failing with a forwarder set. Now, auth-zone is only used for
answers (not referrals) when a forwarder is set.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4600 be551aaa-1e26-0410-a405-d3ace91eadb9
3786f4ac - tag 1.7.0rc3. (wouter)
52951453 - Added documentation for aggressive-nsec: yes. (wouter)
a3296c2d configure --disable-swig-version-check stops the swig version check. (wouter)
a93a5298 - Fix#3598: Fix swig build issue on rhel6 based system. (wouter)
7faeb8e3 1.7.0rc2 (wouter)
12e74d06 - note when tag 1.7.0rc1 happened in the changelog. (wouter)
da69a014 - Attempt to remove warning about trailing whitespace. (wouter)
2b00a5d3 - Attempt to remove warning about trailing whitespace. (wouter)
1c8938d3 - patch suggested by Debian lintian: allow to -> allow one to, from A. Schulze. (wouter)
06453716 - patch to log creates keytag queries, from A. Schulze. (wouter)
d1ce267c - Fixed contrib/fastrpz.patch, even though this already applied cleanly for me, now also for others. (wouter)
ed4f6f2c - Fix for windows compile. (wouter)
cf7ae9ca - svn trunk contains 1.7.0, this is the number for the next release. (wouter)
692f648a - Reverted fix for #3512, this may not be the best way forward; although it could be changed at a later time, to stay similar to other implementations. (wouter)
0a65f973 - Fix#3582: Squelch address already in use log when reuseaddr option causes same port to be used twice for tcp connections. (wouter)
ebe1d77c - iana port update. (wouter)
5754fd70 removed unneeded includes. (wouter)
f9f01089 - Fix to check define of DSA for when openssl is without deprecated. (wouter)
327d22ff - Fix nettle compile. (wouter)
7cb6d24f - Fix compile with staticexe and python module. (wouter)
340efc3a - Fix compile without threads, and remove unused variable. (wouter)
325fc065 - Fixup contrib/fastrpz.patch so that it applies. (wouter)
e3ee8c66 - use existing code to find signer on positive wildcard answers (ralph)
3377e6f8 - Save wildcard RRset from answer with original owner for use in aggressive NSEC. (ralph)
3c305c69 - more robust cachedump rrset routine. (wouter)
6270fb6d fix spelling error (wouter)
ffa11946 - Fix validation for CNAME loops. When it detects a cname loop, by finding the cname, cname in the existing list, it returns the partial result with the validation result up to then. (wouter)
a68512c0 neater code. (wouter)
8c37d105 comment to explain it. (wouter)
eb1adcf3 - Fix#3512: unbound incorrectly reports SERVFAIL for CAA query when there is a CNAME loop. (wouter)
2c129d2a fix noview. (wouter)
67f76f85 - Fix for more maintainable code in localzone. (wouter)
5a0f6206 bug ref nr. (wouter)
80ab137e - local-zone noview can be used to break out of the view to the global local zone contents, for queries for that zone. (wouter)
aaf91e24 - Fix#3505: Documentation for default local zones references wrong RFC. (wouter)
1a9d913e - Fixes for clang static analyzer, the missing ; in edns-subnet/addrtree.c after the assert made clang analyzer produce a failure to analyze it. (wouter)
c217a69c - Aggressive NSEC tests (ralph)
fcd9b8c4 auth zone: default is https if no 'http://' given. (wouter)
b52ca641 auth zone whitespace fixes and input validation. (wouter)
2b221f31 auth zone review fixes (wouter)
4ddbf8ae - iana port update. (wouter)
4d4669b2 - tls-cert-bundle option in unbound.conf enables TLS authentication. (wouter)
0e2c3c5a - Unit test for auth zone https url download. (wouter)
6408197b - Fix the ce_len+2 fix (Aggressive NSEC review) (ralph)
42255fca - Processed aggressive NSEC code review remarks Wouter (ralph)
2d5fc74a - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test) (ralph)
2076e1e2 auth zone work, nicer debug output. (wouter)
647c958d auth zone stop sending packets when the application quits. (wouter)
f928cde0 - auth zone url config. (wouter)
b8a397af auth zone http work. (wouter)
7c5497d3 auth zone work. (wouter)
35bc8a1e - Aggressive use of NSEC implementation. Use cached NSEC records to generate NXDOMAIN, NODATA and positive wildcard answers. (ralph)
2de81e0f auth zone work. (wouter)
7a30b4aa auth zone review. (wouter)
6342b792 - iana port update. (wouter)
42818256 fix for doxygen and lint. (wouter)
40286955 auth zone work on http feature. (wouter)
1cb6bd90 fix for doxygen (wouter)
e48156c6 auth zone work. (wouter)
5caf1aee fix lint warning (wouter)
081cdce0 fix lint warning (wouter)
1e7120e4 auth zone work. (wouter)
19c3997e Fixup tests for checklocks. Add auth axfr test for socket code. (wouter)
db621d92 - auth-zone provides a way to configure RFC7706 from unbound.conf, eg. with auth-zone: name: "." for-downstream: no for-upstream: yes fallback-enabled: yes and masters or a zonefile with data. (wouter)
c172f0df make depend. (wouter)
e7a76a8a - Fix#3451: dnstap not building when you have a separate build dir. And removed protoc warning, set dnstap.proto syntax to proto2. (wouter)
98bf7184 auth zone fixup lock protection, it wrongly covered the rbtree node. (wouter)
8c4be295 auth zone test probe of SOA (wouter)
276d3130 auth zone ixfr unit tests (wouter)
ebda5cbb auth zone ixfr unit test, and fixes. (wouter)
4d369162 auth zone, remove unused code (wouter)
9caa77b2 fix unit test for new output func. (wouter)
1f7eff89 auth zone, axfr and printout works. (wouter)
ff360ae2 Enable valgrind in (some) tests. (wouter)
aca1f554 fix spelling error in delegation. (wouter)
cf525b93 Fix more critical regions. Cleans tests. (wouter)
6b49cdd1 - lock subnet new item before insertion to please checklocks, no modification of critical regions outside of lock region. (wouter)
cee57903 auth zone race condition remove and checklock fix for check of unused alignment memory in structure. (wouter)
252eae4e - Fix lock race condition in dns cache dname synthesis. (wouter)
f4a83a96 - unit test with valgrind (wouter)
