Yorgos Thessalonikefs
6bf2b2ac56
- Fix and add comments in testdata/val_negcache_ttl.rpl.
2024-09-11 12:16:02 +02:00
W.C.A. Wijngaards
5767b0933f
- Add unit test for ttl limit for aggressive nsec.
2024-09-10 10:17:31 +02:00
Loganaden Velvindron
30bf996f39
b.root renumbering ( #1132 )
...
https://b.root-servers.org/news/2023/05/16/new-addresses.html
Worked together with Jaykishan Muktawoa <jay@cyberstorm.mu>
2024-08-30 08:48:31 +02:00
W.C.A. Wijngaards
c06d3646a9
- Unit test for auth zone transfer TLS, and TLS failure.
2024-08-29 10:40:31 +02:00
W.C.A. Wijngaards
b5951ce1fa
- Fix that when rpz is applied the message does not get picked up by
...
the validator. That stops validation failures for the message.
2024-08-28 10:51:22 +02:00
W.C.A. Wijngaards
6b37309705
- Fix #1130 : Loads of logs: "validation failure: key for validation
...
<domain>. is marked as invalid because of a previous" for
non-DNSSEC signed zone.
2024-08-27 17:00:27 +02:00
W.C.A. Wijngaards
1e0cf1e86b
- Merge patch to fix for glue that is outside of zone, with
...
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
Enabling this option protects the Unbound resolver against bad
glue, that is unverified out of zone glue, by resolving them.
It uses the records as last resort if there is no other working
glue.
2024-08-23 08:56:48 +02:00
W.C.A. Wijngaards
3d350fa73d
- Add iter-scrub-ns, iter-scrub-cname and max-global-quota
...
configuration options.
2024-08-20 14:08:52 +02:00
W.C.A. Wijngaards
0f2f6025e7
- Fix that alloc stats for forwards and hints are printed, and when
...
alloc stats is enabled, the unit test for unbound control waits for
reloads to complete.
2024-08-02 15:51:40 +02:00
Wouter Wijngaards
ad21dbd1c2
Cookie secret file ( #1090 )
...
* - cookie-secret-file, define struct.
* - cookie-secret-file, add config option, create, read and delete struct.
* - cookie-secret-file, check cookie secrets for cookie validation.
* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
activate_cookie_secret and print_cookie_secrets.
* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
staging cookies get a fresh cookie and spelling in error message.
* - cookie-secret-file, remove unused variable from cookie file unit test.
* Remove unshare and faketime dependencies for cookie_file test; documentation nits.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards
9a6b6765cc
- Fix dnstap test program, cleans up to have clean memory on exit,
...
for tap_data_free, does not delete NULL items. Also it does not try
to free the tail, specifically in the free of the list since that
picked up the next item in the list for its loop causing invalid
free. Added internal unit test to unbound-dnstap-socket for that.
2024-08-01 16:12:04 +02:00
W.C.A. Wijngaards
03b511b1a2
- Fix for #1114 : Fix that cache fill for forward-host names is
...
performed, so that with nonzero target-fetch-policy it fetches
forwarder addresses and uses them from cache. Also updated that
delegation point cache fill routines use CDflag for AAAA message
lookups, so that its negative lookup stops a recursion since the
cache uses the bit for disambiguation for dns64 but the recursion
uses CDflag for the AAAA target lookups, so the check correctly
stops a useless recursion by its cache lookup.
2024-07-31 11:42:44 +02:00
Yorgos Thessalonikefs
7d4d21764a
- Cleanup ede.tdir test.
2024-07-23 20:22:25 +02:00
Yorgos Thessalonikefs
51425b2388
- Add RPZ tag tests in acl_interface.tdir.
2024-07-12 15:38:12 +02:00
W.C.A. Wijngaards
ec2f45c6fd
- Fix to print details about the failure to lookup a DNSKEY record
...
when validation fails due to the missing DNSKEY. Also for key prime
and DS lookups.
2024-07-04 14:51:18 +02:00
W.C.A. Wijngaards
03ac902296
- ipset-pf-support, fix to skip unit test if no pf dev.
2024-07-01 17:11:20 +02:00
W.C.A. Wijngaards
9603924bb4
- Add unit test for validation of repeated use of a DNAME record.
2024-06-07 11:56:19 +02:00
Yorgos Thessalonikefs
f611220eb8
- Skip unbound-dnstap-socket unit test when not compiled with
...
--enable-debug.
2024-06-04 16:59:58 +02:00
Yorgos Thessalonikefs
ac609fcbfc
- Fix memory leak on exit for unbound-dnstap-socket; creates false negatives
...
during testing.
2024-05-31 12:11:17 +02:00
W.C.A. Wijngaards
4b30e88eec
- Fix for #1079 : fix RPZ taglist in iterator callback that no client
...
info is like no taglist intersection.
2024-05-30 12:44:26 +02:00
W.C.A. Wijngaards
b6c7ea563f
- Fix #1079 : tags from tagged rpz zones are no longer honored after
...
upgrade from 1.19.3 to 1.20.0.
2024-05-30 12:11:30 +02:00
W.C.A. Wijngaards
7107d3c9e7
- Fix #1064 : Unbound 1.20 Cachedb broken?
...
Add unit test for validation status commit.
2024-05-24 09:06:48 +02:00
Yorgos Thessalonikefs
7f184c8ca8
Fix unbound-control stdin commands for multi-process Unbounds ( #1069 )
...
