clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 22:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,544 Commits 27 Branches 196 Tags 104 MiB
33bdf44a04
Commit Graph

7544 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yorgos Thessalonikefs
33bdf44a04 - Document the suspend argument for process_ds_response(). 2024-02-23 14:34:33 +01:00
W.C.A. Wijngaards
ccbe31c21f - Fix trim of EDE text from large udp responses from spinning cpu. 2024-02-22 16:22:31 +01:00
Yorgos Thessalonikefs
c6746499c1 Changelog entry for #1010: 
- Merge #1010: Mention REFUSED has the TC bit set with unmatched
  allow_cookie acl in the manpage. It also fixes the code to match the
  documentation about clients with a valid cookie that bypass the
  ratelimit regardless of the allow_cookie acl.
 2024-02-20 15:33:18 +01:00
Willem Toorop
e1229e375f
Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage (#1010) 
* Mention REFUSED with TC with unmatched allow_cookie acl in manpage

Also moved the part about bypassing ip-ratelimit to the ip-ratelimit
description as it will be bypassed with a valid DNS-Cookie regardless of the
allow_cookie acl.

* Apply suggestions from code review

* Update doc/unbound.conf.5.in

* DNS-Cookies should bypass ip-ratelimit setting
 2024-02-20 15:29:34 +01:00
W.C.A. Wijngaards
be27499d39 - These fixes are part of the 1.19.1 release, that is a security 
point release on 1.19.0, the code repository continues with these
  fixes, with version number 1.19.2.
 2024-02-13 14:03:30 +01:00
W.C.A. Wijngaards
56a2b564ef Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c' 2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9 Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae' 2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69 - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. 2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
W.C.A. Wijngaards
54d86dd73b - Fix documentation for access-control in the unbound.conf man page. 2024-02-08 14:36:18 +01:00
Yorgos Thessalonikefs
b496714caa - autoconf. 2024-02-07 10:51:16 +01:00
Yorgos Thessalonikefs
3f5175584b - For #1006: fix logic error introduced by previous fix. 2024-02-07 10:49:28 +01:00
Yorgos Thessalonikefs
11fff226f3 - autoheader, autoconf. 2024-02-07 10:42:39 +01:00
Yorgos Thessalonikefs
93490a0fc1 - Fix #1006: Can't find protobuf-c package since #999. 2024-02-07 10:38:52 +01:00
W.C.A. Wijngaards
0585c3e5fd Autoconf and changelog note for #999 
- Merge #999: Search for protobuf-c with pkg-config.
 2024-01-30 16:24:41 +01:00
Wouter Wijngaards
0b74f2a007
Merge pull request #999 from NickCao/master 
Search for protobuf-c with pkg-config
 2024-01-30 16:23:43 +01:00
Nick Cao
59d98b9ef6
Search for protobuf-c with pkg-config 2024-01-26 17:52:24 -05:00
Yorgos Thessalonikefs
3522451600 - Update message TTL when using cached RRSETs. It could result in 
non-expired messages with expired RRSETs (non-usable messages by
  Unbound).
 2024-01-23 10:10:37 +01:00
Yorgos Thessalonikefs
fe03bacd6c - Update error printout for duplicate trust anchors to include the 
trust anchor name (relates to #920).
 2024-01-22 15:54:36 +01:00
W.C.A. Wijngaards
1f46d5945b - Fix for #997: Print details for SSL certificate failure. 2024-01-22 09:40:36 +01:00
W.C.A. Wijngaards
585d73bf7c For analysis workflow, clean up the script to use OpenSSL Configure 
without change.
 2024-01-17 16:23:18 +01:00
W.C.A. Wijngaards
9e84cebfdb - workflow for analysis, cleanup of windows compile with msys2 perl. 2024-01-17 16:20:22 +01:00
W.C.A. Wijngaards
d1a2bd67da - Fix warning for windres on resource files due to redefinition. 2024-01-17 16:19:56 +01:00
W.C.A. Wijngaards
7708429d35 For workflow, set perl interpreter for build. 2024-01-17 15:08:56 +01:00
