Yorgos Thessalonikefs
33bdf44a04
- Document the suspend argument for process_ds_response().
2024-02-23 14:34:33 +01:00
W.C.A. Wijngaards
ccbe31c21f
- Fix trim of EDE text from large udp responses from spinning cpu.
2024-02-22 16:22:31 +01:00
Yorgos Thessalonikefs
c6746499c1
Changelog entry for #1010 :
...
- Merge #1010 : Mention REFUSED has the TC bit set with unmatched
allow_cookie acl in the manpage. It also fixes the code to match the
documentation about clients with a valid cookie that bypass the
ratelimit regardless of the allow_cookie acl.
2024-02-20 15:33:18 +01:00
Willem Toorop
e1229e375f
Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage ( #1010 )
...
* Mention REFUSED with TC with unmatched allow_cookie acl in manpage
Also moved the part about bypassing ip-ratelimit to the ip-ratelimit
description as it will be bypassed with a valid DNS-Cookie regardless of the
allow_cookie acl.
* Apply suggestions from code review
* Update doc/unbound.conf.5.in
* DNS-Cookies should bypass ip-ratelimit setting
2024-02-20 15:29:34 +01:00
W.C.A. Wijngaards
be27499d39
- These fixes are part of the 1.19.1 release, that is a security
...
point release on 1.19.0, the code repository continues with these
fixes, with version number 1.19.2.
2024-02-13 14:03:30 +01:00
W.C.A. Wijngaards
56a2b564ef
Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c'
2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9
Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae'
2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa
- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to
...
exhaust CPU resources and stall DNS resolvers.
2024-02-13 13:02:08 +01:00
W.C.A. Wijngaards
54d86dd73b
- Fix documentation for access-control in the unbound.conf man page.
2024-02-08 14:36:18 +01:00
Yorgos Thessalonikefs
b496714caa
- autoconf.
2024-02-07 10:51:16 +01:00
Yorgos Thessalonikefs
3f5175584b
- For #1006 : fix logic error introduced by previous fix.
2024-02-07 10:49:28 +01:00
Yorgos Thessalonikefs
11fff226f3
- autoheader, autoconf.
2024-02-07 10:42:39 +01:00
Yorgos Thessalonikefs
93490a0fc1
- Fix #1006 : Can't find protobuf-c package since #999 .
2024-02-07 10:38:52 +01:00
W.C.A. Wijngaards
0585c3e5fd
Autoconf and changelog note for #999
...
- Merge #999 : Search for protobuf-c with pkg-config.
2024-01-30 16:24:41 +01:00
Wouter Wijngaards
0b74f2a007
Merge pull request #999 from NickCao/master
...
Search for protobuf-c with pkg-config
2024-01-30 16:23:43 +01:00
Nick Cao
59d98b9ef6
Search for protobuf-c with pkg-config
2024-01-26 17:52:24 -05:00
Yorgos Thessalonikefs
3522451600
- Update message TTL when using cached RRSETs. It could result in
...
non-expired messages with expired RRSETs (non-usable messages by
Unbound).
2024-01-23 10:10:37 +01:00
Yorgos Thessalonikefs
fe03bacd6c
- Update error printout for duplicate trust anchors to include the
...
trust anchor name (relates to #920 ).
2024-01-22 15:54:36 +01:00
W.C.A. Wijngaards
1f46d5945b
- Fix for #997 : Print details for SSL certificate failure.
2024-01-22 09:40:36 +01:00
W.C.A. Wijngaards
585d73bf7c
For analysis workflow, clean up the script to use OpenSSL Configure
...
without change.
2024-01-17 16:23:18 +01:00
W.C.A. Wijngaards
9e84cebfdb
- workflow for analysis, cleanup of windows compile with msys2 perl.
2024-01-17 16:20:22 +01:00
W.C.A. Wijngaards
d1a2bd67da
- Fix warning for windres on resource files due to redefinition.
2024-01-17 16:19:56 +01:00
W.C.A. Wijngaards
7708429d35
For workflow, set perl interpreter for build.
2024-01-17 15:08:56 +01:00
W.C.A. Wijngaards
6045911d95
- Fix for workflow
2024-01-17 14:58:44 +01:00
W.C.A. Wijngaards
1b212aa073
For workflow, look for pacman.
2024-01-17 14:56:10 +01:00
W.C.A. Wijngaards
4d48166835
For workflow, use msys2 perl.
