unbound: Vendor import 1.17.1
Release notes at https://www.nlnetlabs.nl/news/2023/Jan/12/unbound-1.17.1-released/. MFC after: 1 month Merge commit '7699e1386a16236002b26107ffd2dcbde375e197' into main
This commit is contained in:
commit
1838dec318
@ -616,7 +616,7 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA
|
|||||||
$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
|
$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
|
||||||
$(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
|
$(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
|
||||||
$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
|
$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
|
||||||
if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi
|
if test ! -e "$(DESTDIR)$(configfile)"; then $(INSTALL) -d `dirname "$(DESTDIR)$(configfile)"`; $(INSTALL) -c -m 644 doc/example.conf "$(DESTDIR)$(configfile)"; fi
|
||||||
|
|
||||||
pythonmod-uninstall:
|
pythonmod-uninstall:
|
||||||
rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py
|
rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py
|
||||||
@ -645,7 +645,7 @@ uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL) $(UNBOUND_EVENT_UNINSTA
|
|||||||
rm -f -- $(DESTDIR)$(includedir)/unbound.h
|
rm -f -- $(DESTDIR)$(includedir)/unbound.h
|
||||||
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la
|
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la
|
||||||
@echo
|
@echo
|
||||||
@echo "You still need to remove "`dirname $(DESTDIR)$(configfile)`" , $(DESTDIR)$(configfile) by hand"
|
@echo "You still need to remove "`dirname "$(DESTDIR)$(configfile)"`" , $(DESTDIR)$(configfile) by hand"
|
||||||
|
|
||||||
iana_update:
|
iana_update:
|
||||||
curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed
|
curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions)
|
[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions)
|
||||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound)
|
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound)
|
||||||
[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest)
|
[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest)
|
||||||
|
[![Mastodon Follow](https://img.shields.io/mastodon/follow/109262826617293067?domain=https%3A%2F%2Ffosstodon.org&style=social)](https://fosstodon.org/@nlnetlabs)
|
||||||
|
|
||||||
Unbound is a validating, recursive, caching DNS resolver. It is designed to be
|
Unbound is a validating, recursive, caching DNS resolver. It is designed to be
|
||||||
fast and lean and incorporates modern features based on open standards. If you
|
fast and lean and incorporates modern features based on open standards. If you
|
||||||
|
@ -390,6 +390,15 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
|||||||
|
|
||||||
if(!qstate->return_msg || !qstate->return_msg->rep)
|
if(!qstate->return_msg || !qstate->return_msg->rep)
|
||||||
return 0;
|
return 0;
|
||||||
|
/* do not store failures like SERVFAIL in the cachedb, this avoids
|
||||||
|
* overwriting expired, valid, content with broken content. */
|
||||||
|
if(FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||||
|
LDNS_RCODE_NOERROR &&
|
||||||
|
FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||||
|
LDNS_RCODE_NXDOMAIN &&
|
||||||
|
FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||||
|
LDNS_RCODE_YXDOMAIN)
|
||||||
|
return 0;
|
||||||
/* We don't store the reply if its TTL is 0 unless serve-expired is
|
/* We don't store the reply if its TTL is 0 unless serve-expired is
|
||||||
* enabled. Such a reply won't be reusable and simply be a waste for
|
* enabled. Such a reply won't be reusable and simply be a waste for
|
||||||
* the backend. It's also compatible with the default behavior of
|
* the backend. It's also compatible with the default behavior of
|
||||||
@ -542,10 +551,16 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
|||||||
verbose(VERB_ALGO, "cachedb msg expired");
|
verbose(VERB_ALGO, "cachedb msg expired");
|
||||||
/* If serve-expired is enabled, we still use an expired message
|
/* If serve-expired is enabled, we still use an expired message
|
||||||
* setting the TTL to 0. */
|
* setting the TTL to 0. */
|
||||||
if(qstate->env->cfg->serve_expired)
|
if(!qstate->env->cfg->serve_expired ||
|
||||||
adjust = -1;
|
(FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||||
else
|
!= LDNS_RCODE_NOERROR &&
|
||||||
|
FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||||
|
!= LDNS_RCODE_NXDOMAIN &&
|
||||||
|
FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||||
|
!= LDNS_RCODE_YXDOMAIN))
|
||||||
return 0; /* message expired */
|
return 0; /* message expired */
|
||||||
|
else
|
||||||
|
adjust = -1;
|
||||||
}
|
}
|
||||||
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
|
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
|
||||||
adjust_msg_ttl(qstate->return_msg, adjust);
|
adjust_msg_ttl(qstate->return_msg, adjust);
|
||||||
|
25
contrib/unbound/configure
vendored
25
contrib/unbound/configure
vendored
@ -1,6 +1,6 @@
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.69 for unbound 1.17.0.
|
# Generated by GNU Autoconf 2.69 for unbound 1.17.1.
|
||||||
#
|
#
|
||||||
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
|
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
|
||||||
#
|
#
|
||||||
@ -591,8 +591,8 @@ MAKEFLAGS=
|
|||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='unbound'
|
PACKAGE_NAME='unbound'
|
||||||
PACKAGE_TARNAME='unbound'
|
PACKAGE_TARNAME='unbound'
|
||||||
PACKAGE_VERSION='1.17.0'
|
PACKAGE_VERSION='1.17.1'
|
||||||
PACKAGE_STRING='unbound 1.17.0'
|
PACKAGE_STRING='unbound 1.17.1'
|
||||||
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
|
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
|
||||||
PACKAGE_URL=''
|
PACKAGE_URL=''
|
||||||
|
|
||||||
@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
|
|||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures unbound 1.17.0 to adapt to many kinds of systems.
|
\`configure' configures unbound 1.17.1 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
@ -1543,7 +1543,7 @@ fi
|
|||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of unbound 1.17.0:";;
|
short | recursive ) echo "Configuration of unbound 1.17.1:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
@ -1785,7 +1785,7 @@ fi
|
|||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
unbound configure 1.17.0
|
unbound configure 1.17.1
|
||||||
generated by GNU Autoconf 2.69
|
generated by GNU Autoconf 2.69
|
||||||
|
|
||||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF
|
|||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by unbound $as_me 1.17.0, which was
|
It was created by unbound $as_me 1.17.1, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1
|
|||||||
|
|
||||||
UNBOUND_VERSION_MINOR=17
|
UNBOUND_VERSION_MINOR=17
|
||||||
|
|
||||||
UNBOUND_VERSION_MICRO=0
|
UNBOUND_VERSION_MICRO=1
|
||||||
|
|
||||||
|
|
||||||
LIBUNBOUND_CURRENT=9
|
LIBUNBOUND_CURRENT=9
|
||||||
LIBUNBOUND_REVISION=20
|
LIBUNBOUND_REVISION=21
|
||||||
LIBUNBOUND_AGE=1
|
LIBUNBOUND_AGE=1
|
||||||
# 1.0.0 had 0:12:0
|
# 1.0.0 had 0:12:0
|
||||||
# 1.0.1 had 0:13:0
|
# 1.0.1 had 0:13:0
|
||||||
@ -2938,6 +2938,7 @@ LIBUNBOUND_AGE=1
|
|||||||
# 1.16.2 had 9:18:1
|
# 1.16.2 had 9:18:1
|
||||||
# 1.16.3 had 9:19:1
|
# 1.16.3 had 9:19:1
|
||||||
# 1.17.0 had 9:20:1
|
# 1.17.0 had 9:20:1
|
||||||
|
# 1.17.1 had 9:21:1
|
||||||
|
|
||||||
# Current -- the number of the binary API that we're implementing
|
# Current -- the number of the binary API that we're implementing
|
||||||
# Revision -- which iteration of the implementation of the binary
|
# Revision -- which iteration of the implementation of the binary
|
||||||
@ -22085,7 +22086,7 @@ _ACEOF
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
version=1.17.0
|
version=1.17.1
|
||||||
|
|
||||||
date=`date +'%b %e, %Y'`
|
date=`date +'%b %e, %Y'`
|
||||||
|
|
||||||
@ -22604,7 +22605,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by unbound $as_me 1.17.0, which was
|
This file was extended by unbound $as_me 1.17.1, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
@ -22670,7 +22671,7 @@ _ACEOF
|
|||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
unbound config.status 1.17.0
|
unbound config.status 1.17.1
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
|
|||||||
# must be numbers. ac_defun because of later processing
|
# must be numbers. ac_defun because of later processing
|
||||||
m4_define([VERSION_MAJOR],[1])
|
m4_define([VERSION_MAJOR],[1])
|
||||||
m4_define([VERSION_MINOR],[17])
|
m4_define([VERSION_MINOR],[17])
|
||||||
m4_define([VERSION_MICRO],[0])
|
m4_define([VERSION_MICRO],[1])
|
||||||
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
|
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
|
||||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||||
|
|
||||||
LIBUNBOUND_CURRENT=9
|
LIBUNBOUND_CURRENT=9
|
||||||
LIBUNBOUND_REVISION=20
|
LIBUNBOUND_REVISION=21
|
||||||
LIBUNBOUND_AGE=1
|
LIBUNBOUND_AGE=1
|
||||||
# 1.0.0 had 0:12:0
|
# 1.0.0 had 0:12:0
|
||||||
# 1.0.1 had 0:13:0
|
# 1.0.1 had 0:13:0
|
||||||
@ -106,6 +106,7 @@ LIBUNBOUND_AGE=1
|
|||||||
# 1.16.2 had 9:18:1
|
# 1.16.2 had 9:18:1
|
||||||
# 1.16.3 had 9:19:1
|
# 1.16.3 had 9:19:1
|
||||||
# 1.17.0 had 9:20:1
|
# 1.17.0 had 9:20:1
|
||||||
|
# 1.17.1 had 9:21:1
|
||||||
|
|
||||||
# Current -- the number of the binary API that we're implementing
|
# Current -- the number of the binary API that we're implementing
|
||||||
# Revision -- which iteration of the implementation of the binary
|
# Revision -- which iteration of the implementation of the binary
|
||||||
|
@ -42,9 +42,8 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Validating, recursive, and caching DNS resolver
|
Description=Validating, recursive, and caching DNS resolver
|
||||||
Documentation=man:unbound(8)
|
Documentation=man:unbound(8)
|
||||||
After=network-online.target
|
After=network.target
|
||||||
Before=nss-lookup.target
|
Before=network-online.target nss-lookup.target
|
||||||
Wants=network-online.target nss-lookup.target
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
@ -387,7 +387,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||||||
struct rrset_ref ref;
|
struct rrset_ref ref;
|
||||||
uint8_t* p;
|
uint8_t* p;
|
||||||
|
|
||||||
ak = alloc_special_obtain(&worker->alloc);
|
ak = alloc_special_obtain(worker->alloc);
|
||||||
if(!ak) {
|
if(!ak) {
|
||||||
log_warn("error out of memory");
|
log_warn("error out of memory");
|
||||||
return 0;
|
return 0;
|
||||||
@ -398,7 +398,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||||||
ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len);
|
ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len);
|
||||||
if(!ak->rk.dname) {
|
if(!ak->rk.dname) {
|
||||||
log_warn("error out of memory");
|
log_warn("error out of memory");
|
||||||
ub_packed_rrset_parsedelete(ak, &worker->alloc);
|
ub_packed_rrset_parsedelete(ak, worker->alloc);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) +
|
s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) +
|
||||||
@ -408,7 +408,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||||||
ad = (struct packed_rrset_data*)malloc(s);
|
ad = (struct packed_rrset_data*)malloc(s);
|
||||||
if(!ad) {
|
if(!ad) {
|
||||||
log_warn("error out of memory");
|
log_warn("error out of memory");
|
||||||
ub_packed_rrset_parsedelete(ak, &worker->alloc);
|
ub_packed_rrset_parsedelete(ak, worker->alloc);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
p = (uint8_t*)ad;
|
p = (uint8_t*)ad;
|
||||||
@ -431,7 +431,8 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||||||
ref.key = ak;
|
ref.key = ak;
|
||||||
ref.id = ak->id;
|
ref.id = ak->id;
|
||||||
(void)rrset_cache_update(worker->env.rrset_cache, &ref,
|
(void)rrset_cache_update(worker->env.rrset_cache, &ref,
|
||||||
&worker->alloc, *worker->env.now);
|
worker->alloc, *worker->env.now);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -488,6 +488,27 @@ static int daemon_get_shufport(struct daemon* daemon, int* shufport)
|
|||||||
return avail;
|
return avail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Clear and delete per-worker alloc caches, and free memory maintained in
|
||||||
|
* superalloc.
