W.C.A. Wijngaards
192f1b0e2b
- Fix that when the server truncates the pidfile, it does not follow
...
symbolic links.
2024-03-27 14:07:54 +01:00
W.C.A. Wijngaards
238a796e38
- Fix to add unit test for lruhash space that exercises the routines.
2024-03-27 13:33:46 +01:00
W.C.A. Wijngaards
fe393ac355
- Fix comment in lruhash space function.
2024-03-27 12:30:00 +01:00
W.C.A. Wijngaards
3ea078baf6
- Fix for #1032 , add safeguard to make table space positive.
2024-03-27 11:49:20 +01:00
W.C.A. Wijngaards
eb3e1ae24f
- Fix #1032 : The size of subnet_msg_cache calculation mistake cause
...
memory usage increased beyond expectations.
2024-03-27 11:45:34 +01:00
W.C.A. Wijngaards
c2b20c585e
- Fix name of unit test for subnet cache response.
2024-03-27 11:43:55 +01:00
Yorgos Thessalonikefs
07561964fc
- For #831 : Format text, use exclamation icon and explicit label
...
names.
2024-03-25 22:02:08 +01:00
Yorgos Thessalonikefs
ce8c1ce5b0
Changelog entry for #831
...
- Merge #831 from Pierre4012: Improve Windows NSIS installer
script (setup.nsi).
2024-03-25 16:46:25 +01:00
Pierre4012
ef60dcac31
Improve Windows NSIS installer script (setup.nsi) ( #831 )
...
* Improve Windows NSIS installer script (setup.nsi)
Two improvements of installer script :
- avoid error message when Unbound is running,
- add "DisplayVersion" in registry thus Windows package manager (Winget) can handle Unbound.
* Update setup.nsi ask user to stop unbound service + DisplayVersion in Windows registry
2024-03-25 16:43:49 +01:00
W.C.A. Wijngaards
73bd5a19aa
- Fix localdata and rpz localdata to match CNAME only if no direct
...
type match is available.
2024-03-19 10:21:10 +01:00
W.C.A. Wijngaards
fef974ca5c
- Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that
...
clientip and nsip can give a CNAME.
2024-03-19 09:32:53 +01:00
W.C.A. Wijngaards
8dbf46913b
- Fix rpz for qtype CNAME after nameserver trigger.
2024-03-18 14:36:29 +01:00
W.C.A. Wijngaards
e46b188fe8
- Add rpz unit test for nsip action override.
2024-03-18 14:11:43 +01:00
W.C.A. Wijngaards
e6b1f9a4c3
- Fix rpz that copies the cname override completely to the temp
...
region, so there are no references to the rpz region.
2024-03-18 13:52:59 +01:00
W.C.A. Wijngaards
39cfc8c1c0
- Fix rpz, it follows iterator CNAMEs for nsip and nsdname and sets
...
the reply query_info values, that is better for debug logging.
2024-03-18 12:45:00 +01:00
W.C.A. Wijngaards
79e25e192c
- Fix that rpz CNAME content is limited to the max number of cnames.
2024-03-18 11:25:29 +01:00
Yorgos Thessalonikefs
792089f523
Merge branch 'features/makedist-persist-windir'
2024-03-15 17:22:00 +01:00
Yorgos Thessalonikefs
34636caa2d
- For windows build, persist the openssl and expat directories for
...
repeated builds while debugging.
2024-03-15 16:59:46 +01:00
W.C.A. Wijngaards
2993437eaa
- Fix that addrinfo is not kept around but copied and freed, so that
...
log-destaddr uses a copy of the information, much like NSD does.
2024-03-15 13:39:49 +01:00
W.C.A. Wijngaards
0bcc8c0211
- The code repository continues with version 1.19.4.
2024-03-14 10:33:13 +01:00
W.C.A. Wijngaards
4b54d8e15e
- Fix rpz for cname override action after nsdname and nsip triggers.
2024-03-13 17:14:14 +01:00
W.C.A. Wijngaards
afe52595a9
- Fix to unify codepath for local alias for rpz cname action override.
2024-03-13 16:12:48 +01:00
W.C.A. Wijngaards
4f417262e3
- Fix rpz that the rpz override is taken in case of clientip triggers.
...
Fix that the clientip passthru action is logged. Fix that the
clientip localdata action is logged. Fix rpz override action cname
for the clientip trigger.
2024-03-13 16:04:58 +01:00
W.C.A. Wijngaards
1db3b38104
- Fix #1029 : rpz trigger clientip and action rpz-passthru not working
...
as expected.
2024-03-13 13:45:04 +01:00
Yorgos Thessalonikefs
bc47f50926
Changelog entry for #1028 :
...
- Merge #1028 : Clearer documentation for tcp-idle-timeout and
edns-tcp-keepalive-timeout.
