clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,789 Commits 27 Branches 196 Tags 104 MiB
master
Commit Graph

60 Commits

Author SHA1 Message Date
W.C.A. Wijngaards
1e0cf1e86b - Merge patch to fix for glue that is outside of zone, with 
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
  Enabling this option protects the Unbound resolver against bad
  glue, that is unverified out of zone glue, by resolving them.
  It uses the records as last resort if there is no other working
  glue.
 2024-08-23 08:56:48 +02:00
W.C.A. Wijngaards
3d350fa73d - Add iter-scrub-ns, iter-scrub-cname and max-global-quota 
configuration options.
 2024-08-20 14:08:52 +02:00
W.C.A. Wijngaards
b4519012dc - Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek, 
Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv
  University and Reichman University).
 2024-08-08 09:28:44 +02:00
Yorgos Thessalonikefs
8517f49745 - Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672. 2023-12-06 23:40:01 +01:00
W.C.A. Wijngaards
fdd5f8ff83 - Fix to add EDE text when RRs have been removed due to length. 2023-09-07 14:44:48 +02:00
W.C.A. Wijngaards
63616a5fce - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. 2023-09-07 11:29:53 +02:00
W.C.A. Wijngaards
dfc00271d1 - Fix to scrub resource records of type A and AAAA that have an 
inappropriate size. They are removed from responses.
 2023-09-07 11:08:04 +02:00
W.C.A. Wijngaards
8df1e58209 - Add harden-unknown-additional option. Default on and it removes 
unknown records from the authority section and additional section.
  Thanks to Xiang Li, from NISL Lab, Tsinghua University.
 2023-01-19 14:59:18 +01:00
W.C.A. Wijngaards
0c07861404 - Fix #441: Minimal NSEC range not accepted for top level domains. 2021-03-17 14:04:02 +01:00
W.C.A. Wijngaards
ba0f382eee - CVE-2020-12662 Unbound can be tricked into amplifying an incoming 
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.
 2020-05-19 10:27:27 +02:00
W.C.A. Wijngaards
f5e06689d1 - Fix Assert Causing DoS in synth_cname(), 
reported by X41 D-Sec.
 2019-12-03 15:10:36 +01:00
Wouter Wijngaards
022d5131b3 Fixup. 
git-svn-id: file:///svn/unbound/trunk@4965 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-21 06:44:24 +00:00
Wouter Wijngaards
7458729d28 - Scrub NS records from NODATA responses as well. 
git-svn-id: file:///svn/unbound/trunk@4964 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-21 06:37:00 +00:00
Wouter Wijngaards
f7e99131b9 - Scrub NS records from NXDOMAIN responses to stop fragmentation 
poisoning of the cache.


git-svn-id: file:///svn/unbound/trunk@4961 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-20 09:44:40 +00:00
Wouter Wijngaards
8dd6efe5ed - remove unused variable assignment from iterator scrub routine. 
- check for null in delegation point during iterator refetch
  in forward zone.
- neater pointer cast in libunbound context quit routine.


git-svn-id: file:///svn/unbound/trunk@4902 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 10:36:22 +00:00
Wouter Wijngaards
6cb75924d9 - Fix that DS queries with referral replies are answered straight 
away, without a repeat query picking the DS from cache.
  The correct reply should have been an answer, the reply is fixed
  by the scrubber to have the answer in the answer section.


git-svn-id: file:///svn/unbound/trunk@4430 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 09:48:22 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Wouter Wijngaards
152458c40b - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
Wouter Wijngaards
2d8d820e07 Remove debug print. 
git-svn-id: file:///svn/unbound/trunk@3532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-16 10:01:47 +00:00
Wouter Wijngaards
7c1131625c - Fix for lenient accept of reverse order DNAME and CNAME. 
git-svn-id: file:///svn/unbound/trunk@3530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-16 09:48:51 +00:00
Wouter Wijngaards
0884d263ef - Fix #677 Fix CNAME corresponding to a DNAME was checked incorrectly 
and was therefore always synthesized (thanks to Valentin Dietrich).


git-svn-id: file:///svn/unbound/trunk@3434 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-22 09:23:43 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
025f36b169 - Fix scrubber with harden-glue turned off to reject NS (and other 
not-address) records.


