Commit Graph

3064 Commits

Author SHA1 Message Date
wouter
0a3417c0a2 1.7.1 in development
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4585 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-15 10:19:14 +00:00
wouter
e39ce268e3 - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
flushed with serve-expired on.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4582 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-13 12:52:11 +00:00
wouter
d17c639867 - Fix typo in documentation.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4580 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-13 08:12:38 +00:00
wouter
e577f90bb8 - Check IXFR start serial.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4579 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-12 14:34:24 +00:00
wouter
e417dbf3ca - Fix #3727: Protocol name is TLS, options have been renamed but
documentation is not consistent.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4578 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-12 12:35:53 +00:00
wouter
3786f4ac38 - tag 1.7.0rc3.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4576 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-12 09:22:16 +00:00
wouter
529514534f - Added documentation for aggressive-nsec: yes.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4575 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-12 08:21:44 +00:00
wouter
a3296c2da0 configure --disable-swig-version-check stops the swig version check.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4574 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-09 08:01:11 +00:00
wouter
a93a529845 - Fix #3598: Fix swig build issue on rhel6 based system.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4573 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-09 08:00:40 +00:00
wouter
7faeb8e311 1.7.0rc2
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4571 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-08 13:37:34 +00:00
wouter
12e74d064f - note when tag 1.7.0rc1 happened in the changelog.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4570 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-07 08:57:33 +00:00
wouter
2b00a5d314 - Attempt to remove warning about trailing whitespace.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4568 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-07 08:52:18 +00:00
wouter
1c8938d3a2 - patch suggested by Debian lintian: allow to -> allow one to, from
A. Schulze.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4567 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-07 08:40:09 +00:00
wouter
06453716e5 - patch to log creates keytag queries, from A. Schulze.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4566 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-07 08:39:10 +00:00
wouter
d1ce267c04 - Fixed contrib/fastrpz.patch, even though this already applied
cleanly for me, now also for others.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4565 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-07 08:32:14 +00:00
wouter
ed4f6f2c2f - Fix for windows compile.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4563 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-06 09:18:53 +00:00
wouter
cf7ae9cac6 - svn trunk contains 1.7.0, this is the number for the next release.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4561 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-06 09:07:22 +00:00
wouter
692f648a6e - Reverted fix for #3512, this may not be the best way forward;
although it could be changed at a later time, to stay similar to
  other implementations.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4560 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-06 08:22:33 +00:00
wouter
0a65f973e9 - Fix #3582: Squelch address already in use log when reuseaddr option
causes same port to be used twice for tcp connections.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4559 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-05 15:45:34 +00:00
wouter
ebe1d77ccd - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4558 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-05 14:38:30 +00:00
wouter
f9f010890f - Fix to check define of DSA for when openssl is without deprecated.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4556 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-05 14:28:21 +00:00
wouter
327d22ff3e - Fix nettle compile.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4555 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-27 13:03:54 +00:00
wouter
7cb6d24fad - Fix compile with staticexe and python module.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4554 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-27 10:53:49 +00:00
wouter
340efc3a79 - Fix compile without threads, and remove unused variable.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4553 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-27 10:36:12 +00:00
wouter
325fc0651c - Fixup contrib/fastrpz.patch so that it applies.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4552 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-27 10:18:28 +00:00
ralph
3377e6f8ee - Save wildcard RRset from answer with original owner for use in aggressive
NSEC.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4550 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-22 15:12:31 +00:00
wouter
3c305c6934 - more robust cachedump rrset routine.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4549 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-21 15:25:19 +00:00
wouter
ffa1194628 - Fix validation for CNAME loops. When it detects a cname loop,
by finding the cname, cname in the existing list, it returns
  the partial result with the validation result up to then.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4547 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-21 14:04:02 +00:00
wouter
eb1adcf378 - Fix #3512: unbound incorrectly reports SERVFAIL for CAA query
when there is a CNAME loop.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4544 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-21 13:13:58 +00:00
wouter
67f76f85dc - Fix for more maintainable code in localzone.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4542 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-19 13:21:57 +00:00
wouter
5a0f6206c8 bug ref nr.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4541 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-19 12:14:43 +00:00
wouter
80ab137e03 - local-zone noview can be used to break out of the view to the
global local zone contents, for queries for that zone.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4540 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-19 12:13:23 +00:00
wouter
aaf91e2491 - Fix #3505: Documentation for default local zones references
wrong RFC.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4539 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-19 08:43:23 +00:00
