townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

200 Commits

Author SHA1 Message Date
wouter
9951a634b9 - Small fixup for documentation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-06 06:55:55 +00:00
wouter
5262f39894 - Fix #1244: document that use of chroot requires trust anchor file to 
be under chroot.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4087 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-04 13:39:33 +00:00
ralph
12728301d7 - Merge EDNS Client subnet implementation from feature branch into main branch, 
using new EDNS processing framework.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-21 12:08:17 +00:00
wouter
a48c8c5ba0 - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then 
enabled in the config file from Manu Bretelle.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-20 14:55:31 +00:00
wouter
7230af0dcb - Patch for view functionality for local-data-ptr from Björn Ketelaars. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4063 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-17 08:01:40 +00:00
wouter
27d8c63674 - Add trustanchor.unbound CH TXT that gets a response with a number 
of TXT RRs with a string like "example.com. 2345 1234" with
  the trust anchors and their keytags.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 09:17:58 +00:00
george
a5ccca80e7 - Fix manpage to include chroot note on Python module section. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4010 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-02-13 11:47:16 +00:00
wouter
3510c9fe88 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
wouter
59ef29ffc6 - Fix #1184: Log DNS replies. This includes the same logging 
information that DNS queries and response code and response size,
  patch from Larissa Feng.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 11:39:54 +00:00
wouter
3ea720544a - configure --enable-systemd and lets unbound use systemd sockets if 
you enable use-systemd: yes in unbound.conf.
  Also there are contrib/unbound.socket and contrib/unbound.service:
  systemd files for unbound, install them in /usr/lib/systemd/system.
  Contributed by Sami Kerola and Pavel Odintsov.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-03 13:43:29 +00:00
wouter
0a5c542da5 - Fix #1170: document that 'inform' local-zone uses local-data. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3944 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-05 12:59:08 +00:00
ralph
17daa18c33 - hyphen as minus fix, by Andreas Schulze 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3942 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-01 09:34:02 +00:00
wouter
2ab2a2ec28 - Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing 
Underneath" for the harden-below-nxdomain option.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3927 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-21 09:53:43 +00:00
wouter
95d8709a9a - Note that for harden-below-nxdomain the nxdomain must be secure, 
this means nsec3 with optout is insufficient.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3925 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 14:49:43 +00:00
ralph
3fb4900c0e - Added stub-ssl-upstream and forward-ssl-upstream options. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3923 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-04 12:07:52 +00:00
wouter
b565dd0a77 - log-identity: config option to set sys log identity, patch from 
"Robin H. Johnson" <robbat2@gentoo.org>


