W.C.A. Wijngaards
4b54d8e15e
- Fix rpz for cname override action after nsdname and nsip triggers.
2024-03-13 17:14:14 +01:00
W.C.A. Wijngaards
afe52595a9
- Fix to unify codepath for local alias for rpz cname action override.
2024-03-13 16:12:48 +01:00
W.C.A. Wijngaards
4f417262e3
- Fix rpz that the rpz override is taken in case of clientip triggers.
...
Fix that the clientip passthru action is logged. Fix that the
clientip localdata action is logged. Fix rpz override action cname
for the clientip trigger.
2024-03-13 16:04:58 +01:00
W.C.A. Wijngaards
1db3b38104
- Fix #1029 : rpz trigger clientip and action rpz-passthru not working
...
as expected.
2024-03-13 13:45:04 +01:00
Yorgos Thessalonikefs
bc47f50926
Changelog entry for #1028 :
...
- Merge #1028 : Clearer documentation for tcp-idle-timeout and
edns-tcp-keepalive-timeout.
2024-03-12 14:52:57 +01:00
Yorgos Thessalonikefs
e36b5a099c
Clearer documentation for tcp-idle-timeout and edns-tcp-keepalive-timeout ( #1028 )
...
* - Clearer documentation for tcp-idle-timeout and
edns-tcp-keepalive-timeout.
* - Address review comment.
2024-03-12 14:52:00 +01:00
Yorgos Thessalonikefs
025881d0e9
- Introduce 'cache-min-negative-ttl' option to bound the minimum TTL for
...
negative answers overriding 'cache-min-ttl'.
2024-03-12 11:24:59 +01:00
W.C.A. Wijngaards
320d0a5f1b
- Fix #1021 Inconsistent Behavior with Changing rpz-cname-override
...
and doing a unbound-control reload.
2024-03-11 16:31:58 +01:00
W.C.A. Wijngaards
d382210fce
Update doc/Changelog to note the fixes included in 1.19.3rc2.
2024-03-11 12:30:24 +01:00
W.C.A. Wijngaards
7b62767e16
- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
...
like unbound-control-setup.sh has.
2024-03-08 17:18:05 +01:00
W.C.A. Wijngaards
6568841bb0
- Fix doc test so it ignores but outputs unsupported doxygen options.
2024-03-08 16:43:24 +01:00
W.C.A. Wijngaards
e361f6b284
- Fix qname minimisation for reply with a DNAME for qtype CNAME that
...
answers it.
2024-03-08 16:33:17 +01:00
Yorgos Thessalonikefs
53766917ef
- Update doc/unbound.doxygen with 'doxygen -u'. Fixes option
...
deprecation warnings and updates with newer defaults.
2024-03-08 16:13:36 +01:00
W.C.A. Wijngaards
2a255076f5
- Fix validator classification of qtype DNAME for positive and
...
redirection answers, and fix validator signature routine for dealing
with the synthesized CNAME for a DNAME without previously
encountering it and also for when the qtype is DNAME.
2024-03-08 14:10:06 +01:00
W.C.A. Wijngaards
fb080e7853
- Remove unused portion from iter_dname_ttl unit test.
2024-03-08 09:51:37 +01:00
W.C.A. Wijngaards
0818841038
- Fix TTL of synthesized CNAME when a DNAME is used from cache.
2024-03-08 09:47:59 +01:00
W.C.A. Wijngaards
939baebfe7
- Fix unbound-control-setup.cmd to use 3072 bits so that certificates
...
are long enough for newer OpenSSL versions.
2024-03-08 09:07:36 +01:00
W.C.A. Wijngaards
326ba26522
- Version set to 1.19.3 for release. After 1.19.2 point release with
...
security fix for CVE-2024-1931, Denial of service when trimming
EDE text on positive replies. The code repo includes the fix and
is for version 1.19.3.
2024-03-07 11:06:42 +01:00
W.C.A. Wijngaards
ec0b510f1c
- Fix for #1022 : Fix ede prohibited in access control refused answers.
2024-03-05 13:39:29 +01:00
W.C.A. Wijngaards
be626f7c53
- Fix edns subnet replies for scope zero answers to not get stored
...
in the global cache, and in cachedb, when the upstream replies
without an EDNS record.
2024-03-04 13:20:13 +01:00
W.C.A. Wijngaards
3096e4930e
- Move github workflows to use checkoutv4.
2024-02-28 11:44:52 +01:00
Yorgos Thessalonikefs
33bdf44a04
- Document the suspend argument for process_ds_response().
