townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

694 Commits

Author SHA1 Message Date
ralph
5b02745221 - Fix remote control without certificate for LibreSSL 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3956 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-07 14:13:01 +00:00
george
b137d5d5e2 please lint again. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 14:41:14 +00:00
george
6fac383510 please lint again. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 14:33:08 +00:00
george
4812f02dd0 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
ralph
4575fa9149 - Added local-zones and local-data bulk addition and removal functionality in 
unbound-control (local_zones, local_zones_remove, local_datas and
  local_datas_remove).                                   
- iana portlist update


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3941 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-30 11:22:29 +00:00
wouter
5e81b62603 Fixup for windows compile. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3940 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-29 15:49:37 +00:00
wouter
c4d8a8858a - Fix that with openssl 1.1 control-use-cert: no uses less cpu, by 
using no encryption over the unix socket.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3936 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-25 16:14:14 +00:00
wouter
ff49098e7d - patch from Dag-Erling Smorgrav that removes code that relies 
on sbrk().


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3934 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-22 15:50:07 +00:00
ralph
4097f78b84 pass ssl_upstream as int to (lib)worker_send_query 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3924 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 14:02:22 +00:00
ralph
3fb4900c0e - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
wouter
7e9e2bfb99 - configure detects ssl security level API function in the autoconf 
manner.  Every function on its own, so that other libraries (eg.
  LibreSSL) can develop their API without hindrance.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3921 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 08:05:42 +00:00
wouter
22f6a8f7a4 Fixup #if at start of line, for portability. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3920 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 07:58:57 +00:00
ralph
c1f7eb0ce5 Set openssl security level to 0 when using aNULL ciphers 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3919 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 16:59:00 +00:00
wouter
b565dd0a77 - log-identity: config option to set sys log identity, patch from 
"Robin H. Johnson" <robbat2@gentoo.org>


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3917 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 08:51:40 +00:00
wouter
bbe0c0a707 - Patch for server.num.zero_ttl stats for count of expired replies, 
from Pavel Odintsov.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3910 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-28 15:08:32 +00:00
wouter
76d75d9d0d - Fix #1134: unbound-control set_option val-date-override: -1 works 
immediately to ignore datetime, or back to 0 to enable it again.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3907 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-25 11:44:03 +00:00
wouter
f1e90237e6 Fixup prefetch only when needed 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3904 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:53:13 +00:00
wouter
416af5ad2e - serve-expired config option: serve expired responses with TTL 0. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:43:20 +00:00
wouter
a622051af1 - Fixup query_info local_alias init. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3901 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 15:05:30 +00:00
wouter
593353dc9b - Removed patch comments from acllist.c and msgencode.c 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3886 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-18 13:20:42 +00:00
wouter
bc78c785ce - Patch that resolves CNAMEs entered in local-data conf statements that 
point to data on the internet, from Jinmei Tatuya (Infoblox).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-18 13:18:20 +00:00
ralph
a65e5ddee1 - fix memoryleak logfile when in debug mode. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3880 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-11 13:43:18 +00:00
ralph
083a936fb3 Added views functionality. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:36:25 +00:00
ralph
c31d468a3a Check for LibreSSL usage when OpenSSL version number >= 1.1 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3862 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-15 14:40:42 +00:00
wouter
5c55df0e04 - Test for openssl init_crypto and init_ssl functions. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-15 12:03:10 +00:00
ralph
43a31cadce fix potential memory leak in daemon/remote.c and nullpointer dereference in 
validator/autotrust.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3856 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-15 08:39:59 +00:00
wouter
9b0f30e072 - Fix incomplete prototypes reported by Dag-Erling Smørgrav. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3848 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-05 07:23:23 +00:00
wouter
56909f9efb Fixup for defines not funcs 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3845 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-02 11:20:21 +00:00
wouter
fcad92b021 - Fix compile with openssl 1.1.0 with api=1.1.0. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3844 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-02 09:59:09 +00:00
wouter
31c27db489 Fixup position before flip. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3842 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-01 14:51:46 +00:00
wouter
8d55248c66 - Fix #826: Fix refuse_non_local could result in a broken response. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3841 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-01 14:34:45 +00:00
wouter
883854cacb - Fix #777: OpenSSL 1.1.0 compatibility, patch from Sebastian A. Siewior. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3837 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-08-29 07:05:19 +00:00
wouter
ec1e454439 - Fix #806: wrong comment removed. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3826 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-28 07:13:48 +00:00
wouter
0e53074eaa - Fix #803: confusing (and incorrect) code comment in daemon_cleanup(). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3824 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-22 07:08:42 +00:00
wouter
0df1f8359b - Fix #801: missing error condition handling in 
daemon_create_workers().


