clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 22:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,645 Commits 27 Branches 196 Tags 104 MiB
f232562430
Commit Graph

358 Commits

Author SHA1 Message Date
Ralph Dolmans
74ec8a758b
Merge pull request #272 from NLnetLabs/edns-client-tag 
Add EDNS client tag functionality
 2020-08-05 16:07:49 +02:00
W.C.A. Wijngaards
8f2b9b461b dlv removal, remove DLV references from man page and pythonmod interface. 2020-08-05 10:25:56 +02:00
W.C.A. Wijngaards
c0c722cd97 DLV removal 2020-08-04 09:05:09 +02:00
Ubuntu
f95dce8e34 Rebase on master 2020-07-29 16:02:16 +00:00
Ubuntu
027884aad2 Disable enforcing of min/max TTL when serving original TTL 2020-07-29 15:52:58 +00:00
W.C.A. Wijngaards
75be0d3e14 Merge branch 'master' into infra-keep-probing 2020-07-27 13:16:39 +02:00
Ralph Dolmans
64806a0d14 Add edns-client-tag configuration option 2020-07-24 14:52:04 +02:00
and0x000
dd0b55250b draft-ietf-dnsop-serve-stale-10 has become RFC 8767 on March 2020 2020-07-20 18:10:21 +02:00
W.C.A. Wijngaards
3d1383bed3 Merge branch 'master' into infra-keep-probing 2020-07-16 16:00:06 +02:00
George Thessalonikefs
833ab1aab3 Merge branch 'master' into include-toplevel 2020-07-16 12:53:29 +02:00
Ubuntu
b5b79e3a36 Add feature to serve original TTLs rather than decrementing ones 2020-07-15 15:15:45 +00:00
George Thessalonikefs
7f802b07ef Merge branch 'master' into include-toplevel 2020-07-15 15:17:48 +02:00
Ralph Dolmans
9cebc13150 - Add option to send DNSTAP messages over bidirectional frame streams 2020-07-13 17:28:50 +02:00
Ralph Dolmans
740da89578 Merge branch 'master' into doh 2020-06-24 14:18:47 +02:00
W.C.A. Wijngaards
4fe2122890 Merge branch 'master' into infra-keep-probing 
Remade yacc and lex files.
 2020-06-24 13:21:14 +02:00
W.C.A. Wijngaards
6e0756e819 - Fix default explanation in man page for qname-minimisation-strict. 2020-06-17 08:20:52 +02:00
W.C.A. Wijngaards
c053513cbd - Mention tls name possible when tls is enabled for stub-addr in the 
man page.
 2020-06-08 08:35:10 +02:00
W.C.A. Wijngaards
a238f35d7d - For PR #93: man page spelling reference fix. 2020-05-18 10:22:00 +02:00
W.C.A. Wijngaards
edcef18274 Merge branch 'master' of git://github.com/PMunch/unbound into PMunch-master 
Fixed conflicts in Makefile.in and configparser.y
 2020-05-15 14:52:53 +02:00
Ralph Dolmans
4fc7b434d7 - Document new DoH configuration options. 2020-05-13 13:05:40 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
George Thessalonikefs
1bd4dbf302 - New include directive 'include-toplevel:'. It closes the previous 
clause (if any) and requires that all included files explicitly
  start a clause.
 2020-04-29 11:23:12 +02:00
W.C.A. Wijngaards
055f5e68a3 Add infra-keep-probing: yes option. Hosts that are down are probed more 
frequently.
 2020-04-22 16:29:06 +02:00
George Thessalonikefs
226d66ca92 - Change default value for 'rrset-roundrobin' to yes. 2020-04-21 12:58:48 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
Willem Toorop
2c8a91c2f9 pad-queries default yes 2020-04-14 08:52:51 +02:00
Willem Toorop
60e53d36b7 Merge branch 'master' into features/padding 2020-04-14 08:28:41 +02:00
George Thessalonikefs
33a2613a49 - More documentation for redis-expire-records option. 2020-04-06 13:46:45 +02:00
