunk@3424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-20 06:24:06 +00:00
Wouter Wijngaards
f03d3b870e - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: file:///svn/unbound/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
Wouter Wijngaards
628ff05285 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: file:///svn/unbound/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
Wouter Wijngaards
e25ac1c2eb - Add local-zone type inform_deny, that logs query and drops answer. 
git-svn-id: file:///svn/unbound/trunk@3398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 08:23:06 +00:00
Wouter Wijngaards
e30a90febc - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
Wouter Wijngaards
77088b12ff - Add ip-transparent config option for bind to non-local addresses. 
git-svn-id: file:///svn/unbound/trunk@3369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-19 09:50:35 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
29db65b4a8 - Fix #643: doc/example.conf.in: unnecessary whitespace. 
git-svn-id: file:///svn/unbound/trunk@3335 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-13 11:02:46 +00:00
Wouter Wijngaards
3ef33154e5 - infra-cache-min-rtt patch from Florian Riehm, for expected long 
uplink roundtrip times.


git-svn-id: file:///svn/unbound/trunk@3328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-02 08:46:22 +00:00
Wouter Wijngaards
92e26a89ad - unit test for local unix connection. Documentation and log_addr 
does not inspect port for AF_LOCAL.


git-svn-id: file:///svn/unbound/trunk@3315 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-16 13:11:07 +00:00
Wouter Wijngaards
1b44c9393e - local-zone: example.com inform makes unbound log a message with 
client IP for queries in that zone.  Eg. for finding infected hosts.


git-svn-id: file:///svn/unbound/trunk@3292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-12-09 11:29:17 +00:00
Wouter Wijngaards
04bacd679b - Changes from DNS64: 
strcpy changed to memmove.
  arraybound check fixed from prefix_net/8/4 to prefix_net/8+4.
  allocation of result consistently in the correct region.
  time_t is now used for ttl in unbound (since the patch's version).


git-svn-id: file:///svn/unbound/trunk@3199 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-31 08:00:38 +00:00
Wouter Wijngaards
45022b6add - DNS64 from Viagenie (BSD Licensed), written by Simon Perrault. 
Initial commit of the patch from the FreeBSD base (with its fixes).
  This adds a module (for module-config in unbound.conf) dns64 that
  performs DNS64 processing, see README.DNS64.


git-svn-id: file:///svn/unbound/trunk@3198 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-31 07:15:33 +00:00
Wouter Wijngaards
6fcdb08164 - so-reuseport is available on BSDs(such as FreeBSD 10) and OS/X. 
git-svn-id: file:///svn/unbound/trunk@3153 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-27 14:11:57 +00:00
Wouter Wijngaards
1773696a7e review fixes. 
git-svn-id: file:///svn/unbound/trunk@3134 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-20 11:39:41 +00:00
Wouter Wijngaards
bdc57e5be5 - Feature, unblock-lan-zones: yesno that you can use to make unbound 
perform 10.0.0.0/8 and other reverse lookups normally, for use if
  unbound is running service for localhost on localhost.


git-svn-id: file:///svn/unbound/trunk@3133 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-20 10:38:32 +00:00
Wouter Wijngaards
eab2ccf0a8 - Implement draft-ietf-dnsop-rfc6598-rfc6303-01. 
git-svn-id: file:///svn/unbound/trunk@3129 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-09 14:33:10 +00:00
Wouter Wijngaards
d8e5a83392 - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: file:///svn/unbound/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00
Wouter Wijngaards
60511959ab - so-reuseport: yesno option to distribute queries evenly over 
threads on Linux (Thanks Robert Edmonds).


git-svn-id: file:///svn/unbound/trunk@3049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 11:43:38 +00:00
Wouter Wijngaards
b9efb261da - Fix bug#536: acl_deny_non_local and refuse_non_local added. 
git-svn-id: file:///svn/unbound/trunk@3015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-12 10:08:54 +00:00
Wouter Wijngaards
ff1dbe4fcc - Implement max-udp-size config option, default 4096 (thanks 
Daisuke Higashi).


git-svn-id: file:///svn/unbound/trunk@2893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 11:55:46 +00:00
Wouter Wijngaards
99eb934d97 - Make reverse zones easier by documenting the nodefault statements 
commented-out in the example config file.