1b9c86be - unit test with valgrind (wouter)
1d3cb2e4 remove debug printf. (wouter)
f8f3f79a - Fix unfreed locks in log and arc4random at exit of unbound. (wouter)
cc667b64 - fix unaligned structure making a false positive in checklock unitialised memory. (wouter)
3601b233 auth zone socket creation fix. (wouter)
28d97930 auth zone test for host lookup (wouter)
78cac2d7 auth zone, nicer debug log (wouter)
7897dad2 auth zone test checks stored axfr zonefile (wouter)
43c4502b auth zone unit test extra_packet moves multipe tcp packets on stream (wouter)
a8847f66 auth zone test, udp and tcp answered from unit test (wouter)
a7ae601c auth zone fix comment (wouter)
e4c6da88 auth zone move file descriptor functionality to outside network for the unit test (wouter)
f88d7a67 auth zone test with zone transfer (wouter)
2470b31c cleanup without losing zone contents, and also backoff for nonresponsive masters while zone data is available. (wouter)
fd5b2dd1 pickup worker events, and free them. exponential backoff for continuously failing zones. (wouter)
df057fff failover for dnssec bogus (wouter)
9f91e3c3 test for validation of queries answered with a zonefile (wouter)
4cf7809a Test authority zone with zonefile for root referrals (RFC7706) (wouter)
02933666 make depend (wouter)
4f5bbce4 auth zone for downstream (wouter)
7060ceb9 no $INCLUDE in this test. (wouter)
71ba486b Test for no-upstream enabled, and thus fallback to normal priming and lookup. (wouter)
12f50778 remove debug print (wouter)
483796b9 fix to please doxygen's parser. (wouter)
4d3b9db0 unit test for auth zone lookup (wouter)
5c23b370 Fix sldns parse state prev dname. (wouter)
90141b6f fix $INCLUDE (wouter)
f92f7fb2 auth zone, make depend, fallback, create and delete, and lease_time, and lock fixes. (wouter)
80ab330e lint fixes. (wouter)
82a0a763 lint fixes (wouter)
b20df48e Also use NSEC with longest closest encloser for CNAME responses. (ralph)
7af974cc remove unused TODO items (wouter)
ee752be7 auth zone work, ixfr apply procedure. (wouter)
5489a6b5 - Use NSEC with longest ce to prove wildcard absence. - Only use *.ce to prove wildcard absence, no longer names. (ralph)
5af55bab remove unneeded statements (wouter)
cea3d1ee fixup iterator (wouter)
3e50a1fb unneeded statement (wouter)
337ef218 fix id check (wouter)
c0b6702a lint fix. (wouter)
e2560b39 lint fixes. (wouter)
6511959f fix ixfr and axfr end detection. (wouter)
1456e7a6 authzone transfer functionality (wouter)
7774d57f correct name for libunbound.so.conf (wouter)
0a2f0cf4 add semicolon at end of line. (wouter)
1926bbe5 - ltrace.conf file for libunbound in contrib. (wouter)
74d2a9da - Print fatal errors about remote control setup before log init, so that it is printed to console. (wouter)
f84f924e - Fix that unbound-checkconf -f flag works with auto-trust-anchor-file for startup scripts to get the full pathname(s) of anchor file(s). (wouter)
98b9046b - Fix#3397: Fix that when the cache contains an unsigned DNAME in the middle of a cname chain, a result without the DNAME could be returned. (wouter)
82881b17 - Fix#3397: Fix that cachedb could return a partial CNAME chain. (wouter)
bf48ee63 - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is also recognized and means the same. Also for tls-port, tls-service-key, tls-service-pem, stub-tls-upstream and forward-tls-upstream. (wouter)
58bcba72 - make depend: code dependencies updated in Makefile. (wouter)
b9d18105 - iana port update. (wouter)
7911e492 - patch for CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records. (wouter)
51c4c977 - trunk has 1.6.9 with fix and previous commits. (wouter)
a28f91e7 - Copy query and correctly set flags on REFUSED answers when cache snooping is not allowed. (ralph)
f31d36c8 Please lint (ralph)
faf687ef - Fix queries being leaked above stub when refetching glue. (ralph)
0a121de9 fix oneoff (wouter)
e8865e9a fixup larger than 2**31 case. (wouter)
fe7c8d17 - Remove clang optimizer disable, Fix that expiration date checks don't fail with clang -O2. (wouter)
ed00a971 - Fix that DS queries with referral replies are answered straight away, without a repeat query picking the DS from cache. The correct reply should have been an answer, the reply is fixed by the scrubber to have the answer in the answer section. (wouter)
bd2f389b - Also disable -flto for clang, to make incep-expi signature check work. (wouter)
b4462e04 - iana port update. (wouter)
e905d513 - Fix timestamp failure because of clang optimizer failure, by disabling -O2 when the compiler --version is clang. (wouter)
dd172dfb remove debug output (wouter)
8ddd7434 this version of unbound fails when compiled with CC=clang and -O (edit Makefile), or -O2 (default). If you use no optimizing flag, unittest works. (wouter)
eaeddf20 unit test for timestamp failure with clang (wouter)
074b8502 authzone work (wouter)
2c0645e9 set repinfo correctly (this prints out debug and errors with the correct remote IP) (wouter)
ea5643f9 fix unit tests (wouter)
a1ad3c1d - authzone work, transfer connect. (wouter)
94372506 - Fix qname-minimisation documentation (A QTYPE, not NS) (ralph)
1a699f59 - Check whether --with-libunbound-only is set when using --with-nettle or --with-nss. (ralph)
14da3558 lookup and transfer setup (wouter)
32908dc8 disown and pickup of next task. (wouter)
bf393616 fixup locks. (wouter)
f9decd7b - Fix link failure on OmniOS. (wouter)
bf32cf46 auth zone transfer setup. (wouter)
276a63a1 iterate probe over looked up ip4 and ip6 addresses (wouter)
3338ac15 - auth zone work. probe hostname lookup. (wouter)
0dfd3238 note that state must be separated because of error corner cases. (wouter)
8fb3f713 - Fix#3299 - forward CNAME daisy chain is not working (wouter)
19649cbf re-run aclocal (of Fedora 27). (wouter)
c8b4fc87 upgraded comment (wouter)
98a152c9 fix for lint. (wouter)
