- Added serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes#107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
memory used by waiting tcp and tls stream replies. This avoids
a denial of service where these replies use up all of the memory.
git-svn-id: file:///svn/unbound/trunk@5046 be551aaa-1e26-0410-a405-d3ace91eadb9
adds the option unknown-server-time-limit to unbound.conf that
can be increased to avoid the problem.
git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
deny-any: yes in unbound.conf. This responds with an empty message
to queries of type ANY.
git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
caching for the contents of that stub or forward, for when you
want immediate changes visible, from Bjoern A. Zeeb.
git-svn-id: file:///svn/unbound/trunk@4846 be551aaa-1e26-0410-a405-d3ace91eadb9
authenticating DNS-over-TLS connections. It can be used instead
of the tls-cert-bundle option, or with it to add certificates.
git-svn-id: file:///svn/unbound/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
that uses a Redis server as the storage. This implementation
depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
And unbound should be built with both --enable-cachedb and
--with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
should exist). Patch from Jinmei Tatuya (Infoblox).
git-svn-id: file:///svn/unbound/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
from Manu Bretelle.
This option allows handling multiple cert/key pairs while only
distributing some of them.
In order to reliably match a client magic with a given key without
strong assumption as to how those were generated, we need both key and
cert. Likewise, in order to know which ES version should be used.
On the other hand, when rotating a cert, it can be desirable to only
serve the new cert but still be able to handle clients that are still
using the old certs's public key.
The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
publish the cert as part of the DNS's provider_name's TXT answer.
git-svn-id: file:///svn/unbound/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event
git-svn-id: file:///svn/unbound/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9