townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

209 Commits

Author SHA1 Message Date
wouter
0ab6ec77d0 - For TCP and TLS connections that don't establish, perform address 
update in infra cache, so future selections can exclude them.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-25 06:21:39 +00:00
wouter
bb358ef952 - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-02 06:36:02 +00:00
wouter
50220ed991 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
wouter
ed4f6f2c2f - Fix for windows compile. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4563 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-06 09:18:53 +00:00
wouter
4d4669b2cc - tls-cert-bundle option in unbound.conf enables TLS authentication. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-13 10:35:09 +00:00
wouter
2de81e0fef auth zone work. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4521 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 11:59:30 +00:00
wouter
40286955e2 auth zone work on http feature. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4517 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-07 16:10:31 +00:00
wouter
3601b2337a auth zone socket creation fix. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4489 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-01 15:43:00 +00:00
wouter
e4c6da885f auth zone move file descriptor functionality to outside network 
for the unit test


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4482 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-31 14:59:17 +00:00
wouter
a1ad3c1de2 - authzone work, transfer connect. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-12 15:39:45 +00:00
wouter
39ba948040 - Spelling fixes, from Phil Porada. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
wouter
69cabf506e - Fix issue on macOX 10.10 where TCP fast open is detected but not 
implemented causing TCP to fail. The fix allows fallback to regular
  TCP in this case and is also more robust for cases where connectx()
  fails for some reason.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4304 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-21 11:44:46 +00:00
wouter
60d7c41f55 - More fixes in depth for buffer checks in 0x20 qname checks. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4225 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-13 14:34:44 +00:00
wouter
0826cc1278 - Fix #1280: Unbound fails assert when response from authoritative 
contains malformed qname.  When 0x20 caps-for-id is enabled, when
  assertions are not enabled the malformed qname is handled correctly.
- 1.6.3 tag created, with only #1280 fix, trunk is 1.6.4 development.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4224 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-13 14:25:47 +00:00
wouter
f9c3b4b818 - Set SO_REUSEADDR on outgoing tcp connections to fix the bind before 
connect limited tcp connections.  With the option tcp connections
  can share the same source port (for different destinations).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4151 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-08 10:41:03 +00:00
wouter
c7dfc3053b - Fix tcp-mss failure printout text. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4150 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-08 07:15:48 +00:00
wouter
60a7029fcd - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
wouter
3ea720544a - configure --enable-systemd and lets unbound use systemd sockets if 
you enable use-systemd: yes in unbound.conf.
  Also there are contrib/unbound.socket and contrib/unbound.service:
  systemd files for unbound, install them in /usr/lib/systemd/system.
  Contributed by Sami Kerola and Pavel Odintsov.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3975 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-03 13:43:29 +00:00
george
4812f02dd0 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
wouter
e2e6ff5dd3 - Fix dnstap relaying "random" messages instead of resolver/forwarder 
responses, from Nikolay Edigaryev.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3869 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-27 11:56:55 +00:00
wouter
d2d9015302 - Fix #802: workaround for function parameters that are "unused" 
without log_assert.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3823 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-22 07:05:52 +00:00
wouter
15a7d5fd1e - Fix #798: Client-side TCP fast open fails (Linux). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3819 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-18 13:54:32 +00:00
wouter
cf6f495613 - TCP Fast open patch from Sara Dickinson. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3814 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-14 07:06:34 +00:00
wouter
37658f78cc lint. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3813 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-07 10:31:50 +00:00
wouter
6bc02a32b2 - Fix #787: outgoing-interface netblock/64 ipv6 option to use linux 
freebind to use 64bits of entropy for every query with random local
  part.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-04 14:51:30 +00:00
wouter
9504853b86 - and also generic edns options for upstream messages (and replies). 
after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID),
  to insert use edns_opt_append(edns, region, code, len, bindata) on
  the opt_list passed to send_query, or in edns_opt_inplace_reply.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3742 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 16:55:22 +00:00
wouter
51e506c568 fixup upstream edns opts. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3741 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:52:33 +00:00
wouter
510f53edb9 - Fix #759: 0x20 capsforid no longer checks type PTR, for 
compatibility with cisco dns guard.  This lowers false positives.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3715 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-28 07:24:50 +00:00
wouter
c205ed7daf please lint. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3704 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-18 12:39:16 +00:00
wouter
7d48d0a93b Slightly more general (i.e. for TYPE0 too). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-18 12:23:21 +00:00
wouter
e9465717a6 Explain what we do. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3702 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-18 12:00:57 +00:00
wouter
d71745a17e - Fix some malformed reponses to edns queries get fallback to nonedns. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-04-18 11:56:55 +00:00
wouter
cc92e91d47 - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for 
binding to an IP address while the interface or address is down.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3673 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-15 09:35:48 +00:00
wouter
e93f50f768 - Fix #747: assert in outnet_serviced_query_stop. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3646 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-03-07 10:00:08 +00:00
wouter
b3721116d3 Fix signed-unsigned lint warnings in tcp-mss. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3592 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:08:37 +00:00
wouter
e0bfcab5cc - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch 
from Daisuke Higashi.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3591 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-01-05 10:03:59 +00:00
wouter
a2f75d6c35 - caps-whitelist in unbound.conf allows whitelist of loadbalancers 
that cannot work with caps-for-id or its fallback.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3420 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-01 12:36:16 +00:00
wouter
5b8cd39902 - Fix crash in dnstap: Do not try to log TCP responses after timeout. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3390 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-08 19:58:06 +00:00
wouter
410ac6cd67 - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
wouter
6478a1cbfd - Add ip-transparent config option for bind to non-local addresses. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3369 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-19 09:50:35 +00:00
wouter
def3dfd114 More unsigned chasts for toupper/tolower/ctype 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3242 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 08:35:00 +00:00
wouter
7352e5d7cc - Fix tcp timer waiting list removal code. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3222 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-09-16 13:08:27 +00:00
wouter
06a86a6126 remove warning. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3213 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-22 13:38:30 +00:00
wouter
d74c01b712 - dnstap support, with a patch from Farsight Security, written by 
Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
  It is BSD licensed (see dnstap/dnstap.c).
  Building with --enable-dnstap needs pkg-config with this patch.
- Noted dnstap in doc/README and doc/CREDITS.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-08-05 07:57:52 +00:00
wouter
c9c7f29161 - Fix caps-for-id fallback, and added fallback attempt when servers 
drop 0x20 perturbed queries.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3146 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-06-24 08:24:28 +00:00
wouter
7de5b0ec61 - Fix #545: improved logging, the ip address of the error is printed 
on the same log-line as the error.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3112 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 14:40:20 +00:00
wouter
7a5bad49e3 - unbound-control stats prints num.query.tcpout with number of TCP 
outgoing queries made in the previous statistics interval.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3108 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-04-10 09:13:58 +00:00
wouter
68b138cbd3 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
wouter
5ad20035bd - delay-close does not act if there are udp-wait queries, so that 
it does not make a socketdrain DoS easier.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-30 09:27:00 +00:00
wouter
d1cb31280e - delay-close: msec option that delays closing ports for which 
the UDP reply has timed out.  Keeps the port open, only accepts
  the correct reply.  This correct reply is not used, but the port
  is open so that no port-denied ICMPs are generated.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-28 14:35:55 +00:00