Willem Toorop
551e476a17 Merge branch 'master' into features/padding 2020-04-02 18:54:18 +02:00
Willem Toorop
4f78b37c61 Down- and upstream padding a la RFC7830 & RFC8467 2020-04-02 18:34:03 +02:00
George Thessalonikefs
557a309f9d - Changes for PR #206 (formatting and remade lex and yacc output). 2020-04-01 17:14:58 +02:00
George Thessalonikefs
20aa782ce5 Merge branch 'master' of https://github.com/Talkabout/unbound into Talkabout-redis-expire-records 2020-04-01 16:04:48 +02:00
Talkabout
c25eb2c4c8 implemented review feedback 
renamed option from 'redis-set-ttl' to 'redis-expire-records'
 2020-03-31 23:10:45 +02:00
Talkabout
b130a8b459 added option 'redis-set-ttl' to define whether ttl should be added to redis records 
added check for redis command 'setex' when initializing redis connection
updated documentation
minor improvements to previous changes
 2020-03-31 12:47:13 +02:00
W.C.A. Wijngaards
65e7be5190 nroff fix for dash. 2020-03-30 10:29:15 +02:00
Willem Toorop
d8dcee4c71 Clarify if-automatic listens on 0.0.0.0 and :: 2020-03-30 10:07:25 +02:00
Yaroslav K
c0118410a2 add ip-dscp configuration option for setting IP DiffServ codepoint (DSCP, previously TOS) on sockets 2020-03-23 19:37:43 +00:00
W.C.A. Wijngaards
614ed2717b Merge branch 'master' into framestreams 
Fixed bison and flex conflicts by regenerating the files.
 2020-02-28 14:31:24 +01:00
W.C.A. Wijngaards
e24d7c64a8 Dnstap io, note that it creates a thread when possible. 2020-02-26 12:21:42 +01:00
W.C.A. Wijngaards
de35486fb7 Documentation for prefer-ip4, Issue #165. 2020-02-25 09:58:32 +01:00
W.C.A. Wijngaards
b4f055effc Merge branch 'master' into framestreams 2020-02-17 15:25:47 +01:00
W.C.A. Wijngaards
6d1b4e050d dnstap io, dnstap tls default is yes, and man page documentation. 2020-02-14 10:01:37 +01:00
W.C.A. Wijngaards
77bdbc6e98 - Fix spelling in unbound.conf.5.in. 2020-02-14 07:54:49 +01:00
George Thessalonikefs
8e135d5f59 - Document in unbound.conf manpage that configuration clauses can be repeated in the configuration file. 2020-02-06 14:39:58 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
056176ec9a Merge branch 'master' into rpz 2020-01-30 15:57:34 +01:00
PMunch
b7e8dc1182
Merge branch 'master' into master 2020-01-28 13:18:01 +01:00
Mikhail Nacharov
c3fac2550f
minor #1344 change rfc reference for reserved top level dns names 2020-01-27 22:04:09 +05:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
453c84b237 - Fix #140: Document slave not downloading new zonefile upon update. 2020-01-06 16:36:44 +01:00
Ralph Dolmans
bbb737ca5a processing RPZ review feedback 2019-11-22 12:56:24 +08:00
Dionysis Grigoropoulos
e8b8d42f8b
manpage: Add missing word on unbound.conf 2019-10-23 00:35:49 +03:00
PMunch
f177dc974c Add support for multiple dynamic modules 
Allows the use of multiple dynamic modules. Simply add more "dynlib"
entries to the "modules-config" and the same amount of "dynlib-file"
entries in the dynlib configuration block.
 2019-10-21 15:59:53 +02:00
PMunch
8eeb910e3d Improve dynlib module and add documentation 
Dynamic library module is now only a thin wrapper that loads dynamic
libraries and forwards all function calls directly to the loaded module.
This meant adding get_mem and clear, and get_mem calls have been added
in the expected places.

