clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 22:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,787 Commits 27 Branches 196 Tags 104 MiB
eb799026ff
Commit Graph

249 Commits

Author SHA1 Message Date
Ralph Dolmans
eb799026ff Replace edns-client-tag with edns-client-string option 2020-09-30 23:17:53 +02:00
Ralph Dolmans
7da369e85a - Add edns-client-tag-opcode option 2020-09-23 12:09:48 +02:00
W.C.A. Wijngaards
47a5dc8cae - Refactor to use sock_strerr shorthand function. 2020-08-31 09:12:01 +02:00
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
Ralph Dolmans
2fe398f4bf EDNS client tags - insert configured tags into tree 2020-07-24 16:00:13 +02:00
Ralph Dolmans
16029281a8 Start of EDNS client tags implementation. 2020-07-23 17:17:44 +02:00
gthess
334498d9b9
Merge pull request #221 from NLnetLabs/more-SNI 
More SNI support on TLS
 2020-04-17 11:37:47 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
George Thessalonikefs
e18ab07c62 - Add doxygen documentation for DSCP. 2020-04-16 13:58:35 +02:00
Yaroslav K
cfddbcb5be add setting IP DiffServ Codepoint (DSCP, previously TOS) on sockets 2020-03-23 19:37:43 +00:00
Ralph Dolmans
87474563ff Merge branch 'kernel-random-port' of https://github.com/fobser/unbound into fobser-kernel-random-port 2020-03-19 15:48:12 +01:00
Florian Obser
5aaa5e253d Allow the kernel to provide random source ports. 
On some operating systems, for example OpenBSD since some decades, the
kernel binds to a random source port if asked for any port (port
number 0). There is no need to replicate this functionality in
userland.
 2020-02-20 14:54:06 +01:00
W.C.A. Wijngaards
184f26355a Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and 
Merge branch 'master' into framestreams
 2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
6accd3d681 - protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for 
different openssl versions.
 2020-02-18 08:31:38 +01:00
W.C.A. Wijngaards
b4f055effc Merge branch 'master' into framestreams 2020-02-17 15:25:47 +01:00
George Thessalonikefs
4b354d38c1 - Remove unused variable. 2020-02-17 12:56:20 +01:00
W.C.A. Wijngaards
465af58457 dnstap io, fix to compile without ssl. 2020-02-14 13:23:58 +01:00
W.C.A. Wijngaards
ad180402ea dnstap io, set tls auth name in outgoing ssl 2020-02-05 16:17:21 +01:00
Ralph Dolmans
810862dc65 - Stop working on socket when socket() call returns an error. 
- Check malloc return values in TLS session ticket code
 2020-01-30 19:15:58 +01:00
W.C.A. Wijngaards
554e4a939c - Fix fix for #78 to also free service callback struct. 2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
1a4eaaabc5 - Fix #78: Memory leak in outside_network.c. 2019-09-19 09:11:23 +02:00
Wouter Wijngaards
f5a197f96e
Update services/outside_network.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:45 +02:00
Wouter Wijngaards
a9c8d00d63
Update services/outside_network.c 
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
 2019-04-29 11:25:04 +02:00
W.C.A. Wijngaards
6ce60bcb61 Fixup fd pass. 2019-04-29 10:40:12 +02:00
W.C.A. Wijngaards
af11b54071 Review changes for the XoT branch 
With doc, SSL setup function, and function parameter doc.
 2019-04-29 10:25:19 +02:00
Willem Toorop
92121f7878 Report XoT failure as XoT failure, not https 2019-04-03 12:41:14 +02:00
Willem Toorop
48ad6477eb AXFR over TLS 
Enable by specifying an auth name, like this:
```
auth-zone:
        name: nlnetlabs.nl
        master: 185.49.140.60#ns.nlnetlabs.nl
```
 2019-03-24 10:43:57 +01:00
Wouter Wijngaards
bb5251da66 - Add log message, at verbosity 4, that says the query is encrypted 
with TLS, if that is enabled for the query.


git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-18 08:41:39 +00:00
Ralph Dolmans
723845b350 - Fix case in which query timeout can result in marking delegation as 
edns_lame_known.


