clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 22:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,672 Commits 27 Branches 196 Tags 104 MiB
34c063701e
Commit Graph

912 Commits

Author SHA1 Message Date
Ralph Dolmans
9ce7045413 - Fix doxygen issue 
- Fix memory leak
 - IANA ports update
 - merge littlehash ASAN changes
 2019-07-16 19:45:49 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
Ralph Dolmans
395d83cfc8 Procedures to parse RPZ ip address notation. 2019-06-24 16:01:01 +02:00
W.C.A. Wijngaards
ed95b07764 Merge branch 'master' of git://github.com/k9982874/unbound into k9982874-master 2019-06-18 13:52:52 +02:00
W.C.A. Wijngaards
bf2307ca97 - Fix for #24: Fix abort due to scan of auth zone masters using old 
address from previous scan.
 2019-06-17 14:15:36 +02:00
W.C.A. Wijngaards
6067ce6d2b - Fix that fixes the Fix that spoolbuf is not used to store tcp 
pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
 2019-06-11 12:15:43 +02:00
Ralph Dolmans
3021e320dd Only strdup rpz_log_name when configured 2019-06-05 14:26:57 +02:00
Ralph Dolmans
bc83e0b016 fix double free issue 2019-06-04 12:38:44 +02:00
Ralph Dolmans
268580f348 Added RPZ log name and stats 2019-06-03 15:46:39 +02:00
W.C.A. Wijngaards
a03f0a388e - Fix double file close in tcp pipelined response code. 2019-05-27 11:23:41 +02:00
Wouter Wijngaards
0b77c9d676 - Fix that spoolbuf is not used to store tcp pipelined response 
between mesh send and callback end.
 2019-05-24 09:35:38 +02:00
Ralph Dolmans
b0b69321f9 - Added RPZ action overrides 
- Added RPZ policy apply logging
 2019-05-16 22:30:42 +02:00
W.C.A. Wijngaards
a08fe8ca60 - Attempt to fix malformed tcp response. 2019-05-13 15:39:59 +02:00
Kevin Chu
1a48bdebb5 Add support for ipset 2019-05-02 19:43:30 +08:00
Wouter Wijngaards
e60f92ea29
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:41:56 +02:00
Wouter Wijngaards
46b5e96c54
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:41:45 +02:00
Wouter Wijngaards
f5a197f96e
Update services/outside_network.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:45 +02:00
Wouter Wijngaards
196654efec
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:09 +02:00
Wouter Wijngaards
a9c8d00d63
Update services/outside_network.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:04 +02:00
Wouter Wijngaards
5e4cfcc665
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:24:45 +02:00
Wouter Wijngaards
193cb2fcc4
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:23:23 +02:00
Wouter Wijngaards
b57a2f15db
Update services/authzone.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:23:11 +02:00
wtoorop
e19da1b619
Merge pull request #3 from wcawijngaards/features/XoT 
Fixup fd pass.
 2019-04-29 10:44:06 +02:00
W.C.A. Wijngaards
6ce60bcb61 Fixup fd pass. 2019-04-29 10:40:12 +02:00
Wouter Wijngaards
ff026a1f3c
Merge branch 'master' into features/XoT 2019-04-29 10:32:27 +02:00
W.C.A. Wijngaards
af11b54071 Review changes for the XoT branch 
With doc, SSL setup function, and function parameter doc.
 2019-04-29 10:25:19 +02:00
Ralph Dolmans
a7f68865e4 - Make IXFR deletion more robust 2019-04-25 20:00:56 +02:00
Ralph Dolmans
8dac8c00ce - Don't attempt an RPZ delete for unsupported actions 2019-04-25 19:02:17 +02:00
Ralph Dolmans
83bf2fd253 - locking issues 2019-04-25 16:14:39 +02:00
Wouter Wijngaards
2a78803049 - Fix wrong query name in local zone redirect answers with a CNAME, 
the copy of the local alias is in unpacked form.


