| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lets us get past captive portals that
- correctly answer SOA queries for the root zone with edns0 option
- return NXDOAMIN for the captive portal redirect domain if edns0 is
present
Observed by many after g2k19 in maple leaf lounges.
While here improve handling of captive portal configuration removal
while unwind thinks we are behind a captive portal. For example
because the host we are checking is down. Previously unwind would
think we are stuck behind a captive portal forever.
|
| | |
|
| |
|
|
| |
OK pamela
|
| |
|
|
| |
in the block list it answers with rcode REFUSED.
|
| |
|
|
|
| |
resolver context. Otherwise we will ignore the answer later on
anyway.
|
| | |
|
| | |
|
| |
|
|
|
| |
Unfortunately the nameserver types enums needed to be renamed
to not collide with yacc tokens.
|
| |
|
|
|
| |
in type to identify the resolver now that they can be addressed by
index.
|
| | |
|
| |
|
|
| |
checking counterpart are created the same way.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
section 7.1 for DoT servers.
We are setting the CA cert bundle path (/etc/ssl/cert.pem) directly in
libunbound so we need to losen pledge(2) a bit and allow rpath. At the
same time we unveil only /etc/ssl/cert.pem. We can drop the chroot(2)
since pledge(2) and unveil(2) give us more fine grained isolation.
prodding by tb@.
p.s. for portable it might be necessary to pass in a file descriptor
from the parent, slurp in the file and then use X509_STORE_load_mem()
(pointed out by sthen) in the guts of libunbound.
|
| |
|
|
| |
ok florian
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While we are behind a captive portal we have to ask the dhcp provided
resolvers. However it is possible that those resolvers do not like
to talk to unwind because of EDNS0.
Unwind handles this case by closing its listening socket and hands
over to asr. Except for the resolving of the captive portal host which
it still tries to resolve via libunbound.
Turns out there is no need for this we can just use getaddrinfo_async
from asr which then either hits unwind which does the right thing or
unwind closed its listening socket and asr moves on to talk directly
to the dhcp resolvers.
|
| |
|
|
| |
Brainfart pointed out by tb
|
| |
|
|
|
| |
seeing what is going on.
There is still a lot to do wrt logging but it's not a priority yet.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
pointless.
Trigger a check
- on startup
- when forwarders change on config reload
- when dhcp provided forwarders change
- on network interface state change
When a check finishes and the checked resolver cannot resolve anything
configure a timer to run another check in the future using an
exponential backoff for the timeout.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Only accept a new config reload if it's not currently running and
on accept a config reload end if one is currently running.
OK pamela
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the obj directory. Previously this was solved by keeping the libunbound
file name (to be able to keep in sync with upstream) and prefixing
the source filename of colliding .o files in unwind with uw_.
However, these files are shared through out our tree (namely parse.y,
log.c and log.h) and we try to keep them in sync.
Move files back to their original name and instead symlink colliding source
files in libunbound to unique filenames by prefixing them with the directory
they live in:
obj/sldns_parse.c -> /usr/src/sbin/unwind/libunbound/sldns/parse.c
obj/util_log.c -> /usr/src/sbin/unwind/libunbound/util/log.c
Idea to use symlinks deraadt@ via jsg@
OK benno
|
| |
|
|
|
| |
imsg.hdr.len and shorten code.
Input & OK pamela
|
| |
|
|
|
|
|
|
|
|
| |
changed we need to fix the TTL to the value we would get from the root
for the ksk DNSKEY (currently 2 days). Otherwise we would interpret a
lowerd TTL from a cache as changed trust anchor.
Use the same define everywhere.
(Considering the glacial speed with which the root ksk rotates this should
be fine for the forseable future.)
|
| |
|
|
| |
DoT resolver.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not use the libunbound's auto trust anchor file feature since it
then the resolver process needs rpath, wpath, and cpath pledges and
permission on the trust anchor file.
Instead configure the trust anchor as resource record strings. The
parent process opens the file, passes a filedescriptor to the frontend
process to parse the file and then passes trust anchors to the
resolver process to (re-) configure the resolver contexts.
The resolver process periodically probes for new trust anchors (DNSKEY
records of the root zone) and passes those to the frontend process.
This in turn requests a file descripter for writing from the parent
process. Once the trust anchors have been written the parent process
renames the tmp file to the final location.
Also provide a built in trust anchor for boot strapping purposes if no
file is found on disk. That way we can get rid of unbound-anchor in
unwind's rc.d script.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If it comes from one of our processes and the size does not match what
we expect call fatalx to crash and burn. We either hit a logic bug or
something is fishy on the other end and we can't trust that process
any longer. Not that we trust those processes to begin with.
This also applies to receiving resources that we don't expect. For
example if we have an open UDP listen socket and get a new one passed
from the main process something is wrong and we should crash and burn.
The only place where we are more lenient is on the control socket. We
just ignore wrong sized messages so that users can't bring down
unwind.
|
| |
|
|
| |
pointed out by deraadt
|
| | |
|
| |
|
|
|
| |
directives, some of them no longer necessary.
Cleanup by Caspar Schutijser, thank you very much!
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This lets us get past the broken Dutch railway wifi that responds
NXDOMAIN if an edns0 option is present.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
resolve at all.
We come up without listening and open IPv4 and IPv6 sockets once the
resolver process has determinded that we can speak DNS to the outside
world.
Furthermore close the listening sockets when the resolver process
notices that we can no longer speak DNS to the outside.
This is a last-ditch effort to get out of libc resolver's way and let
it speak directly to e.g. dhcp provided resolvers.
With the recomended configuration of having 127.0.0.1 first in
/etc/resolv.conf and then add dhcp provided resolvers after that our
libc resolver will receive a port unreachable error and immediately
switch to the next one if unwind is not listening on port 53.
(Networks have been observed in the wild that intercept DNS packets and
answer NXDOMAIN if an edns0 option is send with the query.)
|
| |
|
|
|
|
| |
These functions / macros (from (s)ldns) are not part of the public
libunbound API so we couldn't use them before. Due to the way we use
libunbound (a local copy) we now have access.
|
| |
|
|
|
|
|
|
|
|
| |
ub_resolve_event() the heuristic to detect if the authoritative server
is unreachable was adapted in the wrong way.
Turns out when using ub_resolve_event() we get the correct rcode
passed in (SERVFAIL). The rcode in the wire format answer_packet is
still wrong though (NOERROR). But that doesn't matter since we can
just check the passed in rcode.
|
|
|
unwind(8) is a hybrid validating stub & recursive resolver.
It actively observes the local net to decide how to best resolve
names. It can chose to recurse on it's own or talk to dhcp
provided forwardes or statically defined forwarders in the
config file.
The intention is to be able to run it on localhost on every machine.
"toss it in man" deraadt@
|
florian
tedu