|
||||||
|
* The rrset and message caches must be empty at the time of call.
|
||||||
|
* @param daemon: the daemon that maintains the alloc caches to be cleared.
|
||||||
|
*/
|
||||||
|
static void
|
||||||
|
daemon_clear_allocs(struct daemon* daemon)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for(i=0; i<daemon->num; i++) {
|
||||||
|
alloc_clear(daemon->worker_allocs[i]);
|
||||||
|
free(daemon->worker_allocs[i]);
|
||||||
|
}
|
||||||
|
free(daemon->worker_allocs);
|
||||||
|
daemon->worker_allocs = NULL;
|
||||||
|
|
||||||
|
alloc_clear_special(&daemon->superalloc);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allocate empty worker structures. With backptr and thread-number,
|
* Allocate empty worker structures. With backptr and thread-number,
|
||||||
* from 0..numthread initialised. Used as user arguments to new threads.
|
* from 0..numthread initialised. Used as user arguments to new threads.
|
||||||
@ -540,6 +561,21 @@ daemon_create_workers(struct daemon* daemon)
|
|||||||
/* the above is not ports/numthr, due to rounding */
|
/* the above is not ports/numthr, due to rounding */
|
||||||
fatal_exit("could not create worker");
|
fatal_exit("could not create worker");
|
||||||
}
|
}
|
||||||
|
/* create per-worker alloc caches if not reusing existing ones. */
|
||||||
|
if(!daemon->worker_allocs) {
|
||||||
|
daemon->worker_allocs = (struct alloc_cache**)calloc(
|
||||||
|
(size_t)daemon->num, sizeof(struct alloc_cache*));
|
||||||
|
if(!daemon->worker_allocs)
|
||||||
|
fatal_exit("could not allocate worker allocs");
|
||||||
|
for(i=0; i<daemon->num; i++) {
|
||||||
|
struct alloc_cache* alloc = calloc(1,
|
||||||
|
sizeof(struct alloc_cache));
|
||||||
|
if (!alloc)
|
||||||
|
fatal_exit("could not allocate worker alloc");
|
||||||
|
alloc_init(alloc, &daemon->superalloc, i);
|
||||||
|
daemon->worker_allocs[i] = alloc;
|
||||||
|
}
|
||||||
|
}
|
||||||
free(shufport);
|
free(shufport);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -771,6 +807,7 @@ daemon_fork(struct daemon* daemon)
|
|||||||
/* Shutdown SHM */
|
/* Shutdown SHM */
|
||||||
shm_main_shutdown(daemon);
|
shm_main_shutdown(daemon);
|
||||||
|
|
||||||
|
daemon->reuse_cache = daemon->workers[0]->reuse_cache;
|
||||||
daemon->need_to_exit = daemon->workers[0]->need_to_exit;
|
daemon->need_to_exit = daemon->workers[0]->need_to_exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -785,9 +822,16 @@ daemon_cleanup(struct daemon* daemon)
|
|||||||
log_thread_set(NULL);
|
log_thread_set(NULL);
|
||||||
/* clean up caches because
|
/* clean up caches because
|
||||||
* a) RRset IDs will be recycled after a reload, causing collisions
|
* a) RRset IDs will be recycled after a reload, causing collisions
|
||||||
* b) validation config can change, thus rrset, msg, keycache clear */
|
* b) validation config can change, thus rrset, msg, keycache clear
|
||||||
|
*
|
||||||
|
* If we are trying to keep the cache as long as possible, we should
|
||||||
|
* defer the cleanup until we know whether the new configuration allows
|
||||||
|
* the reuse. (If we're exiting, cleanup should be done here). */
|
||||||
|
if(!daemon->reuse_cache || daemon->need_to_exit) {
|
||||||
slabhash_clear(&daemon->env->rrset_cache->table);
|
slabhash_clear(&daemon->env->rrset_cache->table);
|
||||||
slabhash_clear(daemon->env->msg_cache);
|
slabhash_clear(daemon->env->msg_cache);
|
||||||
|
}
|
||||||
|
daemon->old_num = daemon->num; /* save the current num */
|
||||||
local_zones_delete(daemon->local_zones);
|
local_zones_delete(daemon->local_zones);
|
||||||
daemon->local_zones = NULL;
|
daemon->local_zones = NULL;
|
||||||
respip_set_delete(daemon->respip_set);
|
respip_set_delete(daemon->respip_set);
|
||||||
@ -802,8 +846,13 @@ daemon_cleanup(struct daemon* daemon)
|
|||||||
worker_delete(daemon->workers[i]);
|
worker_delete(daemon->workers[i]);
|
||||||
free(daemon->workers);
|
free(daemon->workers);
|
||||||
daemon->workers = NULL;
|
daemon->workers = NULL;
|
||||||
|
/* Unless we're trying to keep the cache, worker alloc_caches should be
|
||||||
|
* cleared and freed here. We do this after deleting workers to
|
||||||
|
* guarantee that the alloc caches are valid throughout the lifetime
|
||||||
|
* of workers. */
|
||||||
|
if(!daemon->reuse_cache || daemon->need_to_exit)
|
||||||
|
daemon_clear_allocs(daemon);
|
||||||
daemon->num = 0;
|
daemon->num = 0;
|
||||||
alloc_clear_special(&daemon->superalloc);
|
|
||||||
#ifdef USE_DNSTAP
|
#ifdef USE_DNSTAP
|
||||||
dt_delete(daemon->dtenv);
|
dt_delete(daemon->dtenv);
|
||||||
daemon->dtenv = NULL;
|
daemon->dtenv = NULL;
|
||||||
@ -900,8 +949,42 @@ daemon_delete(struct daemon* daemon)
|
|||||||
|
|
||||||
void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
|
void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
|
||||||
{
|
{
|
||||||
|
int new_num = cfg->num_threads?cfg->num_threads:1;
|
||||||
|
|
||||||
daemon->cfg = cfg;
|
daemon->cfg = cfg;
|
||||||
config_apply(cfg);
|
config_apply(cfg);
|
||||||
|
|
||||||
|
/* If this is a reload and we deferred the decision on whether to
|
||||||
|
* reuse the alloc, RRset, and message caches, then check to see if
|
||||||
|
* it's safe to keep the caches:
|
||||||
|
* - changing the number of threads is obviously incompatible with
|
||||||
|
* keeping the per-thread alloc caches. It also means we have to
|
||||||
|
* clear RRset and message caches. (note that 'new_num' may be
|
||||||
|
* adjusted in daemon_create_workers, but for our purpose we can
|
||||||
|
* simply compare it with 'old_num'; if they are equal here,
|
||||||
|
* 'new_num' won't be adjusted to a different value than 'old_num').
|
||||||
|
* - changing RRset cache size effectively clears any remaining cache
|
||||||
|
* entries. We could keep their keys in alloc caches, but it would
|
||||||
|
* be more consistent with the sense of the change to clear allocs
|
||||||
|
* and free memory. To do so we also have to clear message cache.
|
||||||
|
* - only changing message cache size does not necessarily affect
|
||||||
|
* RRset or alloc cache. But almost all new subsequent queries will
|
||||||
|
* require recursive resolution anyway, so it doesn't help much to
|
||||||
|
* just keep RRset and alloc caches. For simplicity we clear/free
|
||||||
|
* the other two, too. */
|
||||||
|
if(daemon->worker_allocs &&
|
||||||
|
(new_num != daemon->old_num ||
|
||||||
|
!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
|
||||||
|
cfg->msg_cache_slabs) ||
|
||||||
|
!slabhash_is_size(&daemon->env->rrset_cache->table,
|
||||||
|
cfg->rrset_cache_size, cfg->rrset_cache_slabs)))
|
||||||
|
{
|
||||||
|
log_warn("cannot reuse caches due to critical config change");
|
||||||
|
slabhash_clear(&daemon->env->rrset_cache->table);
|
||||||
|
slabhash_clear(daemon->env->msg_cache);
|
||||||
|
daemon_clear_allocs(daemon);
|
||||||
|
}
|
||||||
|
|
||||||
if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
|
if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
|
||||||
cfg->msg_cache_slabs)) {
|
cfg->msg_cache_slabs)) {
|
||||||
slabhash_delete(daemon->env->msg_cache);
|
slabhash_delete(daemon->env->msg_cache);
|
||||||
|
@ -99,8 +99,12 @@ struct daemon {
|
|||||||
void* listen_sslctx, *connect_sslctx;
|
void* listen_sslctx, *connect_sslctx;
|
||||||
/** num threads allocated */
|
/** num threads allocated */
|
||||||
int num;
|
int num;
|
||||||
|
/** num threads allocated in the previous config or 0 at first */
|
||||||
|
int old_num;
|
||||||
/** the worker entries */
|
/** the worker entries */
|
||||||
struct worker** workers;
|
struct worker** workers;
|
||||||
|
/** per-worker allocation cache */
|
||||||
|
struct alloc_cache **worker_allocs;
|
||||||
/** do we need to exit unbound (or is it only a reload?) */
|
/** do we need to exit unbound (or is it only a reload?) */
|
||||||
int need_to_exit;
|
int need_to_exit;
|
||||||
/** master random table ; used for port div between threads on reload*/
|
/** master random table ; used for port div between threads on reload*/
|
||||||
@ -140,6 +144,8 @@ struct daemon {
|
|||||||
/** the dnscrypt environment */
|
/** the dnscrypt environment */
|
||||||
struct dnsc_env* dnscenv;
|
struct dnsc_env* dnscenv;
|
||||||
#endif
|
#endif
|
||||||
|
/** reuse existing cache on reload if other conditions allow it. */
|
||||||
|
int reuse_cache;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -105,8 +105,6 @@
|
|||||||
|
|
||||||
/** what to put on statistics lines between var and value, ": " or "=" */
|
/** what to put on statistics lines between var and value, ": " or "=" */
|
||||||
#define SQ "="
|
#define SQ "="
|
||||||
/** if true, inhibits a lot of =0 lines from the stats output */
|
|
||||||
static const int inhibit_zero = 1;
|
|
||||||
|
|
||||||
/** subtract timers and the values do not overflow or become negative */
|
/** subtract timers and the values do not overflow or become negative */
|
||||||
static void
|
static void
|
||||||
@ -684,8 +682,9 @@ do_stop(RES* ssl, struct worker* worker)
|
|||||||
|
|
||||||
/** do the reload command */
|
/** do the reload command */
|
||||||
static void
|
static void
|
||||||
do_reload(RES* ssl, struct worker* worker)
|
do_reload(RES* ssl, struct worker* worker, int reuse_cache)
|
||||||
{
|
{
|
||||||
|
worker->reuse_cache = reuse_cache;
|
||||||
worker->need_to_exit = 0;
|
worker->need_to_exit = 0;
|
||||||
comm_base_exit(worker->base);
|
comm_base_exit(worker->base);
|
||||||
send_ok(ssl);
|
send_ok(ssl);
|
||||||
@ -920,7 +919,7 @@ print_hist(RES* ssl, struct ub_stats_info* s)
|
|||||||
|
|
||||||
/** print extended stats */
|
/** print extended stats */
|
||||||
static int
|
static int
|
||||||
print_ext(RES* ssl, struct ub_stats_info* s)
|