git-svn-id: file:///svn/unbound/trunk@5175 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-25 14:07:42 +00:00
Ralph Dolmans
46acf0f99d Merge branch 'feature/rpz' of github.com:ralphdolmans/unbound into feature/rpz 2019-04-25 14:47:09 +02:00
Ralph Dolmans
ba67920f9a - IXFR/AXFR support for RPZ 2019-04-25 14:46:45 +02:00
Ralph Dolmans
186c9e8e82
Merge pull request #5 from NLnetLabs/master 
bring fork up to date
 2019-04-25 14:43:02 +02:00
Ralph Dolmans
edf1ad369a - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain 
answers.
 - For harden-below-nxdomain: do not consider a name to be non-exitent when
   message contains a CNAME record.


git-svn-id: file:///svn/unbound/trunk@5174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 15:09:15 +00:00
Wouter Wijngaards
2552a81b40 - Better braces in if statement in TCP fastopen code. 
git-svn-id: file:///svn/unbound/trunk@5160 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-16 12:53:50 +00:00
Wouter Wijngaards
ead84a5a64 Nicer. 
git-svn-id: file:///svn/unbound/trunk@5156 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 13:51:08 +00:00
Wouter Wijngaards
c6369e9ffa - Fix that auth zone fails over to next master for timeout in tcp. 
git-svn-id: file:///svn/unbound/trunk@5155 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 13:41:53 +00:00
Wouter Wijngaards
474afc9016 - Fix that auth zone uses correct network type for sockets for 
SOA serial probes.  This fixes that probes fail because earlier
  probe addresses are unreachable.


git-svn-id: file:///svn/unbound/trunk@5154 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 08:00:33 +00:00
Ralph Dolmans
edcf2ddd12 - Fix locking issue 
- Fixes for compiler warnings
 2019-04-10 11:53:08 +02:00
Wouter Wijngaards
c26fc84945 - verbose information about auth zone lookup process, also lookup 
start, timeout and fail.


git-svn-id: file:///svn/unbound/trunk@5150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 12:42:09 +00:00
Ralph Dolmans
c66e47c372 Initial RPZ commit - now with all files 2019-04-05 17:39:10 +02:00
Ralph Dolmans
9274d2630e Initial RPZ commit 2019-04-05 17:38:43 +02:00
Willem Toorop
92121f7878 Report XoT failure as XoT failure, not https 2019-04-03 12:41:14 +02:00
Wouter Wijngaards
ce8167a3bb - Fix auth-zone NSEC3 response for wildcard nodata answers, 
include the closest encloser in the answer.


git-svn-id: file:///svn/unbound/trunk@5146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-03 06:36:40 +00:00
Wouter Wijngaards
8a0de6b519 - Fix for auth zone nsec3 ent fix for wildcard nodata. 
git-svn-id: file:///svn/unbound/trunk@5144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 14:28:36 +00:00
Wouter Wijngaards
59570b0413 - Fix auth-zone NSEC3 response for empty nonterminals with exact 
match nsec3 records.


git-svn-id: file:///svn/unbound/trunk@5142 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-02 12:21:41 +00:00
Willem Toorop
48ad6477eb AXFR over TLS 
Enable by specifying an auth name, like this:
```
auth-zone:
        name: nlnetlabs.nl
        master: 185.49.140.60#ns.nlnetlabs.nl
```
 2019-03-24 10:43:57 +01:00
Wouter Wijngaards
ce0628ee55 - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482. 
git-svn-id: file:///svn/unbound/trunk@5137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 09:26:06 +00:00
Wouter Wijngaards
bb5251da66 - Add log message, at verbosity 4, that says the query is encrypted 
with TLS, if that is enabled for the query.


git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 08:41:39 +00:00
Wouter Wijngaards
c79a99a577 Fix to account for tabs as well. 
git-svn-id: file:///svn/unbound/trunk@5129 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-28 12:06:04 +00:00
Wouter Wijngaards
a82c0eeece - Print correct module that failed when module-config is wrong. 
git-svn-id: file:///svn/unbound/trunk@5128 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-28 09:56:45 +00:00
Wouter Wijngaards
225534e5ab - Fix #4227: pair event del and add for libevent for tcp_req_info. 
git-svn-id: file:///svn/unbound/trunk@5122 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-25 15:48:27 +00:00
Wouter Wijngaards
62428e17f6 - Fix the error for unknown module in module-config is understandable, 
and explains it was not compiled in and where to see the list.


