townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

161 Commits

Author SHA1 Message Date
wouter
346ff9c3ff - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/tags/release-1.7.3rc2@4740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-18 09:46:01 +00:00
wouter
ab61a40dd4 - Rename tls-additional-ports to tls-additional-port, because every 
line adds one port.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 08:45:57 +00:00
wouter
7ad84e32e0 - #4102 for NSD, but for Unbound. Named unix pipes do not use 
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-12 07:43:52 +00:00
wouter
472d02ab51 - Rename additional-tls-port to tls-additional-ports. 
The older name is accepted for backwards compatibility.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-01 08:02:04 +00:00
wouter
3506f85724 - Patch from Syzdek: Add ability to ignore RD bit and treat all 
requests as if the RD bit is set.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-30 09:33:21 +00:00
wouter
4a5ccf25b0 - tls-win-cert option that adds the system certificate store for 
authenticating DNS-over-TLS connections.  It can be used instead
  of the tls-cert-bundle option, or with it to add certificates.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 14:15:06 +00:00
ralph
8b19239862 - Qname minimisation default changed to yes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-17 10:33:19 +00:00
wouter
e02f387278 - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4683 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-15 07:30:53 +00:00
ralph
38b5b4c8c6 - Added root-key-sentinel support 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
wouter
329a8e105e - allow-notify: config statement for auth-zones. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4628 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-17 13:23:35 +00:00
wouter
a6494a30da - low-rtt and low-rtt-pct in unbound.conf enable the server selection 
of fast servers for some percentage of the time.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4612 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-09 13:27:28 +00:00
wouter
c79c0275c2 - nitpick fixes in example.conf. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4603 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 08:30:25 +00:00
wouter
c549551a6c - Create additional tls service interfaces by opening them on other 
portnumbers and listing the portnumbers as additional-tls-port: nr.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4588 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 14:19:02 +00:00
wouter
96979a9d6c - Add --with-libhiredis, unbound support for a new cached backend 
that uses a Redis server as the storage.  This implementation
  depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
  And unbound should be built with both --enable-cachedb and
  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
  should exist).  Patch from Jinmei Tatuya (Infoblox).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-15 12:33:51 +00:00
wouter
e417dbf3ca - Fix #3727: Protocol name is TLS, options have been renamed but 
documentation is not consistent.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4578 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-12 12:35:53 +00:00
wouter
529514534f - Added documentation for aggressive-nsec: yes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4575 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-12 08:21:44 +00:00
wouter
80ab137e03 - local-zone noview can be used to break out of the view to the 
global local zone contents, for queries for that zone.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4540 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-19 12:13:23 +00:00
wouter
4d4669b2cc - tls-cert-bundle option in unbound.conf enables TLS authentication. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:09 +00:00
wouter
f928cde035 - auth zone url config. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4525 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 16:11:27 +00:00
wouter
db621d92d7 - auth-zone provides a way to configure RFC7706 from unbound.conf, 
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
  fallback-enabled: yes and masters or a zonefile with data.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4510 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-05 14:21:46 +00:00
wouter
bf48ee6359 - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is 
also recognized and means the same.  Also for tls-port,
  tls-service-key, tls-service-pem, stub-tls-upstream and
  forward-tls-upstream.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4444 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 08:35:44 +00:00
ralph
9437250636 - Fix qname-minimisation documentation (A QTYPE, not NS) 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4419 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-12 09:23:13 +00:00
wouter
77d3988ed5 - Work on local root zone code. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4376 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-17 15:16:31 +00:00
ralph
c42f53614d - Set trust-anchor-signaling default to yes 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-10-05 10:17:25 +00:00
wouter
e2aaf5e9a7 - Fix #1435: Please allow UDP to be disabled separately upstream and 
downstream.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-18 08:42:24 +00:00
wouter
39ba948040 - Spelling fixes, from Phil Porada. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
wouter
d8d4c8c5e9 - Recommend 1472 buffer size in unbound.conf 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4332 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-01 14:54:37 +00:00
wouter
94f66ee00f - Fix #1398: make cachedb secret configurable. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4295 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-08 09:04:51 +00:00
wouter
fe4f8851d3 - Fix #1350: make cachedb backend configurable (from JINMEI Tatuya). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-17 08:21:19 +00:00
wouter
7e2a0e920a - Fix #1344: RFC6761-reserved domains: test. and invalid. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4272 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-11 13:27:33 +00:00
george
51e798d701 - Implemented opportunistic IPsec support module (ipsecmod). 
- Some whitespace fixup.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4158 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 12:39:24 +00:00
wouter
4e579c3fd9 - document trust-anchor-signaling in example config file. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4157 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-16 07:50:42 +00:00
wouter
a48c8c5ba0 - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then 
enabled in the config file from Manu Bretelle.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-20 14:55:31 +00:00
wouter
7230af0dcb - Patch for view functionality for local-data-ptr from Björn Ketelaars. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4063 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-17 08:01:40 +00:00
wouter
27d8c63674 - Add trustanchor.unbound CH TXT that gets a response with a number 
of TXT RRs with a string like "example.com. 2345 1234" with
  the trust anchors and their keytags.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:17:58 +00:00
wouter
f0a9c86a73 - Patch from Luiz Fernando Softov for Stats Shared Memory. 
- unbound-control stats_shm command prints stats using shared memory,
  which uses less cpu.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4020 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-23 12:05:05 +00:00
wouter
3510c9fe88 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
wouter
59ef29ffc6 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
wouter
3ea720544a - configure --enable-systemd and lets unbound use systemd sockets if 
you enable use-systemd: yes in unbound.conf.
  Also there are contrib/unbound.socket and contrib/unbound.service:
  systemd files for unbound, install them in /usr/lib/systemd/system.
  Contributed by Sami Kerola and Pavel Odintsov.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-03 13:43:29 +00:00
wouter
0a5c542da5 - Fix #1170: document that 'inform' local-zone uses local-data. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3944 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-05 12:59:08 +00:00
ralph
3fb4900c0e - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
wouter
b565dd0a77 - log-identity: config option to set sys log identity, patch from 
"Robin H. Johnson" <robbat2@gentoo.org>


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3917 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 08:51:40 +00:00
wouter
416af5ad2e - serve-expired config option: serve expired responses with TTL 0. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:43:20 +00:00
wouter
ada0d4354f - Fix #1130: whitespace in example.conf.in more consistent. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-19 07:15:41 +00:00
ralph
1393dff5a3 - Added qname-minimisation-strict config option. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3878 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-11 11:32:50 +00:00
ralph
083a936fb3 Added views functionality. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:36:25 +00:00
wouter
ea8e3d008a - nicer ratelimit-below-domain explanation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3825 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-26 13:37:30 +00:00
wouter
dcc4f7da63 caps-whitelist entry. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3818 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-18 07:53:49 +00:00
wouter
2f8e0608fa - access-control-tag-data implemented. verbose(4) prints tag debug. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3811 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-07 10:20:05 +00:00
wouter
b2c747ecb2 More docs for enabling the netblock option. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3805 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 15:00:30 +00:00