clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 14:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,618 Commits 27 Branches 196 Tags 104 MiB
15aacbe89b
Commit Graph

331 Commits

Author SHA1 Message Date
Wouter Wijngaards
15aacbe89b code review. 
git-svn-id: file:///svn/unbound/trunk@2688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-18 14:22:29 +00:00
Wouter Wijngaards
06a3f735d7 - The key-cache bad key ttl is now 60 seconds. 
git-svn-id: file:///svn/unbound/trunk@2685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-15 12:25:29 +00:00
Wouter Wijngaards
0a1195f690 - Protect if statements in val_anchor for compilate without locks. 
git-svn-id: file:///svn/unbound/trunk@2670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-16 10:54:52 +00:00
Wouter Wijngaards
2bf79c2e65 - Fix validation of nodata for DS query in NSEC zones, reported by 
Ondrej Mikle.


git-svn-id: file:///svn/unbound/trunk@2662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-02 11:58:27 +00:00
Wouter Wijngaards
773d8e3b84 Fix prefetch and stickyness. 
git-svn-id: file:///svn/unbound/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 11:04:53 +00:00
Wouter Wijngaards
682ff957ed lint and doxygen fixes. 
git-svn-id: file:///svn/unbound/trunk@2631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 10:08:07 +00:00
Wouter Wijngaards
718dcce317 fix race condition. 
git-svn-id: file:///svn/unbound/trunk@2625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 15:03:36 +00:00
Wouter Wijngaards
08835e01ee free unsupported trust anchors. 
git-svn-id: file:///svn/unbound/trunk@2624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:53:45 +00:00
Wouter Wijngaards
d64b14cff9 - unbound-control forward_add, forward_remove, stub_add, stub_remove 
can modify stubs and forwards for running unbound (on mobile computer)
  they can also add and remove domain-insecure for the zone.


git-svn-id: file:///svn/unbound/trunk@2623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:35:28 +00:00
Wouter Wijngaards
c352ee2e85 - workaround for openssl 0.9.8 ecdsa sha2 and evp problem. 
git-svn-id: file:///svn/unbound/trunk@2608 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 16:40:46 +00:00
Wouter Wijngaards
924789d877 - implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This 
implementation is experimental at this time and not recommended
  for use on the public internet (the protocol numbers have not
  been assigned).  Needs recent ldns with --enable-ecdsa.
- fix memory leak in errorcase for DSA signatures.


git-svn-id: file:///svn/unbound/trunk@2606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 13:22:44 +00:00
Wouter Wijngaards
8c2f658cd1 - fix for windows, rename() is not posix compliant on windows. 
git-svn-id: file:///svn/unbound/trunk@2605 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-03 14:56:09 +00:00
Wouter Wijngaards
9c8ac75026 - Fix to write key files completely to a temporary file, and if that 
succeeds, replace the real key file.  So failures leave a useful file.


git-svn-id: file:///svn/unbound/trunk@2590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-19 14:17:22 +00:00
Wouter Wijngaards
2e26ec2d01 - Fix bug where canonical_compare of RRSIG did not downcase the 
signer-name.  This is mostly harmless because RRSIGs do not have
  to be sorted in canonical order, usually.


git-svn-id: file:///svn/unbound/trunk@2586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-17 09:06:18 +00:00
Wouter Wijngaards
6dd2c0467e - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
Wouter Wijngaards
0916e1d0ea - Fix for VU#209659 CVE-2011-4528: Unbound denial of service 
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.


git-svn-id: file:///svn/unbound/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-19 10:55:32 +00:00
Wouter Wijngaards
e0fd0ef80c - Fix to constrain signer_name to be a parent of the lookupname. 
git-svn-id: file:///svn/unbound/trunk@2571 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-13 12:37:47 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
b72d40f3dd - fix various compiler warnings (reported by Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@2497 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 11:35:01 +00:00
Wouter Wijngaards
22290ac234 - Fix validation of . DS query. 
git-svn-id: file:///svn/unbound/trunk@2474 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-17 14:28:32 +00:00
Wouter Wijngaards
7359d84e2f - Fix wildcard expansion no-data reply under an optout NSEC3 zone is 
validated as insecure, reported by Jia Li (lijia@cnnic.cn).


git-svn-id: file:///svn/unbound/trunk@2461 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-07-11 09:03:18 +00:00
Wouter Wijngaards
784d659e91 - Fix TTL of SOA so negative TTL is separately cached from normal TTL. 
git-svn-id: file:///svn/unbound/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 12:34:47 +00:00
Wouter Wijngaards
3922eed584 val-override-date: -1 ignores dates entirely, for NTP usage. 
git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 14:06:46 +00:00
Wouter Wijngaards
b4a089ff0d - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. 
git-svn-id: file:///svn/unbound/trunk@2397 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:48:45 +00:00
Wouter Wijngaards
003658eea0 test and cleanup. 
git-svn-id: file:///svn/unbound/trunk@2360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-22 09:41:38 +00:00
Wouter Wijngaards
daab92e954 - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
Wouter Wijngaards
e9582487d9 Work on validation of multiple algorithms. 
git-svn-id: file:///svn/unbound/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00
Wouter Wijngaards
c4c8a65ff2 - fix validation in this case: CNAME to nodata for co-hosted opt-in 
NSEC3 insecure delegation, was bogus, fixed to be insecure.