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3822 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-22 07:02:03 +00:00
wouter
2f8e0608fa - access-control-tag-data implemented. verbose(4) prints tag debug. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3811 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-07 10:20:05 +00:00
wouter
3be84daf12 - Fix #784: Build configure assumess that having getpwnam means there 
is endpwent function available.
- Updated repository with newer flex and bison output.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3799 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-27 08:00:55 +00:00
ralph
88e5f3d21d - Possibility to specify local-zone types for an acl/tag pair 
- Possibility to specify (override) local-zone types for a source address block


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3797 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-24 19:08:58 +00:00
wouter
67f97d9f9a - TCP_TIMEOUT is specified in milliseconds. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3793 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-15 14:23:43 +00:00
wouter
02de89e03c - Fix #778: unbound 1.5.9: -h segfault (null deref). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3781 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-13 07:06:23 +00:00
ralph
e4444eecc9 - Lookup localzones by taglist from acl. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3764 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-07 08:36:19 +00:00
wouter
1260af4d7b and fixup delete rest of list on parse failure. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3762 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 15:01:48 +00:00
wouter
9a6e4de566 - free acl-tags, acltag-action and acltag-data config lists during 
initialisation to free up memory for more entries.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3761 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 14:57:24 +00:00
wouter
a435c0c25d please lint. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3760 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 13:52:56 +00:00
wouter
2bdc9222e3 - access-control-tag-action and access-control-tag-data config 
directives.
- make depend


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3759 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 13:47:24 +00:00
wouter
31df915761 - access-control-tag config directive. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3754 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-06 08:33:59 +00:00
wouter
fe7792c174 - Fix to not ignore return value of chown() in daemon startup. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3752 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-03 07:38:53 +00:00
wouter
209c4b9583 please dox. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3743 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:56:27 +00:00
wouter
9504853b86 - and also generic edns options for upstream messages (and replies). 
after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID),
  to insert use edns_opt_append(edns, region, code, len, bindata) on
  the opt_list passed to send_query, or in edns_opt_inplace_reply.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3742 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:55:22 +00:00
wouter
f3d914e425 - generic edns option parse and store code. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00
wouter
3e16023c94 - Fix #770: Small subgroup attack on DH used in unix pipe on localhost 
if unbound control uses a unix local named pipe.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3729 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-27 06:50:49 +00:00
wouter
7b6e5dd9c7 - OpenSSL 1.1.0 portability, --disable-dsa configure option. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3689 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-23 08:19:49 +00:00
wouter
bb32d6f82c - OPENSSL_config is deprecated, removing. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-21 11:44:03 +00:00
wouter
bcc54c168d - ERR_remove_state deprecated since openssl 1.0.0. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3687 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-21 11:38:50 +00:00
wouter
cc92e91d47 - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for 
binding to an IP address while the interface or address is down.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3673 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-15 09:35:48 +00:00
wouter
c20ef7f2ae - Fixup backend2str for libev. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3660 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-10 14:39:48 +00:00
willem
b8f745d47d User defined pluggable event mechanism (for review) 
git-svn-id: https://unbound.nlnetlabs.nl/svn/branches/ub_event@3647 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-07 14:10:06 +00:00
wouter
8bc70ac10b - Fix patch typo in prevuous commit for 734 from Adi Prasaja. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3614 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-08 08:17:00 +00:00
wouter
f3ab2837c5 - Neater cmdline_verbose increment patch from Edgar Pettijohn. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3613 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-29 08:06:51 +00:00
wouter
3d8da85a6b Fixup declaration after statement. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-26 09:00:06 +00:00
wouter
b07742369b Fixup ;. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3605 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-26 08:27:40 +00:00
wouter
88fbc332f2 - Fix #734: chown the pidfile if it resides inside the chroot. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3604 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-26 08:05:04 +00:00
wouter
d3aae30ae8 - Fix #734: Do not log an error when the PID file cannot be chown'ed. 
Patch from Simon Deziel.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3599 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-12 08:04:42 +00:00
wouter
e0bfcab5cc - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
wouter
f315956690 and also #724 for unbound.exe commandline. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3559 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-12-01 09:26:02 +00:00
wouter
641541c144 But RFC wants empty EDNS in formerr. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3547 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-20 10:32:18 +00:00
wouter
1d60e4519e - Fix that malformed EDNS query gets a response without malformed EDNS. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3546 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-20 09:09:55 +00:00
wouter
b9014f9ec0 Nicer unbound.c for nettle. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3534 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 10:02:17 +00:00
wouter
b7b759b22d - patch from Doug Hogan for SSL_OP_NO_SSLvx options. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-29 08:32:58 +00:00
wouter
182c2d6cfb - Fix unbound-control flush that does not succeed in removing data. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3493 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-25 12:39:10 +00:00
wouter
1116189f7a - Fix deadlock for local data add and zone add when unbound-control 
list_local_data printout is interrupted.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3476 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-24 10:49:28 +00:00
wouter
c2eee3d0d5 Fix lint. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3458 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-24 11:49:35 +00:00
wouter
bca87594c3 And fix reponse generation when reducing the number of threads. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3457 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-24 11:44:58 +00:00
wouter
fbd9cf712d - Fix #690: Reload fails when so-reuseport is yes after changing 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3456 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-24 07:02:14 +00:00
wouter
b85dd91be1 Fixup #if 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3454 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-21 14:37:15 +00:00
wouter
7f99e7c795 - Fix configure to detect SSL_CTX_set_ecdh_auto. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3453 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-21 14:30:49 +00:00
wouter
e00efba037 - Enable ECDHE for servers. Where available, use 
SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to
  enable ECDHE.  Otherwise, manually offer curve p256.
  Client connections should automatically use ECDHE when available.
  (thanks Daniel Kahn Gillmor)