9efb9044 - auth xfer work on probe timer and lookup. (wouter)
44915a87 - Fix#2882: Unbound behaviour changes (wrong) when domain-insecure is set for stub zone. It no longer searches for DNSSEC information. (wouter)
1f3ab658 no AAAA shortcuts. (wouter)
6f02e4bb - Fix qname minimisation to send AAAA queries at zonecut like type A. (wouter)
e23fd131 - Fix#2801: Install libunbound.pc. (wouter)
58a0187a unused void cast. (wouter)
3ccb98dd - Fix#2492: Documentation libunbound. (wouter)
a022c9bd - Fix#2141 - for libsodium detect lack of entropy in chroot, print a message and exit. (wouter)
f03a2ab4 - Fix#2034 - Autoconf and -flto. (wouter)
a0ffe3a2 - Fix#2362: TLS1.3/openssl-1.1.1 not working. (wouter)
de14a7e8 Correct line ending in man page. (wouter)
f2a4d20b Typing error fix up. (wouter)
6c4ad226 - make ip-transparent option work on OpenBSD. (wouter)
72b70b5c - Fix#1913: ub_ctx_config is under circumstances thread-safe. (wouter)
c9ce6f59 - iana port update. (wouter)
ba572d6f - lexer output. (wouter)
470f64df - Document that errno is left informative on libunbound config read fail. (wouter)
d1c485bc - Fix#2031: Double included headers (ralph)
24b4835e - Fix#1949: [dnscrypt] make provider name mismatch more obvious. (ralph)
9c22e427 - Fixed libunbound manual typo. (ralph)
aa79205c - Update B root ipv4 address. (ralph)
e004cf81 authzone, handle probe return packets. (wouter)
80987455 fix lint (wouter)
516f8fc5 corrected fix for test link. (wouter)
533368b8 fix test link (wouter)
cc34c6bd authzone work. (wouter)
735c650f fix doxygen (wouter)
f6767b64 - authzone work, probe timer setup. (wouter)
6f83cdd0 - lint for recent authzone commit. (wouter)
77d3988e - Work on local root zone code. (wouter)
8ea0120a - Better documentation for cache-max-negative-ttl. (wouter)
1a627478 Turn duplicates into warnings for dnscrypt, and fix declaration and code mix warning. (wouter)
cbb64b3a - [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert duplicates - [dnscrypt] introduce dnscrypt-provider-cert-rotated option, from Manu Bretelle. This option allows handling multiple cert/key pairs while only distributing some of them. In order to reliably match a client magic with a given key without strong assumption as to how those were generated, we need both key and cert. Likewise, in order to know which ES version should be used. On the other hand, when rotating a cert, it can be desirable to only serve the new cert but still be able to handle clients that are still using the old certs's public key. The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not publish the cert as part of the DNS's provider_name's TXT answer. (wouter)
3110caa0 - Fix#1749: With harden-referral-path: performance drops, due to circular dependency in NS and DS lookups. (wouter)
9ebff362 - trunk has version 1.6.8. (wouter)
8a71dc5f - tag 1.6.7 (wouter)
ddc23882 - Fix spelling in unbound-control man page. (wouter)
486ac179 - tag 1.6.7rc1 (wouter)
95863bf2 - Use RCODE from A response on DNS64 synthesized answer. (ralph)
511a63ef remove duplicate statements. (wouter)
20130528 - Fix some more crpls in testdata for different signaling default. (wouter)
c523378d - Fix trust-anchor-signaling works in libunbound. (wouter)
8824ebcd also disable trust-anchor-signaling is crpl tests (ralph)
c42f5361 - Set trust-anchor-signaling default to yes (ralph)
970f539b - Fix param unused warning for windows exportsymbol compile. (wouter)
8f05e958 - Fix#1450: Generate again patch contrib/aaaa-filter-iterator.patch (by Danilo G. Baio). (ralph)
4d5b70bb - Log name of looping module (ralph)
235b9c14 Spelling fixes are from Josh Soref. (wouter)
f5d8f505 - Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff. (wouter)
f8f00182 assert and lint. (wouter)
6c6d3376 - use a cachedb answer even if it's "expired" when serve-expired is yes (patch from Jinmei Tatuya). - trigger refetching of the answer in that case (this will bypass cachedb lookup) - allow storing a 0-TTL answer from cachedb in the in-memory message cache when serve-expired is yes (wouter)
c881f5fe - Fix#1400: allowing use of global cache on ECS-forwarding unless always-forward. (ralph)
87a108b3 - Fix#1440: [dnscrypt] client nonce cache. (wouter)
e12160f6 and man page. (wouter)
e2aaf5e9 - Fix#1435: Please allow UDP to be disabled separately upstream and downstream. (wouter)
5251daea - Fix that looping modules always stop the query, and don't pass control. (wouter)
becbd20b - tag 1.6.6rc2, became 1.6.6 on 18 sep. trunk 1.6.7 in development. (wouter)
b5aba923 autoconf. (wouter)
39ba9480 - Spelling fixes, from Phil Porada. (wouter)
ddd249d0 - Fix unbound-host to report error for DNSSEC state of failed lookups. (wouter)
dfb5ebda - tag 1.6.6rc2 (wouter)
86daa970 - Add dns64 for client-subnet in unbound-checkconf. (wouter)
45adede8 remove debug (wouter)
6e590364 - Fix#1434: Fix windows openssl 1.1.0 linking. (wouter)
6d18c7e2 - Fix#1412: QNAME minimisation strict mode not honored (ralph)
3a1a576d - makedist fix for windows binaries, with openssl 1.1.0 windres fix, and expat 2.2.4 install target fix. (wouter)
526d1e88 note tag 1.6.6rc1 (wouter)
50941d67 and in man page. (wouter)
d8d4c8c5 - Recommend 1472 buffer size in unbound.conf (wouter)
3d60e536 lock_protect mutex in cachedb. (wouter)
15de6468 - Fix#1418: [ip ratelimit] initialize slabhash using ip-ratelimit-slabs. (wouter)
57323a83 les and bison. (wouter)
dfb7048b dnscrypt cache size configuration option. (wouter)
6a32cf0c - make depend (wouter)
ce208bb8 - Fix#1417: [dnscrypt] shared secret cache counters, and works when dnscrypt is not enabled. (wouter)
7e69f3e2 - but reverted that, tests fails with that escape. (wouter)
74148f58 - For #1417: escape ; in dnscrypt tests. (wouter)
99f7948a - Fix#1424: cachedb:testframe is not thread safe. (wouter)
e7919c41 - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. (wouter)