2024-02-23 14:34:33 +01:00
W.C.A. Wijngaards
ccbe31c21f
- Fix trim of EDE text from large udp responses from spinning cpu.
2024-02-22 16:22:31 +01:00
Yorgos Thessalonikefs
c6746499c1
Changelog entry for #1010 :
...
- Merge #1010 : Mention REFUSED has the TC bit set with unmatched
allow_cookie acl in the manpage. It also fixes the code to match the
documentation about clients with a valid cookie that bypass the
ratelimit regardless of the allow_cookie acl.
2024-02-20 15:33:18 +01:00
Willem Toorop
e1229e375f
Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage ( #1010 )
...
* Mention REFUSED with TC with unmatched allow_cookie acl in manpage
Also moved the part about bypassing ip-ratelimit to the ip-ratelimit
description as it will be bypassed with a valid DNS-Cookie regardless of the
allow_cookie acl.
* Apply suggestions from code review
* Update doc/unbound.conf.5.in
* DNS-Cookies should bypass ip-ratelimit setting
2024-02-20 15:29:34 +01:00
W.C.A. Wijngaards
be27499d39
- These fixes are part of the 1.19.1 release, that is a security
...
point release on 1.19.0, the code repository continues with these
fixes, with version number 1.19.2.
2024-02-13 14:03:30 +01:00
W.C.A. Wijngaards
56a2b564ef
Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c'
2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9
Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae'
2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa
- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to
...
exhaust CPU resources and stall DNS resolvers.
2024-02-13 13:02:08 +01:00
W.C.A. Wijngaards
54d86dd73b
- Fix documentation for access-control in the unbound.conf man page.
2024-02-08 14:36:18 +01:00
Yorgos Thessalonikefs
b496714caa
- autoconf.
2024-02-07 10:51:16 +01:00
Yorgos Thessalonikefs
3f5175584b
- For #1006 : fix logic error introduced by previous fix.
2024-02-07 10:49:28 +01:00
Yorgos Thessalonikefs
11fff226f3
- autoheader, autoconf.
2024-02-07 10:42:39 +01:00
Yorgos Thessalonikefs
93490a0fc1
- Fix #1006 : Can't find protobuf-c package since #999 .
2024-02-07 10:38:52 +01:00
W.C.A. Wijngaards
0585c3e5fd
Autoconf and changelog note for #999
...
- Merge #999 : Search for protobuf-c with pkg-config.
2024-01-30 16:24:41 +01:00
Wouter Wijngaards
0b74f2a007
Merge pull request #999 from NickCao/master
...
Search for protobuf-c with pkg-config
2024-01-30 16:23:43 +01:00
Nick Cao
59d98b9ef6
Search for protobuf-c with pkg-config
2024-01-26 17:52:24 -05:00
Yorgos Thessalonikefs
3522451600
- Update message TTL when using cached RRSETs. It could result in
...
non-expired messages with expired RRSETs (non-usable messages by
Unbound).
2024-01-23 10:10:37 +01:00
Yorgos Thessalonikefs
fe03bacd6c
- Update error printout for duplicate trust anchors to include the
...
trust anchor name (relates to #920 ).
2024-01-22 15:54:36 +01:00
W.C.A. Wijngaards
1f46d5945b
- Fix for #997 : Print details for SSL certificate failure.
2024-01-22 09:40:36 +01:00
W.C.A. Wijngaards
585d73bf7c
For analysis workflow, clean up the script to use OpenSSL Configure
...
without change.
2024-01-17 16:23:18 +01:00
W.C.A. Wijngaards
9e84cebfdb
- workflow for analysis, cleanup of windows compile with msys2 perl.
2024-01-17 16:20:22 +01:00
W.C.A. Wijngaards
d1a2bd67da
- Fix warning for windres on resource files due to redefinition.
2024-01-17 16:19:56 +01:00
W.C.A. Wijngaards
7708429d35
For workflow, set perl interpreter for build.
2024-01-17 15:08:56 +01:00
W.C.A. Wijngaards
6045911d95
- Fix for workflow
2024-01-17 14:58:44 +01:00
W.C.A. Wijngaards
1b212aa073
For workflow, look for pacman.
2024-01-17 14:56:10 +01:00
W.C.A. Wijngaards
4d48166835
For workflow, use msys2 perl.
2024-01-17 14:53:23 +01:00
W.C.A. Wijngaards
437bac370a
In workflow, use strawberry perl to run configure script.
2024-01-17 14:40:57 +01:00
W.C.A. Wijngaards
546062d3a3
For workflow, change path separator.
2024-01-17 14:36:35 +01:00