git-svn-id: file:///svn/unbound/trunk@2355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-17 10:05:56 +00:00
Wouter Wijngaards
488aee467a - Fix validation failure for parent and child on same server with an 
insecure childzone and a CNAME from parent to child.


git-svn-id: file:///svn/unbound/trunk@2321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-29 13:10:26 +00:00
Wouter Wijngaards
46345c0809 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
Wouter Wijngaards
e399b79baa - DLV has downgrade protection again, because the RFC says so. 
git-svn-id: file:///svn/unbound/trunk@2238 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-17 08:54:16 +00:00
Wouter Wijngaards
aac3c03f72 - Fix reported validation error in out of memory condition. 
git-svn-id: file:///svn/unbound/trunk@2237 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:57:22 +00:00
Wouter Wijngaards
8b274b92aa - Algorithm rollover operational reality intrudes, for trust-anchor, 
5011-store, and DLV-anchor if one key matches it's good enough.


git-svn-id: file:///svn/unbound/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:40:26 +00:00
Wouter Wijngaards
c3f180eebb - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout. 
git-svn-id: file:///svn/unbound/trunk@2233 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-15 07:08:09 +00:00
Wouter Wijngaards
40f8fe2815 add and fix doxygen comments for doxygen-1.7.1. (which reports lots of 
spurious items as well, by the way).


git-svn-id: file:///svn/unbound/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-13 08:41:49 +00:00
Wouter Wijngaards
b701d70147 - Return NXDOMAIN after chain of CNAMEs ends at name-not-found. 
git-svn-id: file:///svn/unbound/trunk@2208 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-05 14:31:52 +00:00
Wouter Wijngaards
ca36fd0110 please lint. 
git-svn-id: file:///svn/unbound/trunk@2206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-04 08:43:38 +00:00
Wouter Wijngaards
4c4671a63f - Fix validation in case a trust anchor enters into a zone with 
unsupported algorithms.


git-svn-id: file:///svn/unbound/trunk@2205 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-04 08:36:27 +00:00
Wouter Wijngaards
6df29c32e4 - iana portlist updated. 
- Fix validation of qtype DNSKEY when a key-cache entry exists but
  no rr-cache entry is used (it expired or prefetch), it then goes
  back up to the DS or trust-anchor to validate the DNSKEY.


git-svn-id: file:///svn/unbound/trunk@2189 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-09 15:00:35 +00:00
Wouter Wijngaards
f042f0dd5d - Neat function prototypes, unshadowed local declarations. 
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
Wouter Wijngaards
518504ff5c Fix 4035 compliance for algorithms from the DS rrset that MUST sign the DNSKEY. 
git-svn-id: file:///svn/unbound/trunk@2172 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-01 12:08:48 +00:00
Wouter Wijngaards
b4b641807b Fix various compiler warnings from the clang llvm compiler. 
git-svn-id: file:///svn/unbound/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-18 12:37:04 +00:00
Wouter Wijngaards
12e20eb5f4 - autotrust anchor file can be initialized with a ZSK key as well. 
git-svn-id: file:///svn/unbound/trunk@2100 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-27 13:00:48 +00:00
Wouter Wijngaards
0720e1a9a1 - Fix chain of trust with CNAME at an intermediate step, for the DS 
processing proof.



git-svn-id: file:///svn/unbound/trunk@2075 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-09 14:28:32 +00:00
Wouter Wijngaards
bec7e7a552 Fix validation of queries with wildcard names (*.example). 
git-svn-id: file:///svn/unbound/trunk@2070 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-08 13:22:29 +00:00
Wouter Wijngaards
77f49a5510 GOST support. 
git-svn-id: file:///svn/unbound/trunk@2065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-06 12:15:19 +00:00
Wouter Wijngaards
11ecb5183b review of NSEC and NSEC3 zones results 
git-svn-id: file:///svn/unbound/trunk@2058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-22 14:40:45 +00:00
Wouter Wijngaards
75565262f7 Fixed random numbers for port, interface and server selection. 
Removed very small bias.
Also some lint fixes.



git-svn-id: file:///svn/unbound/trunk@2049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-18 14:42:22 +00:00
Wouter Wijngaards
cd57530efd includes 
git-svn-id: file:///svn/unbound/trunk@2048 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:50:12 +00:00
Wouter Wijngaards
091050add6 cache verify work for nsec and nsec3. 
git-svn-id: file:///svn/unbound/trunk@2047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:49:18 +00:00