summaryrefslogtreecommitdiffstats
path: root/usr.sbin/unbound (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rewriting USER gets in the way of the de-escalation mechanism as itnatano2016-10-051-3/+2
| | | | | shadows the real user's identity. ok deraadt
* Backport unbound r3830/3831 from upstreadm, fixing an issue where it cansthen2016-09-062-5/+11
| | | | | | | | | | | | | | | become unresponsive and need to be restarted following a connectivity outage. From Brad, ok florian@ r3831 | wouter | 2016-08-23 04:49:01 -0400 (Tue, 23 Aug 2016) | 3 lines - Fix #804: lower num_target_queries for iterator also for failed lookups. r3830 | wouter | 2016-08-23 04:30:12 -0400 (Tue, 23 Aug 2016) | 3 lines - Fix #804: unbound stops responding after outage. Fixes queries that attempt to wait for an empty list of subqueries.
* backport r3782, fixing qname-minimisation with various broken DNS servers,sthen2016-06-223-8/+32
| | | | | | | | | often found at CDNs. - Use QTYPE=A for QNAME minimisation. - Keep track of number of time-outs when performing QNAME minimisation. Stop minimising when number of time-outs for a QNAME/QTYPE pair is more than three.
* backport r3781, fix segfault in -hsthen2016-06-222-1/+9
|
* update to unbound-1.5.9. (there will be a follow-up commit to cherrypick asthen2016-06-2280-680/+4324
| | | | | | couple of post-1.5.9 patches). tests from Mark Patruck, danj, matthieu, millert. reads ok to jung, ok florian.
* update to unbound 1.5.8, ok florian@ jung@sthen2016-03-0553-4463/+7608
|
* Backport r3602 | wouter | 2016-01-19 15:37:54 +0000 (Tue, 19 Jan 2016) | 3 linessthen2016-01-191-1/+6
| | | | | | | - Squelch 'cannot assign requested address' log messages unless verbosity is high, it was spammed after network down. (problem reported by Philippe Meunier)
* update to Unbound 1.5.7, looks fine to deraadt@.sthen2015-12-1538-371/+1407
| | | | | Notable addition: implements optional support for qname minimisation (a privacy improvement; see draft-ietf-dnsop-qname-minimisation-07)
* minor changes, mostly whitespace, from unbound 1.5.7sthen2015-12-101-42/+43
|
* use echo rather than here documents for compat with some other shells;sthen2015-12-101-20/+18
| | | | from unbound 1.5.7 (reducing the main diff..)
* typo fixes from 1.5.7sthen2015-12-101-9/+9
|
* typo fix, from 1.5.7sthen2015-12-101-1/+1
|
* typo fixes from unbound-1.5.7rc1sthen2015-12-0924-40/+40
|
* mergesthen2015-11-0536-86/+495
|
* Fix manpage for empty pidfile. Pointed out by millert@sthen2015-10-271-10/+1
|
* Don't use a pidfile in unbound by default. Retain the ability in unbound.confsthen2015-10-271-2/+2
| | | | to set one if needed. ok millert@
* Fix nsd and unbound's error checking with SSL_CTX_set_options().doug2015-10-273-8/+16
| | | | | | | | | | LibreSSL, BoringSSL and OpenSSL have all been redefining SSL_OP_* flags to be 0 when support is removed. This breaks the error checking that nsd and unbound were doing. It should check against the flag value itself to allow for 0. input deraadt@, jsing@ tweak + ok miod@, guenther@
* Avoid unintended problems with operator precedence when doing anjsg2015-09-051-1/+1
| | | | | | assignment and comparison. ok deraadt@ looks correct millert@ jung@
* remove dead files (moved from unbound/ldns/ to unbound/sldns/)sthen2015-07-1615-9804/+0
|
* mergesthen2015-07-1641-414/+1372
|
* update to Unbound 1.5.4, ok florian@, looks sane deraadt@sthen2015-07-1657-88/+10537
|
* Point people to local-zone and stub-zone in unbound.conf and explainflorian2015-03-111-4/+14
| | | | | | | when this can be used. tweaks ian@ OK ratchov@, sthen@ seems more useful to millert@
* Fix crash on unbound-control reload introduced in update to 1.5.2.florian2015-03-084-20/+27
| | | | | | | | Found the hard way be me and independently discovered and reported upstream at the same time in bug #651. OK sthen, krw; "looks reasonable" kettenis. OK to commit deraadt
* remove svn-only filesthen2015-02-171-445/+0