git-svn-id: file:///svn/unbound/trunk@2878 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-03-28 13:36:38 +00:00
Wouter Wijngaards
6280983293 - Nicer comments outgoing-port-avoid, thanks Stu (bug #465). 
git-svn-id: file:///svn/unbound/trunk@2752 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-29 07:13:36 +00:00
Wouter Wijngaards
cf147df593 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and 
minimal-responses features.


git-svn-id: file:///svn/unbound/trunk@2658 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-04-10 09:16:39 +00:00
Wouter Wijngaards
1736d8078a - forward-first option. Tries without forward if a query fails. 
Also stub-first option that is similar.


git-svn-id: file:///svn/unbound/trunk@2637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-01 13:16:40 +00:00
Wouter Wijngaards
8f5596f643 ssl_port setting, so that the dnssec-trigger server can be on one host machine. 
git-svn-id: file:///svn/unbound/trunk@2539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-08 10:56:42 +00:00
Wouter Wijngaards
6a918b841f - documentation for new options: ssl-upstream, ssl-service-key and 
ssl-service.pem.


git-svn-id: file:///svn/unbound/trunk@2533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-01 09:44:40 +00:00
Wouter Wijngaards
2479955f9f - lame-ttl and lame-size options no longer exist, it is integrated 
with the host info.  They are ignored (with verbose warning) if
  encountered to keep the config file backwards compatible.



git-svn-id: file:///svn/unbound/trunk@2527 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-27 08:33:02 +00:00
Wouter Wijngaards
05e118b7d5 tcp upstream option. 
git-svn-id: file:///svn/unbound/trunk@2480 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 13:58:40 +00:00
Wouter Wijngaards
a742415b5c version number in example config file. 
git-svn-id: file:///svn/unbound/trunk@2457 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-07-01 07:12:08 +00:00
Wouter Wijngaards
8def9c1043 - log-queries: yesno option, default is no, prints querylog. 
git-svn-id: file:///svn/unbound/trunk@2429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-16 13:15:57 +00:00
Wouter Wijngaards
a11fbf9ca0 - unbound-control has version number in the header, 
UBCT[version]_space_ is the header sent by the client now.
- Unbound control port number is registered with IANA:
  ub-dns-control  8953/tcp    unbound dns nameserver control
  This is the new default for the control-port config setting.


git-svn-id: file:///svn/unbound/trunk@2424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-10 10:11:38 +00:00
Wouter Wijngaards
ca38a8bd55 - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers. 
git-svn-id: file:///svn/unbound/trunk@2414 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 11:20:14 +00:00
Wouter Wijngaards
3922eed584 val-override-date: -1 ignores dates entirely, for NTP usage. 
git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 14:06:46 +00:00
Wouter Wijngaards
04fa474ac3 fix test 
git-svn-id: file:///svn/unbound/trunk@2408 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-29 10:38:59 +00:00
Wouter Wijngaards
01dd4a3568 - Added explicit note on unbound-anchor usage: 
Please note usage of unbound-anchor root anchor is at your own risk
  and under the terms of our LICENSE (see that file in the source).


git-svn-id: file:///svn/unbound/trunk@2391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-02-15 12:58:37 +00:00
Wouter Wijngaards
dd8e44ac37 - feature typetransparent localzone, does not block other RR types. 
git-svn-id: file:///svn/unbound/trunk@2350 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-02 12:39:33 +00:00
Wouter Wijngaards
78cc3d8ae1 harden-below-nxdomain option taken from draft-vixie-dnsext-resimprove. 
Default off (for now), as some older software that gives nxdomain for ENT
would be incompatible.  But that would only happen in the reverse tree, and
such software (nonDNSSEC) may go out of style, so in the future a default yes
could be possible.



