townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,530 Commits 1 Branch 0 Tags 79 MiB
cc
Commit Graph

477 Commits

Author SHA1 Message Date
wouter
5a4a7863b6 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
wouter
16b3909f91 - Fix validation failure in case upstream forwarder (ISC BIND) does 
not have the same trust anchors and decides to insert unsigned NS
  record in authority section.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-09 11:44:46 +00:00
wouter
f8c9f95aa9 - Fix unintended use of gcc extension for incomplete enum types, 
compile with pedantic c99 compliance (from Daniel Dickman).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-26 08:46:40 +00:00
wouter
f9213eaf93 - Fix cdflag dns64 processing. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-19 08:43:08 +00:00
wouter
0778829809 - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
wouter
275b0360d4 More casts. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 09:23:12 +00:00
wouter
def3dfd114 More unsigned chasts for toupper/tolower/ctype 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3242 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 08:35:00 +00:00
matje
96e1b5ac58 Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is received. 
This is okay according 4035, but not after revising existence in 4592. 
NSEC empty non-terminals exist and thus the RCODE should have been NOERROR.

If this occurs, and the RRsets are secure, we set the RCODE to NOERROR and
the security status of the reponse is also considered secure.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-20 09:46:50 +00:00
matje
7b88f8ede8 only whitespace changes 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3088 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-18 13:54:19 +00:00
wouter
68b138cbd3 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
wouter
63354244f1 - Fix #547: no trustanchor written if filesystem full, fclose checked. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3044 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-21 10:14:55 +00:00
wouter
511cfd92df - Windows port, adjust %lld to %I64d, and warning in win_event.c. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3040 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 16:01:37 +00:00
wouter
ba8b12b779 - fix #544: Fixed +i causes segfault when running with module conf "iterator". 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 13:04:34 +00:00
wouter
db8f72c4f7 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
wouter
884b06df55 Fix linking of sldns and ldns, unique identifiers for global variables. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3021 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-30 11:03:55 +00:00
wouter
8e6ee27eda - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
wouter
a7e7ac40d0 fix lint, more time_t 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 14:45:33 +00:00
wouter
1940c3a670 remove bool. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:47:23 +00:00
wouter
f2403fc51c remove bool. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2948 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:46:41 +00:00
wouter
a3010b56fd more time_t 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 11:44:33 +00:00
wouter
658bd3bcf8 - review fixes from Willem. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2945 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-22 14:10:29 +00:00
wouter
b492e89a4d - more fixes that I overlooked. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2944 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-22 07:33:51 +00:00
wouter
1efe599073 - Fix#520: Errors found by static analysis from Tomas Hozza(redhat). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2942 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-21 13:31:09 +00:00
wouter
b4a007738c - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
wouter
08d0e4c6f6 - Fix memleak in testcode for testbound (if it fails). 
- Fix NSS returned arrays out of setup function to be statics.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2930 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-07-29 07:32:35 +00:00
wouter
2a9f76b880 - Fix use-after-free in out-of-memory handling code (thanks Jake 
Montgomery).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2900 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-05-16 07:36:37 +00:00
wouter
48c72225d1 - Robust checks on dname validity from rdata for dname compare. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2892 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 10:28:25 +00:00
wouter
2643272560 - includes and have_ssl fixes for nss. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2830 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-30 13:15:03 +00:00
wouter
0265146e12 fixup for doxygen 1.8.3 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2827 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-28 13:44:38 +00:00
matje
aae7a518bf Fix validation for responses with CNAME and wildcard expanded CNAME in 
ANSWER section.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2777 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-10-29 14:06:00 +00:00
wouter
97cc148487 - ignore trusted-keys globs that have no files (from Paul Wouters). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2770 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-10-01 07:18:49 +00:00
wouter
ac7d3cdbde - RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2753 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-30 12:02:53 +00:00
wouter
1caf700c2e - fix bogus nodata cname chain not reported as bogus by validator, 
(Thanks Peter van Dijk).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2727 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-27 13:38:00 +00:00
wouter
7f7f11f49e - review fix for libnss, check hash prefix allocation size. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2723 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-25 14:32:37 +00:00
wouter
724697a418 - fix missing break for GOST DS hash function. 
- make depend