print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char nm[32];
|
char nm[32];
|
||||||
@ -1129,7 +1128,7 @@ do_stats(RES* ssl, struct worker* worker, int reset)
|
|||||||
return;
|
return;
|
||||||
if(!print_hist(ssl, &total))
|
if(!print_hist(ssl, &total))
|
||||||
return;
|
return;
|
||||||
if(!print_ext(ssl, &total))
|
if(!print_ext(ssl, &total, daemon->cfg->stat_inhibit_zero))
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1963,6 +1962,8 @@ do_flush_name(RES* ssl, struct worker* w, char* arg)
|
|||||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN);
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN);
|
||||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN);
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN);
|
||||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN);
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN);
|
||||||
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN);
|
||||||
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN);
|
||||||
|
|
||||||
free(nm);
|
free(nm);
|
||||||
send_ok(ssl);
|
send_ok(ssl);
|
||||||
@ -3029,8 +3030,11 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
|
|||||||
if(cmdcmp(p, "stop", 4)) {
|
if(cmdcmp(p, "stop", 4)) {
|
||||||
do_stop(ssl, worker);
|
do_stop(ssl, worker);
|
||||||
return;
|
return;
|
||||||
|
} else if(cmdcmp(p, "reload_keep_cache", 17)) {
|
||||||
|
do_reload(ssl, worker, 1);
|
||||||
|
return;
|
||||||
} else if(cmdcmp(p, "reload", 6)) {
|
} else if(cmdcmp(p, "reload", 6)) {
|
||||||
do_reload(ssl, worker);
|
do_reload(ssl, worker, 0);
|
||||||
return;
|
return;
|
||||||
} else if(cmdcmp(p, "stats_noreset", 13)) {
|
} else if(cmdcmp(p, "stats_noreset", 13)) {
|
||||||
do_stats(ssl, worker, 0);
|
do_stats(ssl, worker, 0);
|
||||||
|
@ -133,7 +133,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker),
|
|||||||
rrset = slabhash_get_mem(&worker->env.rrset_cache->table);
|
rrset = slabhash_get_mem(&worker->env.rrset_cache->table);
|
||||||
infra = infra_get_mem(worker->env.infra_cache);
|
infra = infra_get_mem(worker->env.infra_cache);
|
||||||
mesh = mesh_get_mem(worker->env.mesh);
|
mesh = mesh_get_mem(worker->env.mesh);
|
||||||
ac = alloc_get_mem(&worker->alloc);
|
ac = alloc_get_mem(worker->alloc);
|
||||||
superac = alloc_get_mem(&worker->daemon->superalloc);
|
superac = alloc_get_mem(&worker->daemon->superalloc);
|
||||||
anch = anchors_get_mem(worker->env.anchors);
|
anch = anchors_get_mem(worker->env.anchors);
|
||||||
iter = 0;
|
iter = 0;
|
||||||
@ -623,6 +623,14 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
|
|||||||
if(worker->env.cfg->serve_expired_ttl &&
|
if(worker->env.cfg->serve_expired_ttl &&
|
||||||
rep->serve_expired_ttl < timenow)
|
rep->serve_expired_ttl < timenow)
|
||||||
return 0;
|
return 0;
|
||||||
|
/* Ignore expired failure answers */
|
||||||
|
if(FLAGS_GET_RCODE(rep->flags) !=
|
||||||
|
LDNS_RCODE_NOERROR &&
|
||||||
|
FLAGS_GET_RCODE(rep->flags) !=
|
||||||
|
LDNS_RCODE_NXDOMAIN &&
|
||||||
|
FLAGS_GET_RCODE(rep->flags) !=
|
||||||
|
LDNS_RCODE_YXDOMAIN)
|
||||||
|
return 0;
|
||||||
if(!rrset_array_lock(rep->ref, rep->rrset_count, 0))
|
if(!rrset_array_lock(rep->ref, rep->rrset_count, 0))
|
||||||
return 0;
|
return 0;
|
||||||
*is_expired_answer = 1;
|
*is_expired_answer = 1;
|
||||||
@ -730,8 +738,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
|
|||||||
goto bail_out;
|
goto bail_out;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* We don't check the global ede as this is a warning, not
|
|
||||||
* an error */
|
|
||||||
if (*is_expired_answer == 1 &&
|
if (*is_expired_answer == 1 &&
|
||||||
worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) {
|
worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) {
|
||||||
EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
|
EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
|
||||||
@ -2059,15 +2065,14 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
|||||||
}
|
}
|
||||||
|
|
||||||
server_stats_init(&worker->stats, cfg);
|
server_stats_init(&worker->stats, cfg);
|
||||||
alloc_init(&worker->alloc, &worker->daemon->superalloc,
|
worker->alloc = worker->daemon->worker_allocs[worker->thread_num];
|
||||||
worker->thread_num);
|
alloc_set_id_cleanup(worker->alloc, &worker_alloc_cleanup, worker);
|
||||||
alloc_set_id_cleanup(&worker->alloc, &worker_alloc_cleanup, worker);
|
|
||||||
worker->env = *worker->daemon->env;
|
worker->env = *worker->daemon->env;
|
||||||
comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv);
|
comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv);
|
||||||
worker->env.worker = worker;
|
worker->env.worker = worker;
|
||||||
worker->env.worker_base = worker->base;
|
worker->env.worker_base = worker->base;
|
||||||
worker->env.send_query = &worker_send_query;
|
worker->env.send_query = &worker_send_query;
|
||||||
worker->env.alloc = &worker->alloc;
|
worker->env.alloc = worker->alloc;
|
||||||
worker->env.outnet = worker->back;
|
worker->env.outnet = worker->back;
|
||||||
worker->env.rnd = worker->rndstate;
|
worker->env.rnd = worker->rndstate;
|
||||||
/* If case prefetch is triggered, the corresponding mesh will clear
|
/* If case prefetch is triggered, the corresponding mesh will clear
|
||||||
@ -2211,7 +2216,7 @@ worker_delete(struct worker* worker)
|
|||||||
#endif /* USE_DNSTAP */
|
#endif /* USE_DNSTAP */
|
||||||
comm_base_delete(worker->base);
|
comm_base_delete(worker->base);
|
||||||
ub_randfree(worker->rndstate);
|
ub_randfree(worker->rndstate);
|
||||||
alloc_clear(&worker->alloc);
|
/* don't touch worker->alloc, as it's maintained in daemon */
|
||||||
regional_destroy(worker->env.scratch);
|
regional_destroy(worker->env.scratch);
|
||||||
regional_destroy(worker->scratchpad);
|
regional_destroy(worker->scratchpad);
|
||||||
free(worker);
|
free(worker);
|
||||||
|
@ -118,7 +118,7 @@ struct worker {
|
|||||||
/** do we need to restart or quit (on signal) */
|
/** do we need to restart or quit (on signal) */
|
||||||
int need_to_exit;
|
int need_to_exit;
|
||||||
/** allocation cache for this thread */
|
/** allocation cache for this thread */
|
||||||
struct alloc_cache alloc;
|
struct alloc_cache *alloc;
|
||||||
/** per thread statistics */
|
/** per thread statistics */
|
||||||
struct ub_server_stats stats;
|
struct ub_server_stats stats;
|
||||||
/** thread scratch regional */
|
/** thread scratch regional */
|
||||||
@ -131,6 +131,8 @@ struct worker {
|
|||||||
/** dnstap environment, changed for this thread */
|
/** dnstap environment, changed for this thread */
|
||||||
struct dt_env dtenv;
|
struct dt_env dtenv;
|
||||||
#endif
|
#endif
|
||||||
|
/** reuse existing cache on reload if other conditions allow it. */
|
||||||
|
int reuse_cache;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1,7 +1,93 @@
|
|||||||
|
5 January 2023: Wouter
|
||||||
|
- Tag for 1.17.1 release.
|
||||||
|
|
||||||
|
2 January 2023: Wouter
|
||||||
|
- Fix windows compile for libunbound subprocess reap comm point closes.
|
||||||
|
- Update github workflows to use checkout v3.
|
||||||
|
|
||||||
|
14 December 2022: George
|
||||||
|
- Merge #569 from JINMEI Tatuya: add keep-cache option to
|
||||||
|
'unbound-control reload' to keep caches.
|
||||||
|
|
||||||
|
13 December 2022: George
|
||||||
|
- Expose 'statistics-inhibit-zero' as a configuration option; the
|
||||||
|
default value retains Unbound's behavior.
|
||||||
|
- Expose 'max-sent-count' as a configuration option; the
|
||||||
|
default value retains Unbound's behavior.
|
||||||
|
- Merge #461 from Christian Allred: Add max-query-restarts option.
|
||||||
|
Exposes an internal configuration but the default value retains
|
||||||
|
Unbound's behavior.
|
||||||
|
|
||||||
|
13 December 2022: Wouter
|
||||||
|
- Merge #808: Wrap Makefile script's directory variables in quotes.
|
||||||
|
- Fix to wrap Makefile scripts directory in quotes for uninstall.
|
||||||
|
|
||||||
|
1 December 2022: Wouter
|
||||||
|
- Fix #773: When used with systemd-networkd, unbound does not start
|
||||||
|
until systemd-networkd-wait-online.service times out.
|
||||||
|
|
||||||
|
30 November 2022: George
|
||||||
|
- Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
|
||||||
|
- Clear documentation for interactivity between the subnet module and
|
||||||
|
the serve-expired and prefetch configuration options.
|
||||||
|
|
||||||
|
30 November 2022: Wouter
|
||||||
|
- Fix #782: Segmentation fault in stats.c:404.
|
||||||
|
|
||||||
|
28 November 2022: Wouter
|
||||||
|
- Fix for the ignore of tcp events for closed comm points, preserve
|
||||||
|
the use after free protection features.
|
||||||
|
|
||||||
|
23 November 2022: Philip
|
||||||
|
- Merge #720 from jonathangray: fix use after free when
|
||||||
|
WSACreateEvent() fails.
|
||||||
|
|
||||||
|
22 November 2022: George
|
||||||
|
- Ignore expired error responses.
|
||||||
|
|
||||||
|
11 November 2022: Wouter
|
||||||
|
- Fix #779: [doc] Missing documention in ub_resolve_event() for
|
||||||
|
callback parameter was_ratelimited.
|
||||||
|
|
||||||
|
9 November 2022: George
|
||||||
|
- Complementary fix for distutils.sysconfig deprecation in Python 3.10
|
||||||
|
to commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
|
||||||
|
|
||||||
|
8 November 2022: Wouter
|
||||||
|
- Fix to ignore tcp events for closed comm points.
|
||||||
|
- Fix to make sure to not read again after a tcp comm point is closed.
|
||||||
|
- Fix #775: libunbound: subprocess reap causes parent process reap
|
||||||
|
to hang.
|
||||||
|
- iana portlist update.
|
||||||
|
|
||||||
|
21 October 2022: George
|
||||||
|
- Merge #767 from jonathangray: consistently use IPv4/IPv6 in
|
||||||
|
unbound.conf.5.
