Commit Graph

10 Commits

Author SHA1 Message Date
Wouter Wijngaards
e0745813f4 - Set defaults to yes for a number of options to increase speed and
resilience of the server.  The so-reuseport, harden-below-nxdomain,
  and minimal-responses options are enabled by default.  They used
  to be disabled by default, waiting to make sure they worked.  They
  are enabled by default now, and can be disabled explicitly by
  setting them to "no" in the unbound.conf config file.  The reuseport
  and minimal options increases speed of the server, and should be
  otherwise harmless.  The harden-below-nxdomain option works well
  together with the recently default enabled qname minimisation, this
  causes more fetches to use information from the cache.


git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-08-27 13:18:19 +00:00
Ralph Dolmans
50b6dc4b81 - Qname minimisation default changed to yes.
git-svn-id: file:///svn/unbound/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-17 10:33:19 +00:00
Ralph Dolmans
ac9b95ca0c - Set trust-anchor-signaling default to yes
git-svn-id: file:///svn/unbound/trunk@4360 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-05 10:17:25 +00:00
Wouter Wijngaards
05215e8e7d - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and
DS records.  NSEC3 is not disabled.
- fake-sha1 test option; print warning if used.  To make unit tests.


git-svn-id: file:///svn/unbound/trunk@4043 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-03-09 13:18:08 +00:00
Ralph Dolmans
4f487cf746 Add DSA support for OpenSSL 1.1
git-svn-id: file:///svn/unbound/trunk@3954 be551aaa-1e26-0410-a405-d3ace91eadb9
2016-12-07 12:58:47 +00:00
Wouter Wijngaards
27182d614b - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled
with the undocumented switch 'fake-dsa'.  It logs a warning.


git-svn-id: file:///svn/unbound/trunk@3909 be551aaa-1e26-0410-a405-d3ace91eadb9
2016-10-26 07:38:00 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
2013-10-31 15:09:26 +00:00
Wouter Wijngaards
c653b8424b Fixup for problems with do-ip6: no and only ipv6 addresses.
git-svn-id: file:///svn/unbound/trunk@1353 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-11-17 12:47:34 +00:00
Wouter Wijngaards
1e4e8cb68a - Fixup rrset security updates overwriting 2181 trust status.
This makes validated to be insecure data just as worthless as
	  nonvalidated data, and 2181 rules prevent cache overwrites to them.
	- Fix assertion fail on bogus key handling.
	- dnssec lameness detection works on first query at trust apex.
	- NS queries get proper cache and dnssec lameness treatment.
	- fixup compilation without pthreads on linux.
	- NS queries are done after every referral.
	  validator is used on those NS records (if anchors enabled).




git-svn-id: file:///svn/unbound/trunk@1185 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-08-12 10:13:57 +00:00
Wouter Wijngaards
6acc20abf4 fixup for type DS queries from clients when trustanchor for that name exists.
git-svn-id: file:///svn/unbound/trunk@1148 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-07-15 09:45:50 +00:00