6f49bcb6d9and store bogus ttl (this is not picked out of the cache to send to, so saves work and avoids this target)
wouter
2011-01-14 15:51:11 +0000
4a7e7c3a2bstore if ttl expired
wouter
2011-01-14 15:23:51 +0000
e40c702c96- Fix so a changed NS RRset does not get moved name stuck on old server, for type NS the TTL is not increased.
wouter
2011-01-14 13:56:25 +0000
fb7fa5c347- Fix prefetch so it does not get stuck on old server for moved names.
wouter
2011-01-13 10:13:01 +0000
bd5d117f93doxygen compat with version 1.6.3, and splint compat.
wouter
2011-01-12 09:17:59 +0000
f5be858e6b- algorithm compromise protection using the algorithms signalled in the DS record. Also, trust anchors, DLV, and RFC5011 receive this, and thus, if you have multiple algorithms in your trust-anchor-file then it will now behave different than before. Also, 5011 rollover for algorithms needs to be double-signature until the old algorithm is revoked.
wouter
2010-12-21 14:19:55 +0000
a33b75aebfWork on validation of multiple algorithms.
wouter
2010-12-20 15:58:12 +0000
d0d27bd296- fix validation in this case: CNAME to nodata for co-hosted opt-in NSEC3 insecure delegation, was bogus, fixed to be insecure.
wouter
2010-12-17 10:05:56 +0000
72de97c816Fix storage of noEDNS in the infra cache. iana portlist updated.
wouter
2010-11-30 12:55:48 +0000
b5252fabaaharden-below-nxdomain option taken from draft-vixie-dnsext-resimprove. Default off (for now), as some older software that gives nxdomain for ENT would be incompatible. But that would only happen in the reverse tree, and such software (nonDNSSEC) may go out of style, so in the future a default yes could be possible.
wouter
2010-11-18 08:49:15 +0000
eabb7aeb89- make test output nicer.
wouter
2010-11-17 15:50:52 +0000
49067d5c18- implement draft-vixie-dnsext-resimprove-00, we stop on NXDOMAIN.
wouter
2010-11-17 10:02:34 +0000
3709f579a0- so-sndbuf option for very busy servers, a bit like so-rcvbuf.
wouter
2010-11-15 14:30:34 +0000
07b8abede0errno filtering better: sendto and sendmsg filtered in the same way. Also ENETDOWN and ENETUNREACH for tcp (already had EHOSTDOWN and EHOSTUNREACH).
wouter
2010-11-15 14:00:20 +0000
206d95e87a- Fix validation failure for parent and child on same server with an insecure childzone and a CNAME from parent to child.
wouter
2010-10-29 13:10:26 +0000
eabdaa2eb4- Fix uninit value in dump_infra print.
wouter
2010-10-29 10:20:40 +0000
9d840fcfe6newer ldns for outofdir build
wouter
2010-10-27 14:16:34 +0000
bc95d0399bRemove warnings on NetBSD.
wouter
2010-10-27 12:21:44 +0000
d71a3cf1canicer output from debug commands
wouter
2010-10-27 08:09:22 +0000
127bb0f5f7subtract 1000 so it is more than the RTT_BAND
wouter
2010-10-26 15:41:23 +0000
7b804dfd28fix for top reuse
wouter
2010-10-26 15:28:01 +0000
682e6f70c0- Change of timeout code. No more lost and backoff in blockage. At 12sec timeout (and at least 2x lost before) one probe per IP is allowed only. At 120sec, the IP is blocked. After 15min, a 120sec entry has a single retry packet.
wouter
2010-10-26 15:02:08 +0000
dcd8a97b63neater API for unbound-control lookup.
wouter
2010-10-26 13:43:28 +0000
ef38180e0eremove lost and backoff values.
wouter
2010-10-26 13:30:37 +0000
ee39f03318- no timeout backoff if meanwhile a query succeeded.
wouter
2010-10-26 12:15:00 +0000
786b9481fadump_infra and flush_infra commands for unbound-control.
wouter
2010-10-26 09:08:33 +0000
26c5c1a18a+ - Configure errors if ldns is not found.
wouter
2010-10-25 07:44:33 +0000
b3100c3820- Windows 7 fix for installer.
wouter
2010-10-22 07:34:28 +0000
c126a3de01- Fix bug where fallback_tcp causes wrong roundtrip and edns observation to be noted in cache. Fix bug where EDNSprobe halted exponential backoff if EDNS status unknown. - new unresponsive host method, exponentially increasing block backoff. - iana portlist updated.
wouter
2010-10-21 15:11:39 +0000