townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

477 Commits

Author SHA1 Message Date
ralph
07d180c1d1 strcpy to memmove, to please analysers 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4656 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 10:10:11 +00:00
ralph
38b5b4c8c6 - Added root-key-sentinel support 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4652 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-24 09:03:49 +00:00
ralph
5ac4889669 - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics 
counters


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4616 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-10 11:39:23 +00:00
wouter
eb3fb269b0 - ED448 support. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4607 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-05 14:44:17 +00:00
wouter
06453716e5 - patch to log creates keytag queries, from A. Schulze. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4566 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-07 08:39:10 +00:00
wouter
692f648a6e - Reverted fix for #3512, this may not be the best way forward; 
although it could be changed at a later time, to stay similar to
  other implementations.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4560 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-03-06 08:22:33 +00:00
wouter
340efc3a79 - Fix compile without threads, and remove unused variable. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4553 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-27 10:36:12 +00:00
ralph
e3ee8c66e2 - use existing code to find signer on positive wildcard answers 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4551 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-22 15:32:18 +00:00
ralph
3377e6f8ee - Save wildcard RRset from answer with original owner for use in aggressive 
NSEC.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4550 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-22 15:12:31 +00:00
wouter
ffa1194628 - Fix validation for CNAME loops. When it detects a cname loop, 
by finding the cname, cname in the existing list, it returns
  the partial result with the validation result up to then.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4547 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-21 14:04:02 +00:00
ralph
6408197b21 - Fix the ce_len+2 fix (Aggressive NSEC review) 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4530 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-12 12:22:29 +00:00
ralph
42255fcad3 - Processed aggressive NSEC code review remarks Wouter 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4529 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-12 12:14:01 +00:00
ralph
35bc8a1ecc - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00
ralph
b20df48e61 Also use NSEC with longest closest encloser for CNAME responses. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4463 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-29 14:44:39 +00:00
ralph
5489a6b54b - Use NSEC with longest ce to prove wildcard absence. 
- Only use *.ce to prove wildcard absence, no longer names.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4460 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-29 13:46:57 +00:00
wouter
7911e492f9 - patch for CVE-2017-15105: vulnerability in the processing of 
wildcard synthesized NSEC records.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4441 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-19 09:50:35 +00:00
wouter
0a121de98f fix oneoff 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4433 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 13:36:17 +00:00
wouter
e8865e9ac9 fixup larger than 2**31 case. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4432 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 12:43:43 +00:00
wouter
fe7c8d17cb - Remove clang optimizer disable, 
Fix that expiration date checks don't fail with clang -O2.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 10:48:00 +00:00
wouter
dd172dfbec remove debug output 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4426 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-15 10:21:38 +00:00
wouter
8ddd743496 this version of unbound fails when compiled with CC=clang and -O (edit Makefile), or -O2 (default). If you use no optimizing flag, unittest works. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4425 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-15 10:16:06 +00:00
wouter
39ba948040 - Spelling fixes, from Phil Porada. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
wouter
e7919c4128 - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4322 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-30 13:13:43 +00:00
wouter
e682b0be06 - Fix install of trust anchor when two anchors are present, makes both 
valid.  Checks hash of DS but not signature of new key.  This fixes
  installs between sep11 and oct11 2017.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4302 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-21 08:57:44 +00:00
wouter
47dafe4cbb fix type cast. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4287 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 10:50:16 +00:00
wouter
8afb918284 - Fix #1365: Add Ed25519 support using libnettle. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4286 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 10:44:30 +00:00
wouter
4cc1a47246 double fallthrough annotation to please gcc parser. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4284 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:58:00 +00:00
wouter
0dcb1147e0 annotate fallthrough 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4283 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:54:21 +00:00
wouter
9df24fe7cd Fixup compile for clean_additional changes 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-07 09:24:33 +00:00
wouter
8314a4493d - Fix that unbound-control can set val_clean_additional and val_permissive_mode. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4209 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-07 06:59:47 +00:00
wouter
5825c88452 - Support for openssl EVP_DigestVerify. 
- Support for the ED25519 algorithm with openssl (from openssl 1.1.1).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4198 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-30 12:28:25 +00:00
wouter
45b027b371 - Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-18 07:15:16 +00:00
ralph
865b0eb154 - Added mesh_add_sub to add detached mesh entries. 
- Use mesh_add_sub for key tag signaling queries.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-02 13:17:56 +00:00
ralph
fd4bcbf41b regional_alloc + memcpy to regional_alloc_init 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4136 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 15:03:32 +00:00
ralph
4449cb4ed8 please lint 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4135 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 13:27:07 +00:00
ralph
0be5e03a03 - Implemented trust anchor signaling using key tag query. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4134 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 12:58:13 +00:00
wouter
606e079e89 - harden algo downgrade also makes unbound more lenient about digest 
algorithms in DS records.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4104 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-10 13:38:50 +00:00
george
b92d2de4fd - Fix to prevent non-referal query from being cached as referal when the 
no_cache_store flag was set.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4080 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-24 10:51:56 +00:00
wouter
b6b86b42ae prettier size_t and defines. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:43:25 +00:00
wouter
d1008c4c79 fix for lint 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4060 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:18:10 +00:00
wouter
308764d7e3 fix layout. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:10:08 +00:00
wouter
2304305fdf fix comparison, unsigned does not become negative. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4057 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:07:34 +00:00
wouter
1e6a871864 - trustanchor tags are sorted. reusable routine to fetch taglist. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4056 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:04:18 +00:00
wouter
7dd4463598 - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and 
DS records.  NSEC3 is not disabled.
- fake-sha1 test option; print warning if used.  To make unit tests.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-09 13:18:08 +00:00
wouter
60a7029fcd - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
ralph
263909cc1b Add DSA support for OpenSSL 1.1 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-07 12:58:47 +00:00
george
4812f02dd0 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
ralph
36b4e3e8d0 - Make access-control-tag-data RDATA absolute. This makes the RDATA origin 
consistent between local-data and access-control-tag-data.
- Fix NSEC ENT wildcard check. Matching wildcard does not have to be a subdomain
  of the NSEC owner.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3930 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-22 10:10:48 +00:00
wouter
7073948a03 - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled 
with the undocumented switch 'fake-dsa'.  It logs a warning.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3909 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-26 07:38:00 +00:00
wouter
a622051af1 - Fixup query_info local_alias init. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3901 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 15:05:30 +00:00