40e912fb - updated contrib/fastrpz.patch to apply with configparser changes. (wouter)
5b50b5b0 Fix dnscrypt tests grep. (wouter)
818ac2ab - fixup WKS test on buildhost without servicebyname. (wouter)
1f650790 - new keys and certs for dnscrypt tests. (wouter)
a5990315 - zero qinfo in handle_request, this zeroes local_alias and also the qname member. (wouter)
9500ddda - Fix#1414: fix segfault on parse failure and log_replies. (wouter)
bc1fba7f nicer layout. (wouter)
d566f3c8 - Fix WKS records on kvm autobuild host, with default protobyname entries for udp and tcp. (wouter)
398021b8 - Small fixes for the shared secret cache patch. (wouter)
8e49ed87 - Fix#1415: [dnscrypt] shared secret cache, patch from Manu Bretelle. (wouter)
737cb748 - iana portlist update (wouter)
8b3bfc6c - Fix#1415: patch to free dnscrypt environment on reload. (wouter)
6aa6c48e - Fix to reclaim tcp handler when it is closed due to dnscrypt buffer allocation failure. (wouter)
51808a94 - make depend (wouter)
a2f9551c - Fix#1407: Add ECS options check to unbound-checkconf. (wouter)
489ad287 - Fix#1402: squelch invalid argument error for fd_set_block on windows. (wouter)
2cbdee08 Better text for change: - Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017. (wouter)
69cabf50 - Fix issue on macOX 10.10 where TCP fast open is detected but not implemented causing TCP to fail. The fix allows fallback to regular TCP in this case and is also more robust for cases where connectx() fails for some reason. (wouter)
b080335c - trunk version 1.6.6 in development. (wouter)
e682b0be - Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes installs between sep11 and oct11 2017. (wouter)
9e967620 better text. (wouter)
aa09eec8 - Patch to show DNSCrypt status in help output, from Carsten Strotmann. (wouter)
36be78aa - Remove spaces from Makefile. (wouter)
9e330d75 yacc 1.9 and flex 2.6.1. (wouter)
94f66ee0 - Fix#1398: make cachedb secret configurable. (wouter)
df7d82a2 - Fix#1397: Recursive DS lookups for AS112 zones names should recurse. (wouter)
e5513455 Do not add rrset_bogus and query ratelimiting stats per thread. (ralph)
d073e3e2 - Added stats for queries that have been ratelimited by domain recursion. (ralph)
2fc82180 - Do not reset rrset.bogus stats when called using stats_noreset. (ralph)
ebd76ef0 - Remove unused iter_env member (ip6arpa_dname) (ralph)
4b3602ba - Fix#1394: mix of serve-expired and response-ip could cause a crash. (wouter)
436f873b - iana update (wouter)
47dafe4c fix type cast. (wouter)
8afb9182 - Fix#1365: Add Ed25519 support using libnettle. (wouter)
cce1adf9 - Fix DSA configure switch (--disable dsa) for libnettle and libnss. (wouter)
4cc1a472 double fallthrough annotation to please gcc parser. (wouter)
0dcb1147 annotate fallthrough (wouter)
d616547e remove warning (wouter)
756034db - Fix compile with libnettle (wouter)
daa625cf - remove warning from windows compile. (wouter)
6521d82b - squelch TCP fast open error on FreeBSD when kernel has it disabled, unless verbosity is high. (wouter)
2f22e0e3 - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), config.sub(2016-09-05). - annotate case statement fallthrough for gcc 7.1.1. - flex output from flex 2.6.1. - snprintf of thread number does not warn about truncated string. (wouter)
ea646bbb please doxygen (wouter)
55c6dcd7 - Fix#1349: allow suppression of pidfiles (from Daniel Kahn Gillmor). With the -p option unbound does not create a pidfile. (wouter)
fe4f8851 - Fix#1350: make cachedb backend configurable (from JINMEI Tatuya). (wouter)
e946f2fe fix doc. (wouter)
4ebb3f5a - Redirect all localhost names to localhost address for RFC6761. (wouter)
7e2a0e92 - Fix#1344: RFC6761-reserved domains: test. and invalid. (wouter)
6ab32e3f fixup printout of skipped. (wouter)
f48dadeb test report again (wouter)
61e5213d Test -f report. (wouter)
b33ffd41 full report with -f (wouter)
3562699a run tests. (wouter)
df993ad5 - Fix svn hooks for tdir (selected if testcode/mini_tdir.sh exists). (wouter)
3343bcb0 Fixup speed_cache for 01-doc test. (wouter)
8ba25b12 tests in tdir format. (wouter)
2ca4cc3a - Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg. (wouter)
b56b9684 - Fix 1332: Bump verbosity of failed chown'ing of the control socket. (wouter)
029b56d0 Fixup (wouter)
c6925b28 - Fix openssl 1.1.0 load of ssl error strings from ssl init. (wouter)
1b563e56 - Fix pythonmod link line option flag. (wouter)
4de11541 - Fix#1331: libunbound segfault in threaded mode when context is deleted. (wouter)
cc82f13e - Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned on. (wouter)
80663d8e lint fix and check errcode. (wouter)
ad5295b5 - enhancement for hardened-tls for DNS over TLS. Removed duplicated security settings. (wouter)
13034f04 - iana portlist update (wouter)
f43c401e - Fix python example0 return module wait instead of error for pass. (wouter)
4e5449c2 - Fix that infra cache host hash does not change after reconfig. (wouter)
cea4abd0 - Remove signed unsigned warning from authzone. (wouter)
32a5f8a4 - Trunk contains 1.6.5, with changes from 26, 27 june. (wouter)
90c6150a CMake: update 2018 copyright (anonimal)
783c32da CMake: always build with -fPIC (anonimal)
1b3fa141 CMake: enable SHA1 (anonimal)
436f1f58 Build: add support for SunOS/Solaris (anonimal)
efa249c1 CMake: fix libressl linkage (anonimal)
3786f4ac - tag 1.7.0rc3. (wouter)
52951453 - Added documentation for aggressive-nsec: yes. (wouter)
a3296c2d configure --disable-swig-version-check stops the swig version check. (wouter)
a93a5298 - Fix#3598: Fix swig build issue on rhel6 based system. (wouter)
7faeb8e3 1.7.0rc2 (wouter)
12e74d06 - note when tag 1.7.0rc1 happened in the changelog. (wouter)
da69a014 - Attempt to remove warning about trailing whitespace. (wouter)
2b00a5d3 - Attempt to remove warning about trailing whitespace. (wouter)