Documentation has also been added to the example.conf and the
unbound.conf manpage.
 2019-10-21 14:20:33 +02:00
Maryse47
ce0e9bef45 Consistently use /dev/urandom instead of /dev/random in scripts and docs 
Unbound code call /dev/urandom (see below)  but various docs and scripts
mention /dev/random which may be confusing.

https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/arc4random.c#L107
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_linux.c#L251
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_osx.c
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_solaris.c#L116
 2019-09-19 17:40:49 +02:00
Arsen Stasic
9303292b7f
Improve wording in man page 
Make it more consistent throughout the man page.
If a config option can either be *yes* or *no* use exact these terms and not something like *on* which could be easily read as *no*.
 2019-09-19 14:51:54 +00:00
Ralph Dolmans
f3dfb4d537 Typo fix, reported by jpmens 2019-09-09 18:54:23 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
Ralph Dolmans
8b752e359e - Document limitation of pidfile removal outside of chroot directory. 2019-08-19 13:27:19 +02:00
Ralph Dolmans
abbb5c0f6d Update RPZ man page and example.conf 2019-08-07 14:53:23 +02:00
W.C.A. Wijngaards
63b2628a18 Merge branch 'dev/all-merged/master' of git://github.com/episource/unbound into episource-dev/all-merged/master 2019-06-18 17:07:57 +02:00
Ralph Dolmans
a77c35ef50 Add RPZ config options to unbound.conf man page. 2019-06-04 15:39:08 +02:00
W.C.A. Wijngaards
1c3ba0cef7 - Note that so-reuseport at extreme load is better turned off, 
otherwise queries are not distributed evenly, on Linux 4.4.x.
 2019-05-20 11:57:09 +02:00
Wouter Wijngaards
ff026a1f3c
Merge branch 'master' into features/XoT 2019-04-29 10:32:27 +02:00
W.C.A. Wijngaards
af11b54071 Review changes for the XoT branch 
With doc, SSL setup function, and function parameter doc.
 2019-04-29 10:25:19 +02:00
George Thessalonikefs
d1150541bb - Update python documentation for init_standard(). 
- Typos.


git-svn-id: file:///svn/unbound/trunk@5157 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 15:03:04 +00:00
Philipp Serr
bfae29866b Document how to configure multiple python modules 2019-03-02 14:32:49 +01:00
Wouter Wijngaards
beebe5ba0c - Fix #4229: Unbound man pages lack information, about access-control 
order and local zone tags, and elements in views.


git-svn-id: file:///svn/unbound/trunk@5123 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-27 06:56:21 +00:00
Wouter Wijngaards
3599fd9c60 - In man page and example config explain that most modules have to 
be listed at the start of module-config.


git-svn-id: file:///svn/unbound/trunk@5121 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-21 10:03:11 +00:00
Wouter Wijngaards
49a36d98bb - Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for 
cert name matching, from man page.


git-svn-id: file:///svn/unbound/trunk@5112 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-11 09:59:47 +00:00
Wouter Wijngaards
4e249c96e8 - Note default for module-config in man page. 
git-svn-id: file:///svn/unbound/trunk@5109 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-11 08:53:59 +00:00
Wouter Wijngaards
fe97f25b75 - Fix that log-replies prints the correct name for local-alias 
names, for names that have a CNAME in local-data configuration.
  It logs the original query name, not the target of the CNAME.
- Add local-zone type inform_redirect, which logs like type inform,
  and redirects like type redirect.


git-svn-id: file:///svn/unbound/trunk@5099 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-04 09:51:27 +00:00
Wouter Wijngaards
91f585ed38 - improve documentation for forward-first. 
git-svn-id: file:///svn/unbound/trunk@5092 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 09:37:06 +00:00
Wouter Wijngaards
b9b226bdea - improve documentation for tls-service-key. 
git-svn-id: file:///svn/unbound/trunk@5091 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 09:22:48 +00:00
Wouter Wijngaards
649e265d6f - Fix for IXFR fallback to reset counter when IXFR does not timeout. 
git-svn-id: file:///svn/unbound/trunk@5066 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 11:52:17 +00:00
Wouter Wijngaards
d3f397c686 More fixes, statistic counter at end of struct for backwards compatibility, man page, free at exit, indent. 
git-svn-id: file:///svn/unbound/trunk@5062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 10:19:04 +00:00
Wouter Wijngaards
5d82b7c421 - Fixes for the patch, and man page entry. 
git-svn-id: file:///svn/unbound/trunk@5055 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 08:45:16 +00:00
Wouter Wijngaards
dec68aa9a9 - Doc for stream-wait-size and unit test. 
git-svn-id: file:///svn/unbound/trunk@5048 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-22 08:52:23 +00:00
Wouter Wijngaards
fe6eb5f665 - Document interaction between the tls-upstream option in the server 
section and forward-tls-upstream option in the forward-zone sections.