2024-03-12 14:52:57 +01:00
Yorgos Thessalonikefs
e36b5a099c
Clearer documentation for tcp-idle-timeout and edns-tcp-keepalive-timeout ( #1028 )
...
* - Clearer documentation for tcp-idle-timeout and
edns-tcp-keepalive-timeout.
* - Address review comment.
2024-03-12 14:52:00 +01:00
Yorgos Thessalonikefs
025881d0e9
- Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for
...
negative answers overriding 'cache-min-ttl'.
2024-03-12 11:24:59 +01:00
W.C.A. Wijngaards
320d0a5f1b
- Fix #1021 Inconsistent Behavior with Changing rpz-cname-override
...
and doing a unbound-control reload.
2024-03-11 16:31:58 +01:00
W.C.A. Wijngaards
d382210fce
Update doc/Changelog to note the fixes included in 1.19.3rc2.
2024-03-11 12:30:24 +01:00
W.C.A. Wijngaards
7b62767e16
- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
...
like unbound-control-setup.sh has.
2024-03-08 17:18:05 +01:00
W.C.A. Wijngaards
6568841bb0
- Fix doc test so it ignores but outputs unsupported doxygen options.
2024-03-08 16:43:24 +01:00
W.C.A. Wijngaards
e361f6b284
- Fix qname minimisation for reply with a DNAME for qtype CNAME that
...
answers it.
2024-03-08 16:33:17 +01:00
Yorgos Thessalonikefs
53766917ef
- Update doc/unbound.doxygen with 'doxygen -u'. Fixes option
...
deprecation warnings and updates with newer defaults.
2024-03-08 16:13:36 +01:00
W.C.A. Wijngaards
2a255076f5
- Fix validator classification of qtype DNAME for positive and
...
redirection answers, and fix validator signature routine for dealing
with the synthesized CNAME for a DNAME without previously
encountering it and also for when the qtype is DNAME.
2024-03-08 14:10:06 +01:00
W.C.A. Wijngaards
fb080e7853
- Remove unused portion from iter_dname_ttl unit test.
2024-03-08 09:51:37 +01:00
W.C.A. Wijngaards
0818841038
- Fix TTL of synthesized CNAME when a DNAME is used from cache.
2024-03-08 09:47:59 +01:00
W.C.A. Wijngaards
939baebfe7
- Fix unbound-control-setup.cmd to use 3072 bits so that certificates
...
are long enough for newer OpenSSL versions.
2024-03-08 09:07:36 +01:00
W.C.A. Wijngaards
326ba26522
- Version set to 1.19.3 for release. After 1.19.2 point release with
...
security fix for CVE-2024-1931, Denial of service when trimming
EDE text on positive replies. The code repo includes the fix and
is for version 1.19.3.
2024-03-07 11:06:42 +01:00
W.C.A. Wijngaards
ec0b510f1c
- Fix for #1022 : Fix ede prohibited in access control refused answers.
2024-03-05 13:39:29 +01:00
W.C.A. Wijngaards
be626f7c53
- Fix edns subnet replies for scope zero answers to not get stored
...
in the global cache, and in cachedb, when the upstream replies
without an EDNS record.
2024-03-04 13:20:13 +01:00
W.C.A. Wijngaards
3096e4930e
- Move github workflows to use checkoutv4.
2024-02-28 11:44:52 +01:00
Yorgos Thessalonikefs
33bdf44a04
- Document the suspend argument for process_ds_response().
2024-02-23 14:34:33 +01:00
W.C.A. Wijngaards
ccbe31c21f
- Fix trim of EDE text from large udp responses from spinning cpu.
2024-02-22 16:22:31 +01:00
Yorgos Thessalonikefs
c6746499c1
Changelog entry for #1010 :
...
- Merge #1010 : Mention REFUSED has the TC bit set with unmatched
allow_cookie acl in the manpage. It also fixes the code to match the
documentation about clients with a valid cookie that bypass the
ratelimit regardless of the allow_cookie acl.
2024-02-20 15:33:18 +01:00
Willem Toorop
e1229e375f
Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage ( #1010 )
...
* Mention REFUSED with TC with unmatched allow_cookie acl in manpage
Also moved the part about bypassing ip-ratelimit to the ip-ratelimit
description as it will be bypassed with a valid DNS-Cookie regardless of the
allow_cookie acl.
* Apply suggestions from code review
* Update doc/unbound.conf.5.in
* DNS-Cookies should bypass ip-ratelimit setting
2024-02-20 15:29:34 +01:00
W.C.A. Wijngaards
be27499d39
- These fixes are part of the 1.19.1 release, that is a security
...
point release on 1.19.0, the code repository continues with these
fixes, with version number 1.19.2.
2024-02-13 14:03:30 +01:00
W.C.A. Wijngaards
56a2b564ef
Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c'
2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9
Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae'
2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa
- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to
...
exhaust CPU resources and stall DNS resolvers.
2024-02-13 13:02:08 +01:00