1c8938d3 - patch suggested by Debian lintian: allow to -> allow one to, from A. Schulze. (wouter)
06453716 - patch to log creates keytag queries, from A. Schulze. (wouter)
d1ce267c - Fixed contrib/fastrpz.patch, even though this already applied cleanly for me, now also for others. (wouter)
ed4f6f2c - Fix for windows compile. (wouter)
cf7ae9ca - svn trunk contains 1.7.0, this is the number for the next release. (wouter)
692f648a - Reverted fix for #3512, this may not be the best way forward; although it could be changed at a later time, to stay similar to other implementations. (wouter)
0a65f973 - Fix#3582: Squelch address already in use log when reuseaddr option causes same port to be used twice for tcp connections. (wouter)
ebe1d77c - iana port update. (wouter)
5754fd70 removed unneeded includes. (wouter)
f9f01089 - Fix to check define of DSA for when openssl is without deprecated. (wouter)
327d22ff - Fix nettle compile. (wouter)
7cb6d24f - Fix compile with staticexe and python module. (wouter)
340efc3a - Fix compile without threads, and remove unused variable. (wouter)
325fc065 - Fixup contrib/fastrpz.patch so that it applies. (wouter)
e3ee8c66 - use existing code to find signer on positive wildcard answers (ralph)
3377e6f8 - Save wildcard RRset from answer with original owner for use in aggressive NSEC. (ralph)
3c305c69 - more robust cachedump rrset routine. (wouter)
6270fb6d fix spelling error (wouter)
ffa11946 - Fix validation for CNAME loops. When it detects a cname loop, by finding the cname, cname in the existing list, it returns the partial result with the validation result up to then. (wouter)
a68512c0 neater code. (wouter)
8c37d105 comment to explain it. (wouter)
eb1adcf3 - Fix#3512: unbound incorrectly reports SERVFAIL for CAA query when there is a CNAME loop. (wouter)
2c129d2a fix noview. (wouter)
67f76f85 - Fix for more maintainable code in localzone. (wouter)
5a0f6206 bug ref nr. (wouter)
80ab137e - local-zone noview can be used to break out of the view to the global local zone contents, for queries for that zone. (wouter)
aaf91e24 - Fix#3505: Documentation for default local zones references wrong RFC. (wouter)
1a9d913e - Fixes for clang static analyzer, the missing ; in edns-subnet/addrtree.c after the assert made clang analyzer produce a failure to analyze it. (wouter)
c217a69c - Aggressive NSEC tests (ralph)
fcd9b8c4 auth zone: default is https if no 'http://' given. (wouter)
b52ca641 auth zone whitespace fixes and input validation. (wouter)
2b221f31 auth zone review fixes (wouter)
4ddbf8ae - iana port update. (wouter)
4d4669b2 - tls-cert-bundle option in unbound.conf enables TLS authentication. (wouter)
0e2c3c5a - Unit test for auth zone https url download. (wouter)
6408197b - Fix the ce_len+2 fix (Aggressive NSEC review) (ralph)
42255fca - Processed aggressive NSEC code review remarks Wouter (ralph)
2d5fc74a - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test) (ralph)
2076e1e2 auth zone work, nicer debug output. (wouter)
647c958d auth zone stop sending packets when the application quits. (wouter)
f928cde0 - auth zone url config. (wouter)
b8a397af auth zone http work. (wouter)
7c5497d3 auth zone work. (wouter)
35bc8a1e - Aggressive use of NSEC implementation. Use cached NSEC records to generate NXDOMAIN, NODATA and positive wildcard answers. (ralph)
2de81e0f auth zone work. (wouter)
7a30b4aa auth zone review. (wouter)
6342b792 - iana port update. (wouter)
42818256 fix for doxygen and lint. (wouter)
40286955 auth zone work on http feature. (wouter)
1cb6bd90 fix for doxygen (wouter)
e48156c6 auth zone work. (wouter)
5caf1aee fix lint warning (wouter)
081cdce0 fix lint warning (wouter)
1e7120e4 auth zone work. (wouter)
19c3997e Fixup tests for checklocks. Add auth axfr test for socket code. (wouter)
db621d92 - auth-zone provides a way to configure RFC7706 from unbound.conf, eg. with auth-zone: name: "." for-downstream: no for-upstream: yes fallback-enabled: yes and masters or a zonefile with data. (wouter)
c172f0df make depend. (wouter)
e7a76a8a - Fix#3451: dnstap not building when you have a separate build dir. And removed protoc warning, set dnstap.proto syntax to proto2. (wouter)
98bf7184 auth zone fixup lock protection, it wrongly covered the rbtree node. (wouter)
8c4be295 auth zone test probe of SOA (wouter)
276d3130 auth zone ixfr unit tests (wouter)
ebda5cbb auth zone ixfr unit test, and fixes. (wouter)
4d369162 auth zone, remove unused code (wouter)
9caa77b2 fix unit test for new output func. (wouter)
1f7eff89 auth zone, axfr and printout works. (wouter)
ff360ae2 Enable valgrind in (some) tests. (wouter)
aca1f554 fix spelling error in delegation. (wouter)
cf525b93 Fix more critical regions. Cleans tests. (wouter)
6b49cdd1 - lock subnet new item before insertion to please checklocks, no modification of critical regions outside of lock region. (wouter)
cee57903 auth zone race condition remove and checklock fix for check of unused alignment memory in structure. (wouter)
252eae4e - Fix lock race condition in dns cache dname synthesis. (wouter)
f4a83a96 - unit test with valgrind (wouter)
1b9c86be - unit test with valgrind (wouter)
1d3cb2e4 remove debug printf. (wouter)
f8f3f79a - Fix unfreed locks in log and arc4random at exit of unbound. (wouter)
cc667b64 - fix unaligned structure making a false positive in checklock unitialised memory. (wouter)
3601b233 auth zone socket creation fix. (wouter)
28d97930 auth zone test for host lookup (wouter)
78cac2d7 auth zone, nicer debug log (wouter)
7897dad2 auth zone test checks stored axfr zonefile (wouter)
43c4502b auth zone unit test extra_packet moves multipe tcp packets on stream (wouter)
a8847f66 auth zone test, udp and tcp answered from unit test (wouter)
a7ae601c auth zone fix comment (wouter)