2024-01-17 14:53:23 +01:00
W.C.A. Wijngaards
437bac370a
In workflow, use strawberry perl to run configure script.
2024-01-17 14:40:57 +01:00
W.C.A. Wijngaards
546062d3a3
For workflow, change path separator.
2024-01-17 14:36:35 +01:00
W.C.A. Wijngaards
576b93c99f
For windows runner, look at perl contents.
2024-01-17 14:30:48 +01:00
W.C.A. Wijngaards
180275c4e0
Fix to install with cpanmin a missing perl module for the windows workflow.
2024-01-17 14:07:57 +01:00
W.C.A. Wijngaards
379e4b68f5
Fix for workflow to install perl module.
2024-01-17 14:03:30 +01:00
W.C.A. Wijngaards
74b4d81992
- Update workflow for ports to use newer openssl on windows compile.
2024-01-17 13:45:59 +01:00
W.C.A. Wijngaards
fea8f0d5fd
Changelog note for #993
...
- Merge #993 : Update b.root-servers.net also in example config file.
2024-01-16 16:44:15 +01:00
Wouter Wijngaards
0e5dab5eaf
Merge pull request #993 from InfrastructureServices/b.root-servers.net-conf
...
Update b.root-servers.net also in example config file
2024-01-16 16:44:02 +01:00
W.C.A. Wijngaards
c550bc154f
- Fix to link with libssp for libcrypto and getaddrinfo check for
...
only header. Also update crosscompile to remove ssp for 32bit.
2024-01-16 16:40:14 +01:00
Petr Mensik
40fcb91206
Update b.root-servers.net also in example config file
...
Addition to commit a8739bad76
, which
updated only address specified in code. But addresses provided in
example configuration were not updated, I think they should be updated
too.
2024-01-16 16:14:13 +01:00
W.C.A. Wijngaards
c8554ff48c
- Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows.
2024-01-15 16:44:27 +01:00
W.C.A. Wijngaards
3d95cef08c
Changelog note for #988 .
...
- Merge #988 : Fix NLnetLabs#981: dump_cache truncates large records.
2024-01-09 08:41:52 +01:00
Wouter Wijngaards
9cd724cf5e
Merge pull request #988 from dyunwei/master
...
Fix NLnetLabs#981: dump_cache truncates large records.
2024-01-09 08:41:30 +01:00
dyunwei
eb7eb5ce68
Fix NLnetLabs#981: dump_cache truncates large records.
2024-01-09 14:17:31 +08:00
W.C.A. Wijngaards
418eeb642c
- Fix unit test for #987 change in udp1xxx retry packet send.
2024-01-05 14:11:55 +01:00
W.C.A. Wijngaards
8ac56d004d
Changelog note for #987
...
- Merge #987 : skip edns frag retry if advertised udp payload size is
not smaller.
2024-01-05 13:47:30 +01:00
Wouter Wijngaards
52a76583c5
Merge pull request #987 from borisVanhoof/skip_edns_frag_retry
...
skip edns frag retry if advertised udp payload size is not smaller
2024-01-05 13:47:15 +01:00
sahnalys12
b1d02cc94f
skip edns frag retry if advertised udp payload size is not smaller
...
If serviced query is in UDP_EDNS_FRAG mode, and EDNS_ADVERTISED_SIZE
is 1232 (the default) or more, then the retry will have the same edns
udp payload size with the same result.
2024-01-05 12:16:23 +01:00
W.C.A. Wijngaards
b9b488b6d3
- Remove unneeded newlines and improve indentation in remote control
...
code.
2024-01-04 17:06:15 +01:00
W.C.A. Wijngaards
9a2d0238a8
- Fix #983 : Sha1 runtime insecure change was incomplete.
2024-01-03 13:33:43 +01:00
W.C.A. Wijngaards
5cc21690eb
Changelog note for #985 .
...
- Merge #985 : Add DoH and DoT to dnstap message.
2024-01-03 10:37:44 +01:00
Wouter Wijngaards
f80f65d58c
Merge pull request #985 from k-akashi/dnstap_dot_doh
...
Add DoH and DoT to dnstap message
2024-01-03 10:36:38 +01:00
W.C.A. Wijngaards
df284fbe65
Changelog note for #979 and #980 .
...
- Merge #980 : DoH: reject non-h2 early. To fix #979 : Improve errors
for non-HTTP/2 DoH clients.
2024-01-03 10:04:06 +01:00