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3917 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-03 08:51:40 +00:00
wouter
416af5ad2e - serve-expired config option: serve expired responses with TTL 0. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-24 12:43:20 +00:00
ralph
1393dff5a3 - Added qname-minimisation-strict config option. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3878 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-11 11:32:50 +00:00
ralph
083a936fb3 Added views functionality. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3876 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:36:25 +00:00
ralph
fbbca2612b Clarify local-zone-override entry in unbound.conf.5 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3836 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-08-25 08:40:42 +00:00
ralph
55cf3ac58c unbound.conf.5 entries for define-tag, access-control-tag, 
access-control-tag-action, access-control-tag-data, local-zone-tag,
and local-zone-override.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3833 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-08-24 13:43:14 +00:00
wouter
7abd702517 - Fix typo in unbound.conf. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3821 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-20 07:22:26 +00:00
wouter
b2c747ecb2 More docs for enabling the netblock option. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3805 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 15:00:30 +00:00
wouter
6bc02a32b2 - Fix #787: outgoing-interface netblock/64 ipv6 option to use linux 
freebind to use 64bits of entropy for every query with random local
  part.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 14:51:30 +00:00
wouter
0e0b34e6bd - For #787: prefer-ip6 option for unbound.conf prefers to send 
upstream queries to ipv6 servers.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3803 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 14:49:49 +00:00
wouter
50ad32a3ef - Document always_transparent, always_refuse, always_nxdomain types. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-30 07:36:36 +00:00
wouter
a612caef3b - Fix spelling in freebind option man page text. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3785 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-14 08:07:15 +00:00
wouter
da8d72df98 - document directory immediate fix and allow EXECUTABLE syntax in it 
on windows.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3779 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-10 13:37:14 +00:00
wouter
d65265678e - Document write permission to directory of trust anchor needed. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3730 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-27 07:51:35 +00:00
wouter
ac4562081c - disable-dnssec-lame-check config option from Charles Walker. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3725 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-24 12:17:42 +00:00
wouter
5a63d01b42 - Fix #767: Reference to an expired Internet-Draft in 
harden-below-nxdomain documentation.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3724 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-23 12:51:55 +00:00
wouter
6960c1f306 And documentation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3674 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-15 09:42:56 +00:00
wouter
985d70f311 - ip-transparent option for FreeBSD with IP_BINDANY socket option. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-15 08:17:54 +00:00
wouter
1459ca9220 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
wouter
276cb19fc7 - Support RFC7686: handle ".onion" Special-Use Domain. It is blocked 
by default, and can be unblocked with "nodefault" localzone config.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3593 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 14:02:45 +00:00
wouter
e0bfcab5cc - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
ralph
481e89ca4c Implemented qname minimisation 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3554 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-30 16:10:26 +00:00
wouter
4b0a905a32 - Fix for #724: conf syntax to read files from run dir (on Windows). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3551 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-30 15:05:26 +00:00
wouter
33c3822724 - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
wouter
a3978d1c30 - Fix #714: Document config to block private-address for IPv4 
mapped IPv6 addresses.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3513 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-23 07:13:45 +00:00
wouter
c666280ed1 - Fix manpage to suggest using SIGTERM to terminate the server. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3505 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-14 12:22:49 +00:00
wouter
73ace4957c - Default for ssl-port is port 853, the temporary port assignment 
for secure domain name system traffic.
  If you used to rely on the older default of port 443, you have
  to put a clause in unbound.conf for that.  The new value is likely
  going to be the standardised port number for this traffic.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3502 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-09 07:55:21 +00:00
wouter
2f41c1d568 - Fix unbound.conf(5) access-control description for precedence 
and default.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3492 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-22 13:04:53 +00:00
wouter
119aae5e4c - Fix minor error in unbound.conf.5.in 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3491 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-22 12:59:32 +00:00
wouter
8230d6dc08 - Change default of harden-algo-downgrade to off. This is lenient 
for algorithm rollover.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3478 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-24 15:05:10 +00:00
wouter
23cd117f74 - Document that local-zone nodefault matches exactly and transparent 
can be used to release a subzone.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3468 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-04 07:10:26 +00:00
wouter
f6965de1e8 - Document in the manual more text about configuring locally served 
zones.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3465 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 10:34:29 +00:00
wouter
c58e83c3e1 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
wouter
916b3a305d - SOA negative TTL is capped at minimumttl in its rdata section. 
- cache-max-negative-ttl config option, default 3600.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-29 14:51:36 +00:00
wouter
6e918c13bf - documentation proposes ratelimit of 1000 (closer to what upstream 
servers expect from us).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3427 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-21 12:06:41 +00:00
wouter
c17574c81a - DLV is going to be decommissioned. Advice to stop using it, and 
put text in the example configuration and man page to that effect.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-20 06:24:06 +00:00
wouter
a2f75d6c35 - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
wouter
f77c2a06f1 - Ratelimit does not apply to prefetched queries, and ratelimit-factor 
is default 10.  Repeated normal queries get resolved and with
  prefetch stay in the cache.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3399 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 14:18:50 +00:00
wouter
31a8018d22 - Add local-zone type inform_deny, that logs query and drops answer. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-16 08:23:06 +00:00
wouter
d5e5296e40 Fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3392 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 10:57:25 +00:00
wouter
7062b00d0b - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
wouter
6478a1cbfd - Add ip-transparent config option for bind to non-local addresses. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-19 09:50:35 +00:00
wouter
5a4a7863b6 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
wouter
78eba96a8b - Document that incoming-num-tcp increase is good for large servers. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3352 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-05 11:41:29 +00:00
wouter
6856b6a202 - infra-cache-min-rtt patch from Florian Riehm, for expected long 
uplink roundtrip times.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-02 08:46:22 +00:00
wouter
9537cdfccf - patch for remote control over local sockets, from Dag-Erling 
Smorgrav, Ilya Bakulin.  Use control-interface: /path/sock and
  control-use-cert: no.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3304 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-06 14:12:59 +00:00
wouter
b1061c10c8 - local-zone: example.com inform makes unbound log a message with 
client IP for queries in that zone.  Eg. for finding infected hosts.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3292 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-12-09 11:29:17 +00:00
wouter
6f6226da8b Layout improvement of the nroff source. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3247 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-16 09:45:11 +00:00
wouter
4644ef143c - Documented dns64 configuration in unbound.conf man page. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3246 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-16 09:37:56 +00:00
wouter
c3144ef1ec - Update unbound manpage with more explanation (from Florian Obser). 
- Removed .LP after .SH.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3212 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-19 10:32:17 +00:00
wouter
b3c4bac3da - so-reuseport is available on BSDs(such as FreeBSD 10) and OS/X. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3153 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-27 14:11:57 +00:00
wouter
5ae31b1929 review fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3134 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-20 11:39:41 +00:00
wouter
8d9d4eea91 - Feature, unblock-lan-zones: yesno that you can use to make unbound 
perform 10.0.0.0/8 and other reverse lookups normally, for use if
  unbound is running service for localhost on localhost.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3133 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-20 10:38:32 +00:00
wouter
af4857922e - Implement draft-ietf-dnsop-rfc6598-rfc6303-01. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3129 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-05-09 14:33:10 +00:00
wouter
6f50ee0525 - Fix #502: explain that do-ip6 disable does not stop AAAA lookups, 
but it stops the use of the ipv6 transport layer for DNS traffic.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3113 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-11 07:15:53 +00:00
wouter
fc81bc1805 - Fix #569: do_tcp is do-tcp in unbound.conf man page. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3101 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-03-28 08:19:21 +00:00
wouter
d1cb31280e - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00
wouter
1315093384 - reuseport is attempted, then fallback to without on failure. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3054 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-27 10:27:19 +00:00
wouter
36afba318e - so-reuseport: yesno option to distribute queries evenly over 
threads on Linux (Thanks Robert Edmonds).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-24 11:43:38 +00:00
wouter
2e1c6e061f - Fix bug#536: acl_deny_non_local and refuse_non_local added. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3015 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-12 10:08:54 +00:00
wouter
936b11a95e interface: and ip-address: 
also includes for newer ldns in pythonmod. 