wouter
1a9d913ee5 - Fixes for clang static analyzer, the missing ; in
edns-subnet/addrtree.c after the assert made clang analyzer
  produce a failure to analyze it.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4538 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-16 10:31:48 +00:00
ralph
c217a69c57 - Aggressive NSEC tests
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4537 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-13 14:40:29 +00:00
wouter
4ddbf8aed9 - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4533 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-13 10:35:31 +00:00
wouter
4d4669b2cc - tls-cert-bundle option in unbound.conf enables TLS authentication.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-13 10:35:09 +00:00
wouter
0e2c3c5adf - Unit test for auth zone https url download.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4531 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-12 15:40:05 +00:00
ralph
42255fcad3 - Processed aggressive NSEC code review remarks Wouter
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4529 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-12 12:14:01 +00:00
ralph
2d5fc74a3e - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4528 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-12 11:39:03 +00:00
wouter
f928cde035 - auth zone url config.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4525 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-08 16:11:27 +00:00
ralph
35bc8a1ecc - Aggressive use of NSEC implementation. Use cached NSEC records to generate
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-08 13:16:36 +00:00
wouter
6342b7928f - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4519 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-08 10:14:34 +00:00
wouter
db621d92d7 - auth-zone provides a way to configure RFC7706 from unbound.conf,
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
  fallback-enabled: yes and masters or a zonefile with data.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4510 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-05 14:21:46 +00:00
wouter
e7a76a8a64 - Fix #3451: dnstap not building when you have a separate build dir.
And removed protoc warning, set dnstap.proto syntax to proto2.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4508 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-05 12:14:51 +00:00
wouter
6b49cdd1d8 - lock subnet new item before insertion to please checklocks,
no modification of critical regions outside of lock region.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4497 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-02 10:52:44 +00:00
wouter
252eae4e5e - Fix lock race condition in dns cache dname synthesis.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4495 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-02 10:33:19 +00:00
wouter
f4a83a9628 - unit test with valgrind
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4494 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-02 09:52:52 +00:00
wouter
f8f3f79a0d - Fix unfreed locks in log and arc4random at exit of unbound.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4491 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-02 09:27:16 +00:00
wouter
cc667b6402 - fix unaligned structure making a false positive in checklock
unitialised memory.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4490 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-01 15:55:48 +00:00
ralph
5489a6b54b - Use NSEC with longest ce to prove wildcard absence.
- Only use *.ce to prove wildcard absence, no longer names.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4460 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-29 13:46:57 +00:00
wouter
1926bbe54f - ltrace.conf file for libunbound in contrib.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4449 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-25 09:31:49 +00:00
wouter
74d2a9dacd - Print fatal errors about remote control setup before log init,
so that it is printed to console.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4448 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-23 15:59:18 +00:00
wouter
f84f924e28 - Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
for startup scripts to get the full pathname(s) of anchor file(s).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4447 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-23 14:20:17 +00:00
wouter
98b9046b25 - Fix #3397: Fix that when the cache contains an unsigned DNAME in
the middle of a cname chain, a result without the DNAME could
  be returned.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4446 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-22 14:30:16 +00:00
wouter
82881b17a4 - Fix #3397: Fix that cachedb could return a partial CNAME chain.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4445 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-22 13:54:20 +00:00
wouter
bf48ee6359 - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
also recognized and means the same.  Also for tls-port,
  tls-service-key, tls-service-pem, stub-tls-upstream and
  forward-tls-upstream.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4444 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-22 08:35:44 +00:00
wouter
58bcba72fd - make depend: code dependencies updated in Makefile.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4443 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-19 09:52:40 +00:00
wouter
b9d181057d - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4442 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-19 09:51:50 +00:00
wouter
7911e492f9 - patch for CVE-2017-15105: vulnerability in the processing of
wildcard synthesized NSEC records.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4441 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-19 09:50:35 +00:00
wouter
51c4c9777b - trunk has 1.6.9 with fix and previous commits.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4440 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-19 09:49:32 +00:00
ralph
a28f91e754 - Copy query and correctly set flags on REFUSED answers when cache snooping is
not allowed.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4436 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-04 15:16:19 +00:00
ralph
faf687efe9 - Fix queries being leaked above stub when refetching glue.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4434 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-03 16:54:22 +00:00
wouter
fe7c8d17cb - Remove clang optimizer disable,
Fix that expiration date checks don't fail with clang -O2.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4431 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-02 10:48:00 +00:00
wouter
ed00a97133 - Fix that DS queries with referral replies are answered straight
away, without a repeat query picking the DS from cache.