git-svn-id: file:///svn/unbound/trunk@2347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-18 08:49:15 +00:00
Wouter Wijngaards
8c5b3d3c8f - so-sndbuf option for very busy servers, a bit like so-rcvbuf. 
git-svn-id: file:///svn/unbound/trunk@2344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-15 14:30:34 +00:00
Wouter Wijngaards
b7f7a772fb unbound-anchor work, -P option and test tpkg. 
git-svn-id: file:///svn/unbound/trunk@2259 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-28 12:30:38 +00:00
Wouter Wijngaards
9f44640fa7 - bug#329: in example.conf show correct ipv4 link-local 169.254/16. 
git-svn-id: file:///svn/unbound/trunk@2244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-24 07:04:37 +00:00
Wouter Wijngaards
7b406bc70a - example.conf notes how to do DNSSEC validation and track the root. 
git-svn-id: file:///svn/unbound/trunk@2220 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-19 19:16:03 +00:00
Wouter Wijngaards
67c16277ee - Changed the defaults for num-queries-per-thread/outgoing-range. 
For builtin-select: 512/960, for libevent 1024/4096 and for
         windows 24/48 (because of win api).  This makes the ratio this way
         to improve resilience under heavy load.  For high performance, use
         libevent and possibly higher numbers.


git-svn-id: file:///svn/unbound/trunk@2191 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-12 13:59:39 +00:00
Wouter Wijngaards
e3d6aaf697 Various documentation fixes. 
git-svn-id: file:///svn/unbound/trunk@2038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-15 13:42:55 +00:00
Wouter Wijngaards
bcd1ac7599 prefetch-key feature. 
git-svn-id: file:///svn/unbound/trunk@1956 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-13 13:33:18 +00:00
Wouter Wijngaards
43d228c5bc Doc fix and work on prefetch feature. 
git-svn-id: file:///svn/unbound/trunk@1951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-07 14:38:18 +00:00
Wouter Wijngaards
d11d56b0b3 Documentation nicer. 
Stronger crypto by default for unbound-control.


git-svn-id: file:///svn/unbound/trunk@1950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-06 14:48:44 +00:00
Wouter Wijngaards
9a9d6bdf0c Review comments, tag changelog entry. 
git-svn-id: file:///svn/unbound/trunk@1942 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-17 08:58:51 +00:00
Wouter Wijngaards
c88952d4e0 Specify port number in interface lines. 
git-svn-id: file:///svn/unbound/trunk@1930 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-08 16:31:56 +00:00
Wouter Wijngaards
83cf9d20c8 noted multiple autotrust lines needed in example.conf 
git-svn-id: file:///svn/unbound/trunk@1910 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-17 09:43:09 +00:00
Wouter Wijngaards
5b66f07e38 edns-buffer-size option. 
git-svn-id: file:///svn/unbound/trunk@1881 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-29 10:37:44 +00:00
Wouter Wijngaards
d59a8baec2 so-rcvbuf option. 
git-svn-id: file:///svn/unbound/trunk@1851 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-25 08:54:50 +00:00
Wouter Wijngaards
7d90b75ce8 autotrust options 
git-svn-id: file:///svn/unbound/trunk@1776 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 08:46:33 +00:00
Wouter Wijngaards
3251765048 autotrust work 
git-svn-id: file:///svn/unbound/trunk@1758 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-12 15:26:47 +00:00
Wouter Wijngaards
72aa0bad92 Log option for bogus only. 
git-svn-id: file:///svn/unbound/trunk@1734 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-07-20 14:22:29 +00:00
Wouter Wijngaards
8466ac7e7f bug #254, whitespace in example.conf 
git-svn-id: file:///svn/unbound/trunk@1656 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-13 09:49:53 +00:00
Wouter Wijngaards
768c4b2643 min-ttl option and tests for min-ttl and max-ttl. 
git-svn-id: file:///svn/unbound/trunk@1598 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-14 10:10:11 +00:00
Wouter Wijngaards
1e1ac9900a signature clock skew code. 
git-svn-id: file:///svn/unbound/trunk@1590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-06 14:09:33 +00:00
Wouter Wijngaards
7dcca025f4 python work 
git-svn-id: file:///svn/unbound/trunk@1561 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-26 15:47:45 +00:00
Wouter Wijngaards
0799d77798 python contribution from Zdenek Vasicek and Marek Vavrusa (BSD licensed). 
git-svn-id: file:///svn/unbound/trunk@1556 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-25 14:47:47 +00:00
Wouter Wijngaards
97a73402fc inverse trust anchor. 
git-svn-id: file:///svn/unbound/trunk@1533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-18 14:02:46 +00:00
Wouter Wijngaards
afe9d4bb67 more consistency. 
git-svn-id: file:///svn/unbound/trunk@1523 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-12 16:11:11 +00:00
Wouter Wijngaards
23ab46e3a5 new dlv key location 
git-svn-id: file:///svn/unbound/trunk@1493 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-24 10:07:10 +00:00
Wouter Wijngaards
81d095149c nicer text, TODO removed 
git-svn-id: file:///svn/unbound/trunk@1466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-06 12:52:56 +00:00
Wouter Wijngaards
63d3cb7ff4 log-time-ascii option 
git-svn-id: file:///svn/unbound/trunk@1465 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-06 12:51:45 +00:00
Wouter Wijngaards
4eb2bdf2b1 fixup transparent zone answers. 
git-svn-id: file:///svn/unbound/trunk@1409 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-06 13:51:12 +00:00
Wouter Wijngaards
6cebdd2baf unwanted reply threshold like in the draft. 
git-svn-id: file:///svn/unbound/trunk@1321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-22 14:36:46 +00:00
Wouter Wijngaards
83a017d3d1 stub-prime option. 
git-svn-id: file:///svn/unbound/trunk@1319 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-22 12:01:40 +00:00
Wouter Wijngaards
00f301d35f Ask more nameservers if choice is limited. 
Lowered bogus-ttl to help validation-failure recovery times.



