W.C.A. Wijngaards
7c5e765b3b
- Fix cachedb with serve-expired-client-timeout disabled. The edns
...
subnet module deletes global cache and cachedb cache when it
stores a result, and serve-expired is enabled, so that the global
reply, that is older than the ecs reply, does not return after
the ecs reply expires.
2024-04-26 13:32:15 +02:00
Wouter Wijngaards
ced9762b14
Merge pull request #1041 from NLnetLabs/stubfwd-unshare
...
Stub and Forward unshare
2024-04-25 11:11:00 +02:00
W.C.A. Wijngaards
cccf5e73c0
- Fixup compile without cachedb.
2024-04-10 11:33:52 +02:00
W.C.A. Wijngaards
f3f85e5a11
- Fixup compile without cachedb.
2024-04-10 11:29:10 +02:00
W.C.A. Wijngaards
d98c7b9ae3
- Implement cachedb-check-when-serve-expired: yes option, default
...
is enabled. When serve expired is enabled with cachedb, it first
checks cachedb before serving the expired response.
2024-04-10 11:21:28 +02:00
zhailiangliang
411e843fc4
Add loongarch support:
...
1. update config.guess(2024-01-01) and config.sub(2024-01-01)
2. add loongarch to little endian support
2024-04-09 11:15:14 +08:00
Yorgos Thessalonikefs
708d5229ae
- Merge #1027 : Introduce 'cache-min-negative-ttl' option.
2024-04-05 11:44:37 +02:00
W.C.A. Wijngaards
48113cfaba
- fast-reload, unshared stub hints, making the structure locked, with an rwlock.
2024-04-03 13:55:57 +02:00
W.C.A. Wijngaards
f2fb498c69
- fast-reload, unshare forwards, making the structure locked, with an rwlock.
2024-04-03 13:55:54 +02:00
Yorgos Thessalonikefs
91e8e0e511
- Fix #1035 : Potential Bug while parsing port from the "stub-host"
...
string; also affected forward-zones and remote-control host
directives.
2024-04-03 13:37:57 +02:00
W.C.A. Wijngaards
dfff8d23cf
- For #1040 : adjust error text and disallow negative ports in other
...
parts of cfg_mark_ports.
2024-04-03 10:16:18 +02:00
zhailiangliang
193401e754
fix heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c
2024-04-03 15:40:58 +08:00
W.C.A. Wijngaards
e1aeabde44
- Fix for crypto related failures to have a better error string.
2024-03-28 09:58:57 +01:00
W.C.A. Wijngaards
fe393ac355
- Fix comment in lruhash space function.
2024-03-27 12:30:00 +01:00
W.C.A. Wijngaards
3ea078baf6
- Fix for #1032 , add safeguard to make table space positive.
2024-03-27 11:49:20 +01:00
W.C.A. Wijngaards
eb3e1ae24f
- Fix #1032 : The size of subnet_msg_cache calculation mistake cause
...
memory usage increased beyond expectations.
2024-03-27 11:45:34 +01:00
W.C.A. Wijngaards
2993437eaa
- Fix that addrinfo is not kept around but copied and freed, so that
...
log-destaddr uses a copy of the information, much like NSD does.
2024-03-15 13:39:49 +01:00
Yorgos Thessalonikefs
025881d0e9
- Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for
...
negative answers overriding 'cache-min-ttl'.
2024-03-12 11:24:59 +01:00
W.C.A. Wijngaards
ccbe31c21f
- Fix trim of EDE text from large udp responses from spinning cpu.
2024-02-22 16:22:31 +01:00
W.C.A. Wijngaards
56a2b564ef
Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c'
2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9
Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae'
2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa
- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to
...
exhaust CPU resources and stall DNS resolvers.
2024-02-13 13:02:08 +01:00
W.C.A. Wijngaards
1f46d5945b
- Fix for #997 : Print details for SSL certificate failure.
2024-01-22 09:40:36 +01:00
dyunwei
eb7eb5ce68
Fix NLnetLabs#981: dump_cache truncates large records.
2024-01-09 14:17:31 +08:00
Wouter Wijngaards
f80f65d58c
Merge pull request #985 from k-akashi/dnstap_dot_doh
...
