clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 14:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,729 Commits 27 Branches 196 Tags 104 MiB
c3dd6a2dbd
Commit Graph

979 Commits

Author SHA1 Message Date
Yorgos Thessalonikefs
51425b2388 - Add RPZ tag tests in acl_interface.tdir. 2024-07-12 15:38:12 +02:00
W.C.A. Wijngaards
ec2f45c6fd - Fix to print details about the failure to lookup a DNSKEY record 
when validation fails due to the missing DNSKEY. Also for key prime
  and DS lookups.
 2024-07-04 14:51:18 +02:00
W.C.A. Wijngaards
03ac902296 - ipset-pf-support, fix to skip unit test if no pf dev. 2024-07-01 17:11:20 +02:00
W.C.A. Wijngaards
9603924bb4 - Add unit test for validation of repeated use of a DNAME record. 2024-06-07 11:56:19 +02:00
Yorgos Thessalonikefs
f611220eb8 - Skip unbound-dnstap-socket unit test when not compiled with 
--enable-debug.
 2024-06-04 16:59:58 +02:00
Yorgos Thessalonikefs
ac609fcbfc - Fix memory leak on exit for unbound-dnstap-socket; creates false negatives 
during testing.
 2024-05-31 12:11:17 +02:00
W.C.A. Wijngaards
4b30e88eec - Fix for #1079: fix RPZ taglist in iterator callback that no client 
info is like no taglist intersection.
 2024-05-30 12:44:26 +02:00
W.C.A. Wijngaards
b6c7ea563f - Fix #1079: tags from tagged rpz zones are no longer honored after 
upgrade from 1.19.3 to 1.20.0.
 2024-05-30 12:11:30 +02:00
W.C.A. Wijngaards
7107d3c9e7 - Fix #1064: Unbound 1.20 Cachedb broken? 
Add unit test for validation status commit.
 2024-05-24 09:06:48 +02:00
Yorgos Thessalonikefs
7f184c8ca8
Fix unbound-control stdin commands for multi-process Unbounds (#1069) 
- Fix unbound-control commands that read stdin in multi-process
  operation (local_zones_remove, local_zones, local_datas_remove,
  local_datas, view_local_datas_remove, view_local_datas). They will
  be properly distributed to all processes. dump_cache and load_cache
  are no longer supported in multi-process operation.

 - Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir
  now checks both single and multi process/thread operation.