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-23 12:27:04 +00:00
wouter
109c3e384b - Fix validation of qtype DS queries that result in no data for 
non-optout NSEC3 zones.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2712 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-06 13:56:44 +00:00
wouter
182250237f - detect if openssl has FIPS_mode. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-28 06:54:16 +00:00
wouter
8cb9d852c0 - disable RSAMD5 if in FIPS mode (for openssl and for libnss). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2702 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-25 15:13:44 +00:00
wouter
4d012867f2 - disable RSAMD5 if in FIPS mode (when compiled with openssl). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-25 15:02:52 +00:00
wouter
491faef693 Test for ECC support for libNSS. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2700 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-22 15:20:56 +00:00
wouter
2d5552262c implement DNSSEC with libNSS: NSEC3, RSA, DSA, ECDSA, and DS hashes. 
make test succeeds.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2699 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-22 14:31:29 +00:00
wouter
836c366bb4 RSA with nss. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 15:19:16 +00:00
wouter
637238e3dd remove double free. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2696 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 12:01:34 +00:00
wouter
1aac0639ef - nss check for verification failure. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2695 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 12:00:48 +00:00
wouter
6fa543ca4d - fix error handling of alloc failure during rrsig verification. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 07:22:01 +00:00
wouter
5373e6bec7 - work on --with-nss build option (for now, --with-libunbound-only). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-20 15:11:53 +00:00
wouter
ec417b19da code review. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-18 14:22:29 +00:00
wouter
e673d893c7 - The key-cache bad key ttl is now 60 seconds. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-15 12:25:29 +00:00
wouter
afcd09ab22 - Protect if statements in val_anchor for compilate without locks. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-16 10:54:52 +00:00
wouter
a6e01024c8 - Fix validation of nodata for DS query in NSEC zones, reported by 
Ondrej Mikle.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-02 11:58:27 +00:00
wouter
5a7af9871a Fix prefetch and stickyness. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 11:04:53 +00:00
wouter
f467fc9b41 lint and doxygen fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 10:08:07 +00:00
wouter
a8abf019dc fix race condition. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 15:03:36 +00:00
wouter
14a5d289af free unsupported trust anchors. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:53:45 +00:00
wouter
d5150eafeb - unbound-control forward_add, forward_remove, stub_add, stub_remove 
can modify stubs and forwards for running unbound (on mobile computer)
  they can also add and remove domain-insecure for the zone.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:35:28 +00:00
wouter
778fd7476a - workaround for openssl 0.9.8 ecdsa sha2 and evp problem. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2608 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 16:40:46 +00:00
wouter
27329b8cc9 - implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This 
implementation is experimental at this time and not recommended
  for use on the public internet (the protocol numbers have not
  been assigned).  Needs recent ldns with --enable-ecdsa.
- fix memory leak in errorcase for DSA signatures.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 13:22:44 +00:00
wouter
05f82d8e99 - fix for windows, rename() is not posix compliant on windows. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2605 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-03 14:56:09 +00:00
wouter
50a47fc8b4 - Fix to write key files completely to a temporary file, and if that 
succeeds, replace the real key file.  So failures leave a useful file.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-19 14:17:22 +00:00
wouter
cc265b7ce4 - Fix bug where canonical_compare of RRSIG did not downcase the 
signer-name.  This is mostly harmless because RRSIGs do not have
  to be sorted in canonical order, usually.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-17 09:06:18 +00:00
wouter
25fbc19b64 - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
wouter
50a8288ce6 - Fix for VU#209659 CVE-2011-4528: Unbound denial of service 
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-19 10:55:32 +00:00
wouter
9bf6080a27 - Fix to constrain signer_name to be a parent of the lookupname. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2571 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-13 12:37:47 +00:00
wouter
a1f677fcac - Makefile changed for BSD make compatibility. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
wouter
fac34aa3d7 - fix various compiler warnings (reported by Paul Wouters). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2497 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 11:35:01 +00:00
wouter
56a4ca7adc - Fix validation of . DS query. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2474 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-17 14:28:32 +00:00
wouter
b05d47d4a5 - Fix wildcard expansion no-data reply under an optout NSEC3 zone is 
validated as insecure, reported by Jia Li (lijia@cnnic.cn).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2461 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-07-11 09:03:18 +00:00
wouter
f7ad48b8ca - Fix TTL of SOA so negative TTL is separately cached from normal TTL. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 12:34:47 +00:00
wouter
0210c9c214 val-override-date: -1 ignores dates entirely, for NTP usage. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 14:06:46 +00:00
wouter
fa30bf953f - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2397 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:48:45 +00:00
wouter
323d94a758 test and cleanup. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-22 09:41:38 +00:00
wouter
f5be858e6b - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
wouter
a33b75aebf Work on validation of multiple algorithms. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00
wouter
d0d27bd296 - fix validation in this case: CNAME to nodata for co-hosted opt-in 
NSEC3 insecure delegation, was bogus, fixed to be insecure.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-17 10:05:56 +00:00
wouter
206d95e87a - Fix validation failure for parent and child on same server with an 
insecure childzone and a CNAME from parent to child.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-29 13:10:26 +00:00
wouter
fc57d16d98 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
wouter
47f65c133a - DLV has downgrade protection again, because the RFC says so. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2238 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-17 08:54:16 +00:00
wouter
874ce84c9f - Fix reported validation error in out of memory condition. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2237 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:57:22 +00:00
wouter
db4944a21d - Algorithm rollover operational reality intrudes, for trust-anchor, 
5011-store, and DLV-anchor if one key matches it's good enough.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:40:26 +00:00
wouter
2b05eb39ec - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2233 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-15 07:08:09 +00:00
wouter
6f7205f522 add and fix doxygen comments for doxygen-1.7.1. (which reports lots of 
spurious items as well, by the way).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-13 08:41:49 +00:00
wouter
9cfff4e70d - Return NXDOMAIN after chain of CNAMEs ends at name-not-found. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2208 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-05 14:31:52 +00:00
wouter
fe32eb79bc please lint. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-04 08:43:38 +00:00
wouter
358a2108de - Fix validation in case a trust anchor enters into a zone with 
unsupported algorithms.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2205 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-04 08:36:27 +00:00
wouter
c9e13c5160 - iana portlist updated. 
- Fix validation of qtype DNSKEY when a key-cache entry exists but
  no rr-cache entry is used (it expired or prefetch), it then goes
  back up to the DS or trust-anchor to validate the DNSKEY.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2189 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-09 15:00:35 +00:00
wouter
34fef67b47 - Neat function prototypes, unshadowed local declarations. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
wouter
796d87d213 Fix 4035 compliance for algorithms from the DS rrset that MUST sign the DNSKEY. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2172 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-01 12:08:48 +00:00
wouter
9d31e30c81 Fix various compiler warnings from the clang llvm compiler. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-18 12:37:04 +00:00
wouter
a1cfb1baa7 - autotrust anchor file can be initialized with a ZSK key as well. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2100 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-27 13:00:48 +00:00
wouter
18abe25cbf - Fix chain of trust with CNAME at an intermediate step, for the DS 
processing proof.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2075 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-09 14:28:32 +00:00
wouter
d1972ff478 Fix validation of queries with wildcard names (*.example). 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2070 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-08 13:22:29 +00:00
wouter
cc89cee01f GOST support. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-06 12:15:19 +00:00
wouter
83015bad7a review of NSEC and NSEC3 zones results 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-22 14:40:45 +00:00
wouter
c046d1d839 Fixed random numbers for port, interface and server selection. 
Removed very small bias.
Also some lint fixes.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-18 14:42:22 +00:00
wouter
77efcea454 includes 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2048 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:50:12 +00:00
wouter
3fa3f23be7 cache verify work for nsec and nsec3. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:49:18 +00:00
wouter
e26a64059e and store sec status 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2046 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:27:53 +00:00
wouter
d28c283f3b Faster nsec3. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2044 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-16 16:52:56 +00:00
wouter
5fb04b1a9c Move includes to code files. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-12 15:17:48 +00:00
wouter
d2666352a8 spelling fix 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-11 16:17:45 +00:00
matje
2fc8d69edc typo svn:NO TEST 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2010 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-04 15:24:51 +00:00
wouter
76852e4b9f Skip RRSIGs on 5011 init. Make install makes all. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1997 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-01 10:26:42 +00:00
wouter
bc146457db printout errors if trust anchor write fails. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1984 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-16 08:52:44 +00:00
wouter
5b27935db0 Fix for Roy. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1982 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-15 10:49:03 +00:00
wouter
26ab4d33f5 Retry in case of validation failure less, cached per-zone not per-query. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-12 15:24:42 +00:00
wouter
abcdf16305 remove warning on format string. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1964 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-27 20:29:07 +00:00
wouter
988cdf0808 work on prefetch: store the updated results in the cache. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-08 15:59:36 +00:00
wouter
2a29e7923e Doc fix and work on prefetch feature. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-07 14:38:18 +00:00
wouter
cf25644378 fixes and new ldns tarball. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:31:39 +00:00
wouter
02d69146e3 Answer qclass=ANY. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1938 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:10:04 +00:00
wouter
aa41f2fe99 Check rrsig expiration last in verify_rrsig 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1936 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-10 16:03:31 +00:00
wouter
4d9ec354dc fix crash for hauke 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1933 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 16:27:13 +00:00
wouter
901335beb1 - Fix SOA excluded from negative DS responses. Reported by Hauke 
Lampe.  The negative cache did not include proper SOA records for
	  negative qtype DS responses which makes BIND barf on it, such
	  responses are now only used internally.
	- Fix negative cache lookup of closestencloser check of DS type bit.