  The correct reply should have been an answer, the reply is fixed
  by the scrubber to have the answer in the answer section.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4430 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-02 09:48:22 +00:00
wouter
bd2f389b35 - Also disable -flto for clang, to make incep-expi signature check
work.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4429 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-15 12:54:02 +00:00
wouter
b4462e04f5 - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4428 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-15 12:42:45 +00:00
wouter
e905d51302 - Fix timestamp failure because of clang optimizer failure, by
disabling -O2 when the compiler --version is clang.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4427 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-15 10:25:41 +00:00
wouter
a1ad3c1de2 - authzone work, transfer connect.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4420 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-12 15:39:45 +00:00
ralph
9437250636 - Fix qname-minimisation documentation (A QTYPE, not NS)
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4419 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-12 09:23:13 +00:00
ralph
1a699f5936 - Check whether --with-libunbound-only is set when using --with-nettle or
--with-nss. 


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4418 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-07 10:51:22 +00:00
wouter
f9decd7b0c - Fix link failure on OmniOS.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4414 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-04 08:28:16 +00:00
wouter
3338ac15eb - auth zone work. probe hostname lookup.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4411 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-01 14:02:28 +00:00
wouter
8fb3f71338 - Fix #3299 - forward CNAME daisy chain is not working
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4409 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-30 08:34:20 +00:00
wouter
9efb904454 - auth xfer work on probe timer and lookup.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4405 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-14 15:58:24 +00:00
wouter
44915a87fe - Fix #2882: Unbound behaviour changes (wrong) when domain-insecure is
set for stub zone.  It no longer searches for DNSSEC information.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4404 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-14 10:01:44 +00:00
wouter
1f3ab65816 no AAAA shortcuts.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4403 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-13 14:15:10 +00:00
wouter
6f02e4bb69 - Fix qname minimisation to send AAAA queries at zonecut like type A.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4402 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-13 12:11:38 +00:00
wouter
e23fd1317f - Fix #2801: Install libunbound.pc.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4401 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-13 10:25:01 +00:00
wouter
3ccb98dd2f - Fix #2492: Documentation libunbound.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4399 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-07 08:05:12 +00:00
wouter
a022c9bd0e - Fix #2141 - for libsodium detect lack of entropy in chroot, print
a message and exit.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4398 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-03 15:08:14 +00:00
wouter
f03a2ab411 - Fix #2034 - Autoconf and -flto.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4397 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-03 10:52:25 +00:00
wouter
a0ffe3a276 - Fix #2362: TLS1.3/openssl-1.1.1 not working.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4396 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-03 07:40:36 +00:00
wouter
6c4ad226a5 - make ip-transparent option work on OpenBSD.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4393 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-02 09:34:19 +00:00
wouter
72b70b5c9d - Fix #1913: ub_ctx_config is under circumstances thread-safe.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4392 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-02 08:23:52 +00:00
wouter
c9ce6f5969 - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4391 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-31 13:18:04 +00:00
wouter
ba572d6f60 - lexer output.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4390 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-31 10:07:01 +00:00
wouter
470f64df29 - Document that errno is left informative on libunbound config read
fail.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4389 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-31 08:18:18 +00:00
ralph
d1c485bc4c - Fix #2031: Double included headers
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4388 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-25 13:30:32 +00:00
ralph
24b4835ec3 - Fix #1949: [dnscrypt] make provider name mismatch more obvious.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4387 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-25 10:13:35 +00:00
ralph
9c22e42723 - Fixed libunbound manual typo.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4386 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-25 08:38:24 +00:00
ralph
aa79205c9d - Update B root ipv4 address.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4385 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-24 14:50:20 +00:00
wouter
f6767b6484 - authzone work, probe timer setup.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4378 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-19 09:03:36 +00:00
wouter
6f83cdd0a5 - lint for recent authzone commit.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4377 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-18 06:43:51 +00:00
wouter
77d3988ed5 - Work on local root zone code.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4376 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-17 15:16:31 +00:00
wouter
8ea0120a1a - Better documentation for cache-max-negative-ttl.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4375 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-17 12:53:21 +00:00
wouter
cbb64b3ab6 - [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
  from Manu Bretelle.