|
* merge conflictssthen2015-02-1722-199/+574
|
* Update to unbound 1.5.2rc1, ok brad@sthen2015-02-1719-52/+638
|
* remove "EXAMPLE" section containing a minimal example unbound.conf; the samplesthen2015-02-171-36/+0
| | | | isn't suitable for OpenBSD and can cause confusion. ok jmc@ brad@
* Merge in a commit from upstream..brad2015-02-111-1/+3
| | | | | | | - Fix scrubber with harden-glue turned off to reject NS (and other not-address) records. ok sthen@
* Merge in a commit from upstream..brad2015-02-103-0/+76
| | | | | | | | - Fix validation failure in case upstream forwarder (ISC BIND) does not have the same trust anchors and decides to insert unsigned NS record in authority section. ok sthen@
* Merge in a commit from upstream..brad2015-01-313-0/+48
| | | | | | | - Fix 0x20 capsforid fallback to omit gratuitous NS and additional section changes. ok sthen@
* Revert some $OpenBSD$ additions about which there are doubts.krw2015-01-203-3/+0
| | | | Suggested by deraadt@
* Missing $OpenBSD$'s.krw2015-01-203-0/+3
| | | | ok deraadt@
* zap file which is unused and already removed upstreamsthen2015-01-051-162/+0
|
* use new ub_conf_dir to set the directory for keys and certificatessthen2015-01-051-2/+1
| | | | ok brad@, committed upstream (r3297)
* regensthen2015-01-051-0/+25
|
* provide a new ub_conf_dir variable, to be used in unbound-control-setupsthen2015-01-051-0/+2
| | | | ok brad@, committed upstream (r3297)
* merge conflictsbrad2014-12-118-1462/+81
|
* update to Unbound 1.5.1, ok sthen@brad2014-12-1111-16/+16
|
* Fix for CVE-2014-8602.florian2014-12-083-0/+54
| | | | | | | | | OK sthen@ Unfortunately you only get the dedication to support the infrastructure of the universally connected self-organizing Internet - and the autonomy of its participants iff you are a paying customer with a support contract.
* Remove passing an override of INSTALL_PROGRAM to thebrad2014-11-301-3/+1
| | | | | | autoconf script. It doesn't seem to serve any purpose. ok sthen@
* clean up some files generated during the build.brad2014-11-201-2/+3
| | | | noticed by deraadt@
* using ${SHELL} is nicer, ok bradderaadt2014-11-201-1/+1
|
* run the install script with sh. Come on upstream -- allow us to buildderaadt2014-11-201-1/+1
| | | | your software on noexec filesystems...
* Merge in some commits from upstream..brad2014-11-2019-74/+143
| | | | | | | | | | | | | - Removed 'increased limit open files' log message that is written to console. It is only written on verbosity 4 and higher. This keeps system bootup console cleaner. - Fix #627: SSL_CTX_load_verify_locations return code not properly checked. - Fix that CD flag disables DNS64 processing, returning the DNSSEC signed AAAA denial. - Fix cdflag dns64 processing. ok sthen@
* merge conflictsbrad2014-11-2022-757/+3276
|
* update to Unbound 1.5.0, ok sthen@brad2014-11-2078-645/+3712
|
* Better explain what unbound is for.florian2014-08-201-10/+36
| | | | | | | | | While there fix some nits. Problem pointed out by deraadt@ Input jmc@, schwarze@ wouter@ committed a slightly different diff upstream. Pull that on out of svn and hand merge it. OK schwarze@
* Use arc4random as PRNG backend, instead of libcrypto RAND.jca2014-04-231-175/+4
| | | | | | Feedback and ok guenther@ deraadt@ Discussed with upstream, who is preparing an arc4random backend.
* Remove bsd-wrapper pieces to handle pulling unbound-host.1 from src,sthen2014-03-261-9/+1
| | | | | no longer needed now that this file is handled the same in Unbound's build infrastructure as the other manpages.
* Handle unbound-host(1) the same way as other manpages and have configuresthen2014-03-264-3/+4
| | | | | | generate a copy in the build directory. Removes some complexity and fixes a problem noticed by rpe@ when running 'make -f Makefile.bsd-wrapper clean' in src dir without having an obj dir present. From upstream r3100.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.