townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

165 Commits

Author SHA1 Message Date
wouter
0208ba98c8 - Fix crash if ratelimit taken into use with unbound-control 
instead of with unbound.conf.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4711 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-05 07:06:19 +00:00
ralph
a20b463a88 - Fix memory leak when caching wildcard records for aggressive NSEC use 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-25 13:13:05 +00:00
wouter
7babf441ee Test and fix. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4583 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-13 13:14:56 +00:00
wouter
e39ce268e3 - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually 
flushed with serve-expired on.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4582 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-13 12:52:11 +00:00
wouter
2b00a5d314 - Attempt to remove warning about trailing whitespace. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4568 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:52:18 +00:00
ralph
3377e6f8ee - Save wildcard RRset from answer with original owner for use in aggressive 
NSEC.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4550 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-22 15:12:31 +00:00
ralph
35bc8a1ecc - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00
wouter
252eae4e5e - Fix lock race condition in dns cache dname synthesis. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4495 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-02 10:33:19 +00:00
wouter
98b9046b25 - Fix #3397: Fix that when the cache contains an unsigned DNAME in 
the middle of a cname chain, a result without the DNAME could
  be returned.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4446 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 14:30:16 +00:00
wouter
82881b17a4 - Fix #3397: Fix that cachedb could return a partial CNAME chain. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4445 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-22 13:54:20 +00:00
wouter
f5d8f50530 - Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-19 11:54:58 +00:00
wouter
6c6d33763d - use a cachedb answer even if it's "expired" when serve-expired is yes 
(patch from Jinmei Tatuya).
- trigger refetching of the answer in that case (this will bypass
  cachedb lookup)
- allow storing a 0-TTL answer from cachedb in the in-memory message
  cache when serve-expired is yes


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4353 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-19 09:08:29 +00:00
wouter
15de64688c - Fix #1418: [ip ratelimit] initialize slabhash using 
ip-ratelimit-slabs.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4330 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-31 12:02:14 +00:00
wouter
2f22e0e328 - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), 
config.sub(2016-09-05).
- annotate case statement fallthrough for gcc 7.1.1.
- flex output from flex 2.6.1.
- snprintf of thread number does not warn about truncated string.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4278 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:04:18 +00:00
ralph
de47cbbb23 - Fix #1277: disable domain ratelimit by setting value to 0. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-16 13:22:43 +00:00
wouter
a45cc6ec21 - Fix #1278: Incomplete wildcard proof. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4218 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-12 10:11:28 +00:00
wouter
eebaef35c9 - Adjust servfail by iterator to not store in cache when serve-expired 
is enabled, to avoid overwriting useful information there.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4153 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-12 12:16:41 +00:00
ralph
5db6e95520 - Do not add current time twice to TTL before ECS cache store. 
- Do not touch rrset cache after ECS cache message generation.
- Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4086 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-03 09:36:18 +00:00
ralph
12728301d7 - Merge EDNS Client subnet implementation from feature branch into main branch, 
using new EDNS processing framework.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-21 12:08:17 +00:00
wouter
60a7029fcd - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
wouter
3510c9fe88 - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-05 13:57:12 +00:00
ralph
b4889ffa4d - QNAME minimisation uses QTYPE=A, therefore always check cache for 
this type in harden-below-nxdomain functionality.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-22 10:50:53 +00:00
wouter
0d07974baf - Fixup query_info local_alias init. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3899 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 14:55:57 +00:00
ralph
dfff30e7ee - Validate QNAME minimised NXDOMAIN responses. 
- If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
   harden-below-nxdomain.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3682 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-18 15:44:41 +00:00
wouter
2435cecb6f - Added assert on rrset cache correctness. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3545 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-20 08:08:11 +00:00
wouter
1030490f5a - ANY responses include DNAME records if present, as per Evan Hunt's 
remark in dnsop.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3504 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-14 08:02:14 +00:00
wouter
8c62cad20d - Fix #677 Fix DNAME responses from cache that failed internal chain 
test.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3435 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-06-26 07:27:32 +00:00
wouter
00288bc5e8 please lint. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3411 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-23 14:04:46 +00:00
wouter
9763997a7c - Synthesize ANY responses from cache. Does not search exhaustively, 
but MX,A,AAAA,SOA,NS also CNAME.
- Fix leaked dns64prefix configuration string.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3405 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-17 14:58:07 +00:00
wouter
3971970fa9 fixes for undeclared function. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3394 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 12:19:30 +00:00
wouter
79c9a936cb - unbound-control ratelimit_list lists high rate domains. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3393 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 12:13:59 +00:00
wouter
d5e5296e40 Fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3392 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 10:57:25 +00:00
wouter
7062b00d0b - ratelimit feature, ratelimit: 100, or some sensible qps, can be 
used to turn it on.  It ratelimits recursion effort per zone.
  For particular names you can configure exceptions in unbound.conf.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3391 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-10 09:59:57 +00:00
wouter
3bf5307254 Fixup rrset unlock in case of allocation failure. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3381 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 13:15:55 +00:00
wouter
410ac6cd67 - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
wouter
d1bf57dfd1 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
wouter
0778829809 - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
wouter
0b1ed0233c - Fix #558: failed prefetch lookup does not remove cached response 
but delays next prefetch (in lieu of caching a SERVFAIL).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 13:56:16 +00:00
wouter
68b138cbd3 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
wouter
db8f72c4f7 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
wouter
8e6ee27eda - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
wouter
b4a007738c - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
wouter
ef7be2ae15 - Fix#516 dnssec lameness detection for answers that are improper. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2933 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-08 09:29:33 +00:00
wouter
8f83f70712 - Fix timeouts so that when a server has been offline for a while 
and is probed to see it works, it becomes fully available for
  server selection again.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2745 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-21 07:17:48 +00:00
wouter
5a7af9871a Fix prefetch and stickyness. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 11:04:53 +00:00
wouter
f467fc9b41 lint and doxygen fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 10:08:07 +00:00
wouter
4c9275628a - Fix sticky NS (ghost domain problem) if prefetch is yes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-14 11:06:44 +00:00
wouter
257ec6f755 debug infra lines for infa timeout counters. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2616 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 14:48:09 +00:00
wouter
c8396f3878 - Fix timeouts to keep track of query type, A, AAAA and other, if 
another has caused timeout blacklist, different type can still probe.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2613 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 12:17:25 +00:00
wouter
575e9face7 - Slightly smaller critical region in one case in infra cache. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2611 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-10 09:21:06 +00:00