	This option allows handling multiple cert/key pairs while only
	distributing some of them.
	In order to reliably match a client magic with a given key without
	strong assumption as to how those were generated, we need both key and
	cert. Likewise, in order to know which ES version should be used.
	On the other hand, when rotating a cert, it can be desirable to only
	serve the new cert but still be able to handle clients that are still
	using the old certs's public key.
	The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
	publish the cert as part of the DNS's provider_name's TXT answer.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-17 07:34:49 +00:00
wouter
3110caa07e - Fix #1749: With harden-referral-path: performance drops, due to
circular dependency in NS and DS lookups.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4372 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-17 07:22:58 +00:00
wouter
9ebff362bf - trunk has version 1.6.8.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4371 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-10 07:38:56 +00:00
wouter
8a71dc5fc9 - tag 1.6.7
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4369 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-10 07:10:35 +00:00
wouter
ddc2388235 - Fix spelling in unbound-control man page.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4368 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-06 07:00:10 +00:00
wouter
486ac179d8 - tag 1.6.7rc1
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4366 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-05 14:31:39 +00:00
ralph
95863bf217 - Use RCODE from A response on DNS64 synthesized answer.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4365 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-05 13:55:04 +00:00
wouter
201305283a - Fix some more crpls in testdata for different signaling default.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4363 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-05 10:44:16 +00:00
wouter
c523378d4e - Fix trust-anchor-signaling works in libunbound.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4362 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-05 10:37:34 +00:00
ralph
c42f53614d - Set trust-anchor-signaling default to yes
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4360 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-05 10:17:25 +00:00
wouter
970f539bde - Fix param unused warning for windows exportsymbol compile.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4359 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-02 12:24:48 +00:00
ralph
8f05e958fa - Fix #1450: Generate again patch contrib/aaaa-filter-iterator.patch (by Danilo
G. Baio). 


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4358 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-25 12:49:47 +00:00
ralph
4d5b70bbb0 - Log name of looping module
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4357 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-21 08:19:47 +00:00
wouter
235b9c147e Spelling fixes are from Josh Soref.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4356 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-20 07:01:52 +00:00
wouter
f5d8f50530 - Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4355 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-19 11:54:58 +00:00
wouter
6c6d33763d - use a cachedb answer even if it's "expired" when serve-expired is yes
(patch from Jinmei Tatuya).
- trigger refetching of the answer in that case (this will bypass
  cachedb lookup)
- allow storing a 0-TTL answer from cachedb in the in-memory message
  cache when serve-expired is yes


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4353 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-19 09:08:29 +00:00
ralph
c881f5fe5e - Fix #1400: allowing use of global cache on ECS-forwarding unless
always-forward.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4352 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-18 09:09:10 +00:00
wouter
87a108b346 - Fix #1440: [dnscrypt] client nonce cache.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4351 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-18 08:55:08 +00:00
wouter
e2aaf5e9a7 - Fix #1435: Please allow UDP to be disabled separately upstream and
downstream.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-18 08:42:24 +00:00
wouter
5251daea1e - Fix that looping modules always stop the query, and don't pass
control.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4348 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-18 07:54:24 +00:00
wouter
becbd20b1f - tag 1.6.6rc2, became 1.6.6 on 18 sep. trunk 1.6.7 in development.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4347 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-18 07:49:41 +00:00
wouter
39ba948040 - Spelling fixes, from Phil Porada.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-15 14:29:28 +00:00
wouter
ddd249d0df - Fix unbound-host to report error for DNSSEC state of failed lookups.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4343 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-15 14:11:43 +00:00
wouter
dfb5ebda09 - tag 1.6.6rc2
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4341 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-13 06:57:39 +00:00
wouter
86daa970ea - Add dns64 for client-subnet in unbound-checkconf.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4340 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-12 05:43:46 +00:00
wouter
6e590364b5 - Fix #1434: Fix windows openssl 1.1.0 linking.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4338 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-05 08:28:39 +00:00
ralph
6d18c7e23d - Fix #1412: QNAME minimisation strict mode not honored
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4337 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-04 15:15:27 +00:00