e4c6da88 auth zone move file descriptor functionality to outside network for the unit test (wouter)
f88d7a67 auth zone test with zone transfer (wouter)
2470b31c cleanup without losing zone contents, and also backoff for nonresponsive masters while zone data is available. (wouter)
fd5b2dd1 pickup worker events, and free them. exponential backoff for continuously failing zones. (wouter)
df057fff failover for dnssec bogus (wouter)
9f91e3c3 test for validation of queries answered with a zonefile (wouter)
4cf7809a Test authority zone with zonefile for root referrals (RFC7706) (wouter)
02933666 make depend (wouter)
4f5bbce4 auth zone for downstream (wouter)
7060ceb9 no $INCLUDE in this test. (wouter)
71ba486b Test for no-upstream enabled, and thus fallback to normal priming and lookup. (wouter)
12f50778 remove debug print (wouter)
483796b9 fix to please doxygen's parser. (wouter)
4d3b9db0 unit test for auth zone lookup (wouter)
5c23b370 Fix sldns parse state prev dname. (wouter)
90141b6f fix $INCLUDE (wouter)
f92f7fb2 auth zone, make depend, fallback, create and delete, and lease_time, and lock fixes. (wouter)
80ab330e lint fixes. (wouter)
82a0a763 lint fixes (wouter)
b20df48e Also use NSEC with longest closest encloser for CNAME responses. (ralph)
7af974cc remove unused TODO items (wouter)
ee752be7 auth zone work, ixfr apply procedure. (wouter)
5489a6b5 - Use NSEC with longest ce to prove wildcard absence. - Only use *.ce to prove wildcard absence, no longer names. (ralph)
5af55bab remove unneeded statements (wouter)
cea3d1ee fixup iterator (wouter)
3e50a1fb unneeded statement (wouter)
337ef218 fix id check (wouter)
c0b6702a lint fix. (wouter)
e2560b39 lint fixes. (wouter)
6511959f fix ixfr and axfr end detection. (wouter)
1456e7a6 authzone transfer functionality (wouter)
7774d57f correct name for libunbound.so.conf (wouter)
0a2f0cf4 add semicolon at end of line. (wouter)
1926bbe5 - ltrace.conf file for libunbound in contrib. (wouter)
74d2a9da - Print fatal errors about remote control setup before log init, so that it is printed to console. (wouter)
f84f924e - Fix that unbound-checkconf -f flag works with auto-trust-anchor-file for startup scripts to get the full pathname(s) of anchor file(s). (wouter)
98b9046b - Fix#3397: Fix that when the cache contains an unsigned DNAME in the middle of a cname chain, a result without the DNAME could be returned. (wouter)
82881b17 - Fix#3397: Fix that cachedb could return a partial CNAME chain. (wouter)
bf48ee63 - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is also recognized and means the same. Also for tls-port, tls-service-key, tls-service-pem, stub-tls-upstream and forward-tls-upstream. (wouter)
58bcba72 - make depend: code dependencies updated in Makefile. (wouter)
b9d18105 - iana port update. (wouter)
7911e492 - patch for CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records. (wouter)
51c4c977 - trunk has 1.6.9 with fix and previous commits. (wouter)
a28f91e7 - Copy query and correctly set flags on REFUSED answers when cache snooping is not allowed. (ralph)
f31d36c8 Please lint (ralph)
faf687ef - Fix queries being leaked above stub when refetching glue. (ralph)
0a121de9 fix oneoff (wouter)
e8865e9a fixup larger than 2**31 case. (wouter)
fe7c8d17 - Remove clang optimizer disable, Fix that expiration date checks don't fail with clang -O2. (wouter)
ed00a971 - Fix that DS queries with referral replies are answered straight away, without a repeat query picking the DS from cache. The correct reply should have been an answer, the reply is fixed by the scrubber to have the answer in the answer section. (wouter)
bd2f389b - Also disable -flto for clang, to make incep-expi signature check work. (wouter)
b4462e04 - iana port update. (wouter)
e905d513 - Fix timestamp failure because of clang optimizer failure, by disabling -O2 when the compiler --version is clang. (wouter)
dd172dfb remove debug output (wouter)
8ddd7434 this version of unbound fails when compiled with CC=clang and -O (edit Makefile), or -O2 (default). If you use no optimizing flag, unittest works. (wouter)
eaeddf20 unit test for timestamp failure with clang (wouter)
074b8502 authzone work (wouter)
2c0645e9 set repinfo correctly (this prints out debug and errors with the correct remote IP) (wouter)
ea5643f9 fix unit tests (wouter)
a1ad3c1d - authzone work, transfer connect. (wouter)
94372506 - Fix qname-minimisation documentation (A QTYPE, not NS) (ralph)
1a699f59 - Check whether --with-libunbound-only is set when using --with-nettle or --with-nss. (ralph)
14da3558 lookup and transfer setup (wouter)
32908dc8 disown and pickup of next task. (wouter)
bf393616 fixup locks. (wouter)
f9decd7b - Fix link failure on OmniOS. (wouter)
bf32cf46 auth zone transfer setup. (wouter)
276a63a1 iterate probe over looked up ip4 and ip6 addresses (wouter)
3338ac15 - auth zone work. probe hostname lookup. (wouter)
0dfd3238 note that state must be separated because of error corner cases. (wouter)
8fb3f713 - Fix#3299 - forward CNAME daisy chain is not working (wouter)
19649cbf re-run aclocal (of Fedora 27). (wouter)
c8b4fc87 upgraded comment (wouter)
98a152c9 fix for lint. (wouter)
9efb9044 - auth xfer work on probe timer and lookup. (wouter)
44915a87 - Fix#2882: Unbound behaviour changes (wrong) when domain-insecure is set for stub zone. It no longer searches for DNSSEC information. (wouter)
1f3ab658 no AAAA shortcuts. (wouter)
6f02e4bb - Fix qname minimisation to send AAAA queries at zonecut like type A. (wouter)
e23fd131 - Fix#2801: Install libunbound.pc. (wouter)
58a0187a unused void cast. (wouter)
3ccb98dd - Fix#2492: Documentation libunbound. (wouter)
a022c9bd - Fix#2141 - for libsodium detect lack of entropy in chroot, print a message and exit. (wouter)
f03a2ab4 - Fix#2034 - Autoconf and -flto. (wouter)
a0ffe3a2 - Fix#2362: TLS1.3/openssl-1.1.1 not working. (wouter)
