clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,789 Commits 27 Branches 196 Tags 104 MiB
master
Commit Graph

1435 Commits

Author SHA1 Message Date
Yorgos Thessalonikefs
d3fdbba877 - Fix comment to not trigger doxygen unknown command. 2024-09-06 16:03:20 +02:00
W.C.A. Wijngaards
52154e658a - Fix to print port number in logs for auth zone transfer activities. 2024-08-29 13:04:03 +02:00
W.C.A. Wijngaards
6b37309705 - Fix #1130: Loads of logs: "validation failure: key for validation 
<domain>. is marked as invalid because of a previous" for
  non-DNSSEC signed zone.
 2024-08-27 17:00:27 +02:00
W.C.A. Wijngaards
dc274fef9b - Fix documentation for cache_fill_missing function. 2024-08-23 13:19:15 +02:00
W.C.A. Wijngaards
1e0cf1e86b - Merge patch to fix for glue that is outside of zone, with 
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
  Enabling this option protects the Unbound resolver against bad
  glue, that is unverified out of zone glue, by resolving them.
  It uses the records as last resort if there is no other working
  glue.
 2024-08-23 08:56:48 +02:00
W.C.A. Wijngaards
6b3266aaf8 - Fix for char signedness warnings on NetBSD. 2024-08-21 14:15:23 +02:00
W.C.A. Wijngaards
03b511b1a2 - Fix for #1114: Fix that cache fill for forward-host names is 
performed, so that with nonzero target-fetch-policy it fetches
  forwarder addresses and uses them from cache. Also updated that
  delegation point cache fill routines use CDflag for AAAA message
  lookups, so that its negative lookup stops a recursion since the
  cache uses the bit for disambiguation for dns64 but the recursion
  uses CDflag for the AAAA target lookups, so the check correctly
  stops a useless recursion by its cache lookup.
 2024-07-31 11:42:44 +02:00
W.C.A. Wijngaards
6af28bed08 - Fix to document parameters of auth_zone_verify_zonemd_with_key. 2024-07-30 13:47:53 +02:00
W.C.A. Wijngaards
c4541e634b - Fix uninitialized variable warning in create_tcp_accept_sock. 2024-07-23 10:42:36 +02:00
W.C.A. Wijngaards
5bea29b01c - For #1110: Test for fallthrough attribute in configure and add 
fallthrough attribute annotations.
 2024-07-23 09:47:42 +02:00
Yorgos Thessalonikefs
3512eaec48 - Fix #1106: ratelimit-below-domain logs the wrong FROM address. 2024-07-23 09:07:06 +02:00
W.C.A. Wijngaards
8fca3e7c5b - For #1103: Fix to drop mesh state reference for the http2 stream 
associated with the reply, not the currently active stream. And
  it does not remove it twice on a mesh_send_reply call. The reply
  h2_stream is NULL when not in use, for more initialisation.
 2024-07-16 14:23:10 +02:00
W.C.A. Wijngaards
8947c2c764 - For #1103: fix to also drop mesh state reference when the discard 
limit is reached, when there is an error making a new recursion
  state and when the connection is dropped with is_drop.
 2024-07-15 14:51:20 +02:00
W.C.A. Wijngaards
d52f501d90 - For #1103: fix to also drop mesh state reference when a h2 reply is 
dropped.
 2024-07-12 16:41:46 +02:00
W.C.A. Wijngaards
3adb9c8f92 - Fix #1103: unbound 1.20.0 segmentation fault with nghttp2. 2024-07-12 16:11:29 +02:00
W.C.A. Wijngaards
bed7cc2a90 - Fix that validation reason failure that uses string print uses 
separate buffer that is passed, from the scratch validation buffer.
 2024-07-08 15:29:20 +02:00
Yorgos Thessalonikefs
02f4446833 - Don't check for message TTL changes if the RRsets remain the same. 2024-07-05 19:58:19 +02:00
W.C.A. Wijngaards
c8a2289542 - Fix for #1099: Fix to check for deleted RRset when the contents 
is updated and fetched after it is stored, and also check for a
  changed RRset.
 2024-07-05 17:54:46 +02:00
W.C.A. Wijngaards
b53d90053e - Fix #1099: Unbound core dump on SIGSEGV. 2024-07-05 17:18:01 +02:00
W.C.A. Wijngaards
a335e601e4 ipset-pf-support, move startup and destartup to the front of the module 
func block functions, modstack call deinit function names, and detect
module change when no startup functions are needed.
 2024-07-03 13:53:44 +02:00
W.C.A. Wijngaards
65e7253d19 ipset-pf-support, simplification of code. 2024-07-02 09:08:27 +02:00
W.C.A. Wijngaards
ff653a7ef8 Call module init init again, and new function startup and destartup. 
NULL can be used if the function is not used. Open shared ports during
reload. Deinit is called during reload.
 2024-07-01 16:10:07 +02:00
W.C.A. Wijngaards
3953f827fb Merge branch 'master' of https://github.com/madroach/unbound into ipset-pf-support 2024-07-01 14:36:33 +02:00
W.C.A. Wijngaards
7fbc061846 - Fix ip-ratelimit-cookie setting, it was not applied. 2024-06-27 14:51:58 +02:00
Yorgos Thessalonikefs
70f73a33b3 - Explicitly set the RD bit for the mesh query flags when prefetching. 