git-svn-id: file:///svn/unbound/trunk@5119 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-21 09:40:25 +00:00
Wouter Wijngaards
91e863138b - Print query name and IP address when domain rate limit exceeded. 
git-svn-id: file:///svn/unbound/trunk@5117 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 15:53:02 +00:00
Wouter Wijngaards
d1e92a0ebd - Spaces instead of tabs in that log message. 
git-svn-id: file:///svn/unbound/trunk@5116 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 12:32:42 +00:00
Wouter Wijngaards
3949bf2c82 - Print query name with ip_ratelimit exceeded log lines. 
git-svn-id: file:///svn/unbound/trunk@5115 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-18 10:40:41 +00:00
Wouter Wijngaards
cae8361dcd - Fix #4225: clients seem to erroneously receive no answer with 
DNS-over-TLS and qname-minimisation.


git-svn-id: file:///svn/unbound/trunk@5108 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-08 15:05:24 +00:00
Wouter Wijngaards
fe97f25b75 - Fix that log-replies prints the correct name for local-alias 
names, for names that have a CNAME in local-data configuration.
  It logs the original query name, not the target of the CNAME.
- Add local-zone type inform_redirect, which logs like type inform,
  and redirects like type redirect.


git-svn-id: file:///svn/unbound/trunk@5099 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 09:51:27 +00:00
Ralph Dolmans
723845b350 - Fix case in which query timeout can result in marking delegation as 
edns_lame_known.


git-svn-id: file:///svn/unbound/trunk@5089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-30 13:44:19 +00:00
Wouter Wijngaards
ce65cdde71 - no lock when threads disabled in tcp request buffer count. 
git-svn-id: file:///svn/unbound/trunk@5076 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:54:40 +00:00
Wouter Wijngaards
3028fa50a8 - Patch from Florian Obser fixes some compiler warnings: 
include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c



git-svn-id: file:///svn/unbound/trunk@5072 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-24 16:05:00 +00:00
Wouter Wijngaards
649e265d6f - Fix for IXFR fallback to reset counter when IXFR does not timeout. 
git-svn-id: file:///svn/unbound/trunk@5066 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 11:52:17 +00:00
Wouter Wijngaards
55f560a3ca - Fix that auth zone after IXFR fallback tries the same master. 
git-svn-id: file:///svn/unbound/trunk@5053 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:44:09 +00:00
Wouter Wijngaards
51caffb454 - Fix for #4219: secondaries not updated after serial change, unbound 
falls back to AXFR after IXFR gives several timeout failures.


git-svn-id: file:///svn/unbound/trunk@5052 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 15:36:58 +00:00
Wouter Wijngaards
c10712a82b - Fix space calculation for tcp req buffer size. 
git-svn-id: file:///svn/unbound/trunk@5047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 08:27:49 +00:00
Wouter Wijngaards
d81e2c654f - Add stream-wait-size: 4m config option to limit the maximum 
memory used by waiting tcp and tls stream replies.  This avoids
  a denial of service where these replies use up all of the memory.


git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 16:20:14 +00:00
Wouter Wijngaards
be4583ac84 - Fix that multiple dns fragments can be carried in one TLS frame. 
git-svn-id: file:///svn/unbound/trunk@5043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 13:41:13 +00:00
Wouter Wijngaards
19a3907657 - increase mesh max activation count for capsforid long fetches. 
git-svn-id: file:///svn/unbound/trunk@5039 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-17 08:58:09 +00:00
Ralph Dolmans
f30fe71395 - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query 
without EDNS after timeout.


git-svn-id: file:///svn/unbound/trunk@5037 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-16 10:23:13 +00:00
Wouter Wijngaards
ec6f4bab46 comment fixes after review. 
git-svn-id: file:///svn/unbound/trunk@5036 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 13:42:22 +00:00
Wouter Wijngaards
0d2efc3f3f - Review fixes in out of order processing. 
git-svn-id: file:///svn/unbound/trunk@5035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 10:27:00 +00:00
Wouter Wijngaards
bb480068fa - In the out of order processing, reset byte count for (potential) 
partial read.


