Wouter Wijngaards
15aacbe89b
code review.
...
git-svn-id: file:///svn/unbound/trunk@2688 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-06-18 14:22:29 +00:00
Wouter Wijngaards
06a3f735d7
- The key-cache bad key ttl is now 60 seconds.
...
git-svn-id: file:///svn/unbound/trunk@2685 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-06-15 12:25:29 +00:00
Wouter Wijngaards
0a1195f690
- Protect if statements in val_anchor for compilate without locks.
...
git-svn-id: file:///svn/unbound/trunk@2670 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-05-16 10:54:52 +00:00
Wouter Wijngaards
2bf79c2e65
- Fix validation of nodata for DS query in NSEC zones, reported by
...
Ondrej Mikle.
git-svn-id: file:///svn/unbound/trunk@2662 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-05-02 11:58:27 +00:00
Wouter Wijngaards
773d8e3b84
Fix prefetch and stickyness.
...
git-svn-id: file:///svn/unbound/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-02-16 11:04:53 +00:00
Wouter Wijngaards
682ff957ed
lint and doxygen fixes.
...
git-svn-id: file:///svn/unbound/trunk@2631 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-02-16 10:08:07 +00:00
Wouter Wijngaards
718dcce317
fix race condition.
...
git-svn-id: file:///svn/unbound/trunk@2625 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-02-15 15:03:36 +00:00
Wouter Wijngaards
08835e01ee
free unsupported trust anchors.
...
git-svn-id: file:///svn/unbound/trunk@2624 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-02-15 14:53:45 +00:00
Wouter Wijngaards
d64b14cff9
- unbound-control forward_add, forward_remove, stub_add, stub_remove
...
can modify stubs and forwards for running unbound (on mobile computer)
they can also add and remove domain-insecure for the zone.
git-svn-id: file:///svn/unbound/trunk@2623 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-02-15 14:35:28 +00:00
Wouter Wijngaards
c352ee2e85
- workaround for openssl 0.9.8 ecdsa sha2 and evp problem.
...
git-svn-id: file:///svn/unbound/trunk@2608 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-02-08 16:40:46 +00:00
Wouter Wijngaards
924789d877
- implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This
...
implementation is experimental at this time and not recommended
for use on the public internet (the protocol numbers have not
been assigned). Needs recent ldns with --enable-ecdsa.
- fix memory leak in errorcase for DSA signatures.
git-svn-id: file:///svn/unbound/trunk@2606 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-02-08 13:22:44 +00:00
Wouter Wijngaards
8c2f658cd1
- fix for windows, rename() is not posix compliant on windows.
...
git-svn-id: file:///svn/unbound/trunk@2605 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-02-03 14:56:09 +00:00
Wouter Wijngaards
9c8ac75026
- Fix to write key files completely to a temporary file, and if that
...
succeeds, replace the real key file. So failures leave a useful file.
git-svn-id: file:///svn/unbound/trunk@2590 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-01-19 14:17:22 +00:00
Wouter Wijngaards
2e26ec2d01
- Fix bug where canonical_compare of RRSIG did not downcase the
...
signer-name. This is mostly harmless because RRSIGs do not have
to be sorted in canonical order, usually.
git-svn-id: file:///svn/unbound/trunk@2586 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-01-17 09:06:18 +00:00
Wouter Wijngaards
6dd2c0467e
- Fix bug #425 : unbound reports wrong TTL in reply, it reports a TTL
...
that would be permissible by the RFCs but it is not the TTL in the
cache.
git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-01-10 09:42:32 +00:00
Wouter Wijngaards
0916e1d0ea
- Fix for VU#209659 CVE-2011-4528: Unbound denial of service
...
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.
git-svn-id: file:///svn/unbound/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-12-19 10:55:32 +00:00
Wouter Wijngaards
e0fd0ef80c
- Fix to constrain signer_name to be a parent of the lookupname.
...
git-svn-id: file:///svn/unbound/trunk@2571 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-12-13 12:37:47 +00:00
Wouter Wijngaards
a1c76554a2
- Makefile changed for BSD make compatibility.
...
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-11-10 18:44:06 +00:00
Wouter Wijngaards
b72d40f3dd
- fix various compiler warnings (reported by Paul Wouters).
...
git-svn-id: file:///svn/unbound/trunk@2497 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-09-16 11:35:01 +00:00
Wouter Wijngaards
22290ac234
- Fix validation of . DS query.
...
git-svn-id: file:///svn/unbound/trunk@2474 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-08-17 14:28:32 +00:00
Wouter Wijngaards
7359d84e2f
- Fix wildcard expansion no-data reply under an optout NSEC3 zone is
...
validated as insecure, reported by Jia Li (lijia@cnnic.cn ).
git-svn-id: file:///svn/unbound/trunk@2461 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-07-11 09:03:18 +00:00
Wouter Wijngaards
784d659e91
- Fix TTL of SOA so negative TTL is separately cached from normal TTL.
...
git-svn-id: file:///svn/unbound/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-05-10 12:34:47 +00:00
Wouter Wijngaards
3922eed584
val-override-date: -1 ignores dates entirely, for NTP usage.
...
git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-04-08 14:06:46 +00:00
Wouter Wijngaards
b4a089ff0d
- Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout.
...
git-svn-id: file:///svn/unbound/trunk@2397 be551aaa-1e26-0410-a405-d3ace91eadb9
2011-03-01 12:48:45 +00:00
Wouter Wijngaards
003658eea0
test and cleanup.
