Commit Graph

200 Commits

Author SHA1 Message Date
wouter
346ff9c3ff - Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
git-svn-id: https://unbound.nlnetlabs.nl/svn/tags/release-1.7.3rc2@4740 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-18 09:46:01 +00:00
wouter
ab61a40dd4 - Rename tls-additional-ports to tls-additional-port, because every
line adds one port.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4721 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-12 08:45:57 +00:00
wouter
7ad84e32e0 - #4102 for NSD, but for Unbound. Named unix pipes do not use
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-12 07:43:52 +00:00
wouter
472d02ab51 - Rename additional-tls-port to tls-additional-ports.
The older name is accepted for backwards compatibility.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4703 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-01 08:02:04 +00:00
wouter
3506f85724 - Patch from Syzdek: Add ability to ignore RD bit and treat all
requests as if the RD bit is set.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4701 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-30 09:33:21 +00:00
wouter
4a5ccf25b0 - tls-win-cert option that adds the system certificate store for
authenticating DNS-over-TLS connections.  It can be used instead
  of the tls-cert-bundle option, or with it to add certificates.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-28 14:15:06 +00:00
ralph
8b19239862 - Qname minimisation default changed to yes.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-17 10:33:19 +00:00
wouter
e02f387278 - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4683 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-15 07:30:53 +00:00
wouter
4532af436f - Fix spelling error in man page and note defaults as no instead of
off.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4666 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-30 07:24:05 +00:00
ralph
38b5b4c8c6 - Added root-key-sentinel support
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-24 09:03:49 +00:00
wouter
c0f78ead16 explain how to read the certificate.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4639 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-20 13:45:59 +00:00
wouter
b8a328a4c6 - man page documentation for dns-over-tls forward-addr '#' notation.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4638 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-20 11:50:41 +00:00
wouter
329a8e105e - allow-notify: config statement for auth-zones.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4628 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-17 13:23:35 +00:00
wouter
9c7d10f248 Note default value.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4615 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-10 07:47:52 +00:00
wouter
4d362a2803 - documentation for low-rtt and low-rtt-pct.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4614 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-10 07:34:26 +00:00
wouter
747b0fe252 doc and flex and yacc.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4589 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-15 14:23:51 +00:00
wouter
96979a9d6c - Add --with-libhiredis, unbound support for a new cached backend
that uses a Redis server as the storage.  This implementation
  depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
  And unbound should be built with both --enable-cachedb and
  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
  should exist).  Patch from Jinmei Tatuya (Infoblox).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-15 12:33:51 +00:00
wouter
03979f95a6 Fix
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4581 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-13 08:13:16 +00:00
wouter
d17c639867 - Fix typo in documentation.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4580 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-13 08:12:38 +00:00
wouter
e417dbf3ca - Fix #3727: Protocol name is TLS, options have been renamed but
documentation is not consistent.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4578 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-12 12:35:53 +00:00
wouter
529514534f - Added documentation for aggressive-nsec: yes.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4575 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-12 08:21:44 +00:00
wouter
1c8938d3a2 - patch suggested by Debian lintian: allow to -> allow one to, from
A. Schulze.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4567 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-07 08:40:09 +00:00
wouter
80ab137e03 - local-zone noview can be used to break out of the view to the
global local zone contents, for queries for that zone.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4540 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-19 12:13:23 +00:00
wouter
aaf91e2491 - Fix #3505: Documentation for default local zones references
wrong RFC.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4539 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-19 08:43:23 +00:00
wouter
4d4669b2cc - tls-cert-bundle option in unbound.conf enables TLS authentication.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-13 10:35:09 +00:00
wouter
f928cde035 - auth zone url config.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4525 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-08 16:11:27 +00:00
wouter
db621d92d7 - auth-zone provides a way to configure RFC7706 from unbound.conf,
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
  fallback-enabled: yes and masters or a zonefile with data.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4510 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-05 14:21:46 +00:00
wouter
bf48ee6359 - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
also recognized and means the same.  Also for tls-port,
  tls-service-key, tls-service-pem, stub-tls-upstream and
  forward-tls-upstream.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4444 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-22 08:35:44 +00:00
ralph
9437250636 - Fix qname-minimisation documentation (A QTYPE, not NS)
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4419 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-12 09:23:13 +00:00
wouter
8fb3f71338 - Fix #3299 - forward CNAME daisy chain is not working
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4409 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-30 08:34:20 +00:00
wouter
6c4ad226a5 - make ip-transparent option work on OpenBSD.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4393 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-11-02 09:34:19 +00:00
wouter
8ea0120a1a - Better documentation for cache-max-negative-ttl.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4375 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-17 12:53:21 +00:00
wouter
cbb64b3ab6 - [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert
duplicates
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
  from Manu Bretelle.
	This option allows handling multiple cert/key pairs while only
	distributing some of them.
	In order to reliably match a client magic with a given key without
	strong assumption as to how those were generated, we need both key and
	cert. Likewise, in order to know which ES version should be used.
	On the other hand, when rotating a cert, it can be desirable to only
	serve the new cert but still be able to handle clients that are still
	using the old certs's public key.
	The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
	publish the cert as part of the DNS's provider_name's TXT answer.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4373 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-17 07:34:49 +00:00
ralph
c42f53614d - Set trust-anchor-signaling default to yes
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4360 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-10-05 10:17:25 +00:00
wouter
87a108b346 - Fix #1440: [dnscrypt] client nonce cache.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4351 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-18 08:55:08 +00:00
wouter
e12160f6cc and man page.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4350 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-18 08:50:20 +00:00
wouter
39ba948040 - Spelling fixes, from Phil Porada.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-15 14:29:28 +00:00
wouter
50941d679e and in man page.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4333 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-09-01 14:55:52 +00:00
wouter
dfb7048b28 dnscrypt cache size configuration option.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4328 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-31 11:58:29 +00:00
wouter
94f66ee00f - Fix #1398: make cachedb secret configurable.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4295 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-08-08 09:04:51 +00:00
wouter
e946f2fe7e fix doc.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4274 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-07-11 14:31:32 +00:00
wouter
7e2a0e920a - Fix #1344: RFC6761-reserved domains: test. and invalid.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4272 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-07-11 13:27:33 +00:00
ralph
de47cbbb23 - Fix #1277: disable domain ratelimit by setting value to 0.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4235 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-06-16 13:22:43 +00:00
ralph
449e49f035 - Added domain name based ECS whitelist.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4217 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-06-08 14:44:55 +00:00
ralph
badd1be3bb - Also use global local-zones when there is a matching view that does not have
any local-zone specified. 


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4202 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-05-31 11:45:39 +00:00
george
51e798d701 - Implemented opportunistic IPsec support module (ipsecmod).
- Some whitespace fixup.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4158 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-05-16 12:39:24 +00:00
ralph
0be5e03a03 - Implemented trust anchor signaling using key tag query.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4134 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-04-26 12:58:13 +00:00
ralph
4a6a87e6c3 - Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4127 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-04-21 10:20:35 +00:00
ralph
7ab393f952 - Added ECS unit test (from Manu Bretelle).
- ECS documentation fix (from Manu Bretelle). 


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4116 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-04-13 08:49:32 +00:00
ralph
4113eb0a41 - Generalise inplace callback (de)registration
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4092 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-04-06 13:13:06 +00:00