Add DoH and DoT to dnstap message
2024-01-03 10:36:38 +01:00
k-akashi
4b9cd8e81d
Add DoH and DoT to dnstap message
2023-12-27 07:26:21 +09:00
Jacob Hoffman-Andrews
87644fa46b
DoH: reject non-h2 early
...
Previously, non-h2 connections would be accepted, and then error out
with a verbose message "http2: session_recv from ____ failed,
error: Received bad client magic byte string". Instead, we can detect
absence of h2 support at connection time and reject with a clearer
verbose message.
2023-12-13 16:58:44 -08:00
W.C.A. Wijngaards
2b97442f2e
- iana portlist update.
2023-12-06 13:22:35 +01:00
W.C.A. Wijngaards
3d1bc143af
- Fix #969 : [FR] distinguish Do53, DoT and DoH in the logs.
2023-12-05 10:05:51 +01:00
W.C.A. Wijngaards
c4d17dd231
- Fix compilation without openssl, remove unused function warning.
2023-11-01 17:09:37 +01:00
W.C.A. Wijngaards
5f78f67e39
- Fix SSL compile failure for other missing definitions in
...
log_crypto_err_io_code_arg.
2023-11-01 14:20:52 +01:00
W.C.A. Wijngaards
b1d99bb6b6
- Fix SSL compile failure for definition in log_crypto_err_io_code_arg.
2023-11-01 14:14:02 +01:00
George Thessalonikefs
8d1d728d88
- Fix #941 : dnscrypt doesn't work after upgrade to 1.18 with
...
suggestion by dukeartem to also fix the udp_ancil with dnscrypt.
2023-10-31 22:41:06 +01:00
Yorgos Thessalonikefs
ccdf29a5f8
Merge pull request #930 from sthen/patch-1
...
add void to log_ident_revert_to_default declaration
2023-10-30 11:53:39 +01:00
Wouter Wijngaards
3f66230874
Merge pull request #951 from NLnetLabs/cachedb-no-store
...
Cachedb no store
2023-10-20 17:00:13 +02:00
W.C.A. Wijngaards
35d0a8a843
- Fix to print detailed errors when an SSL IO routine fails via
...
SSL_get_error.
2023-10-19 11:17:32 +02:00
W.C.A. Wijngaards
18ebe165ba
Merge branch 'master' into cachedb-no-store
2023-10-12 14:51:12 +02:00
Wouter Wijngaards
5c6c57ed89
Merge pull request #944 from NLnetLabs/disable-edns-do
...
Disable EDNS DO
2023-10-12 14:04:29 +02:00
W.C.A. Wijngaards
47094fd83f
Merge branch 'master' into cachedb-no-store
2023-10-11 13:51:34 +02:00
George Thessalonikefs
e98b89651e
- Fix #850 : [FR] Ability to use specific database in Redis, with new
...
redis-logical-db configuration option.
2023-10-11 11:44:55 +02:00
W.C.A. Wijngaards
ae96aa0a6d
- cachedb-no-store, implement cachedb-no-store: yes
configuration option.
2023-10-06 13:22:10 +02:00
W.C.A. Wijngaards
39df4f0923
- disable-edns-do, queriers receive no EDNS in response if the
...
disable-edns-do option is enabled and they set the DO flag. And unit test
for that.
2023-10-04 13:54:05 +02:00
W.C.A. Wijngaards
eff3e01ec3
Merge branch 'master' into disable-edns-do
2023-10-04 13:34:47 +02:00
George Thessalonikefs
13d4504dfc
- Merge #881 : Generalise the proxy protocol code.
2023-10-03 14:51:50 +02:00
George Thessalonikefs
f804c087e4
proxy-protocol, review comments:
...
- more generic switch statement for address families;
- comment the protocol values as such in their definitions;
- less hardcoded values for address family and protocol combinations.
2023-09-29 17:31:52 +02:00
W.C.A. Wijngaards
9cd282e001
Merge branch 'master' into disable-edns-do
2023-09-20 13:18:26 +02:00
W.C.A. Wijngaards
bd5dc855af
- Fix rpz tcp-only action with rpz triggers nsdname and nsip.
2023-09-18 09:55:39 +02:00
W.C.A. Wijngaards
31218166fc
- Fix to remove two c99 notations.
2023-09-15 13:30:30 +02:00
W.C.A. Wijngaards
d1977c679b
- disable-edns-do, doc and add option disable-edns-do: no.
2023-09-13 13:11:53 +02:00