townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

72 Commits

Author SHA1 Message Date
ralph
3377e6f8ee - Save wildcard RRset from answer with original owner for use in aggressive 
NSEC.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4550 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-22 15:12:31 +00:00
ralph
35bc8a1ecc - Aggressive use of NSEC implementation. Use cached NSEC records to generate 
NXDOMAIN, NODATA and positive wildcard answers.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4522 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-08 13:16:36 +00:00
wouter
7911e492f9 - patch for CVE-2017-15105: vulnerability in the processing of 
wildcard synthesized NSEC records.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4441 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-19 09:50:35 +00:00
wouter
e7919c4128 - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4322 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-30 13:13:43 +00:00
wouter
9df24fe7cd Fixup compile for clean_additional changes 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-07 09:24:33 +00:00
wouter
606e079e89 - harden algo downgrade also makes unbound more lenient about digest 
algorithms in DS records.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4104 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-10 13:38:50 +00:00
wouter
a622051af1 - Fixup query_info local_alias init. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3901 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 15:05:30 +00:00
wouter
726011b074 - Fix DNSSEC validation of query type ANY with DNAME answers. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3898 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 14:27:13 +00:00
wouter
fd50c17e10 Remove lint warning. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:16:27 +00:00
wouter
71e764c00d - Print understandable debug log when unusable DS record is seen. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3627 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 10:48:23 +00:00
wouter
16b3909f91 - Fix validation failure in case upstream forwarder (ISC BIND) does 
not have the same trust anchors and decides to insert unsigned NS
  record in authority section.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-09 11:44:46 +00:00
wouter
68b138cbd3 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
wouter
1940c3a670 remove bool. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:47:23 +00:00
wouter
f2403fc51c remove bool. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2948 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:46:41 +00:00
wouter
48c72225d1 - Robust checks on dname validity from rdata for dname compare. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2892 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 10:28:25 +00:00
wouter
724697a418 - fix missing break for GOST DS hash function. 
- make depend


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-23 12:27:04 +00:00
wouter
f5be858e6b - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
wouter
a33b75aebf Work on validation of multiple algorithms. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00
wouter
fc57d16d98 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
wouter
db4944a21d - Algorithm rollover operational reality intrudes, for trust-anchor, 
5011-store, and DLV-anchor if one key matches it's good enough.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:40:26 +00:00
wouter
9cfff4e70d - Return NXDOMAIN after chain of CNAMEs ends at name-not-found. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2208 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-05 14:31:52 +00:00
wouter
796d87d213 Fix 4035 compliance for algorithms from the DS rrset that MUST sign the DNSKEY. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2172 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-01 12:08:48 +00:00
wouter
d1972ff478 Fix validation of queries with wildcard names (*.example). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2070 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-08 13:22:29 +00:00
wouter
5b27935db0 Fix for Roy. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1982 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-15 10:49:03 +00:00
wouter
901335beb1 - Fix SOA excluded from negative DS responses. Reported by Hauke 
Lampe.  The negative cache did not include proper SOA records for
	  negative qtype DS responses which makes BIND barf on it, such
	  responses are now only used internally.
	- Fix negative cache lookup of closestencloser check of DS type bit.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 14:55:19 +00:00
wouter
a4575ae427 Fixup unsigned CNAME to signed CNAME detection of signatures. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1905 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-16 13:34:03 +00:00
wouter
e7d4ff03bc Fix autotrust initialised with DS. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1884 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-02 13:56:14 +00:00
wouter
7acf38ac32 - Made new validator error string available from libunbound for 
applications.  It is in result->why_bogus, a zero-terminated string.
	  unbound-host prints it by default if a result is bogus.
	  Also the errinf is public in module_qstate (for other modules).
	Binary API different. bumped library ABI version.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1874 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 17:05:53 +00:00
wouter
95b2bc86ff neater explanation for unsigned or signatureless negative DS replies. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:57:23 +00:00
wouter
622609bde7 - moved version number to 1.4.0 because of 1.3.4 release with only 
the NSEC3 patch.
	- val-log-level: 2 shows extended error information for validation
	  failures, but still one (longish) line per failure.  For example:
	  validation failure <example.com. DNSKEY IN>: signature expired from
	  192.0.2.4 for trust anchor example.com. while building chain of trust
	  validation failure <www.example.com. A IN>: no signatures from
	  192.0.2.6 for key example.com. while building chain of trust



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1868 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 16:45:47 +00:00
wouter
404b2e7a85 Retry mode, DS and prime. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 07:52:02 +00:00
wouter
df9556e87e autotrust 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1765 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-17 15:58:27 +00:00
wouter
344d6b7622 autotrust work 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1760 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-13 15:32:04 +00:00
wouter
87df1bf1ed More lenient. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1692 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-30 13:20:02 +00:00
wouter
91b39120f4 Fixup trust anchor algorithm check. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-18 13:07:48 +00:00
wouter
a3f550e8f6 Fixup negative TTLs Attila Nagy has reported. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1306 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-16 13:12:32 +00:00
wouter
706d293bcd Fix for SHA256 DS downgrade. And test of resistance. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-30 10:42:02 +00:00
wouter
f2c643c169 threadsafe rrset counter. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1240 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-17 07:13:31 +00:00
wouter
6791fa38ec extended statistics. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1239 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-16 14:08:38 +00:00
wouter
3ba08ebd78 Do not mark additional section items bogus. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1222 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-02 14:35:13 +00:00
wouter
cf50a0bcb7 Faster due to time-sharing. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@966 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-19 13:12:23 +00:00
wouter
361bf7d411 fixup validator classification of root referrals. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@936 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-08 12:24:01 +00:00
wouter
e2ce21cf4d move around debug levels. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@929 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-07 09:46:49 +00:00
wouter
a1ba0ccb3f coverity run fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@803 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-12-04 17:54:14 +00:00
wouter
748ca720d3 nonRD fix. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@786 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-28 12:06:32 +00:00
wouter
8130e75eab nonRD fix. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@785 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-11-28 11:02:01 +00:00
wouter
4bcd6aac94 regional nicer, remove region-allocator. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-18 20:31:43 +00:00
wouter
28e9a2eb92 fixup insecure glue on referrals. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-17 15:48:54 +00:00
wouter
49a22dcb04 fixup test, less logging. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@687 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-17 14:49:12 +00:00
wouter
dc52d27c78 print validator classification type. 
update plan items.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-09-18 12:33:51 +00:00