git-svn-id: file:///svn/unbound/trunk@5027 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-07 10:52:08 +00:00
Wouter Wijngaards
91971db3d0 And document. 
git-svn-id: file:///svn/unbound/trunk@5009 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-12-03 14:56:12 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
ac8dc59341 - Patch for typo in unbound.conf man page. 
git-svn-id: file:///svn/unbound/trunk@4999 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 08:33:50 +00:00
Wouter Wijngaards
b04e84ab9e - auth-zone give SERVFAIL when expired, fallback activates when 
expired, and this is documented in the man page.


git-svn-id: file:///svn/unbound/trunk@4983 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-27 12:31:37 +00:00
Wouter Wijngaards
fd5e4e6019 - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, 
adds the option unknown-server-time-limit to unbound.conf that
  can be increased to avoid the problem.


git-svn-id: file:///svn/unbound/trunk@4954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 09:21:41 +00:00
Ralph Dolmans
359dcc3c5c Document min-client-subnet-ipv4/6 default value 
git-svn-id: file:///svn/unbound/trunk@4952 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:55:55 +00:00
Ralph Dolmans
6021341118 - Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options. 
git-svn-id: file:///svn/unbound/trunk@4951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:53:50 +00:00
Wouter Wijngaards
23505d30a5 - Fix #4190: Please create a "ANY" deny option, adds the option 
deny-any: yes in unbound.conf.  This responds with an empty message
  to queries of type ANY.


git-svn-id: file:///svn/unbound/trunk@4949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-25 08:07:37 +00:00
Wouter Wijngaards
5fec1c8b1f - Fix #4154: make ECS_MAX_TREESIZE configurable, with 
the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.


git-svn-id: file:///svn/unbound/trunk@4945 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-22 14:54:28 +00:00
Ralph Dolmans
6b5e7d78e3 - Change fast-server-num default to 3. 
git-svn-id: file:///svn/unbound/trunk@4941 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-22 09:36:36 +00:00
Ralph Dolmans
02bd3e2ff1 - Add fast-server-permil and fast-server-num options. 
- Deprecate low-rtt and low-rtt-permil options.


git-svn-id: file:///svn/unbound/trunk@4938 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-10-08 16:03:46 +00:00
Wouter Wijngaards
a09c4bbdc2 - Fix spelling errors. 
git-svn-id: file:///svn/unbound/trunk@4893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-11 13:28:21 +00:00
Ralph Dolmans
2e5e31e8ac - Added serve-expired-ttl and serve-expired-ttl-reset options. 
git-svn-id: file:///svn/unbound/trunk@4876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-28 14:21:56 +00:00
Wouter Wijngaards
e0745813f4 - Set defaults to yes for a number of options to increase speed and 
resilience of the server.  The so-reuseport, harden-below-nxdomain,
  and minimal-responses options are enabled by default.  They used
  to be disabled by default, waiting to make sure they worked.  They
  are enabled by default now, and can be disabled explicitly by
  setting them to "no" in the unbound.conf config file.  The reuseport
  and minimal options increases speed of the server, and should be
  otherwise harmless.  The harden-below-nxdomain option works well
  together with the recently default enabled qname minimisation, this
  causes more fetches to use information from the cache.


git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-27 13:18:19 +00:00
Wouter Wijngaards
504ef71975 and documentation. 
git-svn-id: file:///svn/unbound/trunk@4866 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-21 07:14:48 +00:00
Wouter Wijngaards
4fe427ded2 - log-servfail: yes prints log lines that say why queries are 
returning SERVFAIL to clients.


git-svn-id: file:///svn/unbound/trunk@4863 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-17 15:22:05 +00:00
Wouter Wijngaards
8b1012613e documentation. 
git-svn-id: file:///svn/unbound/trunk@4847 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-09 12:48:33 +00:00
Wouter Wijngaards
586b811b87 - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). 
This limits the number of simultaneous TCP client connections
  from a nominated netblock.
And a simple test for TCP connection limit.


git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 11:57:42 +00:00
Wouter Wijngaards
e3f08cb2a2 - Implement progressive backoff of TCP idle/keepalive timeout. 
git-svn-id: file:///svn/unbound/trunk@4806 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:20:15 +00:00
Wouter Wijngaards
a92b00ef3c - Correct and expand manual page entries for keepalive and idle timeout. 
git-svn-id: file:///svn/unbound/trunk@4805 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-31 07:19:26 +00:00