|
||||||
|
|
||||||
|
21 October 2022: Wouter
|
||||||
|
- Fix that cachedb does not store failures in the external cache.
|
||||||
|
|
||||||
|
18 October 2022: George
|
||||||
|
- Clarify the use of MAX_SENT_COUNT in the iterator code.
|
||||||
|
|
||||||
|
17 October 2022: Wouter
|
||||||
|
- testcode/dohclient sets log identity to its name.
|
||||||
|
|
||||||
|
14 October 2022: Wouter
|
||||||
|
- Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
|
||||||
|
extension.
|
||||||
|
- In unit test, print python script name list correctly.
|
||||||
|
|
||||||
|
13 October 2022: Wouter
|
||||||
|
- Tag for 1.17.0 release. The code repository continues with 1.17.1.
|
||||||
|
|
||||||
11 October 2022: George
|
11 October 2022: George
|
||||||
- Fix PROXYv2 header read for TCP connections when no proxied addresses
|
- Fix PROXYv2 header read for TCP connections when no proxied addresses
|
||||||
are provided.
|
are provided.
|
||||||
|
|
||||||
|
7 October 2022: Wouter
|
||||||
|
- Tag for 1.17.0rc1 release.
|
||||||
|
|
||||||
7 October 2022: George
|
7 October 2022: George
|
||||||
- Fix to stop possible loops in the tcp reuse code (write_wait list
|
- Fix to stop possible loops in the tcp reuse code (write_wait list
|
||||||
and tcp_wait list). Based on analysis and patch from Prad Seniappan
|
and tcp_wait list). Based on analysis and patch from Prad Seniappan
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
README for Unbound 1.17.0
|
README for Unbound 1.17.1
|
||||||
Copyright 2007 NLnet Labs
|
Copyright 2007 NLnet Labs
|
||||||
http://unbound.net
|
http://unbound.net
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# Example configuration file.
|
# Example configuration file.
|
||||||
#
|
#
|
||||||
# See unbound.conf(5) man page, version 1.17.0.
|
# See unbound.conf(5) man page, version 1.17.1.
|
||||||
#
|
#
|
||||||
# this is a comment.
|
# this is a comment.
|
||||||
|
|
||||||
@ -35,9 +35,14 @@ server:
|
|||||||
# statistics-cumulative: no
|
# statistics-cumulative: no
|
||||||
|
|
||||||
# enable extended statistics (query types, answer codes, status)
|
# enable extended statistics (query types, answer codes, status)
|
||||||
# printed from unbound-control. default off, because of speed.
|
# printed from unbound-control. Default off, because of speed.
|
||||||
# extended-statistics: no
|
# extended-statistics: no
|
||||||
|
|
||||||
|
# Inhibits selected extended statistics (qtype, qclass, qopcode, rcode,
|
||||||
|
# rpz-actions) from printing if their value is 0.
|
||||||
|
# Default on.
|
||||||
|
# statistics-inhibit-zero: yes
|
||||||
|
|
||||||
# number of threads to create. 1 disables threading.
|
# number of threads to create. 1 disables threading.
|
||||||
# num-threads: 1
|
# num-threads: 1
|
||||||
|
|
||||||
@ -173,6 +178,15 @@ server:
|
|||||||
# a throwaway response (also timeouts) is received.
|
# a throwaway response (also timeouts) is received.
|
||||||
# outbound-msg-retry: 5
|
# outbound-msg-retry: 5
|
||||||
|
|
||||||
|
# Hard limit on the number of outgoing queries Unbound will make while
|
||||||
|
# resolving a name, making sure large NS sets do not loop.
|
||||||
|
# It resets on query restarts (e.g., CNAME) and referrals.
|
||||||
|
# max-sent-count: 32
|
||||||
|
|
||||||
|
# Hard limit on the number of times Unbound is allowed to restart a
|
||||||
|
# query upon encountering a CNAME record.
|
||||||
|
# max-query-restarts: 11
|
||||||
|
|
||||||
# msec for waiting for an unknown server to reply. Increase if you
|
# msec for waiting for an unknown server to reply. Increase if you
|
||||||
# are behind a slow satellite link, to eg. 1128.
|
# are behind a slow satellite link, to eg. 1128.
|
||||||
# unknown-server-time-limit: 376
|
# unknown-server-time-limit: 376
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "libunbound" "3" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "libunbound" "3" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" libunbound.3 -- unbound library functions manual
|
.\" libunbound.3 -- unbound library functions manual
|
||||||
.\"
|
.\"
|
||||||
@ -44,7 +44,7 @@
|
|||||||
.B ub_ctx_zone_remove,
|
.B ub_ctx_zone_remove,
|
||||||
.B ub_ctx_data_add,
|
.B ub_ctx_data_add,
|
||||||
.B ub_ctx_data_remove
|
.B ub_ctx_data_remove
|
||||||
\- Unbound DNS validating resolver 1.17.0 functions.
|
\- Unbound DNS validating resolver 1.17.1 functions.
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
.B #include <unbound.h>
|
.B #include <unbound.h>
|
||||||
.LP
|
.LP
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-anchor" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound-anchor" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-checkconf" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound-checkconf" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-control" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound-control" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-control.8 -- unbound remote control manual
|
.\" unbound-control.8 -- unbound remote control manual
|
||||||
.\"
|
.\"
|
||||||
@ -54,6 +54,12 @@ Stop the server. The server daemon exits.
|
|||||||
.B reload
|
.B reload
|
||||||
Reload the server. This flushes the cache and reads the config file fresh.
|
Reload the server. This flushes the cache and reads the config file fresh.
|
||||||
.TP
|
.TP
|
||||||
|
.B reload_keep_cache
|
||||||
|
Reload the server but try to keep the RRset and message cache if
|
||||||
|
(re)configuration allows for it.
|
||||||
|
That means the caches sizes and the number of threads must not change between
|
||||||
|
reloads.
|
||||||
|
.TP
|
||||||
.B verbosity \fInumber
|
.B verbosity \fInumber
|
||||||
Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
|
Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
|
||||||
\fIunbound.conf\fR(5). This new setting lasts until the server is issued
|
\fIunbound.conf\fR(5). This new setting lasts until the server is issued
|
||||||
@ -130,7 +136,7 @@ name specified.
|
|||||||
.TP
|
.TP
|
||||||
.B flush \fIname
|
.B flush \fIname
|
||||||
Remove the name from the cache. Removes the types
|
Remove the name from the cache. Removes the types
|
||||||
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR.
|
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS.
|
||||||
Because that is fast to do. Other record types can be removed using
|
Because that is fast to do. Other record types can be removed using
|
||||||
.B flush_type
|
.B flush_type
|
||||||
or
|
or
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound\-host" "1" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound\-host" "1" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound.8 -- unbound manual
|
.\" unbound.8 -- unbound manual
|
||||||
.\"
|
.\"
|
||||||
@ -9,7 +9,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
.B unbound
|
.B unbound
|
||||||
\- Unbound DNS validating resolver 1.17.0.
|
\- Unbound DNS validating resolver 1.17.1.
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
.B unbound
|
.B unbound
|
||||||
.RB [ \-h ]
|
.RB [ \-h ]
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound.conf" "5" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound.conf" "5" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound.conf.5 -- unbound.conf manual
|
.\" unbound.conf.5 -- unbound.conf manual
|
||||||
.\"
|
.\"
|
||||||
@ -112,6 +112,14 @@ If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
|
|||||||
Default is off, because keeping track of more statistics takes time. The
|
Default is off, because keeping track of more statistics takes time. The
|
||||||
counters are listed in \fIunbound\-control\fR(8).
|
counters are listed in \fIunbound\-control\fR(8).
|
||||||
.TP
|
.TP
|
||||||
|
.B statistics\-inhibit\-zero: \fI<yes or no>
|
||||||
|
If enabled, selected extended statistics with a value of 0 are inhibited from
|
||||||
|
printing with \fIunbound\-control\fR(8).
|
||||||
|
These are query types, query classes, query opcodes, answer rcodes
|
||||||
|
(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and
|
||||||
|
RPZ actions.
|
||||||
|
Default is on.
|
||||||
|
.TP
|
||||||
.B num\-threads: \fI<number>
|
.B num\-threads: \fI<number>
|
||||||
The number of threads to create to serve clients. Use 1 for no threading.
|
The number of threads to create to serve clients. Use 1 for no threading.
|
||||||
.TP
|
.TP
|
||||||
@ -349,7 +357,7 @@ ip\-transparent option is also available.
|
|||||||
The value of the Differentiated Services Codepoint (DSCP) in the
|
The value of the Differentiated Services Codepoint (DSCP) in the
|
||||||
differentiated services field (DS) of the outgoing IP packet headers.
|
differentiated services field (DS) of the outgoing IP packet headers.
|
||||||
The field replaces the outdated IPv4 Type-Of-Service field and the
|
The field replaces the outdated IPv4 Type-Of-Service field and the
|
||||||
IPV6 traffic class field.
|
IPv6 traffic class field.
|
||||||
.TP
|
.TP
|
||||||
.B rrset\-cache\-size: \fI<number>
|
.B rrset\-cache\-size: \fI<number>
|
||||||
Number of bytes size of the RRset cache. Default is 4 megabytes.
|
Number of bytes size of the RRset cache. Default is 4 megabytes.
|
||||||
@ -416,7 +424,7 @@ Enable or disable whether ip4 queries are answered or issued. Default is yes.
|
|||||||
Enable or disable whether ip6 queries are answered or issued. Default is yes.
|
Enable or disable whether ip6 queries are answered or issued. Default is yes.
|
||||||
If disabled, queries are not answered on IPv6, and queries are not sent on
|
If disabled, queries are not answered on IPv6, and queries are not sent on
|
||||||
IPv6 to the internet nameservers. With this option you can disable the
|
IPv6 to the internet nameservers. With this option you can disable the
|
||||||
ipv6 transport for sending DNS traffic, it does not impact the contents of
|
IPv6 transport for sending DNS traffic, it does not impact the contents of
|
||||||
the DNS traffic, which may have ip4 and ip6 addresses in it.
|
the DNS traffic, which may have ip4 and ip6 addresses in it.
|
||||||
.TP
|
.TP
|
||||||
.B prefer\-ip4: \fI<yes or no>
|
.B prefer\-ip4: \fI<yes or no>
|
||||||
@ -1671,7 +1679,7 @@ This specifies the action data for \fIresponse-ip\fR with action being
|
|||||||
to redirect as specified by "\fIresource record string\fR". "Resource
|
to redirect as specified by "\fIresource record string\fR". "Resource
|
||||||
record string" is similar to that of \fIaccess-control-tag-action\fR,
|
record string" is similar to that of \fIaccess-control-tag-action\fR,
|
||||||
but it must be of either AAAA, A or CNAME types.
|
but it must be of either AAAA, A or CNAME types.
|
||||||
If the IP-netblock is an IPv6/IPV4 prefix, the record
|
If the IP-netblock is an IPv6/IPv4 prefix, the record
|
||||||
must be AAAA/A respectively, unless it is a CNAME (which can be used
|
must be AAAA/A respectively, unless it is a CNAME (which can be used
|
||||||
for both versions of IP netblocks). If it is CNAME there must not be
|
for both versions of IP netblocks). If it is CNAME there must not be
|
||||||
more than one \fIresponse-ip-data\fR for the same IP-netblock.
|
more than one \fIresponse-ip-data\fR for the same IP-netblock.
|
||||||
@ -1820,6 +1828,21 @@ If a forward/stub zone is used, this is the number of retries per nameserver in
|
|||||||
the zone.