These queries have no waiting client but they need to be treated as
  recursive.
 2024-06-26 15:51:58 +02:00
W.C.A. Wijngaards
1974732d19 - Fix typos for 'the the' in text. 2024-06-06 09:35:57 +02:00
W.C.A. Wijngaards
4b30e88eec - Fix for #1079: fix RPZ taglist in iterator callback that no client 
info is like no taglist intersection.
 2024-05-30 12:44:26 +02:00
W.C.A. Wijngaards
b6c7ea563f - Fix #1079: tags from tagged rpz zones are no longer honored after 
upgrade from 1.19.3 to 1.20.0.
 2024-05-30 12:11:30 +02:00
Yorgos Thessalonikefs
6f030e9672
Proper parent identification for dynamically entered local zones (#1076) 
- Fix #1059: Intermittent DNS blocking failure with local-zone and
  always_nxdomain. Addition of local_zones dynamically via
  unbound-control was not finding the zone's parent correctly.
 2024-05-24 15:21:40 +02:00
Yorgos Thessalonikefs
3ff5c7a74d
Fix rtt assignement for low values of infra-cache-max-rtt (#1070) 
* Fix rtt assignement for still useful servers when a low value for
  infra-cache-max-rtt is configured.
 2024-05-16 13:42:32 +02:00
W.C.A. Wijngaards
95669855fb - Fix to squelch udp connect errors in the log at low verbosity about 
invalid argument for IPv6 link local addresses.
 2024-05-08 16:40:41 +02:00
W.C.A. Wijngaards
c3206f4568 - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li 
from the Network and Information Security Lab of Tsinghua University
  for reporting it.
 2024-05-01 10:10:58 +02:00
Yorgos Thessalonikefs
63a6b7b255 - Cleanup unnecessary strdup calls for EDE strings. 2024-04-29 10:15:19 +02:00
W.C.A. Wijngaards
8b490b1540 - Fix to disable fragmentation on systems with IP_DONTFRAG, 
with a nonzero value for the socket option argument.
 2024-04-25 12:53:05 +02:00
Yorgos Thessalonikefs
3ec74d1e3a - When a granchild delegation is returned, remove any cached child delegations 
up to parent to not cause delegation invalidation because of an
  expired child delegation that would never be updated. Most likely to
  happen without qname-minimisation. Reported by Roland van Rijswijk-Deij.
 2024-04-22 15:46:06 +02:00
W.C.A. Wijngaards
d47849a26e - Fix cachedb for serve-expired with serve-expired-reply-ttl. 2024-04-10 17:01:57 +02:00
W.C.A. Wijngaards
cccf5e73c0 - Fixup compile without cachedb. 2024-04-10 11:33:52 +02:00
W.C.A. Wijngaards
f3f85e5a11 - Fixup compile without cachedb. 2024-04-10 11:29:10 +02:00
W.C.A. Wijngaards
d55511f1dd - Fixup compile without cachedb. 2024-04-10 11:27:08 +02:00
W.C.A. Wijngaards
d98c7b9ae3 - Implement cachedb-check-when-serve-expired: yes option, default 
is enabled. When serve expired is enabled with cachedb, it first
  checks cachedb before serving the expired response.
 2024-04-10 11:21:28 +02:00
W.C.A. Wijngaards
ba16e41160 - Fix comment syntax for view function views_find_view. 2024-04-05 16:11:29 +02:00
W.C.A. Wijngaards
73bd5a19aa - Fix localdata and rpz localdata to match CNAME only if no direct 
type match is available.
 2024-03-19 10:21:10 +01:00
W.C.A. Wijngaards
fef974ca5c - Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that 
clientip and nsip can give a CNAME.
 2024-03-19 09:32:53 +01:00
W.C.A. Wijngaards
e6b1f9a4c3 - Fix rpz that copies the cname override completely to the temp 
region, so there are no references to the rpz region.
 2024-03-18 13:52:59 +01:00
W.C.A. Wijngaards
39cfc8c1c0 - Fix rpz, it follows iterator CNAMEs for nsip and nsdname and sets 
the reply query_info values, that is better for debug logging.
 2024-03-18 12:45:00 +01:00
W.C.A. Wijngaards
2993437eaa - Fix that addrinfo is not kept around but copied and freed, so that 
log-destaddr uses a copy of the information, much like NSD does.
 2024-03-15 13:39:49 +01:00
W.C.A. Wijngaards
4b54d8e15e - Fix rpz for cname override action after nsdname and nsip triggers. 2024-03-13 17:14:14 +01:00
W.C.A. Wijngaards
afe52595a9 - Fix to unify codepath for local alias for rpz cname action override. 2024-03-13 16:12:48 +01:00
W.C.A. Wijngaards
4f417262e3 - Fix rpz that the rpz override is taken in case of clientip triggers. 
Fix that the clientip passthru action is logged. Fix that the
  clientip localdata action is logged. Fix rpz override action cname
  for the clientip trigger.
 2024-03-13 16:04:58 +01:00
W.C.A. Wijngaards
1db3b38104 - Fix #1029: rpz trigger clientip and action rpz-passthru not working 
as expected.
 2024-03-13 13:45:04 +01:00