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 14:55:19 +00:00
wouter
fcdfe259c4 Fix crash reported on unbound-users with module-config "iterator" 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1924 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-01 08:12:00 +00:00
wouter
0e49081a44 review comments 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1915 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-20 12:06:00 +00:00
wouter
a4575ae427 Fixup unsigned CNAME to signed CNAME detection of signatures. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1905 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-16 13:34:03 +00:00
wouter
3e0c959ed8 Fix validation failure cnamenodata proof failed for hud.gov. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1902 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-13 10:10:05 +00:00
wouter
4b099772a0 review fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1901 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-12 16:27:11 +00:00
wouter
4dad95e304 Fixup to clean errinf on restart so no extremely long printouts. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1900 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-12 15:07:38 +00:00
wouter
91b0796453 Fix crash bug with DLV and dnssec-retry for the domain registered in it. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1895 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-10 10:42:50 +00:00
wouter
b8541cecba and error 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-10 08:15:08 +00:00
wouter
1c60814d93 debug code 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-09 16:26:24 +00:00
wouter
b32bb876fe more error text 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1892 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-05 19:32:02 +00:00
wouter
90548a0528 better error text. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1891 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-05 19:22:50 +00:00
wouter
73f67632b4 parameter documented 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1887 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-02 15:23:41 +00:00
wouter
e7d4ff03bc Fix autotrust initialised with DS. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1884 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-02 13:56:14 +00:00
wouter
7acf38ac32 - Made new validator error string available from libunbound for 
applications.  It is in result->why_bogus, a zero-terminated string.
	  unbound-host prints it by default if a result is bogus.
	  Also the errinf is public in module_qstate (for other modules).
	Binary API different. bumped library ABI version.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1874 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 17:05:53 +00:00
wouter
a3172d08ca Fix double time subtraction in negative cache. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1873 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 09:18:40 +00:00
wouter
0867d55d16 neater errors for algo and key failure. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1872 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 08:02:00 +00:00
wouter
7b7265c532 More detailed errors. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1871 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 07:23:49 +00:00
wouter
95b2bc86ff neater explanation for unsigned or signatureless negative DS replies. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:57:23 +00:00
wouter
7f41a8fd8a More vallog reason. Doxygen. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1869 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:35:14 +00:00
wouter
622609bde7 - moved version number to 1.4.0 because of 1.3.4 release with only 
the NSEC3 patch.
	- val-log-level: 2 shows extended error information for validation
	  failures, but still one (longish) line per failure.  For example:
	  validation failure <example.com. DNSKEY IN>: signature expired from
	  192.0.2.4 for trust anchor example.com. while building chain of trust
	  validation failure <www.example.com. A IN>: no signatures from
	  192.0.2.6 for key example.com. while building chain of trust