git-svn-id: file:///svn/unbound/trunk@1313 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-20 14:24:35 +00:00
Wouter Wijngaards
3dc4715109 doc updates 
git-svn-id: file:///svn/unbound/trunk@1304 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-15 11:16:54 +00:00
Wouter Wijngaards
351ef6e252 Option for DOS protection on slower links. 
git-svn-id: file:///svn/unbound/trunk@1282 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-06 09:28:50 +00:00
Wouter Wijngaards
896e4fea2a local data PTR shorthand. 
git-svn-id: file:///svn/unbound/trunk@1277 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-30 15:04:32 +00:00
Wouter Wijngaards
f0b77ed022 extended stats option. 
git-svn-id: file:///svn/unbound/trunk@1238 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-16 09:08:45 +00:00
Wouter Wijngaards
9157324788 proto spec. 
git-svn-id: file:///svn/unbound/trunk@1233 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-12 12:09:00 +00:00
Wouter Wijngaards
af57e5163d control channel security. 
git-svn-id: file:///svn/unbound/trunk@1229 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-11 14:14:12 +00:00
Wouter Wijngaards
121cb15d67 remote control setup, port binding and service. 
git-svn-id: file:///svn/unbound/trunk@1227 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-10 15:23:01 +00:00
Wouter Wijngaards
ff1a7ec42e private address and private domain config option read and store. 
git-svn-id: file:///svn/unbound/trunk@1223 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-03 14:40:09 +00:00
Wouter Wijngaards
01cabbebc1 do not allow cache snooping by default. 
git-svn-id: file:///svn/unbound/trunk@1220 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-01 13:48:24 +00:00
Wouter Wijngaards
a66e16cb31 new NS queries is not an option (off by default). 
git-svn-id: file:///svn/unbound/trunk@1219 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-29 14:46:08 +00:00
Wouter Wijngaards
21cd9936d8 dlv negative cache size option. 
git-svn-id: file:///svn/unbound/trunk@1213 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-27 13:02:22 +00:00
Wouter Wijngaards
e474ca2619 bug #199. 
git-svn-id: file:///svn/unbound/trunk@1212 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-27 11:29:46 +00:00
Wouter Wijngaards
080d9d6540 - ldns snapshot r2699 taken (includes DLV type). 
- DLV work, config file element, trust anchor read in.



git-svn-id: file:///svn/unbound/trunk@1187 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-13 14:30:35 +00:00
Wouter Wijngaards
4e2ca85842 fix bug #195. 
git-svn-id: file:///svn/unbound/trunk@1155 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-07-17 09:00:38 +00:00
Wouter Wijngaards
423e1a95a8 Bug#183 fixup. 
git-svn-id: file:///svn/unbound/trunk@1114 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-06-09 14:59:29 +00:00