git-svn-id: file:///svn/unbound/trunk@5089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-30 13:44:19 +00:00
Ralph Dolmans
f30fe71395 - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query 
without EDNS after timeout.


git-svn-id: file:///svn/unbound/trunk@5037 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-16 10:23:13 +00:00
Wouter Wijngaards
1b72e814e7 - Fixup openssl 1.0.2 compile 
git-svn-id: file:///svn/unbound/trunk@5019 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:36:43 +00:00
Wouter Wijngaards
71b078611f - Fix #4206: support openssl 1.0.2 for TLS hostname verification, 
alongside the 1.1.0 and later support that is already there.


git-svn-id: file:///svn/unbound/trunk@5018 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-10 14:27:24 +00:00
Wouter Wijngaards
b23c373f4d - Refuse to start with no ports. 
git-svn-id: file:///svn/unbound/trunk@4997 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-29 14:26:16 +00:00
Wouter Wijngaards
2d28fba3bf - Squelch log of failed to tcp initiate after TCP Fastopen failure. 
git-svn-id: file:///svn/unbound/trunk@4937 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-08 13:27:53 +00:00
Wouter Wijngaards
377d5b426a - Add SSL cleanup for tcp timeout. 
git-svn-id: file:///svn/unbound/trunk@4915 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-25 09:01:13 +00:00
Wouter Wijngaards
f82a128909 - Perform TLS SNI indication of the host that is being contacted 
for DNS over TLS service.  It sets the configured tls auth name.
  This is useful for hosts that apart from the DNS over TLS services
  also provide other (web) services.


git-svn-id: file:///svn/unbound/trunk@4914 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-25 08:31:42 +00:00
Wouter Wijngaards
9b6caf5a5b - Fix that with harden-below-nxdomain and qname minisation enabled 
some iterator states for nonresponsive domains can get into a
  state where they waited for an empty list.
- Stop UDP to TCP failover after timeouts that causes the ping count
  to be reset by the TCP time measurement (that exists for TLS),
  because that causes the UDP part to not be measured as timeout.


git-svn-id: file:///svn/unbound/trunk@4912 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-17 11:25:52 +00:00
Wouter Wijngaards
4bf9d12419 - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more 
easily changed to adjust default rtt assumptions.


git-svn-id: file:///svn/unbound/trunk@4779 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-12 14:15:03 +00:00
Wouter Wijngaards
5d298ed474 - Fix permission denied printed for auth zone probe random port nrs. 
git-svn-id: file:///svn/unbound/trunk@4769 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-03 13:58:49 +00:00
Wouter Wijngaards
23f475bccc - Tentative fix for permission denied on IPv6 address on FreeBSD. 
git-svn-id: file:///svn/unbound/trunk@4754 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-26 08:01:44 +00:00
Wouter Wijngaards
b9607297e9 - For TCP and TLS connections that don't establish, perform address 
update in infra cache, so future selections can exclude them.


git-svn-id: file:///svn/unbound/trunk@4693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-25 06:21:39 +00:00
Wouter Wijngaards
6fefbb4115 - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 
git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-02 06:36:02 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
5c8819f1ac - Fix for windows compile. 
git-svn-id: file:///svn/unbound/trunk@4563 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-06 09:18:53 +00:00
Wouter Wijngaards
54bd1fdd62 - tls-cert-bundle option in unbound.conf enables TLS authentication. 
git-svn-id: file:///svn/unbound/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:09 +00:00
Wouter Wijngaards
ad89368b4e auth zone work. 
git-svn-id: file:///svn/unbound/trunk@4521 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 11:59:30 +00:00
Wouter Wijngaards
75eb720ab5 auth zone work on http feature. 
git-svn-id: file:///svn/unbound/trunk@4517 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-07 16:10:31 +00:00
Wouter Wijngaards
cc9a0671f3 auth zone socket creation fix. 
git-svn-id: file:///svn/unbound/trunk@4489 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-01 15:43:00 +00:00
Wouter Wijngaards
84e819dc31 auth zone move file descriptor functionality to outside network 
for the unit test


git-svn-id: file:///svn/unbound/trunk@4482 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 14:59:17 +00:00
Wouter Wijngaards
30da6bde6f - authzone work, transfer connect. 
git-svn-id: file:///svn/unbound/trunk@4420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-12 15:39:45 +00:00