|
the zone.
|
||||||
Default is 5.
|
Default is 5.
|
||||||
.TP 5
|
.TP 5
|
||||||
|
.B max\-sent\-count: \fI<number>
|
||||||
|
Hard limit on the number of outgoing queries Unbound will make while resolving
|
||||||
|
a name, making sure large NS sets do not loop.
|
||||||
|
Results in SERVFAIL when reached.
|
||||||
|
It resets on query restarts (e.g., CNAME) and referrals.
|
||||||
|
Default is 32.
|
||||||
|
.TP 5
|
||||||
|
.B max\-query\-restarts: \fI<number>
|
||||||
|
Hard limit on the number of times Unbound is allowed to restart a query upon
|
||||||
|
encountering a CNAME record.
|
||||||
|
Results in SERVFAIL when reached.
|
||||||
|
Changing this value needs caution as it can allow long CNAME chains to be
|
||||||
|
accepted, where Unbound needs to verify (resolve) each link individually.
|
||||||
|
Default is 11.
|
||||||
|
.TP 5
|
||||||
.B fast\-server\-permil: \fI<number>
|
.B fast\-server\-permil: \fI<number>
|
||||||
Specify how many times out of 1000 to pick from the set of fastest servers.
|
Specify how many times out of 1000 to pick from the set of fastest servers.
|
||||||
0 turns the feature off. A value of 900 would pick from the fastest
|
0 turns the feature off. A value of 900 would pick from the fastest
|
||||||
@ -1853,7 +1876,7 @@ errors. Default is "no".
|
|||||||
When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
|
When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
|
||||||
Extended DNS Errors concerning DNSSEC failures that are not served from cache,
|
Extended DNS Errors concerning DNSSEC failures that are not served from cache,
|
||||||
will also contain a descriptive text message about the reason for the failure.
|
will also contain a descriptive text message about the reason for the failure.
|
||||||
.TP
|
.TP 5
|
||||||
.B ede\-serve\-expired: \fI<yes or no>
|
.B ede\-serve\-expired: \fI<yes or no>
|
||||||
If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
|
If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
|
||||||
Answer as EDNS0 option to the expired response. Note that this will not attach
|
Answer as EDNS0 option to the expired response. Note that this will not attach
|
||||||
@ -2358,6 +2381,9 @@ The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
|
|||||||
configuration file. On top of that, for each query only 100 different subnets
|
configuration file. On top of that, for each query only 100 different subnets
|
||||||
are allowed to be stored for each address family. Exceeding that number, older
|
are allowed to be stored for each address family. Exceeding that number, older
|
||||||
entries will be purged from cache.
|
entries will be purged from cache.
|
||||||
|
.LP
|
||||||
|
This module does not interact with the \fBserve\-expired*\fR and
|
||||||
|
\fBprefetch:\fR options.
|
||||||
.TP
|
.TP
|
||||||
.B send\-client\-subnet: \fI<IP address>\fR
|
.B send\-client\-subnet: \fI<IP address>\fR
|
||||||
Send client source address to this authority. Append /num to indicate a
|
Send client source address to this authority. Append /num to indicate a
|
||||||
|
@ -204,6 +204,17 @@ subnetmod_init(struct module_env *env, int id)
|
|||||||
}
|
}
|
||||||
alloc_init(&sn_env->alloc, NULL, 0);
|
alloc_init(&sn_env->alloc, NULL, 0);
|
||||||
env->modinfo[id] = (void*)sn_env;
|
env->modinfo[id] = (void*)sn_env;
|
||||||
|
|
||||||
|
/* Warn that serve-expired and prefetch do not work with the subnet
|
||||||
|
* module cache. */
|
||||||
|
if(env->cfg->serve_expired)
|
||||||
|
log_warn(
|
||||||
|
"subnetcache: serve-expired is set but not working "
|
||||||
|
"for data originating from the subnet module cache.");
|
||||||
|
if(env->cfg->prefetch)
|
||||||
|
log_warn(
|
||||||
|
"subnetcache: prefetch is set but not working "
|
||||||
|
"for data originating from the subnet module cache.");
|
||||||
/* Copy msg_cache settings */
|
/* Copy msg_cache settings */
|
||||||
sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs,
|
sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs,
|
||||||
HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,
|
HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,
|
||||||
|
@ -175,6 +175,8 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
|
|||||||
iter_env->supports_ipv6 = cfg->do_ip6;
|
iter_env->supports_ipv6 = cfg->do_ip6;
|
||||||
iter_env->supports_ipv4 = cfg->do_ip4;
|
iter_env->supports_ipv4 = cfg->do_ip4;
|
||||||
iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
|
iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
|
||||||
|
iter_env->max_sent_count = cfg->max_sent_count;
|
||||||
|
iter_env->max_query_restarts = cfg->max_query_restarts;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1314,7 +1314,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
|
|
||||||
/* We enforce a maximum number of query restarts. This is primarily a
|
/* We enforce a maximum number of query restarts. This is primarily a
|
||||||
* cheap way to prevent CNAME loops. */
|
* cheap way to prevent CNAME loops. */
|
||||||
if(iq->query_restart_count > MAX_RESTART_COUNT) {
|
if(iq->query_restart_count > ie->max_query_restarts) {
|
||||||
verbose(VERB_QUERY, "request has exceeded the maximum number"
|
verbose(VERB_QUERY, "request has exceeded the maximum number"
|
||||||
" of query restarts with %d", iq->query_restart_count);
|
" of query restarts with %d", iq->query_restart_count);
|
||||||
errinf(qstate, "request has exceeded the maximum number "
|
errinf(qstate, "request has exceeded the maximum number "
|
||||||
@ -2276,14 +2276,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
iq->num_current_queries, iq->sent_count);
|
iq->num_current_queries, iq->sent_count);
|
||||||
|
|
||||||
/* Make sure that we haven't run away */
|
/* Make sure that we haven't run away */
|
||||||
/* FIXME: is this check even necessary? */
|
|
||||||
if(iq->referral_count > MAX_REFERRAL_COUNT) {
|
if(iq->referral_count > MAX_REFERRAL_COUNT) {
|
||||||
verbose(VERB_QUERY, "request has exceeded the maximum "
|
verbose(VERB_QUERY, "request has exceeded the maximum "
|
||||||
"number of referrrals with %d", iq->referral_count);
|
"number of referrrals with %d", iq->referral_count);
|
||||||
errinf(qstate, "exceeded the maximum of referrals");
|
errinf(qstate, "exceeded the maximum of referrals");
|
||||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||||
}
|
}
|
||||||
if(iq->sent_count > MAX_SENT_COUNT) {
|
if(iq->sent_count > ie->max_sent_count) {
|
||||||
verbose(VERB_QUERY, "request has exceeded the maximum "
|
verbose(VERB_QUERY, "request has exceeded the maximum "
|
||||||
"number of sends with %d", iq->sent_count);
|
"number of sends with %d", iq->sent_count);
|
||||||
errinf(qstate, "exceeded the maximum number of sends");
|
errinf(qstate, "exceeded the maximum number of sends");
|
||||||
@ -2630,7 +2629,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
* the original query is one that matched too, so we have
|
* the original query is one that matched too, so we have
|
||||||
* caps_server+1 number of matching queries now */
|
* caps_server+1 number of matching queries now */
|
||||||
if(iq->caps_server+1 >= naddr*3 ||
|
if(iq->caps_server+1 >= naddr*3 ||
|
||||||
iq->caps_server*2+2 >= MAX_SENT_COUNT) {
|
iq->caps_server*2+2 >= (size_t)ie->max_sent_count) {
|
||||||
/* *2 on sentcount check because ipv6 may fail */
|
/* *2 on sentcount check because ipv6 may fail */
|
||||||
/* we're done, process the response */
|
/* we're done, process the response */
|
||||||
verbose(VERB_ALGO, "0x20 fallback had %d responses "
|
verbose(VERB_ALGO, "0x20 fallback had %d responses "
|
||||||
|
@ -63,12 +63,8 @@ struct rbtree_type;
|
|||||||
/** max number of nxdomains allowed for target lookups for a query and
|
/** max number of nxdomains allowed for target lookups for a query and
|
||||||
* its subqueries when fallback has kicked in */
|
* its subqueries when fallback has kicked in */
|
||||||
#define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2)
|
#define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2)
|
||||||
/** max number of query restarts. Determines max number of CNAME chain. */
|
|
||||||
#define MAX_RESTART_COUNT 11
|
|
||||||
/** max number of referrals. Makes sure resolver does not run away */
|
/** max number of referrals. Makes sure resolver does not run away */
|
||||||
#define MAX_REFERRAL_COUNT 130
|
#define MAX_REFERRAL_COUNT 130
|
||||||
/** max number of queries-sent-out. Make sure large NS set does not loop */
|
|
||||||
#define MAX_SENT_COUNT 32
|
|
||||||
/** max number of queries for which to perform dnsseclameness detection,
|
/** max number of queries for which to perform dnsseclameness detection,
|
||||||
* (rrsigs missing detection) after that, just pick up that response */
|
* (rrsigs missing detection) after that, just pick up that response */
|
||||||
#define DNSSEC_LAME_DETECT_COUNT 4
|
#define DNSSEC_LAME_DETECT_COUNT 4
|
||||||
@ -145,6 +141,12 @@ struct iter_env {
|
|||||||
|
|
||||||
/** number of retries on outgoing queries */
|
/** number of retries on outgoing queries */
|
||||||
int outbound_msg_retry;
|
int outbound_msg_retry;
|
||||||
|
|
||||||
|
/** number of queries_sent */
|
||||||
|
int max_sent_count;
|
||||||
|
|
||||||
|
/** max number of query restarts to limit length of CNAME chain */
|
||||||
|
int max_query_restarts;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -70,6 +70,7 @@ context_finalize(struct ub_ctx* ctx)
|
|||||||
} else {
|
} else {
|
||||||
log_init(cfg->logfile, cfg->use_syslog, NULL);
|
log_init(cfg->logfile, cfg->use_syslog, NULL);
|
||||||
}
|
}
|
||||||
|
ctx->pipe_pid = getpid();
|
||||||
cfg_apply_local_port_policy(cfg, 65536);
|
cfg_apply_local_port_policy(cfg, 65536);
|
||||||
config_apply(cfg);
|
config_apply(cfg);
|
||||||
if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
|
if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
|
||||||
|
@ -89,6 +89,12 @@ struct ub_ctx {
|
|||||||
pid_t bg_pid;
|
pid_t bg_pid;
|
||||||
/** tid of bg worker thread */
|
/** tid of bg worker thread */
|
||||||
ub_thread_type bg_tid;
|
ub_thread_type bg_tid;
|
||||||
|
/** pid when pipes are created. This was the process when the
|
||||||
|
* setup was called. Helps with clean up, so we can tell after a fork
|
||||||
|
* which side of the fork the delete is on. */
|
||||||
|
pid_t pipe_pid;
|
||||||
|
/** when threaded, the worker that exists in the created thread. */
|
||||||
|
struct libworker* thread_worker;
|
||||||
|
|
||||||
/** do threading (instead of forking) for async resolution */
|
/** do threading (instead of forking) for async resolution */
|
||||||
int dothread;
|
int dothread;
|
||||||
|
@ -305,11 +305,31 @@ ub_ctx_delete(struct ub_ctx* ctx)
|
|||||||
int do_stop = 1;
|
int do_stop = 1;
|
||||||
if(!ctx) return;
|
if(!ctx) return;
|
||||||
|
|
||||||
|
/* if the delete is called but it has forked, and before the fork
|
||||||
|
* the context was finalized, then the bg worker is not stopped
|
||||||
|
* from here. There is one worker, but two contexts that refer to
|
||||||
|
* it and only one should clean up, the one with getpid == pipe_pid.*/
|
||||||
|
if(ctx->created_bg && ctx->pipe_pid != getpid()) {
|
||||||
|
do_stop = 0;
|
||||||
|
#ifndef USE_WINSOCK
|
||||||
|
/* Stop events from getting deregistered, if the backend is
|
||||||
|
* epoll, the epoll fd is the same as the other process.