git-svn-id: file:///svn/unbound/trunk@3330 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-10 14:01:45 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
f1fd2b53eb - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: file:///svn/unbound/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
Wouter Wijngaards
2ad6ee3c72 - Fix resolve of names that use a mix of public and private addresses. 
git-svn-id: file:///svn/unbound/trunk@2868 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-03-22 09:36:33 +00:00
Wouter Wijngaards
6dd2c0467e - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
Wouter Wijngaards
0916e1d0ea - Fix for VU#209659 CVE-2011-4528: Unbound denial of service 
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.


git-svn-id: file:///svn/unbound/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-19 10:55:32 +00:00
Wouter Wijngaards
d265c02f69 - Fix that internally, CNAMEs with NXDOMAIN have that as rcode. 
git-svn-id: file:///svn/unbound/trunk@2478 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 12:11:54 +00:00
Wouter Wijngaards
17e5bba504 Fix validation of qtype ANY responses with CNAMEs (thanks Cathy Zhang and Luo Ce). 
git-svn-id: file:///svn/unbound/trunk@2477 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 12:02:50 +00:00
Wouter Wijngaards
eed924d7be - Fix remove private address does not throw away entire response. 
git-svn-id: file:///svn/unbound/trunk@2386 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-01-28 16:11:49 +00:00
Wouter Wijngaards
1bd8583d3f Force off bit Z. 
git-svn-id: file:///svn/unbound/trunk@2126 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-06-01 06:48:15 +00:00
Wouter Wijngaards
6ef058f9b0 - Fix AD flag handling, it could in some cases mistakenly copy the AD 
flag from upstream servers.


git-svn-id: file:///svn/unbound/trunk@2120 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-31 07:36:01 +00:00
Wouter Wijngaards
b4b641807b Fix various compiler warnings from the clang llvm compiler. 
git-svn-id: file:///svn/unbound/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-18 12:37:04 +00:00
Wouter Wijngaards
f12b7a8dd9 - More strict scrubber (Thanks to George Barwood for the idea): 
NS set must be pertinent to the query (qname subdomain nsname).


git-svn-id: file:///svn/unbound/trunk@2096 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-26 13:40:37 +00:00
Wouter Wijngaards
5dcbb54e63 - Fix scrubber bug that potentially let NS records through. Reported 
by Amanda Constant.
        - Also delete potential poison references from additional.
        - Fix: no classification of a forwarder as lame, throwaway instead.


git-svn-id: file:///svn/unbound/trunk@1993 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-24 13:27:47 +00:00
Wouter Wijngaards
0b04be414e sun cc warnings 
git-svn-id: file:///svn/unbound/trunk@1439 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-15 10:34:18 +00:00
Wouter Wijngaards
c90fd40a5e fixes for suncc warnings 
git-svn-id: file:///svn/unbound/trunk@1438 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-15 10:29:17 +00:00
Wouter Wijngaards
3708097870 Fixup decompression for private-name checks. 
git-svn-id: file:///svn/unbound/trunk@1334 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-06 10:59:31 +00:00
Wouter Wijngaards
72904a3366 private-addresses. 
git-svn-id: file:///svn/unbound/trunk@1224 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-04 12:25:15 +00:00
Wouter Wijngaards
82ce090a35 Remove overreaching NSEC rrsets. 
git-svn-id: file:///svn/unbound/trunk@1207 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-26 10:32:46 +00:00
Wouter Wijngaards
4fe0d98ff4 Same scrubber patch to trunk. 
git-svn-id: file:///svn/unbound/trunk@1181 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-08-07 07:31:05 +00:00
Wouter Wijngaards
283f2a5edb if multiple CNAME's, use the first. 
git-svn-id: file:///svn/unbound/trunk@1109 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-06-08 09:27:48 +00:00
Wouter Wijngaards
87700fea40 Enforce presence of query section in reply. 
git-svn-id: file:///svn/unbound/trunk@1018 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-03-25 14:03:31 +00:00
Wouter Wijngaards
b2710818d4 Faster due to time-sharing. 
git-svn-id: file:///svn/unbound/trunk@966 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-19 13:12:23 +00:00
Wouter Wijngaards
849026931b move around debug levels. 
git-svn-id: file:///svn/unbound/trunk@929 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-07 09:46:49 +00:00
Wouter Wijngaards
b6d9b4bfcc CNAME chain marked as NXDOMAIN normalized to unbound preferred format. 
git-svn-id: file:///svn/unbound/trunk@783 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-28 09:13:56 +00:00
Wouter Wijngaards
6f49c2fe55 regional nicer, remove region-allocator. 
git-svn-id: file:///svn/unbound/trunk@697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-18 20:31:43 +00:00