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3452 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-20 06:56:01 +00:00
willem
221499af71 SSL_CTX_use_certificate_chain_file() should be used instead of the 
SSL_CTX_use_certificate_file() function in order to allow the use of
complete certificate chains even when no trusted CA storage is used or
when the CA issuing the certificate shall not be added to the trusted
CA storage.

Thanks Daniel Kahn Gillmore


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3451 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-18 12:34:37 +00:00
wouter
4ae9e5a7cd - Fix #681: Setting forwarders with unbound-control forward 
implicitly turns on forward-first.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3447 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-09 09:45:08 +00:00
wouter
8c62cad20d - Fix #677 Fix DNAME responses from cache that failed internal chain 
test.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3435 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-26 07:27:32 +00:00
wouter
ff6bfe90f6 fix doxygen comment. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3430 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 09:32:14 +00:00
wouter
1c536612d7 - Fix that unparseable error responses are ratelimited. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 09:27:42 +00:00
wouter
7f56755943 - Fix#663: ssl handshake fails when using unix socket because dh size 
is too small.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3396 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 13:56:12 +00:00
wouter
79c9a936cb - unbound-control ratelimit_list lists high rate domains. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3393 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 12:13:59 +00:00
wouter
0557760286 - unbound-control list_insecure command shows the negative trust 
anchors currently configured, patch from Jelte Jansen.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3389 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 13:50:09 +00:00
wouter
410ac6cd67 - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
wouter
2672fe9ea9 - remote.c probedelay line is easier to read. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3379 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 09:46:06 +00:00
wouter
d8e38074d4 - Fix segfault on user not found at startup (from Maciej Soltysiak). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3375 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-23 20:20:15 +00:00
wouter
6fe0e22fa0 Check before storing value. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3373 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:58:55 +00:00
wouter
d1bf57dfd1 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
wouter
6478a1cbfd - Add ip-transparent config option for bind to non-local addresses. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-19 09:50:35 +00:00
wouter
4d50899043 - stats reports tcp usage, of incoming-num-tcp buffers. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3353 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-05 15:23:14 +00:00
wouter
3233c052fe - Fix #647 crash in 1.5.2 because pwd.db no longer accessible after 
reload.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3341 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-20 14:48:04 +00:00
wouter
5154b3406d - windows port fixes, no AF_LOCAL, no chown, no chmod(grp). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3319 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-23 15:23:58 +00:00
wouter
f6924c2943 Fix doc. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3307 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:41:04 +00:00
wouter
b4fd8fe3d7 - Fixup that patch and uid lookup (only for daemon). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3306 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:37:45 +00:00
wouter
5387d573cf please lint. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3305 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:18:03 +00:00
wouter
9537cdfccf - patch for remote control over local sockets, from Dag-Erling 
Smorgrav, Ilya Bakulin.  Use control-interface: /path/sock and
  control-use-cert: no.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3304 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:12:59 +00:00
wouter
b104189bba remove debug print 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3302 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-05 14:48:10 +00:00
wouter
9d84c30040 - Patch from Philip Paeps to contrib/unbound_munin_ that uses 
type ABSOLUTE.  Allows munin.conf: [idleserver.example.net]
  unbound_munin_hits.graph_period minute