wouter
3a1a576d65 - makedist fix for windows binaries, with openssl 1.1.0 windres fix,
and expat 2.2.4 install target fix.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4336 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-04 14:02:15 +00:00
wouter
526d1e88ac note tag 1.6.6rc1
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4335 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-04 12:55:25 +00:00
wouter
d8d4c8c5e9 - Recommend 1472 buffer size in unbound.conf
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4332 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-01 14:54:37 +00:00
wouter
15de64688c - Fix #1418: [ip ratelimit] initialize slabhash using
ip-ratelimit-slabs.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4330 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-31 12:02:14 +00:00
wouter
dfb7048b28 dnscrypt cache size configuration option.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4328 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-31 11:58:29 +00:00
wouter
6a32cf0cc5 - make depend
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4327 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-31 08:08:45 +00:00
wouter
ce208bb8fe - Fix #1417: [dnscrypt] shared secret cache counters, and works when
dnscrypt is not enabled.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4326 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-31 08:06:17 +00:00
wouter
7e69f3e28c - but reverted that, tests fails with that escape.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4325 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-31 07:48:09 +00:00
wouter
74148f584a - For #1417: escape ; in dnscrypt tests.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4324 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-31 07:43:54 +00:00
wouter
99f7948a7b - Fix #1424: cachedb:testframe is not thread safe.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4323 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-31 07:35:08 +00:00
wouter
e7919c4128 - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4322 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-30 13:13:43 +00:00
wouter
40e912fbf8 - updated contrib/fastrpz.patch to apply with configparser changes.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4321 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-30 11:12:03 +00:00
wouter
818ac2ab2e - fixup WKS test on buildhost without servicebyname.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4319 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-29 08:56:22 +00:00
wouter
1f650790ae - new keys and certs for dnscrypt tests.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4318 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-29 08:48:19 +00:00
wouter
a5990315f7 - zero qinfo in handle_request, this zeroes local_alias and also the
qname member.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4317 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-29 07:31:45 +00:00
wouter
9500dddad7 - Fix #1414: fix segfault on parse failure and log_replies.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4316 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-29 07:28:29 +00:00
wouter
d566f3c891 - Fix WKS records on kvm autobuild host, with default protobyname
entries for udp and tcp.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4314 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-28 13:00:45 +00:00
wouter
398021b8fd - Small fixes for the shared secret cache patch.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4313 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-28 11:05:51 +00:00
wouter
8e49ed87c3 - Fix #1415: [dnscrypt] shared secret cache, patch from
Manu Bretelle.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4312 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-28 10:55:41 +00:00
wouter
737cb7483b - iana portlist update
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4311 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-28 08:29:00 +00:00
wouter
8b3bfc6ca7 - Fix #1415: patch to free dnscrypt environment on reload.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4310 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-28 07:49:42 +00:00
wouter
6aa6c48e10 - Fix to reclaim tcp handler when it is closed due to dnscrypt buffer
allocation failure.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4309 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-22 13:40:44 +00:00
wouter
51808a94ba - make depend
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4308 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-22 07:44:41 +00:00
wouter
a2f9551c88 - Fix #1407: Add ECS options check to unbound-checkconf.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4307 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-22 07:43:59 +00:00
wouter
489ad287a4 - Fix #1402: squelch invalid argument error for fd_set_block on windows.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4306 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-21 14:15:32 +00:00
wouter
2cbdee08dc Better text for change:
- Fix install of trust anchor when two anchors are present, makes both
	  valid. Checks hash of DS but not signature of new key. This fixes
	  the root.key file if created when unbound is installed between
	  sep11 and oct11 2017.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4305 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-21 12:48:05 +00:00
wouter
69cabf506e - Fix issue on macOX 10.10 where TCP fast open is detected but not
implemented causing TCP to fail. The fix allows fallback to regular
  TCP in this case and is also more robust for cases where connectx()
  fails for some reason.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4304 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-21 11:44:46 +00:00