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2024-05-17 10:25:24 +02:00
Yorgos Thessalonikefs
1048c4a28c - Add missing common functions to tdir tests. 2024-05-15 11:20:36 +02:00
W.C.A. Wijngaards
c3206f4568 - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li 
from the Network and Information Security Lab of Tsinghua University
  for reporting it.
 2024-05-01 10:10:58 +02:00
W.C.A. Wijngaards
82c0207fa6 - Add unit tests for cachedb and subnet cache expired data. 2024-04-26 13:33:26 +02:00
W.C.A. Wijngaards
7c5e765b3b - Fix cachedb with serve-expired-client-timeout disabled. The edns 
subnet module deletes global cache and cachedb cache when it
  stores a result, and serve-expired is enabled, so that the global
  reply, that is older than the ecs reply, does not return after
  the ecs reply expires.
 2024-04-26 13:32:15 +02:00
W.C.A. Wijngaards
f456d97a34 - Fix doc unit test for out of directory build. 2024-04-25 17:06:06 +02:00
Yorgos Thessalonikefs
3ec74d1e3a - When a granchild delegation is returned, remove any cached child delegations 
up to parent to not cause delegation invalidation because of an
  expired child delegation that would never be updated. Most likely to
  happen without qname-minimisation. Reported by Roland van Rijswijk-Deij.
 2024-04-22 15:46:06 +02:00
W.C.A. Wijngaards
491b56d051 - Fixup cachedb to not refetch when serve-expired-client-timeout is 
used.
 2024-04-12 14:22:18 +02:00
W.C.A. Wijngaards
4d530920e0 - Fixup unit test for cachedb server expired client timeout with 
a check if response if from upstream or from cachedb.
 2024-04-12 11:51:00 +02:00
W.C.A. Wijngaards
08fb9a9209 - Fix cachedb for serve-expired with serve-expired-client-timeout. 2024-04-12 11:26:53 +02:00
W.C.A. Wijngaards
d47849a26e - Fix cachedb for serve-expired with serve-expired-reply-ttl. 2024-04-10 17:01:57 +02:00
W.C.A. Wijngaards
bd74a32b79 - Extended test for cachedb serve expired. 2024-04-10 13:08:23 +02:00
W.C.A. Wijngaards
b990be88ef - Add test for cachedb serve expired. 2024-04-10 12:36:21 +02:00
Yorgos Thessalonikefs
708d5229ae - Merge #1027: Introduce 'cache-min-negative-ttl' option. 2024-04-05 11:44:37 +02:00
Yorgos Thessalonikefs
fb4a7d65d7 - Fix #369: dnstap showing extra responses; for client responses 
right from the cache when replying with expired data or
  prefetching.
 2024-04-03 15:18:13 +02:00
W.C.A. Wijngaards
238a796e38 - Fix to add unit test for lruhash space that exercises the routines. 2024-03-27 13:33:46 +01:00
W.C.A. Wijngaards
c2b20c585e - Fix name of unit test for subnet cache response. 2024-03-27 11:43:55 +01:00
W.C.A. Wijngaards
73bd5a19aa - Fix localdata and rpz localdata to match CNAME only if no direct 
type match is available.
 2024-03-19 10:21:10 +01:00
W.C.A. Wijngaards
fef974ca5c - Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that 
clientip and nsip can give a CNAME.
 2024-03-19 09:32:53 +01:00
W.C.A. Wijngaards
8dbf46913b - Fix rpz for qtype CNAME after nameserver trigger. 2024-03-18 14:36:29 +01:00
W.C.A. Wijngaards
e46b188fe8 - Add rpz unit test for nsip action override. 2024-03-18 14:11:43 +01:00
W.C.A. Wijngaards
4b54d8e15e - Fix rpz for cname override action after nsdname and nsip triggers. 2024-03-13 17:14:14 +01:00
W.C.A. Wijngaards
4f417262e3 - Fix rpz that the rpz override is taken in case of clientip triggers. 
Fix that the clientip passthru action is logged. Fix that the
  clientip localdata action is logged. Fix rpz override action cname
  for the clientip trigger.
 2024-03-13 16:04:58 +01:00
W.C.A. Wijngaards
1db3b38104 - Fix #1029: rpz trigger clientip and action rpz-passthru not working 
as expected.
 2024-03-13 13:45:04 +01:00
Yorgos Thessalonikefs
025881d0e9 - Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for 
negative answers overriding 'cache-min-ttl'.
 2024-03-12 11:24:59 +01:00
W.C.A. Wijngaards
320d0a5f1b - Fix #1021 Inconsistent Behavior with Changing rpz-cname-override 
and doing a unbound-control reload.
 2024-03-11 16:31:58 +01:00
W.C.A. Wijngaards
6568841bb0 - Fix doc test so it ignores but outputs unsupported doxygen options. 2024-03-08 16:43:24 +01:00
W.C.A. Wijngaards
e361f6b284 - Fix qname minimisation for reply with a DNAME for qtype CNAME that 
answers it.
 2024-03-08 16:33:17 +01:00
W.C.A. Wijngaards
2a255076f5 - Fix validator classification of qtype DNAME for positive and 
redirection answers, and fix validator signature routine for dealing
  with the synthesized CNAME for a DNAME without previously
  encountering it and also for when the qtype is DNAME.
 2024-03-08 14:10:06 +01:00
W.C.A. Wijngaards
fb080e7853 - Remove unused portion from iter_dname_ttl unit test. 2024-03-08 09:51:37 +01:00
W.C.A. Wijngaards
0818841038 - Fix TTL of synthesized CNAME when a DNAME is used from cache. 2024-03-08 09:47:59 +01:00
W.C.A. Wijngaards
be626f7c53 - Fix edns subnet replies for scope zero answers to not get stored 
in the global cache, and in cachedb, when the upstream replies
  without an EDNS record.
 2024-03-04 13:20:13 +01:00
W.C.A. Wijngaards
56a2b564ef Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c' 2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9 Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae' 2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69 - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. 2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
Yorgos Thessalonikefs
3522451600 - Update message TTL when using cached RRSETs. It could result in 
non-expired messages with expired RRSETs (non-usable messages by
  Unbound).
 2024-01-23 10:10:37 +01:00
W.C.A. Wijngaards
418eeb642c - Fix unit test for #987 change in udp1xxx retry packet send. 2024-01-05 14:11:55 +01:00
W.C.A. Wijngaards
4ef1fb5a24 - Fix root_zonemd unit test, it checks that the root ZONEMD verifies, 
now that the root has a valid ZONEMD.
 2023-12-08 17:15:35 +01:00
Yorgos Thessalonikefs
be6fd80a1c - Merge PR #973: Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672. 2023-12-08 09:23:26 +01:00
Philip Homburg
0cfc6e6d95 Fixed some syntax errors in rpl files. 2023-12-07 11:38:01 +01:00