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3301 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-05 14:47:52 +00:00
wouter
b1061c10c8 - local-zone: example.com inform makes unbound log a message with 
client IP for queries in that zone.  Eg. for finding infected hosts.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-12-09 11:29:17 +00:00
wouter
0778829809 - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
wouter
a1cf7d3817 - Patch from James Raftery, always print stats for rcodes 0..5. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3267 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-12 17:25:59 +00:00
wouter
f203aa89f4 - Removed 'increased limit open files' log message that is written 
to console.  It is only written on verbosity 4 and higher.
  This keeps system bootup console cleaner.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3266 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-12 11:04:43 +00:00
wouter
9f6a5bcfc8 - iana portlist update. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3249 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-27 09:54:44 +00:00
wouter
6128ac971e - Disabled use of SSLv3 in remote-control and ssl-upstream. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3248 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-27 09:26:48 +00:00
wouter
275b0360d4 More casts. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 09:23:12 +00:00
wouter
24f41cde84 Fixup for dnstap. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3209 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-18 14:42:26 +00:00
wouter
d74c01b712 - dnstap support, with a patch from Farsight Security, written by 
Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
  It is BSD licensed (see dnstap/dnstap.c).
  Building with --enable-dnstap needs pkg-config with this patch.
- Noted dnstap in doc/README and doc/CREDITS.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-05 07:57:52 +00:00
wouter
244de881ef - Patch add msg, rrset, infra and key cache sizes to stats command 
from Maciej Soltysiak.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3203 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-01 13:24:46 +00:00
wouter
c4ef386ed9 - Patch from Dag-Erling Smorgrav that implements feature, unbound -dd 
does not fork in the background and also logs to stderr.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3197 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-29 11:48:43 +00:00
wouter
f50092d51e - And Fix#596: Bail out of unbound-control dump_infra when ssl 
write fails.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3195 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-16 10:07:26 +00:00
wouter
c788e53800 - Fix #596: Bail out of unbound-control list_local_zones when ssl 
write fails.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3193 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-15 14:42:57 +00:00
wouter
556c8f7752 - Fix bug in fix for log locks that caused deadlock in signal handler. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3182 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-07-12 17:34:37 +00:00
wouter
b3c4bac3da - so-reuseport is available on BSDs(such as FreeBSD 10) and OS/X. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3153 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-27 14:11:57 +00:00
wouter
14e8b85111 - unbound-control status reports if so-reuseport was successful. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-26 08:48:51 +00:00
wouter
c9c7f29161 - Fix caps-for-id fallback, and added fallback attempt when servers 
drop 0x20 perturbed queries.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-24 08:24:28 +00:00
wouter
7c2248dd8c - Code cleanup patch from Dag-Erling Smorgrav, with compiler issue 
fixes from FreeBSD's copy of Unbound, he notes:
  Generate unbound-control-setup.sh at build time so it respects
  prefix and sysconfdir from the configure script.  Also fix the
  umask to match the comment, and the comment to match the umask.
  Add const and static where needed.  Use unions instead of
  playing pointer poker.  Move declarations that are needed in
  multiple source files into a shared header.  Move sldns_bgetc()
  from parse.c to buffer.c where it belongs.  Introduce a new
  header file, worker.h, which declares the callbacks that
  all workers must define.  Remove those declarations from
  libworker.h.	Include the correct headers in the correct places.
  Fix a few dummy callbacks that don't match their prototype.
  Fix some casts.  Hide the sbrk madness behind #ifdef HAVE_SBRK.
  Remove a useless printf which breaks reproducible builds.
  Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're
  no longer used.  Add unbound-control-setup.sh to the list of
  generated files.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3137 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-28 08:07:12 +00:00
wouter
6d8894f568 - More #567: remove : from output of stub and forward lists, this is 
easier to parse.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3126 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-05 14:47:08 +00:00
wouter
0d5674b5a8 - Add unbound-control flush_negative that flushed nxdomains, nodata, 
and errors from the cache.  For dnssec-trigger and NetworkManager,
  fixes cases where network changes have localdata that was already
  negatively cached from the previous network.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3125 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-29 08:47:33 +00:00
wouter
79c2ed9944 Fix for event2 compile on FreeBSD. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3118 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-15 11:25:08 +00:00
wouter
3ad592e37d - Fix #554: use unsigned long to print 64bit statistics counters on 
64bit systems.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3110 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 11:20:41 +00:00
wouter
d292682b32 - Fix #567: unbound lists if forward zone is secure or insecure with 
+i annotation in output of list_forwards, also for list_stubs
  (for NetworkManager integration.)