git-svn-id: file:///svn/unbound/trunk@5034 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-15 09:24:00 +00:00
Wouter Wijngaards
ae9fe1a10e - streamtcp option -a send queries consecutively and prints answers 
as they arrive.
- Fix for out of order processing administration quit cleanup.
- unit test for tcp out of order processing.


git-svn-id: file:///svn/unbound/trunk@5033 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-14 15:52:50 +00:00
Wouter Wijngaards
dd19026e91 - Initial commit for out-of-order processing for TCP and TLS. 
git-svn-id: file:///svn/unbound/trunk@5032 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-11 14:12:27 +00:00
Wouter Wijngaards
42d2c04ae1 - Log query name for looping module errors. 
git-svn-id: file:///svn/unbound/trunk@5031 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-09 13:57:14 +00:00
Wouter Wijngaards
db2557826a - Fix NSEC3 record that is returned in wildcard replies from 
auth-zone zones with NSEC3 and wildcards.


git-svn-id: file:///svn/unbound/trunk@5030 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-08 14:39:31 +00:00
Wouter Wijngaards
90b00dfe57 - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, 
and server tcp fastopen is enabled at compile time.


git-svn-id: file:///svn/unbound/trunk@5026 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-07 09:06:41 +00:00
Wouter Wijngaards
1b72e814e7 - Fixup openssl 1.0.2 compile 
git-svn-id: file:///svn/unbound/trunk@5019 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:36:43 +00:00
Wouter Wijngaards
71b078611f - Fix #4206: support openssl 1.0.2 for TLS hostname verification, 
alongside the 1.1.0 and later support that is already there.


git-svn-id: file:///svn/unbound/trunk@5018 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:27:24 +00:00
Wouter Wijngaards
b23c373f4d - Refuse to start with no ports. 
git-svn-id: file:///svn/unbound/trunk@4997 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 14:26:16 +00:00
Wouter Wijngaards
63dcbe3d75 - Fix chroot auth-zone fix to remove chroot prefix. 
git-svn-id: file:///svn/unbound/trunk@4992 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 08:27:47 +00:00
Wouter Wijngaards
3330d5296c - Fix leak in chroot fix for auth-zone. 
git-svn-id: file:///svn/unbound/trunk@4989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-28 12:37:52 +00:00
Wouter Wijngaards
60da4369a4 - stat count SERVFAIL downstream auth-zone queries for expired zones. 
git-svn-id: file:///svn/unbound/trunk@4984 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:42:59 +00:00
Wouter Wijngaards
b04e84ab9e - auth-zone give SERVFAIL when expired, fallback activates when 
expired, and this is documented in the man page.


git-svn-id: file:///svn/unbound/trunk@4983 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:31:37 +00:00
Wouter Wijngaards
068c52d8f5 - Fix that empty zonefile means the zonefile is not set and not used. 
git-svn-id: file:///svn/unbound/trunk@4973 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:55:18 +00:00
Wouter Wijngaards
692caffe2c - auth zone zonefiles can be in a chroot, the chroot directory 
components are removed before use.


git-svn-id: file:///svn/unbound/trunk@4972 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-22 15:51:09 +00:00
Wouter Wijngaards
069b0b8c90 - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes 
option in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4960 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-19 09:36:27 +00:00
Wouter Wijngaards
23505d30a5 - Fix #4190: Please create a "ANY" deny option, adds the option 
deny-any: yes in unbound.conf.  This responds with an empty message
  to queries of type ANY.


git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:07:37 +00:00
Wouter Wijngaards
2d28fba3bf - Squelch log of failed to tcp initiate after TCP Fastopen failure. 
git-svn-id: file:///svn/unbound/trunk@4937 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-08 13:27:53 +00:00
Wouter Wijngaards
945452bff4 - Squelch EADDRNOTAVAIL errors when the interface goes away, 
this omits 'can't assign requested address' errors unless
  verbosity is set to a high value.


git-svn-id: file:///svn/unbound/trunk@4931 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-05 06:29:05 +00:00
Wouter Wijngaards
d967ceb98b Remove that fix, analyzer is for debug with assertions. 
- Fix clang analyzer for optimize compile analysis.


