townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

37 Commits

Author SHA1 Message Date
ralph
3377e6f8ee - Save wildcard RRset from answer with original owner for use in aggressive 
NSEC.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4550 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-22 15:12:31 +00:00
wouter
7911e492f9 - patch for CVE-2017-15105: vulnerability in the processing of 
wildcard synthesized NSEC records.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4441 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-19 09:50:35 +00:00
wouter
39ba948040 - Spelling fixes, from Phil Porada. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
wouter
9df24fe7cd Fixup compile for clean_additional changes 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-07 09:24:33 +00:00
wouter
33c3822724 - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
wouter
16b3909f91 - Fix validation failure in case upstream forwarder (ISC BIND) does 
not have the same trust anchors and decides to insert unsigned NS
  record in authority section.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-09 11:44:46 +00:00
wouter
68b138cbd3 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
wouter
f5be858e6b - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
wouter
a33b75aebf Work on validation of multiple algorithms. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00
wouter
fc57d16d98 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
wouter
db4944a21d - Algorithm rollover operational reality intrudes, for trust-anchor, 
5011-store, and DLV-anchor if one key matches it's good enough.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:40:26 +00:00
wouter
901335beb1 - Fix SOA excluded from negative DS responses. Reported by Hauke 
Lampe.  The negative cache did not include proper SOA records for
	  negative qtype DS responses which makes BIND barf on it, such
	  responses are now only used internally.
	- Fix negative cache lookup of closestencloser check of DS type bit.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 14:55:19 +00:00
wouter
73f67632b4 parameter documented 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1887 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-02 15:23:41 +00:00
wouter
e7d4ff03bc Fix autotrust initialised with DS. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1884 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-02 13:56:14 +00:00
wouter
7acf38ac32 - Made new validator error string available from libunbound for 
applications.  It is in result->why_bogus, a zero-terminated string.
	  unbound-host prints it by default if a result is bogus.
	  Also the errinf is public in module_qstate (for other modules).
	Binary API different. bumped library ABI version.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1874 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 17:05:53 +00:00
wouter
95b2bc86ff neater explanation for unsigned or signatureless negative DS replies. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:57:23 +00:00
wouter
7f41a8fd8a More vallog reason. Doxygen. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1869 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:35:14 +00:00
wouter
622609bde7 - moved version number to 1.4.0 because of 1.3.4 release with only 
the NSEC3 patch.
	- val-log-level: 2 shows extended error information for validation
	  failures, but still one (longish) line per failure.  For example:
	  validation failure <example.com. DNSKEY IN>: signature expired from
	  192.0.2.4 for trust anchor example.com. while building chain of trust
	  validation failure <www.example.com. A IN>: no signatures from
	  192.0.2.6 for key example.com. while building chain of trust



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1868 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 16:45:47 +00:00
wouter
404b2e7a85 Retry mode, DS and prime. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 07:52:02 +00:00
wouter
df9556e87e autotrust 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1765 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-17 15:58:27 +00:00
wouter
91b39120f4 Fixup trust anchor algorithm check. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-18 13:07:48 +00:00
wouter
3ba08ebd78 Do not mark additional section items bogus. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1222 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-09-02 14:35:13 +00:00
wouter
cf50a0bcb7 Faster due to time-sharing. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@966 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-19 13:12:23 +00:00
wouter
361bf7d411 fixup validator classification of root referrals. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@936 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-02-08 12:24:01 +00:00
wouter
a939400c02 ISO C 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@712 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-22 09:14:29 +00:00
wouter
4bcd6aac94 regional nicer, remove region-allocator. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-18 20:31:43 +00:00
wouter
28e9a2eb92 fixup insecure glue on referrals. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-10-17 15:48:54 +00:00
wouter
dc52d27c78 print validator classification type. 
update plan items.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-09-18 12:33:51 +00:00
wouter
28f18e649d Referral validation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@553 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-28 09:39:43 +00:00
wouter
316be1bec1 validator also computes insecure and indeterminate for rrsets and stores 
that.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@551 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-27 14:55:06 +00:00
wouter
27f63fd760 prettier proof routines. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-24 10:36:15 +00:00
wouter
3e00f0a5e9 refuse unsigned authority section. clean additional section as option. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@543 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-24 09:44:29 +00:00
wouter
808bdd71af CNAME validation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@542 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-23 15:23:45 +00:00
wouter
c009f0706c VALIDATE state and positive response validation. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-20 12:31:12 +00:00
wouter
e173c2f391 ds2ke and nsec work. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@529 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-17 11:41:49 +00:00
wouter
de42790b48 val_util work. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@497 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-07 14:30:01 +00:00
wouter
7f7627bbea validator work. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@493 be551aaa-1e26-0410-a405-d3ace91eadb9
 2007-08-06 12:57:29 +00:00