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3109 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 10:54:21 +00:00
wouter
7a5bad49e3 - unbound-control stats prints num.query.tcpout with number of TCP 
outgoing queries made in the previous statistics interval.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3108 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 09:13:58 +00:00
wouter
68b138cbd3 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
wouter
d1cb31280e - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00
wouter
dd0aff21e9 please lint. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3055 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-27 10:41:16 +00:00
wouter
1315093384 - reuseport is attempted, then fallback to without on failure. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3054 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-27 10:27:19 +00:00
wouter
03da1e8f35 - made lint clean. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3050 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 13:23:45 +00:00
wouter
36afba318e - so-reuseport: yesno option to distribute queries evenly over 
threads on Linux (Thanks Robert Edmonds).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 11:43:38 +00:00
wouter
2920d0fa82 - speed up unbound (reports say it could be up to 10%), by reducing 
lock contention on localzones.lock.  It is changed to an rwlock.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3048 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 11:21:15 +00:00
wouter
511cfd92df - Windows port, adjust %lld to %I64d, and warning in win_event.c. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3040 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 16:01:37 +00:00
wouter
ba8b12b779 - fix #544: Fixed +i causes segfault when running with module conf "iterator". 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 13:04:34 +00:00
wouter
8af85a6350 Fix bug in cachedump format after sldns changes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3033 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-05 15:57:16 +00:00
wouter
db8f72c4f7 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
wouter
884b06df55 Fix linking of sldns and ldns, unique identifiers for global variables. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3021 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-30 11:03:55 +00:00
wouter
2e1c6e061f - Fix bug#536: acl_deny_non_local and refuse_non_local added. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-12 10:08:54 +00:00
wouter
6962082dc4 portability with new ldns core (time includes). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3009 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-02 04:38:57 +00:00
wouter
409c3e44db more time includes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3007 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 16:26:45 +00:00
wouter
8e6ee27eda - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
wouter
a6234674fb - unbound-event.h is installed if configured --with-libevent. It 
contains low-level library calls, that use libevent's event_base
  and an ldns_buffer for the wire return packet to perform async
  resolution in the client's eventloop.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2970 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-09-26 08:34:14 +00:00
wouter
8010bb2aa4 - Fix#524: max-udp-size not effective to non-EDNS0 queries, from 
Daisuke HIGASHI.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2955 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-09-16 09:07:08 +00:00
wouter
658bd3bcf8 - review fixes from Willem. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2945 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-22 14:10:29 +00:00
wouter
bb48070dce y2038 for remote tv_sec printout. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2943 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-22 07:09:57 +00:00
wouter
b4a007738c - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
wouter
167e55b965 - add unbound-control insecure_add and insecure_remove for the 
administration of negative trust anchors.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2895 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-26 14:14:07 +00:00
wouter
d63f8ef809 - Implement max-udp-size config option, default 4096 (thanks 
Daisuke Higashi).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 11:55:46 +00:00
wouter
75c85eaa74 - fix bug #491: pick program name (0th argument) as syslog identity. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-18 12:14:40 +00:00
wouter
537b023feb - Fixup openssl_thread init code to only run if compiled with SSL. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2843 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-02-11 16:03:51 +00:00
wouter
2643272560 - includes and have_ssl fixes for nss. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2830 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-30 13:15:03 +00:00