- Fix unbound-control commands that read stdin in multi-process
operation (local_zones_remove, local_zones, local_datas_remove,
local_datas, view_local_datas_remove, view_local_datas). They will
be properly distributed to all processes. dump_cache and load_cache
are no longer supported in multi-process operation.
- Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir
now checks both single and multi process/thread operation.
---------
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
2024-05-17 10:25:24 +02:00
Yorgos Thessalonikefs
1048c4a28c
- Add missing common functions to tdir tests.
2024-05-15 11:20:36 +02:00
W.C.A. Wijngaards
c3206f4568
- Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li
...
from the Network and Information Security Lab of Tsinghua University
for reporting it.
2024-05-01 10:10:58 +02:00
W.C.A. Wijngaards
82c0207fa6
- Add unit tests for cachedb and subnet cache expired data.
2024-04-26 13:33:26 +02:00
W.C.A. Wijngaards
7c5e765b3b
- Fix cachedb with serve-expired-client-timeout disabled. The edns
...
subnet module deletes global cache and cachedb cache when it
stores a result, and serve-expired is enabled, so that the global
reply, that is older than the ecs reply, does not return after
the ecs reply expires.
2024-04-26 13:32:15 +02:00
W.C.A. Wijngaards
f456d97a34
- Fix doc unit test for out of directory build.
2024-04-25 17:06:06 +02:00
Yorgos Thessalonikefs
3ec74d1e3a
- When a granchild delegation is returned, remove any cached child delegations
...
up to parent to not cause delegation invalidation because of an
expired child delegation that would never be updated. Most likely to
happen without qname-minimisation. Reported by Roland van Rijswijk-Deij.
2024-04-22 15:46:06 +02:00
W.C.A. Wijngaards
491b56d051
- Fixup cachedb to not refetch when serve-expired-client-timeout is
...
used.
2024-04-12 14:22:18 +02:00
W.C.A. Wijngaards
4d530920e0
- Fixup unit test for cachedb server expired client timeout with
...
a check if response if from upstream or from cachedb.
2024-04-12 11:51:00 +02:00
W.C.A. Wijngaards
08fb9a9209
- Fix cachedb for serve-expired with serve-expired-client-timeout.
2024-04-12 11:26:53 +02:00
W.C.A. Wijngaards
d47849a26e
- Fix cachedb for serve-expired with serve-expired-reply-ttl.
2024-04-10 17:01:57 +02:00
W.C.A. Wijngaards
bd74a32b79
- Extended test for cachedb serve expired.
2024-04-10 13:08:23 +02:00
W.C.A. Wijngaards
b990be88ef
- Add test for cachedb serve expired.
2024-04-10 12:36:21 +02:00
Yorgos Thessalonikefs
708d5229ae
- Merge #1027 : Introduce 'cache-min-negative-ttl' option.
2024-04-05 11:44:37 +02:00
Yorgos Thessalonikefs
fb4a7d65d7
- Fix #369 : dnstap showing extra responses; for client responses
...
right from the cache when replying with expired data or
prefetching.
2024-04-03 15:18:13 +02:00
W.C.A. Wijngaards
238a796e38
- Fix to add unit test for lruhash space that exercises the routines.
2024-03-27 13:33:46 +01:00
W.C.A. Wijngaards
c2b20c585e
- Fix name of unit test for subnet cache response.
2024-03-27 11:43:55 +01:00
W.C.A. Wijngaards
73bd5a19aa
- Fix localdata and rpz localdata to match CNAME only if no direct
...
type match is available.
2024-03-19 10:21:10 +01:00
W.C.A. Wijngaards
fef974ca5c
- Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that
...
clientip and nsip can give a CNAME.
2024-03-19 09:32:53 +01:00
W.C.A. Wijngaards
8dbf46913b
- Fix rpz for qtype CNAME after nameserver trigger.
2024-03-18 14:36:29 +01:00
W.C.A. Wijngaards
e46b188fe8
- Add rpz unit test for nsip action override.
2024-03-18 14:11:43 +01:00
W.C.A. Wijngaards
4b54d8e15e
- Fix rpz for cname override action after nsdname and nsip triggers.
2024-03-13 17:14:14 +01:00
W.C.A. Wijngaards
4f417262e3
- Fix rpz that the rpz override is taken in case of clientip triggers.
...
Fix that the clientip passthru action is logged. Fix that the
clientip localdata action is logged. Fix rpz override action cname
for the clientip trigger.
2024-03-13 16:04:58 +01:00
W.C.A. Wijngaards
1db3b38104
- Fix #1029 : rpz trigger clientip and action rpz-passthru not working
...
as expected.
2024-03-13 13:45:04 +01:00
Yorgos Thessalonikefs
025881d0e9
- Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for
...
negative answers overriding 'cache-min-ttl'.
2024-03-12 11:24:59 +01:00
W.C.A. Wijngaards
320d0a5f1b
- Fix #1021 Inconsistent Behavior with Changing rpz-cname-override
...
and doing a unbound-control reload.
2024-03-11 16:31:58 +01:00
W.C.A. Wijngaards
6568841bb0
- Fix doc test so it ignores but outputs unsupported doxygen options.
2024-03-08 16:43:24 +01:00
W.C.A. Wijngaards
e361f6b284
- Fix qname minimisation for reply with a DNAME for qtype CNAME that
...
answers it.
2024-03-08 16:33:17 +01:00