|
||||||
|
* That process should deregister them. */
|
||||||
|
if(ctx->qq_pipe->listen_com)
|
||||||
|
ctx->qq_pipe->listen_com->event_added = 0;
|
||||||
|
if(ctx->qq_pipe->res_com)
|
||||||
|
ctx->qq_pipe->res_com->event_added = 0;
|
||||||
|
if(ctx->rr_pipe->listen_com)
|
||||||
|
ctx->rr_pipe->listen_com->event_added = 0;
|
||||||
|
if(ctx->rr_pipe->res_com)
|
||||||
|
ctx->rr_pipe->res_com->event_added = 0;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
/* see if bg thread is created and if threads have been killed */
|
/* see if bg thread is created and if threads have been killed */
|
||||||
/* no locks, because those may be held by terminated threads */
|
/* no locks, because those may be held by terminated threads */
|
||||||
/* for processes the read pipe is closed and we see that on read */
|
/* for processes the read pipe is closed and we see that on read */
|
||||||
#ifdef HAVE_PTHREAD
|
#ifdef HAVE_PTHREAD
|
||||||
if(ctx->created_bg && ctx->dothread) {
|
if(ctx->created_bg && ctx->dothread && do_stop) {
|
||||||
if(pthread_kill(ctx->bg_tid, 0) == ESRCH) {
|
if(pthread_kill(ctx->bg_tid, 0) == ESRCH) {
|
||||||
/* thread has been killed */
|
/* thread has been killed */
|
||||||
do_stop = 0;
|
do_stop = 0;
|
||||||
@ -318,6 +338,23 @@ ub_ctx_delete(struct ub_ctx* ctx)
|
|||||||
#endif /* HAVE_PTHREAD */
|
#endif /* HAVE_PTHREAD */
|
||||||
if(do_stop)
|
if(do_stop)
|
||||||
ub_stop_bg(ctx);
|
ub_stop_bg(ctx);
|
||||||
|
if(ctx->created_bg && ctx->pipe_pid != getpid() && ctx->thread_worker) {
|
||||||
|
/* This delete is happening from a different process. Delete
|
||||||
|
* the thread worker from this process memory space. The
|
||||||
|
* thread is not there to do so, so it is freed here. */
|
||||||
|
struct ub_event_base* evbase = comm_base_internal(
|
||||||
|
ctx->thread_worker->base);
|
||||||
|
libworker_delete_event(ctx->thread_worker);
|
||||||
|
ctx->thread_worker = NULL;
|
||||||
|
#ifdef USE_MINI_EVENT
|
||||||
|
ub_event_base_free(evbase);
|
||||||
|
#else
|
||||||
|
/* cannot event_base_free, because the epoll_fd cleanup
|
||||||
|
* in libevent could stop the original event_base in the
|
||||||
|
* other process from working. */
|
||||||
|
free(evbase);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
libworker_delete_event(ctx->event_worker);
|
libworker_delete_event(ctx->event_worker);
|
||||||
|
|
||||||
modstack_desetup(&ctx->mods, ctx->env);
|
modstack_desetup(&ctx->mods, ctx->env);
|
||||||
|
@ -395,6 +395,7 @@ int libworker_bg(struct ub_ctx* ctx)
|
|||||||
w = libworker_setup(ctx, 1, NULL);
|
w = libworker_setup(ctx, 1, NULL);
|
||||||
if(!w) return UB_NOMEM;
|
if(!w) return UB_NOMEM;
|
||||||
w->is_bg_thread = 1;
|
w->is_bg_thread = 1;
|
||||||
|
ctx->thread_worker = w;
|
||||||
#ifdef ENABLE_LOCK_CHECKS
|
#ifdef ENABLE_LOCK_CHECKS
|
||||||
w->thread_num = 1; /* for nicer DEBUG checklocks */
|
w->thread_num = 1; /* for nicer DEBUG checklocks */
|
||||||
#endif
|
#endif
|
||||||
|
@ -230,7 +230,7 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
|
|||||||
* @param callback: this is called on completion of the resolution.
|
* @param callback: this is called on completion of the resolution.
|
||||||
* It is called as:
|
* It is called as:
|
||||||
* void callback(void* mydata, int rcode, void* packet, int packet_len,
|
* void callback(void* mydata, int rcode, void* packet, int packet_len,
|
||||||
* int sec, char* why_bogus)
|
* int sec, char* why_bogus, int was_ratelimited)
|
||||||
* with mydata: the same as passed here, you may pass NULL,
|
* with mydata: the same as passed here, you may pass NULL,
|
||||||
* with rcode: 0 on no error, nonzero for mostly SERVFAIL situations,
|
* with rcode: 0 on no error, nonzero for mostly SERVFAIL situations,
|
||||||
* this is a DNS rcode.
|
* this is a DNS rcode.
|
||||||
@ -241,6 +241,7 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
|
|||||||
* with packet_len: length in bytes of the packet buffer.
|
* with packet_len: length in bytes of the packet buffer.
|
||||||
* with sec: 0 if insecure, 1 if bogus, 2 if DNSSEC secure.
|
* with sec: 0 if insecure, 1 if bogus, 2 if DNSSEC secure.
|
||||||
* with why_bogus: text string explaining why it is bogus (or NULL).
|
* with why_bogus: text string explaining why it is bogus (or NULL).
|
||||||
|
* with was_ratelimited: if the query was ratelimited.
|
||||||
* These point to buffers inside unbound; do not deallocate the packet or
|
* These point to buffers inside unbound; do not deallocate the packet or
|
||||||
* error string.
|
* error string.
|
||||||
*
|
*
|
||||||
|
@ -2756,6 +2756,7 @@ az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
|
|||||||
== 0) {
|
== 0) {
|
||||||
msg->rep->rrsets[i]->rk.dname = newname;
|
msg->rep->rrsets[i]->rk.dname = newname;
|
||||||
msg->rep->rrsets[i]->rk.dname_len = newlen;
|
msg->rep->rrsets[i]->rk.dname_len = newlen;
|
||||||
|
msg->rep->rrsets[i]->entry.hash = rrset_key_hash(&msg->rep->rrsets[i]->rk);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
8
contrib/unbound/services/cache/dns.c
vendored
8
contrib/unbound/services/cache/dns.c
vendored
@ -636,6 +636,14 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r,
|
|||||||
r->serve_expired_ttl < now) {
|
r->serve_expired_ttl < now) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
/* Ignore expired failure answers */
|
||||||
|
if(FLAGS_GET_RCODE(r->flags) !=
|
||||||
|
LDNS_RCODE_NOERROR &&
|
||||||
|
FLAGS_GET_RCODE(r->flags) !=
|
||||||
|
LDNS_RCODE_NXDOMAIN &&
|
||||||
|
FLAGS_GET_RCODE(r->flags) !=
|
||||||
|
LDNS_RCODE_YXDOMAIN)
|
||||||
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -102,6 +102,12 @@ usage(void)
|
|||||||
printf(" stop stops the server\n");
|
printf(" stop stops the server\n");
|
||||||
printf(" reload reloads the server\n");
|
printf(" reload reloads the server\n");
|
||||||
printf(" (this flushes data, stats, requestlist)\n");
|
printf(" (this flushes data, stats, requestlist)\n");
|
||||||
|
printf(" reload_keep_cache reloads the server but tries to\n");
|
||||||
|
printf(" keep the RRset and message cache\n");
|
||||||
|
printf(" if (re)configuration allows for it.\n");
|
||||||
|
printf(" That means the caches sizes and\n");
|
||||||
|
printf(" the number of threads must not\n");
|
||||||
|
printf(" change between reloads.\n");
|
||||||
printf(" stats print statistics\n");
|
printf(" stats print statistics\n");
|
||||||
printf(" stats_noreset peek at statistics\n");
|
printf(" stats_noreset peek at statistics\n");
|
||||||
#ifdef HAVE_SHMGET
|
#ifdef HAVE_SHMGET
|
||||||
@ -180,8 +186,6 @@ usage(void)
|
|||||||
#ifdef HAVE_SHMGET
|
#ifdef HAVE_SHMGET
|
||||||
/** what to put on statistics lines between var and value, ": " or "=" */
|
/** what to put on statistics lines between var and value, ": " or "=" */
|
||||||
#define SQ "="
|
#define SQ "="
|
||||||
/** if true, inhibits a lot of =0 lines from the stats output */
|
|
||||||
static const int inhibit_zero = 1;
|
|
||||||
/** divide sum of timers to get average */
|
/** divide sum of timers to get average */
|
||||||
static void
|
static void
|
||||||
timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
|
timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
|
||||||
@ -316,7 +320,7 @@ static void print_hist(struct ub_stats_info* s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** print extended */
|
/** print extended */
|
||||||
static void print_extended(struct ub_stats_info* s)
|
static void print_extended(struct ub_stats_info* s, int inhibit_zero)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char nm[16];
|
char nm[16];
|
||||||
@ -439,7 +443,7 @@ static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats,
|
|||||||
if(cfg->stat_extended) {
|
if(cfg->stat_extended) {
|
||||||
print_mem(shm_stat, &stats[0]);
|
print_mem(shm_stat, &stats[0]);
|
||||||
print_hist(stats);
|
print_hist(stats);
|
||||||
print_extended(stats);
|
print_extended(stats, cfg->stat_inhibit_zero);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* HAVE_SHMGET */
|
#endif /* HAVE_SHMGET */
|
||||||
|
5
contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials
vendored
Normal file
5
contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials
vendored
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
remote-control:
|
||||||
|
server-key-file: bad_server.key
|
||||||
|
server-cert-file: bad_server.pem
|
||||||
|
control-key-file: bad_control.key
|
||||||
|
control-cert-file: bad_control.pem
|
5
contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials
vendored
Normal file
5
contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials
vendored
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
remote-control:
|
||||||
|
server-key-file: unbound_server.key
|
||||||
|
server-cert-file: unbound_server.pem
|
||||||
|
control-key-file: bad_control.key
|
||||||
|
control-cert-file: bad_control.pem
|
181
contrib/unbound/testdata/cachedb_servfail_cname.crpl
vendored
Normal file
181
contrib/unbound/testdata/cachedb_servfail_cname.crpl
vendored
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
; config options
|
||||||
|
server:
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
qname-minimisation: no
|
||||||
|
minimal-responses: no
|
||||||
|
;serve-expired: yes
|
||||||
|
module-config: "cachedb iterator"
|
||||||
|
|
||||||
|
cachedb:
|
||||||
|
backend: "testframe"
|
||||||
|
secret-seed: "testvalue"
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test cachedb store and servfail reply from cname.
|
||||||
|
; the servfail reply should not overwrite the cache contents.
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns2.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns2.example.com. IN A 1.2.3.5
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
foo.com. IN NS
|
||||||
|
SECTION AUTHORITY
|
||||||
|
foo.com. IN NS ns.example.com.