W.C.A. Wijngaards
6045911d95 - Fix for workflow 2024-01-17 14:58:44 +01:00
W.C.A. Wijngaards
1b212aa073 For workflow, look for pacman. 2024-01-17 14:56:10 +01:00
W.C.A. Wijngaards
4d48166835 For workflow, use msys2 perl. 2024-01-17 14:53:23 +01:00
W.C.A. Wijngaards
437bac370a In workflow, use strawberry perl to run configure script. 2024-01-17 14:40:57 +01:00
W.C.A. Wijngaards
546062d3a3 For workflow, change path separator. 2024-01-17 14:36:35 +01:00
W.C.A. Wijngaards
576b93c99f For windows runner, look at perl contents. 2024-01-17 14:30:48 +01:00
W.C.A. Wijngaards
180275c4e0 Fix to install with cpanmin a missing perl module for the windows workflow. 2024-01-17 14:07:57 +01:00
W.C.A. Wijngaards
379e4b68f5 Fix for workflow to install perl module. 2024-01-17 14:03:30 +01:00
W.C.A. Wijngaards
74b4d81992 - Update workflow for ports to use newer openssl on windows compile. 2024-01-17 13:45:59 +01:00
W.C.A. Wijngaards
fea8f0d5fd Changelog note for #993 
- Merge #993: Update b.root-servers.net also in example config file.
 2024-01-16 16:44:15 +01:00
Wouter Wijngaards
0e5dab5eaf
Merge pull request #993 from InfrastructureServices/b.root-servers.net-conf 
Update b.root-servers.net also in example config file
 2024-01-16 16:44:02 +01:00
W.C.A. Wijngaards
c550bc154f - Fix to link with libssp for libcrypto and getaddrinfo check for 
only header. Also update crosscompile to remove ssp for 32bit.
 2024-01-16 16:40:14 +01:00
Petr Mensik
40fcb91206 Update b.root-servers.net also in example config file 
Addition to commit a8739bad76, which
updated only address specified in code. But addresses provided in
example configuration were not updated, I think they should be updated
too.
 2024-01-16 16:14:13 +01:00
W.C.A. Wijngaards
c8554ff48c - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows. 2024-01-15 16:44:27 +01:00
W.C.A. Wijngaards
3d95cef08c Changelog note for #988. 
- Merge #988: Fix NLnetLabs#981: dump_cache truncates large records.
 2024-01-09 08:41:52 +01:00
Wouter Wijngaards
9cd724cf5e
Merge pull request #988 from dyunwei/master 
Fix NLnetLabs#981: dump_cache truncates large records.
 2024-01-09 08:41:30 +01:00
dyunwei
eb7eb5ce68 Fix NLnetLabs#981: dump_cache truncates large records. 2024-01-09 14:17:31 +08:00
W.C.A. Wijngaards
418eeb642c - Fix unit test for #987 change in udp1xxx retry packet send. 2024-01-05 14:11:55 +01:00
W.C.A. Wijngaards
8ac56d004d Changelog note for #987 
- Merge #987: skip edns frag retry if advertised udp payload size is
  not smaller.
 2024-01-05 13:47:30 +01:00
Wouter Wijngaards
52a76583c5
Merge pull request #987 from borisVanhoof/skip_edns_frag_retry 
skip edns frag retry if advertised udp payload size is not smaller
 2024-01-05 13:47:15 +01:00
sahnalys12
b1d02cc94f skip edns frag retry if advertised udp payload size is not smaller 
If serviced query is in UDP_EDNS_FRAG mode, and EDNS_ADVERTISED_SIZE
is 1232 (the default) or more, then the retry will have the same edns
udp payload size with the same result.
 2024-01-05 12:16:23 +01:00
W.C.A. Wijngaards
b9b488b6d3 - Remove unneeded newlines and improve indentation in remote control 
code.
 2024-01-04 17:06:15 +01:00
W.C.A. Wijngaards
9a2d0238a8 - Fix #983: Sha1 runtime insecure change was incomplete. 2024-01-03 13:33:43 +01:00
W.C.A. Wijngaards
5cc21690eb Changelog note for #985. 
- Merge #985: Add DoH and DoT to dnstap message.
 2024-01-03 10:37:44 +01:00
Wouter Wijngaards
f80f65d58c
Merge pull request #985 from k-akashi/dnstap_dot_doh 
Add DoH and DoT to dnstap message
 2024-01-03 10:36:38 +01:00
W.C.A. Wijngaards
df284fbe65 Changelog note for #979 and #980. 
- Merge #980: DoH: reject non-h2 early. To fix #979: Improve errors
  for non-HTTP/2 DoH clients.
 2024-01-03 10:04:06 +01:00