Commit Graph

9 Commits

Author SHA1 Message Date
ralph
8b19239862 - Qname minimisation default changed to yes.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-17 10:33:19 +00:00
wouter
692f648a6e - Reverted fix for #3512, this may not be the best way forward;
although it could be changed at a later time, to stay similar to
  other implementations.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4560 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-06 08:22:33 +00:00
wouter
ffa1194628 - Fix validation for CNAME loops. When it detects a cname loop,
by finding the cname, cname in the existing list, it returns
  the partial result with the validation result up to then.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4547 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-21 14:04:02 +00:00
wouter
7dd4463598 - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and
DS records.  NSEC3 is not disabled.
- fake-sha1 test option; print warning if used.  To make unit tests.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4043 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-03-09 13:18:08 +00:00
ralph
263909cc1b Add DSA support for OpenSSL 1.1
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3954 be551aaa-1e26-0410-a405-d3ace91eadb9
2016-12-07 12:58:47 +00:00
wouter
7073948a03 - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled
with the undocumented switch 'fake-dsa'.  It logs a warning.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3909 be551aaa-1e26-0410-a405-d3ace91eadb9
2016-10-26 07:38:00 +00:00
wouter
55b1c9928d Fixup for problems with do-ip6: no and only ipv6 addresses.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1353 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-11-17 12:47:34 +00:00
wouter
71700f6a04 - Fixup rrset security updates overwriting 2181 trust status.
This makes validated to be insecure data just as worthless as
	  nonvalidated data, and 2181 rules prevent cache overwrites to them.
	- Fix assertion fail on bogus key handling.
	- dnssec lameness detection works on first query at trust apex.
	- NS queries get proper cache and dnssec lameness treatment.
	- fixup compilation without pthreads on linux.
	- NS queries are done after every referral.
	  validator is used on those NS records (if anchors enabled).




git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1185 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-08-12 10:13:57 +00:00
wouter
5980a98623 tests, cleanup tmp when testbound fails, fixup referral glue cleanup.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@583 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-09-04 11:31:29 +00:00