git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1868 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 16:45:47 +00:00
wouter
a6b082b118 Fix trunk. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1866 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 14:00:56 +00:00
wouter
978c34f302 Fix check for signatures. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1864 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 12:56:57 +00:00
wouter
98f810640e retry mode: empty non terminal. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1862 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 08:53:09 +00:00
wouter
6be18f21cc retry mode: DNSKEY. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1861 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 08:22:27 +00:00
wouter
404b2e7a85 Retry mode, DS and prime. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 07:52:02 +00:00
wouter
4ba1003f2c Data retry on validation failure. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1859 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-06 08:31:47 +00:00
wouter
971004b350 Fix autotrust-5011 file used from libunbound (no probing by itself because 
it may not have the processor whenever it likes).


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1857 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-02 08:08:44 +00:00
wouter
145338e6c8 review fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1855 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-28 14:52:53 +00:00
wouter
a3e36f1ee5 Read iana root multiline and prevent integer underflow. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1854 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-28 13:14:01 +00:00
wouter
1086910ad6 review fixes 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1853 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-25 15:20:29 +00:00
wouter
bf212d9136 review nits 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1852 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-25 11:16:43 +00:00
wouter
7277db04c9 review comments 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1850 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-23 15:15:41 +00:00
wouter
b4a655b16e Failure handling for 5011. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1848 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-23 09:05:44 +00:00
wouter
5d07c6ae3c revocation of trust anchors works. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1846 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-22 14:04:43 +00:00
wouter
6650ab00ca rfc5011 and algorithm rollover 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1845 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-22 12:20:21 +00:00
wouter
8e36b3fee5 Pick up revocations even if not normally validly signed. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1842 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-18 10:13:06 +00:00
wouter
f6e1799332 autotrust tests and fixes. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1841 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-18 07:49:29 +00:00