...
git-svn-id: file:///svn/unbound/trunk@2360 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-12-22 09:41:38 +00:00
Wouter Wijngaards
daab92e954
- algorithm compromise protection using the algorithms signalled in
...
the DS record. Also, trust anchors, DLV, and RFC5011 receive this,
and thus, if you have multiple algorithms in your trust-anchor-file
then it will now behave different than before. Also, 5011 rollover
for algorithms needs to be double-signature until the old algorithm
is revoked.
git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-12-21 14:19:55 +00:00
Wouter Wijngaards
e9582487d9
Work on validation of multiple algorithms.
...
git-svn-id: file:///svn/unbound/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-12-20 15:58:12 +00:00
Wouter Wijngaards
c4c8a65ff2
- fix validation in this case: CNAME to nodata for co-hosted opt-in
...
NSEC3 insecure delegation, was bogus, fixed to be insecure.
git-svn-id: file:///svn/unbound/trunk@2355 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-12-17 10:05:56 +00:00
Wouter Wijngaards
488aee467a
- Fix validation failure for parent and child on same server with an
...
insecure childzone and a CNAME from parent to child.
git-svn-id: file:///svn/unbound/trunk@2321 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-10-29 13:10:26 +00:00
Wouter Wijngaards
46345c0809
- Fix bug when DLV below a trust-anchor that uses NSEC3 optout where
...
the zone has a secure delegation hosted on the same server did not
verify as secure (it was insecure by mistake).
git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-10-11 12:21:19 +00:00
Wouter Wijngaards
e399b79baa
- DLV has downgrade protection again, because the RFC says so.
...
git-svn-id: file:///svn/unbound/trunk@2238 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-09-17 08:54:16 +00:00
Wouter Wijngaards
aac3c03f72
- Fix reported validation error in out of memory condition.
...
git-svn-id: file:///svn/unbound/trunk@2237 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-09-16 13:57:22 +00:00
Wouter Wijngaards
8b274b92aa
- Algorithm rollover operational reality intrudes, for trust-anchor,
...
5011-store, and DLV-anchor if one key matches it's good enough.
git-svn-id: file:///svn/unbound/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-09-16 13:40:26 +00:00
Wouter Wijngaards
c3f180eebb
- Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
...
git-svn-id: file:///svn/unbound/trunk@2233 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-09-15 07:08:09 +00:00
Wouter Wijngaards
40f8fe2815
add and fix doxygen comments for doxygen-1.7.1. (which reports lots of
...
spurious items as well, by the way).
git-svn-id: file:///svn/unbound/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-08-13 08:41:49 +00:00
Wouter Wijngaards
b701d70147
- Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
...
git-svn-id: file:///svn/unbound/trunk@2208 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-08-05 14:31:52 +00:00
Wouter Wijngaards
ca36fd0110
please lint.
...
git-svn-id: file:///svn/unbound/trunk@2206 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-08-04 08:43:38 +00:00
Wouter Wijngaards
4c4671a63f
- Fix validation in case a trust anchor enters into a zone with
...
unsupported algorithms.
git-svn-id: file:///svn/unbound/trunk@2205 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-08-04 08:36:27 +00:00
Wouter Wijngaards
6df29c32e4
- iana portlist updated.
...
- Fix validation of qtype DNSKEY when a key-cache entry exists but
no rr-cache entry is used (it expired or prefetch), it then goes
back up to the DS or trust-anchor to validate the DNSKEY.
git-svn-id: file:///svn/unbound/trunk@2189 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-07-09 15:00:35 +00:00
Wouter Wijngaards
f042f0dd5d
- Neat function prototypes, unshadowed local declarations.
...
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-07-07 13:13:36 +00:00
Wouter Wijngaards
518504ff5c
Fix 4035 compliance for algorithms from the DS rrset that MUST sign the DNSKEY.
...
git-svn-id: file:///svn/unbound/trunk@2172 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-07-01 12:08:48 +00:00
Wouter Wijngaards
b4b641807b
Fix various compiler warnings from the clang llvm compiler.
...
git-svn-id: file:///svn/unbound/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-05-18 12:37:04 +00:00
Wouter Wijngaards
12e20eb5f4
- autotrust anchor file can be initialized with a ZSK key as well.
...
git-svn-id: file:///svn/unbound/trunk@2100 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-04-27 13:00:48 +00:00
Wouter Wijngaards
0720e1a9a1
- Fix chain of trust with CNAME at an intermediate step, for the DS
...
processing proof.
git-svn-id: file:///svn/unbound/trunk@2075 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-04-09 14:28:32 +00:00
Wouter Wijngaards
bec7e7a552
Fix validation of queries with wildcard names (*.example).
...
git-svn-id: file:///svn/unbound/trunk@2070 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-04-08 13:22:29 +00:00
Wouter Wijngaards
77f49a5510
GOST support.
...
git-svn-id: file:///svn/unbound/trunk@2065 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-04-06 12:15:19 +00:00
Wouter Wijngaards
11ecb5183b
review of NSEC and NSEC3 zones results
...
git-svn-id: file:///svn/unbound/trunk@2058 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-03-22 14:40:45 +00:00
Wouter Wijngaards
75565262f7
Fixed random numbers for port, interface and server selection.
...
Removed very small bias.
Also some lint fixes.
git-svn-id: file:///svn/unbound/trunk@2049 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-03-18 14:42:22 +00:00
Wouter Wijngaards
cd57530efd
includes
...
git-svn-id: file:///svn/unbound/trunk@2048 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-03-17 09:50:12 +00:00
Wouter Wijngaards
091050add6
cache verify work for nsec and nsec3.
...
git-svn-id: file:///svn/unbound/trunk@2047 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-03-17 09:49:18 +00:00