de14a7e8 Correct line ending in man page. (wouter)
f2a4d20b Typing error fix up. (wouter)
6c4ad226 - make ip-transparent option work on OpenBSD. (wouter)
72b70b5c - Fix#1913: ub_ctx_config is under circumstances thread-safe. (wouter)
c9ce6f59 - iana port update. (wouter)
ba572d6f - lexer output. (wouter)
470f64df - Document that errno is left informative on libunbound config read fail. (wouter)
d1c485bc - Fix#2031: Double included headers (ralph)
24b4835e - Fix#1949: [dnscrypt] make provider name mismatch more obvious. (ralph)
9c22e427 - Fixed libunbound manual typo. (ralph)
aa79205c - Update B root ipv4 address. (ralph)
e004cf81 authzone, handle probe return packets. (wouter)
80987455 fix lint (wouter)
516f8fc5 corrected fix for test link. (wouter)
533368b8 fix test link (wouter)
cc34c6bd authzone work. (wouter)
735c650f fix doxygen (wouter)
f6767b64 - authzone work, probe timer setup. (wouter)
6f83cdd0 - lint for recent authzone commit. (wouter)
77d3988e - Work on local root zone code. (wouter)
8ea0120a - Better documentation for cache-max-negative-ttl. (wouter)
1a627478 Turn duplicates into warnings for dnscrypt, and fix declaration and code mix warning. (wouter)
cbb64b3a - [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert duplicates - [dnscrypt] introduce dnscrypt-provider-cert-rotated option, from Manu Bretelle. This option allows handling multiple cert/key pairs while only distributing some of them. In order to reliably match a client magic with a given key without strong assumption as to how those were generated, we need both key and cert. Likewise, in order to know which ES version should be used. On the other hand, when rotating a cert, it can be desirable to only serve the new cert but still be able to handle clients that are still using the old certs's public key. The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not publish the cert as part of the DNS's provider_name's TXT answer. (wouter)
3110caa0 - Fix#1749: With harden-referral-path: performance drops, due to circular dependency in NS and DS lookups. (wouter)
9ebff362 - trunk has version 1.6.8. (wouter)
8a71dc5f - tag 1.6.7 (wouter)
ddc23882 - Fix spelling in unbound-control man page. (wouter)
486ac179 - tag 1.6.7rc1 (wouter)
95863bf2 - Use RCODE from A response on DNS64 synthesized answer. (ralph)
511a63ef remove duplicate statements. (wouter)
20130528 - Fix some more crpls in testdata for different signaling default. (wouter)
c523378d - Fix trust-anchor-signaling works in libunbound. (wouter)
8824ebcd also disable trust-anchor-signaling is crpl tests (ralph)
c42f5361 - Set trust-anchor-signaling default to yes (ralph)
970f539b - Fix param unused warning for windows exportsymbol compile. (wouter)
8f05e958 - Fix#1450: Generate again patch contrib/aaaa-filter-iterator.patch (by Danilo G. Baio). (ralph)
4d5b70bb - Log name of looping module (ralph)
235b9c14 Spelling fixes are from Josh Soref. (wouter)
f5d8f505 - Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff. (wouter)
f8f00182 assert and lint. (wouter)
6c6d3376 - use a cachedb answer even if it's "expired" when serve-expired is yes (patch from Jinmei Tatuya). - trigger refetching of the answer in that case (this will bypass cachedb lookup) - allow storing a 0-TTL answer from cachedb in the in-memory message cache when serve-expired is yes (wouter)
c881f5fe - Fix#1400: allowing use of global cache on ECS-forwarding unless always-forward. (ralph)
87a108b3 - Fix#1440: [dnscrypt] client nonce cache. (wouter)
e12160f6 and man page. (wouter)
e2aaf5e9 - Fix#1435: Please allow UDP to be disabled separately upstream and downstream. (wouter)
5251daea - Fix that looping modules always stop the query, and don't pass control. (wouter)
becbd20b - tag 1.6.6rc2, became 1.6.6 on 18 sep. trunk 1.6.7 in development. (wouter)
b5aba923 autoconf. (wouter)
39ba9480 - Spelling fixes, from Phil Porada. (wouter)
ddd249d0 - Fix unbound-host to report error for DNSSEC state of failed lookups. (wouter)
dfb5ebda - tag 1.6.6rc2 (wouter)
86daa970 - Add dns64 for client-subnet in unbound-checkconf. (wouter)
45adede8 remove debug (wouter)
6e590364 - Fix#1434: Fix windows openssl 1.1.0 linking. (wouter)
6d18c7e2 - Fix#1412: QNAME minimisation strict mode not honored (ralph)
3a1a576d - makedist fix for windows binaries, with openssl 1.1.0 windres fix, and expat 2.2.4 install target fix. (wouter)
526d1e88 note tag 1.6.6rc1 (wouter)
50941d67 and in man page. (wouter)
d8d4c8c5 - Recommend 1472 buffer size in unbound.conf (wouter)
3d60e536 lock_protect mutex in cachedb. (wouter)
15de6468 - Fix#1418: [ip ratelimit] initialize slabhash using ip-ratelimit-slabs. (wouter)
57323a83 les and bison. (wouter)
dfb7048b dnscrypt cache size configuration option. (wouter)
6a32cf0c - make depend (wouter)
ce208bb8 - Fix#1417: [dnscrypt] shared secret cache counters, and works when dnscrypt is not enabled. (wouter)
7e69f3e2 - but reverted that, tests fails with that escape. (wouter)
74148f58 - For #1417: escape ; in dnscrypt tests. (wouter)
99f7948a - Fix#1424: cachedb:testframe is not thread safe. (wouter)
e7919c41 - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. (wouter)
40e912fb - updated contrib/fastrpz.patch to apply with configparser changes. (wouter)
5b50b5b0 Fix dnscrypt tests grep. (wouter)
818ac2ab - fixup WKS test on buildhost without servicebyname. (wouter)
1f650790 - new keys and certs for dnscrypt tests. (wouter)
a5990315 - zero qinfo in handle_request, this zeroes local_alias and also the qname member. (wouter)
9500ddda - Fix#1414: fix segfault on parse failure and log_replies. (wouter)
bc1fba7f nicer layout. (wouter)
d566f3c8 - Fix WKS records on kvm autobuild host, with default protobyname entries for udp and tcp. (wouter)
398021b8 - Small fixes for the shared secret cache patch. (wouter)