git-svn-id: file:///svn/unbound/trunk@4929 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-02 12:32:33 +00:00
Wouter Wijngaards
377d5b426a - Add SSL cleanup for tcp timeout. 
git-svn-id: file:///svn/unbound/trunk@4915 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-25 09:01:13 +00:00
Wouter Wijngaards
f82a128909 - Perform TLS SNI indication of the host that is being contacted 
for DNS over TLS service.  It sets the configured tls auth name.
  This is useful for hosts that apart from the DNS over TLS services
  also provide other (web) services.


git-svn-id: file:///svn/unbound/trunk@4914 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-25 08:31:42 +00:00
Wouter Wijngaards
9b6caf5a5b - Fix that with harden-below-nxdomain and qname minisation enabled 
some iterator states for nonresponsive domains can get into a
  state where they waited for an empty list.
- Stop UDP to TCP failover after timeouts that causes the ping count
  to be reset by the TCP time measurement (that exists for TLS),
  because that causes the UDP part to not be measured as timeout.


git-svn-id: file:///svn/unbound/trunk@4912 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-17 11:25:52 +00:00
Wouter Wijngaards
2e9d09b961 - initialize statistics totals for printout. 
- in authzone check that node exists before adding rrset.
	- in unbound-anchor, use readwrite memory BIO.
	- assertion in autotrust that packed rrset is formed correctly.


git-svn-id: file:///svn/unbound/trunk@4903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-13 12:20:41 +00:00
Ralph Dolmans
987c1c97e5 - More explicitly mention the type of ratelimit when applying ip-ratelimit. 
git-svn-id: file:///svn/unbound/trunk@4884 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-04 09:16:07 +00:00
Wouter Wijngaards
27472f1270 better locking. 
git-svn-id: file:///svn/unbound/trunk@4880 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-30 09:21:05 +00:00
Wouter Wijngaards
30a14c2716 - Fix that a local-zone with a local-zone-type that is transparent 
in a view with view-first, makes queries check for answers from the
  local-zones defined outside of views.


git-svn-id: file:///svn/unbound/trunk@4879 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-30 09:06:07 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
George Thessalonikefs
0171d06aa2 - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This 
gives access to reply information for the client's communication
  point when the callback is called before the mesh state (modules).
  Changes to C and Python's inplace_callback signatures were also
  necessary.


git-svn-id: file:///svn/unbound/trunk@4870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-22 10:51:13 +00:00
Wouter Wijngaards
01d8dc2240 - log-local-actions: yes option for unbound.conf that logs all the 
local zone actions, a patch from Saksham Manchanda (Secure64).


git-svn-id: file:///svn/unbound/trunk@4864 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 07:10:09 +00:00
Wouter Wijngaards
4fe427ded2 - log-servfail: yes prints log lines that say why queries are 
returning SERVFAIL to clients.


git-svn-id: file:///svn/unbound/trunk@4863 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 15:22:05 +00:00
Wouter Wijngaards
b0daf867c2 and the error looks good. 
git-svn-id: file:///svn/unbound/trunk@4860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 14:17:48 +00:00
Wouter Wijngaards
8385c462ed - print servfail info to log as error. 
git-svn-id: file:///svn/unbound/trunk@4859 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 13:29:27 +00:00
Wouter Wijngaards
1958d9fbd5 - Fix segfault in auth-zone read and reorder of RRSIGs. 
git-svn-id: file:///svn/unbound/trunk@4853 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-15 09:26:13 +00:00
Wouter Wijngaards
efe5c8e6be - Fix #4144: dns64 module caches wrong (negative) information. 
git-svn-id: file:///svn/unbound/trunk@4850 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-10 08:03:17 +00:00
Wouter Wijngaards
586b811b87 - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). 
This limits the number of simultaneous TCP client connections
  from a nominated netblock.
And a simple test for TCP connection limit.


git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 11:57:42 +00:00
George Thessalonikefs
749d1b9ebc - Expose if a query (or a subquery) was ratelimited (not src IP 
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Tidy pylib tests.


