Commit Graph

1319 Commits

Author SHA1 Message Date
wouter
346ff9c3ff - Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
git-svn-id: https://unbound.nlnetlabs.nl/svn/tags/release-1.7.3rc2@4740 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-18 09:46:01 +00:00
wouter
0f9b6582fa - Fix that first control-interface determines if TLS is used. Warn
when IP address interfaces are used without TLS.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4730 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-14 08:14:43 +00:00
wouter
83da630f76 better documentation in header file
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4722 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-12 10:15:08 +00:00
wouter
ab61a40dd4 - Rename tls-additional-ports to tls-additional-port, because every
line adds one port.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4721 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-12 08:45:57 +00:00
wouter
7ad84e32e0 - #4102 for NSD, but for Unbound. Named unix pipes do not use
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-12 07:43:52 +00:00
wouter
472d02ab51 - Rename additional-tls-port to tls-additional-ports.
The older name is accepted for backwards compatibility.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4703 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-01 08:02:04 +00:00
wouter
78716a759d rerun bison.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4702 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-30 09:35:21 +00:00
wouter
3506f85724 - Patch from Syzdek: Add ability to ignore RD bit and treat all
requests as if the RD bit is set.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4701 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-30 09:33:21 +00:00
wouter
4a5ccf25b0 - tls-win-cert option that adds the system certificate store for
authenticating DNS-over-TLS connections.  It can be used instead
  of the tls-cert-bundle option, or with it to add certificates.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4698 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-28 14:15:06 +00:00
wouter
8fa54ec661 - Add routine from getdns to add windows cert store to the SSL_CTX.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4697 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-28 13:22:10 +00:00
wouter
aee754fc46 - Fix windows tcp and tls spin on events.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4696 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-28 12:30:34 +00:00
wouter
c8130661f9 - Fix close events for tcp only.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4695 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-25 10:41:24 +00:00
wouter
4fbdf39ad1 - Fix that tcp sticky events are removed for closed fd on windows.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4694 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-25 10:02:06 +00:00
wouter
34a161c0e3 - Use accept4 to speed up incoming TCP (and TLS) connections,
available on Linux and FreeBSD.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4686 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-23 13:55:09 +00:00
ralph
8b19239862 - Qname minimisation default changed to yes.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4685 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-17 10:33:19 +00:00
wouter
7d7303a6d2 generated yacc and lex output.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4684 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-15 07:48:12 +00:00
wouter
e02f387278 - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4683 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-15 07:30:53 +00:00
wouter
dab69869cd - Fix windows to not have sticky TLS events for TCP.
- Fix read of DNS over TLS length and data in one read call.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4680 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-07 08:31:17 +00:00
wouter
bb358ef952 - Fix fail to reject dead peers in forward-zone, with ssl-upstream.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-02 06:36:02 +00:00
wouter
1ad21fa550 - Fix that unbound-control reload frees the rrset keys and returns
the memory pages to the system.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4669 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-01 14:00:06 +00:00
wouter
6609994291 And assertion.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4661 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-24 15:16:16 +00:00
wouter
9b8e7776b7 - Fix auth https for libev.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4660 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-24 15:13:18 +00:00
wouter
b89b3ebb90 This lexer output looks like it'll have less signed-unsigned warnings.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4658 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-24 10:23:12 +00:00
ralph
38b5b4c8c6 - Added root-key-sentinel support
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-24 09:03:49 +00:00
wouter
40de1a23fa - Fix #4092: libunbound: use-caps-for-id lacks colon in
config_set_option.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4644 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-23 07:51:21 +00:00
wouter
589198d82e - removed free from failed parse case.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4640 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-20 14:10:55 +00:00
wouter
1586971688 - For addr with #authname and no @port notation, the default is 853.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4637 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-19 14:23:14 +00:00
wouter
5bf4d998ec fix lint
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4633 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-19 12:18:00 +00:00
wouter
50220ed991 - Can set tls authentication with forward-addr: IP#tls.auth.name
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-19 12:10:05 +00:00
wouter
329a8e105e - allow-notify: config statement for auth-zones.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4628 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-17 13:23:35 +00:00
wouter
c983bccafe - Fix auth zone target lookup iterator.
- notify with prefix


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4624 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-16 13:14:24 +00:00
wouter
96756438cf - auth zone notify work.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4619 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-10 14:57:38 +00:00
wouter
e0854f3847 get_option and set_option for low-rtt and low-rtt-pct.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4613 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-09 13:39:29 +00:00
wouter
a6494a30da - low-rtt and low-rtt-pct in unbound.conf enable the server selection
of fast servers for some percentage of the time.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4612 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-09 13:27:28 +00:00
wouter
0e69ab1789 - Accept both option names with and without colon for get_option
and set_option.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4611 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-09 10:42:48 +00:00
wouter
7d87afac47 - Combine write of tcp length and tcp query for dns over tls.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4601 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-05 08:10:25 +00:00
ralph
8d778e3a8d - Fix unbound-control get_option aggressive-nsec
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4597 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-23 12:23:02 +00:00
wouter
59cd6fd783 - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4592 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-19 13:19:53 +00:00
wouter
747b0fe252 doc and flex and yacc.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4589 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-15 14:23:51 +00:00
wouter
c549551a6c - Create additional tls service interfaces by opening them on other
portnumbers and listing the portnumbers as additional-tls-port: nr.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4588 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-15 14:19:02 +00:00
wouter
0700c011c6 - Fix #3817: core dump happens in libunbound delete, when queued
servfail hits deleted message queue.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4587 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-15 13:32:19 +00:00
wouter
96979a9d6c - Add --with-libhiredis, unbound support for a new cached backend
that uses a Redis server as the storage.  This implementation
  depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
  And unbound should be built with both --enable-cachedb and
  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
  should exist).  Patch from Jinmei Tatuya (Infoblox).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-15 12:33:51 +00:00
wouter
0a65f973e9 - Fix #3582: Squelch address already in use log when reuseaddr option
causes same port to be used twice for tcp connections.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4559 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-05 15:45:34 +00:00
wouter
ebe1d77ccd - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4558 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-05 14:38:30 +00:00
wouter
327d22ff3e - Fix nettle compile.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4555 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-27 13:03:54 +00:00
wouter
340efc3a79 - Fix compile without threads, and remove unused variable.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4553 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-27 10:36:12 +00:00
wouter
2c129d2a5c fix noview.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4543 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-19 13:30:38 +00:00
wouter
1a9d913ee5 - Fixes for clang static analyzer, the missing ; in
edns-subnet/addrtree.c after the assert made clang analyzer
  produce a failure to analyze it.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4538 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-16 10:31:48 +00:00
wouter
2b221f3140 auth zone review fixes
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4534 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-13 14:09:57 +00:00
wouter
4ddbf8aed9 - iana port update.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4533 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-13 10:35:31 +00:00