W.C.A. Wijngaards
1e0cf1e86b
- Merge patch to fix for glue that is outside of zone, with
...
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
Enabling this option protects the Unbound resolver against bad
glue, that is unverified out of zone glue, by resolving them.
It uses the records as last resort if there is no other working
glue.
2024-08-23 08:56:48 +02:00
W.C.A. Wijngaards
3d350fa73d
- Add iter-scrub-ns, iter-scrub-cname and max-global-quota
...
configuration options.
2024-08-20 14:08:52 +02:00
W.C.A. Wijngaards
b4519012dc
- Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek,
...
Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv
University and Reichman University).
2024-08-08 09:28:44 +02:00
Yorgos Thessalonikefs
8517f49745
- Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672.
2023-12-06 23:40:01 +01:00
W.C.A. Wijngaards
fdd5f8ff83
- Fix to add EDE text when RRs have been removed due to length.
2023-09-07 14:44:48 +02:00
W.C.A. Wijngaards
63616a5fce
- Fix to move msgparse_rrset_remove_rr code to util/msgparse.c.
2023-09-07 11:29:53 +02:00
W.C.A. Wijngaards
dfc00271d1
- Fix to scrub resource records of type A and AAAA that have an
...
inappropriate size. They are removed from responses.
2023-09-07 11:08:04 +02:00
W.C.A. Wijngaards
8df1e58209
- Add harden-unknown-additional option. Default on and it removes
...
unknown records from the authority section and additional section.
Thanks to Xiang Li, from NISL Lab, Tsinghua University.
2023-01-19 14:59:18 +01:00
W.C.A. Wijngaards
0c07861404
- Fix #441 : Minimal NSEC range not accepted for top level domains.
2021-03-17 14:04:02 +01:00
W.C.A. Wijngaards
ba0f382eee
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
...
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
2020-05-19 10:27:27 +02:00
W.C.A. Wijngaards
f5e06689d1
- Fix Assert Causing DoS in synth_cname(),
...
reported by X41 D-Sec.
2019-12-03 15:10:36 +01:00
Wouter Wijngaards
022d5131b3
Fixup.
...
git-svn-id: file:///svn/unbound/trunk@4965 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-11-21 06:44:24 +00:00
Wouter Wijngaards
7458729d28
- Scrub NS records from NODATA responses as well.
...
git-svn-id: file:///svn/unbound/trunk@4964 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-11-21 06:37:00 +00:00
Wouter Wijngaards
f7e99131b9
- Scrub NS records from NXDOMAIN responses to stop fragmentation
...
poisoning of the cache.
git-svn-id: file:///svn/unbound/trunk@4961 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-11-20 09:44:40 +00:00
Wouter Wijngaards
8dd6efe5ed
- remove unused variable assignment from iterator scrub routine.
...
- check for null in delegation point during iterator refetch
in forward zone.
- neater pointer cast in libunbound context quit routine.
git-svn-id: file:///svn/unbound/trunk@4902 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-09-13 10:36:22 +00:00
Wouter Wijngaards
6cb75924d9
- Fix that DS queries with referral replies are answered straight
...
away, without a repeat query picking the DS from cache.
The correct reply should have been an answer, the reply is fixed
by the scrubber to have the answer in the answer section.
git-svn-id: file:///svn/unbound/trunk@4430 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-02 09:48:22 +00:00
Wouter Wijngaards
c010e93d4a
- Fix to rename internally used types from _t to _type, because _t
...
type names are reserved by POSIX.
- iana portlist update
git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-01-19 10:25:41 +00:00
Wouter Wijngaards
152458c40b
- spelling fixes from Igor Sobrado Delgado.
...
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
2015-11-18 14:11:46 +00:00
Wouter Wijngaards
2d8d820e07
Remove debug print.
...
git-svn-id: file:///svn/unbound/trunk@3532 be551aaa-1e26-0410-a405-d3ace91eadb9
2015-11-16 10:01:47 +00:00
Wouter Wijngaards
7c1131625c
- Fix for lenient accept of reverse order DNAME and CNAME.
...
git-svn-id: file:///svn/unbound/trunk@3530 be551aaa-1e26-0410-a405-d3ace91eadb9
2015-11-16 09:48:51 +00:00
Wouter Wijngaards
0884d263ef
- Fix #677 Fix CNAME corresponding to a DNAME was checked incorrectly
...
and was therefore always synthesized (thanks to Valentin Dietrich).
git-svn-id: file:///svn/unbound/trunk@3434 be551aaa-1e26-0410-a405-d3ace91eadb9
2015-06-22 09:23:43 +00:00
Wouter Wijngaards
b2bdce46be
- rename ldns subdirectory to sldns to avoid name collision.
...
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
2015-03-26 10:21:38 +00:00
Wouter Wijngaards
025f36b169
- Fix scrubber with harden-glue turned off to reject NS (and other
...
not-address) records.
git-svn-id: file:///svn/unbound/trunk@3330 be551aaa-1e26-0410-a405-d3ace91eadb9
2015-02-10 14:01:45 +00:00
Wouter Wijngaards
2b90f38a70
And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings.
...
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
2014-02-07 13:28:39 +00:00
Wouter Wijngaards
d3cbd76546
- Fix sldns to use sldns_ prefix for all ldns_ variables.
...