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3014 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-06 02:48:59 +00:00
wouter
a249574168 - Fixup manpage syntax. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2912 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-06-17 11:20:42 +00:00
wouter
d63f8ef809 - Implement max-udp-size config option, default 4096 (thanks 
Daisuke Higashi).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 11:55:46 +00:00
wouter
05844e9c5c nicer documentation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2769 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-09-27 13:12:00 +00:00
wouter
5f7b92dd7a - include: directive in config file accepts wildcards. Patch from 
Paul Wouters.  Suggested use: include: "/etc/unbound.d/conf.d/*"


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2765 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-09-27 08:52:37 +00:00
wouter
543b5636de - Improved forward-first and stub-first documentation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2729 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-31 08:08:43 +00:00
wouter
900734a71b - fix edns-buffer-size and msg-buffer-size manpage documentation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2705 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-28 14:25:10 +00:00
wouter
ae03c65057 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and 
minimal-responses features.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2658 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-04-10 09:16:39 +00:00
wouter
276300a61a - forward-first option. Tries without forward if a query fails. 
Also stub-first option that is similar.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-03-01 13:16:40 +00:00
wouter
1b8de9916c ssl_port setting, so that the dnssec-trigger server can be on one host machine. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-08 10:56:42 +00:00
wouter
cf055b1d04 - documentation for new options: ssl-upstream, ssl-service-key and 
ssl-service.pem.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-01 09:44:40 +00:00
wouter
3a4da9849c - lame-ttl and lame-size options no longer exist, it is integrated 
with the host info.  They are ignored (with verbose warning) if
  encountered to keep the config file backwards compatible.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2527 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-10-27 08:33:02 +00:00
wouter
a28362a7fc tcp upstream option. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2480 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-22 13:58:40 +00:00
wouter
8b34270a58 - fix comment about rndc port, that referred to the old port number. 
- fix that the listening socket is not closed when too many remote
  control connections are made at the same time.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2446 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-30 12:13:55 +00:00
wouter
307c9d186f - log-queries: yesno option, default is no, prints querylog. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2429 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-16 13:15:57 +00:00
wouter
fc57d8487c - unbound-control has version number in the header, 
UBCT[version]_space_ is the header sent by the client now.
- Unbound control port number is registered with IANA:
  ub-dns-control  8953/tcp    unbound dns nameserver control
  This is the new default for the control-port config setting.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-06-10 10:11:38 +00:00
wouter
923921f02d - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2414 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 11:20:14 +00:00
wouter
0210c9c214 val-override-date: -1 ignores dates entirely, for NTP usage. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 14:06:46 +00:00
wouter
ca7c48625c - harden-below-nxdomain: changed so that it activates when the 
cached nxdomain is dnssec secure.  This avoids backwards
         incompatibility because those old servers do not have dnssec.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2407 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-29 09:47:54 +00:00
wouter
6ec3338023 - feature typetransparent localzone, does not block other RR types. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2350 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-02 12:39:33 +00:00
wouter
b5252fabaa harden-below-nxdomain option taken from draft-vixie-dnsext-resimprove. 
Default off (for now), as some older software that gives nxdomain for ENT
would be incompatible.  But that would only happen in the reverse tree, and
such software (nonDNSSEC) may go out of style, so in the future a default yes
could be possible.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2347 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-18 08:49:15 +00:00
wouter
3709f579a0 - so-sndbuf option for very busy servers, a bit like so-rcvbuf. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-11-15 14:30:34 +00:00
wouter
0a2b76bc0e Enable interface-automatic for people for whom it works. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2300 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-20 05:36:00 +00:00
wouter
06b97ca356 - bug#329: in example.conf show correct ipv4 link-local 169.254/16. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-24 07:04:37 +00:00
wouter
18bbcaea97 - compliance with draft-ietf-dnsop-default-local-zones-14, removed 
reverse ipv6 orchid prefix from builtin list.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2240 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-22 06:53:32 +00:00