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns2.example.com.
|
||||||
|
RANGE_BEGIN 0 20
|
||||||
|
ADDRESS 1.2.3.5
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns2.example.com., now failing
|
||||||
|
RANGE_BEGIN 20 100
|
||||||
|
ADDRESS 1.2.3.5
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN CNAME foo.example.com.
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
foo.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
ns2.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
ns2.example.com. IN AAAA
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; get and entry in cache, to make it expired.
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; get the answer for it
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; it is now expired
|
||||||
|
STEP 20 TIME_PASSES ELAPSE 20
|
||||||
|
|
||||||
|
; get a servfail in cache for the destination
|
||||||
|
STEP 30 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
foo.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 40 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
foo.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; the query is now a CNAME to servfail.
|
||||||
|
; there is a valid, but expired, entry in cache.
|
||||||
|
STEP 50 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 60 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN CNAME foo.example.com.
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
130
contrib/unbound/testdata/serve_expired_cached_servfail.rpl
vendored
Normal file
130
contrib/unbound/testdata/serve_expired_cached_servfail.rpl
vendored
Normal file
@ -0,0 +1,130 @@
|
|||||||
|
; config options
|
||||||
|
server:
|
||||||
|
module-config: "validator iterator"
|
||||||
|
qname-minimisation: "no"
|
||||||
|
minimal-responses: no
|
||||||
|
serve-expired: yes
|
||||||
|
serve-expired-reply-ttl: 123
|
||||||
|
log-servfail: yes
|
||||||
|
ede: yes
|
||||||
|
ede-serve-expired: yes
|
||||||
|
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "example.com"
|
||||||
|
stub-addr: 1.2.3.4
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for example.com. IN A
|
||||||
|
; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
|
||||||
|
; - check that the client gets the SERVFAIL; also cached
|
||||||
|
; - query again right after the TTL expired
|
||||||
|
; - cached SERVFAIL should be ignored and upstream queried
|
||||||
|
; - check that we get the correct answer
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 20
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
; response to A query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 30 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. 10 IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 10 IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 10 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 10 IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; Query with RD flag
|
||||||
|
STEP 0 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Check that we get the SERVFAIL (will be cached)
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query again
|
||||||
|
STEP 20 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Check that we get the cached SERVFAIL
|
||||||
|
STEP 30 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Wait for the SERVFAIL to expire
|
||||||
|
STEP 31 TIME_PASSES ELAPSE 6
|
||||||
|
|
||||||
|
; Query again
|
||||||
|
STEP 40 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Check that we got the correct answer
|
||||||
|
STEP 50 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 10 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 10 IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
167
contrib/unbound/testdata/subnet_cached_servfail.crpl
vendored
Normal file
167
contrib/unbound/testdata/subnet_cached_servfail.crpl
vendored
Normal file
@ -0,0 +1,167 @@
|
|||||||
|
; Check if an expired SERVFAIL answer stored in the global cache does not block
|
||||||
|
; ECS queries to reach the ECS cache.
|
||||||
|
|
||||||
|
server:
|
||||||
|
trust-anchor-signaling: no
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
send-client-subnet: 1.2.3.4
|
||||||
|
max-client-subnet-ipv4: 21
|
||||||
|
module-config: "subnetcache iterator"
|
||||||
|
verbosity: 3
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
qname-minimisation: no
|
||||||
|
minimal-responses: no
|
||||||
|
serve-expired: yes
|
||||||
|
prefetch: yes
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "example.com."
|
||||||
|
stub-addr: 1.2.3.4
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 10
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to query of interest
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 11 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to query of interest
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname ednsdata
|
||||||
|
ADJUST copy_id copy_ednsdata_assume_clientsubnet
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN A 10.20.30.40
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
; client is 127.0.0.1
|
||||||
|
00 08 ; OPC
|
||||||
|
00 05 ; option length
|
||||||
|
00 01 ; Family
|
||||||
|
08 00 ; source mask, scopemask
|
||||||
|
7f ; address
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; This answer should be in the global cache
|
||||||
|
STEP 2 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Bring the cached SERVFAIL to prefetch time
|
||||||
|
STEP 10 TIME_PASSES ELAPSE 5
|
||||||
|
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD DO
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
00 08 00 05 ; OPC, optlen
|
||||||
|
00 01 08 00 ; ip4, source 8, scope 0
|
||||||
|
7f ; 127.0.0.0/8
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; This answer was cached but a prefetch was triggerred
|
||||||
|
STEP 12 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Wait for the SERVFAIL to expire
|
||||||
|
STEP 13 TIME_PASSES ELAPSE 2
|
||||||
|
|
||||||
|
; Query again to verify that the record was prefetched and stored in the ECS
|
||||||
|
; cache (because the server replied with ECS this time)
|
||||||
|
STEP 14 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD DO
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
00 08 00 05 ; OPC, optlen
|
||||||
|
00 01 08 00 ; ip4, source 8, scope 0
|
||||||
|
7f ; 127.0.0.0/8
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; This record came from the ECS cache
|
||||||
|
STEP 15 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA DO NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 8 IN A 10.20.30.40
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 3598 IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
00 08 00 05 ; OPC, optlen
|
||||||
|
00 01 08 08 ; ip4, source 8, scope 0
|
||||||
|
7f ; 127.0.0.0/8
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. 3598 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
@ -99,6 +99,7 @@ config_create(void)
|
|||||||
cfg->stat_interval = 0;
|
cfg->stat_interval = 0;
|
||||||
cfg->stat_cumulative = 0;
|
cfg->stat_cumulative = 0;
|
||||||
cfg->stat_extended = 0;
|
cfg->stat_extended = 0;
|
||||||
|
cfg->stat_inhibit_zero = 1;
|
||||||
cfg->num_threads = 1;
|
cfg->num_threads = 1;
|
||||||
cfg->port = UNBOUND_DNS_PORT;
|
cfg->port = UNBOUND_DNS_PORT;
|
||||||
cfg->do_ip4 = 1;
|
cfg->do_ip4 = 1;
|
||||||
@ -336,6 +337,8 @@ config_create(void)
|
|||||||
cfg->ip_ratelimit_backoff = 0;
|
cfg->ip_ratelimit_backoff = 0;
|
||||||
cfg->ratelimit_backoff = 0;
|
cfg->ratelimit_backoff = 0;
|
||||||
cfg->outbound_msg_retry = 5;
|
cfg->outbound_msg_retry = 5;
|
||||||
|
cfg->max_sent_count = 32;
|
||||||
|
cfg->max_query_restarts = 11;
|
||||||
cfg->qname_minimisation = 1;
|
cfg->qname_minimisation = 1;
|
||||||
cfg->qname_minimisation_strict = 0;
|
cfg->qname_minimisation_strict = 0;
|
||||||
cfg->shm_enable = 0;
|
cfg->shm_enable = 0;
|
||||||
@ -516,6 +519,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
else S_YNO("use-syslog:", use_syslog)
|
else S_YNO("use-syslog:", use_syslog)
|
||||||
else S_STR("log-identity:", log_identity)
|
else S_STR("log-identity:", log_identity)
|
||||||
else S_YNO("extended-statistics:", stat_extended)
|
else S_YNO("extended-statistics:", stat_extended)
|
||||||
|
else S_YNO("statistics-inhibit-zero:", stat_inhibit_zero)
|
||||||
else S_YNO("statistics-cumulative:", stat_cumulative)
|
else S_YNO("statistics-cumulative:", stat_cumulative)
|
||||||
else S_YNO("shm-enable:", shm_enable)
|
else S_YNO("shm-enable:", shm_enable)
|
||||||
else S_NUMBER_OR_ZERO("shm-key:", shm_key)
|
else S_NUMBER_OR_ZERO("shm-key:", shm_key)
|
||||||
@ -778,6 +782,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
|
else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
|
||||||
else S_YNO("ratelimit-backoff:", ratelimit_backoff)
|
else S_YNO("ratelimit-backoff:", ratelimit_backoff)
|
||||||
else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
|
else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
|
||||||
|
else S_NUMBER_NONZERO("max-sent-count:", max_sent_count)
|
||||||
|
else S_NUMBER_NONZERO("max-query-restarts:", max_query_restarts)
|
||||||
else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
|
else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
|
||||||
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
|
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
|
||||||
else S_YNO("qname-minimisation:", qname_minimisation)
|
else S_YNO("qname-minimisation:", qname_minimisation)
|
||||||
@ -996,6 +1002,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_DEC(opt, "statistics-interval", stat_interval)
|
else O_DEC(opt, "statistics-interval", stat_interval)
|
||||||
else O_YNO(opt, "statistics-cumulative", stat_cumulative)
|
else O_YNO(opt, "statistics-cumulative", stat_cumulative)
|
||||||
else O_YNO(opt, "extended-statistics", stat_extended)
|
else O_YNO(opt, "extended-statistics", stat_extended)
|
||||||
|
else O_YNO(opt, "statistics-inhibit-zero", stat_inhibit_zero)
|
||||||
else O_YNO(opt, "shm-enable", shm_enable)
|
else O_YNO(opt, "shm-enable", shm_enable)
|
||||||
else O_DEC(opt, "shm-key", shm_key)
|
else O_DEC(opt, "shm-key", shm_key)
|
||||||
else O_YNO(opt, "use-syslog", use_syslog)
|
else O_YNO(opt, "use-syslog", use_syslog)
|
||||||
@ -1238,6 +1245,8 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
|
else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
|
||||||
else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
|
else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
|
||||||
else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
|
else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
|
||||||
|
else O_UNS(opt, "max-sent-count", max_sent_count)
|
||||||
|
else O_UNS(opt, "max-query-restarts", max_query_restarts)
|
||||||
else O_DEC(opt, "fast-server-num", fast_server_num)
|
else O_DEC(opt, "fast-server-num", fast_server_num)
|
||||||
else O_DEC(opt, "fast-server-permil", fast_server_permil)
|
else O_DEC(opt, "fast-server-permil", fast_server_permil)
|
||||||
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
|
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
|
||||||
|
@ -76,6 +76,8 @@ struct config_file {
|
|||||||
int stat_cumulative;
|
int stat_cumulative;
|
||||||
/** if true, the statistics are kept in greater detail */
|
/** if true, the statistics are kept in greater detail */
|
||||||
int stat_extended;
|
int stat_extended;
|
||||||
|
/** if true, inhibits a lot of =0 lines from the extended stats output */
|
||||||
|
int stat_inhibit_zero;
|
||||||
|
|
||||||
/** number of threads to create */
|
/** number of threads to create */
|
||||||
int num_threads;
|
int num_threads;
|
||||||
@ -608,6 +610,11 @@ struct config_file {
|
|||||||
|
|
||||||
/** number of retries on outgoing queries */
|
/** number of retries on outgoing queries */
|
||||||
int outbound_msg_retry;
|
int outbound_msg_retry;
|
||||||
|
/** max sent queries per qstate; resets on query restarts (e.g.,
|
||||||
|
* CNAMES) and referrals */
|
||||||
|
int max_sent_count;
|
||||||
|
/** max number of query restarts; determines max length of CNAME chain */
|
||||||
|
int max_query_restarts;
|
||||||
/** minimise outgoing QNAME and hide original QTYPE if possible */
|
/** minimise outgoing QNAME and hide original QTYPE if possible */
|
||||||
int qname_minimisation;
|
int qname_minimisation;
|
||||||
/** minimise QNAME in strict mode, minimise according to RFC.
|
/** minimise QNAME in strict mode, minimise according to RFC.