git-svn-id: file:///svn/unbound/trunk@4828 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 14:00:46 +00:00
Wouter Wijngaards
62f69f9b40 - Fix to remove systemd sockaddr function check, that is not 
always present.  Make socket activation more lenient.  But not
  different when socket activation is not used.


git-svn-id: file:///svn/unbound/trunk@4824 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-01 13:49:27 +00:00
Wouter Wijngaards
cc538f4f9f - Please doxygen so it passes. 
git-svn-id: file:///svn/unbound/trunk@4813 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 08:10:20 +00:00
Wouter Wijngaards
b7abbd1d72 - Fix mesh.c incompatible pointer pass. 
- yacc and lex.


git-svn-id: file:///svn/unbound/trunk@4808 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:23:58 +00:00
Wouter Wijngaards
3dbdde7fed - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options 
and implement option in client responses.


git-svn-id: file:///svn/unbound/trunk@4804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:18:34 +00:00
Wouter Wijngaards
007123ee2c - Sort out test runs when the build directory isn't the project 
root directory.
- Add config tcp-idle-timeout (default 30s). This applies to
  client connections only; the timeout on TCP connections upstream
  is unaffected.


git-svn-id: file:///svn/unbound/trunk@4802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:15:12 +00:00
Wouter Wijngaards
f8e585f308 nicer code, in function. 
git-svn-id: file:///svn/unbound/trunk@4790 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 15:07:09 +00:00
Wouter Wijngaards
5bda4f9822 Fixup cache size test for msg cache. 
git-svn-id: file:///svn/unbound/trunk@4789 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:56:02 +00:00
Wouter Wijngaards
d2d7b987fa brackets added. 
git-svn-id: file:///svn/unbound/trunk@4788 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:44:20 +00:00
Wouter Wijngaards
7579216922 - Resize ratelimit and ip-ratelimit caches if changed on reload. 
git-svn-id: file:///svn/unbound/trunk@4787 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:42:38 +00:00
Wouter Wijngaards
330c6e1cb0 - Fix that ratelimit and ip-ratelimit are applied after reload of 
git-svn-id: file:///svn/unbound/trunk@4786 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-17 14:27:44 +00:00
Wouter Wijngaards
cabc120f22 for outgoing UDP sockets. 
git-svn-id: file:///svn/unbound/trunk@4782 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-16 10:30:44 +00:00
Wouter Wijngaards
c96c2d8a45 - Squelch can't bind socket errors with Permission denied unless 
verbosity is 4 or higher, for UDP sockets.


git-svn-id: file:///svn/unbound/trunk@4781 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-16 10:27:12 +00:00
Wouter Wijngaards
4bf9d12419 - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more 
easily changed to adjust default rtt assumptions.


git-svn-id: file:///svn/unbound/trunk@4779 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-12 14:15:03 +00:00
Wouter Wijngaards
f93746b1af - Fix to improve systemd socket activation code file descriptor 
assignment.


git-svn-id: file:///svn/unbound/trunk@4778 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-12 10:35:33 +00:00
Wouter Wijngaards
5d298ed474 - Fix permission denied printed for auth zone probe random port nrs. 
git-svn-id: file:///svn/unbound/trunk@4769 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-03 13:58:49 +00:00
Wouter Wijngaards
a31d45b13e - Fix that auth-zone master reply with current SOA serial does not 
stop scan of masters for an updated zone.


git-svn-id: file:///svn/unbound/trunk@4755 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-26 13:48:36 +00:00
Wouter Wijngaards
23f475bccc - Tentative fix for permission denied on IPv6 address on FreeBSD. 
git-svn-id: file:///svn/unbound/trunk@4754 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-26 08:01:44 +00:00
Wouter Wijngaards
abff4d1237 - unbound-control auth_zone_transfer _zone_ option starts the probe 
sequence for a master to transfer the zone from and transfers when
  a new zone version is available.


git-svn-id: file:///svn/unbound/trunk@4736 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-15 15:01:31 +00:00
Wouter Wijngaards
12251022ec - #4103: Fix that auth-zone does not insist on SOA record first in 
file for url downloads.