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
2013-12-03 09:11:16 +00:00
Wouter Wijngaards
29e96e86c9
- separate ldns into core ldns inside ldns/ subdirectory. No more
...
--with-ldns is needed and unbound does not rely on libldns.
git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
2013-10-31 15:09:26 +00:00
Wouter Wijngaards
f1fd2b53eb
- Fix for 2038, with time_t instead of uint32_t.
...
git-svn-id: file:///svn/unbound/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
2013-08-20 12:23:42 +00:00
Wouter Wijngaards
2ad6ee3c72
- Fix resolve of names that use a mix of public and private addresses.
...
git-svn-id: file:///svn/unbound/trunk@2868 be551aaa-1e26-0410-a405-d3ace91eadb9
2013-03-22 09:36:33 +00:00
Wouter Wijngaards
6dd2c0467e
- Fix bug #425 : unbound reports wrong TTL in reply, it reports a TTL
...
that would be permissible by the RFCs but it is not the TTL in the
cache.
git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-01-10 09:42:32 +00:00
Wouter Wijngaards
0916e1d0ea
- Fix for VU#209659 CVE-2011-4528: Unbound denial of service
...
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.
git-svn-id: file:///svn/unbound/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-12-19 10:55:32 +00:00
Wouter Wijngaards
d265c02f69
- Fix that internally, CNAMEs with NXDOMAIN have that as rcode.
...
git-svn-id: file:///svn/unbound/trunk@2478 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-08-22 12:11:54 +00:00
Wouter Wijngaards
17e5bba504
Fix validation of qtype ANY responses with CNAMEs (thanks Cathy Zhang and Luo Ce).
...
git-svn-id: file:///svn/unbound/trunk@2477 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-08-22 12:02:50 +00:00
Wouter Wijngaards
eed924d7be
- Fix remove private address does not throw away entire response.
...
git-svn-id: file:///svn/unbound/trunk@2386 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-01-28 16:11:49 +00:00
Wouter Wijngaards
1bd8583d3f
Force off bit Z.
...
git-svn-id: file:///svn/unbound/trunk@2126 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-06-01 06:48:15 +00:00
Wouter Wijngaards
6ef058f9b0
- Fix AD flag handling, it could in some cases mistakenly copy the AD
...
flag from upstream servers.
git-svn-id: file:///svn/unbound/trunk@2120 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-05-31 07:36:01 +00:00
Wouter Wijngaards
b4b641807b
Fix various compiler warnings from the clang llvm compiler.
...
git-svn-id: file:///svn/unbound/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-05-18 12:37:04 +00:00
Wouter Wijngaards
f12b7a8dd9
- More strict scrubber (Thanks to George Barwood for the idea):
...
NS set must be pertinent to the query (qname subdomain nsname).
git-svn-id: file:///svn/unbound/trunk@2096 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-04-26 13:40:37 +00:00
Wouter Wijngaards
5dcbb54e63
- Fix scrubber bug that potentially let NS records through. Reported
...
by Amanda Constant.
- Also delete potential poison references from additional.
- Fix: no classification of a forwarder as lame, throwaway instead.
git-svn-id: file:///svn/unbound/trunk@1993 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-02-24 13:27:47 +00:00
Wouter Wijngaards
0b04be414e
sun cc warnings
...
git-svn-id: file:///svn/unbound/trunk@1439 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-01-15 10:34:18 +00:00
Wouter Wijngaards
c90fd40a5e
fixes for suncc warnings
...
git-svn-id: file:///svn/unbound/trunk@1438 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-01-15 10:29:17 +00:00
Wouter Wijngaards
3708097870
Fixup decompression for private-name checks.
...
git-svn-id: file:///svn/unbound/trunk@1334 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-11-06 10:59:31 +00:00
Wouter Wijngaards
72904a3366
private-addresses.
...
git-svn-id: file:///svn/unbound/trunk@1224 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-09-04 12:25:15 +00:00
Wouter Wijngaards
82ce090a35
Remove overreaching NSEC rrsets.
...
git-svn-id: file:///svn/unbound/trunk@1207 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-08-26 10:32:46 +00:00
Wouter Wijngaards
4fe0d98ff4
Same scrubber patch to trunk.
...
git-svn-id: file:///svn/unbound/trunk@1181 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-08-07 07:31:05 +00:00
Wouter Wijngaards
283f2a5edb
if multiple CNAME's, use the first.
...
git-svn-id: file:///svn/unbound/trunk@1109 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-06-08 09:27:48 +00:00
Wouter Wijngaards
87700fea40
Enforce presence of query section in reply.
...
git-svn-id: file:///svn/unbound/trunk@1018 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-03-25 14:03:31 +00:00
Wouter Wijngaards
b2710818d4
Faster due to time-sharing.
...
git-svn-id: file:///svn/unbound/trunk@966 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-02-19 13:12:23 +00:00
Wouter Wijngaards
849026931b
move around debug levels.
...
git-svn-id: file:///svn/unbound/trunk@929 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-02-07 09:46:49 +00:00
Wouter Wijngaards
b6d9b4bfcc
CNAME chain marked as NXDOMAIN normalized to unbound preferred format.
...
git-svn-id: file:///svn/unbound/trunk@783 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-11-28 09:13:56 +00:00
Wouter Wijngaards
6f49c2fe55
regional nicer, remove region-allocator.
...
git-svn-id: file:///svn/unbound/trunk@697 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-10-18 20:31:43 +00:00