8e49ed87 - Fix#1415: [dnscrypt] shared secret cache, patch from Manu Bretelle. (wouter)
737cb748 - iana portlist update (wouter)
8b3bfc6c - Fix#1415: patch to free dnscrypt environment on reload. (wouter)
6aa6c48e - Fix to reclaim tcp handler when it is closed due to dnscrypt buffer allocation failure. (wouter)
51808a94 - make depend (wouter)
a2f9551c - Fix#1407: Add ECS options check to unbound-checkconf. (wouter)
489ad287 - Fix#1402: squelch invalid argument error for fd_set_block on windows. (wouter)
2cbdee08 Better text for change: - Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017. (wouter)
69cabf50 - Fix issue on macOX 10.10 where TCP fast open is detected but not implemented causing TCP to fail. The fix allows fallback to regular TCP in this case and is also more robust for cases where connectx() fails for some reason. (wouter)
b080335c - trunk version 1.6.6 in development. (wouter)
e682b0be - Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes installs between sep11 and oct11 2017. (wouter)
9e967620 better text. (wouter)
aa09eec8 - Patch to show DNSCrypt status in help output, from Carsten Strotmann. (wouter)
36be78aa - Remove spaces from Makefile. (wouter)
9e330d75 yacc 1.9 and flex 2.6.1. (wouter)
94f66ee0 - Fix#1398: make cachedb secret configurable. (wouter)
df7d82a2 - Fix#1397: Recursive DS lookups for AS112 zones names should recurse. (wouter)
e5513455 Do not add rrset_bogus and query ratelimiting stats per thread. (ralph)
d073e3e2 - Added stats for queries that have been ratelimited by domain recursion. (ralph)
2fc82180 - Do not reset rrset.bogus stats when called using stats_noreset. (ralph)
ebd76ef0 - Remove unused iter_env member (ip6arpa_dname) (ralph)
4b3602ba - Fix#1394: mix of serve-expired and response-ip could cause a crash. (wouter)
436f873b - iana update (wouter)
47dafe4c fix type cast. (wouter)
8afb9182 - Fix#1365: Add Ed25519 support using libnettle. (wouter)
cce1adf9 - Fix DSA configure switch (--disable dsa) for libnettle and libnss. (wouter)
4cc1a472 double fallthrough annotation to please gcc parser. (wouter)
0dcb1147 annotate fallthrough (wouter)
d616547e remove warning (wouter)
756034db - Fix compile with libnettle (wouter)
daa625cf - remove warning from windows compile. (wouter)
6521d82b - squelch TCP fast open error on FreeBSD when kernel has it disabled, unless verbosity is high. (wouter)
2f22e0e3 - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), config.sub(2016-09-05). - annotate case statement fallthrough for gcc 7.1.1. - flex output from flex 2.6.1. - snprintf of thread number does not warn about truncated string. (wouter)
ea646bbb please doxygen (wouter)
55c6dcd7 - Fix#1349: allow suppression of pidfiles (from Daniel Kahn Gillmor). With the -p option unbound does not create a pidfile. (wouter)
fe4f8851 - Fix#1350: make cachedb backend configurable (from JINMEI Tatuya). (wouter)
e946f2fe fix doc. (wouter)
4ebb3f5a - Redirect all localhost names to localhost address for RFC6761. (wouter)
7e2a0e92 - Fix#1344: RFC6761-reserved domains: test. and invalid. (wouter)
6ab32e3f fixup printout of skipped. (wouter)
f48dadeb test report again (wouter)
61e5213d Test -f report. (wouter)
b33ffd41 full report with -f (wouter)
3562699a run tests. (wouter)
df993ad5 - Fix svn hooks for tdir (selected if testcode/mini_tdir.sh exists). (wouter)
3343bcb0 Fixup speed_cache for 01-doc test. (wouter)
8ba25b12 tests in tdir format. (wouter)
2ca4cc3a - Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg. (wouter)
b56b9684 - Fix 1332: Bump verbosity of failed chown'ing of the control socket. (wouter)
029b56d0 Fixup (wouter)
c6925b28 - Fix openssl 1.1.0 load of ssl error strings from ssl init. (wouter)
1b563e56 - Fix pythonmod link line option flag. (wouter)
4de11541 - Fix#1331: libunbound segfault in threaded mode when context is deleted. (wouter)
cc82f13e - Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned on. (wouter)
80663d8e lint fix and check errcode. (wouter)
ad5295b5 - enhancement for hardened-tls for DNS over TLS. Removed duplicated security settings. (wouter)
13034f04 - iana portlist update (wouter)
f43c401e - Fix python example0 return module wait instead of error for pass. (wouter)
Credit for this commit goes to "xmr-eric <eric@moneroeric.com>" who had
committed the revision to the monero-project/monero repo.
(cherry picked from commit e8d773a049487db7982e38b3986d63756fc45f84)
Credit for this commit goes to "moneromooo-monero
<moneromooo-monero@users.noreply.github.com>"
who had committed the revision to the monero-project/monero repo.
(cherry picked from commit e8d773a049487db7982e38b3986d63756fc45f84)
Credit for this commit goes to "moneromooo-monero
<moneromooo-monero@users.noreply.github.com>"
who had committed the revision to the monero-project/monero repo.
(cherry picked from commit 1a271d25a15fcfe4ee4c687257dcf30755ce7ca9)
Credit for this commit goes to "Pavel Maryanov <acid@jack.kiev.ua>" who
had committed the revision to the monero-project/monero repo.
(cherry picked from commit a17efcb039c1128fdb11fd147687f15f2ae12494)
Credit for this commit goes to "ston1th <ston1th@giftfish.de>" who had
committed the revision to the monero-project/monero repo.
(cherry picked from commit ba1b89fbb7a2fde9b07fa906cdd3c1f4c3721a22)
that uses a Redis server as the storage. This implementation
depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
And unbound should be built with both --enable-cachedb and
--with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
should exist). Patch from Jinmei Tatuya (Infoblox).
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4586 be551aaa-1e26-0410-a405-d3ace91eadb9
although it could be changed at a later time, to stay similar to
other implementations.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4560 be551aaa-1e26-0410-a405-d3ace91eadb9