git-svn-id: file:///svn/unbound/trunk@4729 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-14 07:09:01 +00:00
Wouter Wijngaards
23edc18cac - Rename tls-additional-ports to tls-additional-port, because every 
line adds one port.


git-svn-id: file:///svn/unbound/trunk@4721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 08:45:57 +00:00
Wouter Wijngaards
a4a5bfaa2f - Fix crash if ratelimit taken into use with unbound-control 
instead of with unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4711 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-05 07:06:19 +00:00
Wouter Wijngaards
1cadc5d677 - Fix deadlock caused by incoming notify for auth-zone. 
git-svn-id: file:///svn/unbound/trunk@4704 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-04 09:01:55 +00:00
Wouter Wijngaards
7509bf208e - Rename additional-tls-port to tls-additional-ports. 
The older name is accepted for backwards compatibility.


git-svn-id: file:///svn/unbound/trunk@4703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-01 08:02:04 +00:00
Wouter Wijngaards
b9607297e9 - For TCP and TLS connections that don't establish, perform address 
update in infra cache, so future selections can exclude them.


git-svn-id: file:///svn/unbound/trunk@4693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-25 06:21:39 +00:00
Wouter Wijngaards
8b209f8f68 - Fix mesh state assertion failure due to callback removal. 
git-svn-id: file:///svn/unbound/trunk@4681 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-07 11:29:12 +00:00
Wouter Wijngaards
6fefbb4115 - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 
git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-02 06:36:02 +00:00
Ralph Dolmans
d97a635084 - Fix memory leak when caching wildcard records for aggressive NSEC use 
git-svn-id: file:///svn/unbound/trunk@4662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-25 13:13:05 +00:00
Ralph Dolmans
4d06c36342 - Added root-key-sentinel support 
git-svn-id: file:///svn/unbound/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
Wouter Wijngaards
ea6266f736 - list_auth_zones unbound-control command. 
git-svn-id: file:///svn/unbound/trunk@4650 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 14:42:30 +00:00
Wouter Wijngaards
deea985a20 - Attempt for auth zone fix; add of callback in mesh gets from 
callback does not skip callback of result.


git-svn-id: file:///svn/unbound/trunk@4647 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 12:51:00 +00:00
Wouter Wijngaards
0d18256828 - Fix sldns parse failure for CDS alternate delete syntax empty hex. 
git-svn-id: file:///svn/unbound/trunk@4646 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 10:35:35 +00:00
Wouter Wijngaards
abe18e41bc - auth zone http download stores exact copy of downloaded file, 
including comments in the file.


git-svn-id: file:///svn/unbound/trunk@4645 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-23 10:13:50 +00:00
Wouter Wijngaards
2e70e3a0d3 - Delete auth zone when removed from config. 
git-svn-id: file:///svn/unbound/trunk@4642 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 14:40:07 +00:00
Wouter Wijngaards
7ff459af13 - Fix #4091: Fix that reload of auth-zone does not merge the zonefile 
with the previous contents.


git-svn-id: file:///svn/unbound/trunk@4641 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 14:15:34 +00:00
Wouter Wijngaards
c16a32d2be fix doxygen comments. 
git-svn-id: file:///svn/unbound/trunk@4632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:16:10 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
913de80cbc - Fix auth-zone retry timer to be on schedule with retry timeout, 
with backoff.  Also time a refresh at the zone expiry.


git-svn-id: file:///svn/unbound/trunk@4630 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-18 06:43:02 +00:00
Wouter Wijngaards
1b055c6ca7 - allow-notify: config statement for auth-zones. 
git-svn-id: file:///svn/unbound/trunk@4628 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 13:23:35 +00:00
Wouter Wijngaards
630600e70d - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4627 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 12:18:34 +00:00
Wouter Wijngaards
4809fe1b95 - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4626 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 15:10:30 +00:00
Wouter Wijngaards
2d6715878d - auth zone notify work. 
git-svn-id: file:///svn/unbound/trunk@4625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 14:24:57 +00:00
Wouter Wijngaards
4691979679 - Fix auth zone target lookup iterator. 
- notify with prefix


git-svn-id: file:///svn/unbound/trunk@4624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 13:14:24 +00:00