|
||||||
|
@ -439,6 +439,7 @@ insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) }
|
|||||||
statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
|
statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
|
||||||
statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
|
statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
|
||||||
extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
|
extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
|
||||||
|
statistics-inhibit-zero{COLON} { YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) }
|
||||||
shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) }
|
shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) }
|
||||||
shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) }
|
shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) }
|
||||||
remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) }
|
remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) }
|
||||||
@ -515,6 +516,8 @@ ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }
|
|||||||
ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
|
ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
|
||||||
ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
|
ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
|
||||||
outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
|
outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
|
||||||
|
max-sent-count{COLON} { YDVAR(1, VAR_MAX_SENT_COUNT) }
|
||||||
|
max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) }
|
||||||
low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) }
|
low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) }
|
||||||
fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) }
|
fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) }
|
||||||
low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
|
low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
|
||||||
|
@ -140,7 +140,7 @@ extern struct config_parser_state* cfg_parser;
|
|||||||
%token VAR_DISABLE_DNSSEC_LAME_CHECK
|
%token VAR_DISABLE_DNSSEC_LAME_CHECK
|
||||||
%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
|
%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
|
||||||
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
|
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
|
||||||
%token VAR_OUTBOUND_MSG_RETRY
|
%token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
|
||||||
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
|
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
|
||||||
%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
|
%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
|
||||||
%token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
|
%token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
|
||||||
@ -193,7 +193,7 @@ extern struct config_parser_state* cfg_parser;
|
|||||||
%token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
|
%token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
|
||||||
%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
|
%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
|
||||||
%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
|
%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
|
||||||
%token VAR_PROXY_PROTOCOL_PORT
|
%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
|
||||||
|
|
||||||
%%
|
%%
|
||||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||||
@ -282,6 +282,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||||||
server_ratelimit_below_domain | server_ratelimit_factor |
|
server_ratelimit_below_domain | server_ratelimit_factor |
|
||||||
server_ip_ratelimit_factor | server_ratelimit_backoff |
|
server_ip_ratelimit_factor | server_ratelimit_backoff |
|
||||||
server_ip_ratelimit_backoff | server_outbound_msg_retry |
|
server_ip_ratelimit_backoff | server_outbound_msg_retry |
|
||||||
|
server_max_sent_count | server_max_query_restarts |
|
||||||
server_send_client_subnet | server_client_subnet_zone |
|
server_send_client_subnet | server_client_subnet_zone |
|
||||||
server_client_subnet_always_forward | server_client_subnet_opcode |
|
server_client_subnet_always_forward | server_client_subnet_opcode |
|
||||||
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
|
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
|
||||||
@ -322,7 +323,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||||||
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
|
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
|
||||||
server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
|
server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
|
||||||
server_interface_automatic_ports | server_ede |
|
server_interface_automatic_ports | server_ede |
|
||||||
server_proxy_protocol_port
|
server_proxy_protocol_port | server_statistics_inhibit_zero
|
||||||
;
|
;
|
||||||
stubstart: VAR_STUB_ZONE
|
stubstart: VAR_STUB_ZONE
|
||||||
{
|
{
|
||||||
@ -554,6 +555,15 @@ server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
|
|||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
|
||||||
|
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||||
|
yyerror("expected yes or no.");
|
||||||
|
else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_shm_enable: VAR_SHM_ENABLE STRING_ARG
|
server_shm_enable: VAR_SHM_ENABLE STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(server_shm_enable:%s)\n", $2));
|
OUTYY(("P(server_shm_enable:%s)\n", $2));
|
||||||
@ -2636,6 +2646,24 @@ server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
|
|||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_max_sent_count:%s)\n", $2));
|
||||||
|
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||||
|
yyerror("number expected");
|
||||||
|
else cfg_parser->cfg->max_sent_count = atoi($2);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
|
server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_max_query_restarts:%s)\n", $2));
|
||||||
|
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||||
|
yyerror("number expected");
|
||||||
|
else cfg_parser->cfg->max_query_restarts = atoi($2);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_low_rtt: VAR_LOW_RTT STRING_ARG
|
server_low_rtt: VAR_LOW_RTT STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
|
OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
|
||||||
|
@ -4840,6 +4840,7 @@
|
|||||||
8403,
|
8403,
|
||||||
8416,
|
8416,
|
||||||
8417,
|
8417,
|
||||||
|
8433,
|
||||||
8442,
|
8442,
|
||||||
8443,
|
8443,
|
||||||
8444,
|
8444,
|
||||||
|
@ -810,7 +810,7 @@ static int consume_pp2_header(struct sldns_buffer* buf, struct comm_reply* rep,
|
|||||||
/* We are reading a whole packet;
|
/* We are reading a whole packet;
|
||||||
* Move the rest of the data to overwrite the PROXYv2 header */
|
* Move the rest of the data to overwrite the PROXYv2 header */
|
||||||
/* XXX can we do better to avoid memmove? */
|
/* XXX can we do better to avoid memmove? */
|
||||||
memmove(header, ((void*)header)+size,
|
memmove(header, ((char*)header)+size,
|
||||||
sldns_buffer_limit(buf)-size);
|
sldns_buffer_limit(buf)-size);
|
||||||
sldns_buffer_set_limit(buf, sldns_buffer_limit(buf)-size);
|
sldns_buffer_set_limit(buf, sldns_buffer_limit(buf)-size);
|
||||||
}
|
}
|
||||||
@ -2545,8 +2545,9 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** read again to drain buffers when there could be more to read */
|
/** read again to drain buffers when there could be more to read, returns 0
|
||||||
static void
|
* on failure which means the comm point is closed. */
|
||||||
|
static int
|
||||||
tcp_req_info_read_again(int fd, struct comm_point* c)
|
tcp_req_info_read_again(int fd, struct comm_point* c)
|
||||||
{
|
{
|
||||||
while(c->tcp_req_info->read_again) {
|
while(c->tcp_req_info->read_again) {
|
||||||
@ -2563,9 +2564,10 @@ tcp_req_info_read_again(int fd, struct comm_point* c)
|
|||||||
(void)(*c->callback)(c, c->cb_arg,
|
(void)(*c->callback)(c, c->cb_arg,
|
||||||
NETEVENT_CLOSED, NULL);
|
NETEVENT_CLOSED, NULL);
|
||||||
}
|
}
|
||||||
return;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** read again to drain buffers when there could be more to read */
|
/** read again to drain buffers when there could be more to read */
|
||||||
@ -2623,6 +2625,9 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||||||
log_assert(c->type == comm_tcp);
|
log_assert(c->type == comm_tcp);
|
||||||
ub_comm_base_now(c->ev->base);
|
ub_comm_base_now(c->ev->base);
|
||||||
|
|
||||||
|
if(c->fd == -1 || c->fd != fd)
|
||||||
|
return; /* duplicate event, but commpoint closed. */
|
||||||
|
|
||||||
#ifdef USE_DNSCRYPT
|
#ifdef USE_DNSCRYPT
|
||||||
/* Initialize if this is a dnscrypt socket */
|
/* Initialize if this is a dnscrypt socket */
|
||||||
if(c->tcp_parent) {
|
if(c->tcp_parent) {
|
||||||
@ -2671,8 +2676,10 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
|
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) {
|
||||||
tcp_req_info_read_again(fd, c);
|
if(!tcp_req_info_read_again(fd, c))
|
||||||
|
return;
|
||||||
|
}
|
||||||
if(moreread && *moreread)
|
if(moreread && *moreread)
|
||||||
tcp_more_read_again(fd, c);
|
tcp_more_read_again(fd, c);
|
||||||
return;
|
return;
|
||||||
@ -2690,8 +2697,10 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
|
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) {
|
||||||
tcp_req_info_read_again(fd, c);
|
if(!tcp_req_info_read_again(fd, c))
|
||||||
|
return;
|
||||||
|
}
|
||||||
if(morewrite && *morewrite)
|
if(morewrite && *morewrite)
|
||||||
tcp_more_write_again(fd, c);
|
tcp_more_write_again(fd, c);
|
||||||
return;
|
return;
|
||||||
@ -4488,6 +4497,11 @@ comm_point_close(struct comm_point* c)
|
|||||||
tcp_req_info_clear(c->tcp_req_info);
|
tcp_req_info_clear(c->tcp_req_info);
|
||||||
if(c->h2_session)
|
if(c->h2_session)
|
||||||
http2_session_server_delete(c->h2_session);
|
http2_session_server_delete(c->h2_session);
|
||||||
|
/* stop the comm point from reading or writing after it is closed. */
|
||||||
|
if(c->tcp_more_read_again && *c->tcp_more_read_again)
|
||||||
|
*c->tcp_more_read_again = 0;
|
||||||
|
if(c->tcp_more_write_again && *c->tcp_more_write_again)
|
||||||
|
*c->tcp_more_write_again = 0;
|
||||||
|
|
||||||
/* close fd after removing from event lists, or epoll.. is messed up */
|
/* close fd after removing from event lists, or epoll.. is messed up */
|
||||||
if(c->fd != -1 && !c->do_not_close) {
|
if(c->fd != -1 && !c->do_not_close) {
|
||||||
|
@ -45,6 +45,9 @@
|
|||||||
#include "util/netevent.h"
|
#include "util/netevent.h"
|
||||||
#include "util/fptr_wlist.h"
|
#include "util/fptr_wlist.h"
|
||||||
#include "util/ub_event.h"
|
#include "util/ub_event.h"
|
||||||
|
#ifdef HAVE_POLL_H
|
||||||
|
#include <poll.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef USE_WINSOCK
|
#ifndef USE_WINSOCK
|
||||||
/* on unix */
|
/* on unix */
|
||||||
@ -396,20 +399,28 @@ int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** perform a select() on the fd */
|
/** perform poll() on the fd */
|
||||||
static int
|
static int
|
||||||
pollit(int fd, struct timeval* t)
|
pollit(int fd, struct timeval* t)
|
||||||
{
|
{
|
||||||
fd_set r;
|
struct pollfd fds;
|
||||||
|
int pret;
|
||||||
|
int msec = -1;
|
||||||
|
memset(&fds, 0, sizeof(fds));
|
||||||
|
fds.fd = fd;
|
||||||
|
fds.events = POLLIN | POLLERR | POLLHUP;
|
||||||
#ifndef S_SPLINT_S
|
#ifndef S_SPLINT_S
|
||||||
FD_ZERO(&r);
|
if(t)
|
||||||
FD_SET(FD_SET_T fd, &r);
|
msec = t->tv_sec*1000 + t->tv_usec/1000;
|
||||||
#endif
|
#endif
|
||||||
if(select(fd+1, &r, NULL, NULL, t) == -1) {
|
|
||||||
|
pret = poll(&fds, 1, msec);
|
||||||
|
|
||||||
|
if(pret == -1)
|
||||||
|
return 0;
|
||||||
|
if(pret != 0)
|
||||||
|
return 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
errno = 0;
|
|
||||||
return (int)(FD_ISSET(fd, &r));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int tube_poll(struct tube* tube)
|
int tube_poll(struct tube* tube)
|
||||||
@ -426,24 +437,27 @@ int tube_wait(struct tube* tube)
|
|||||||
|
|
||||||
int tube_wait_timeout(struct tube* tube, int msec)
|
int tube_wait_timeout(struct tube* tube, int msec)
|
||||||
{
|
{
|
||||||
struct timeval t;
|
int ret = 0;
|
||||||
int fd = tube->sr;
|
|
||||||
fd_set r;
|
|
||||||
t.tv_sec = msec/1000;
|
|
||||||
t.tv_usec = (msec%1000)*1000;
|
|
||||||
#ifndef S_SPLINT_S
|
|
||||||
FD_ZERO(&r);
|
|
||||||
FD_SET(FD_SET_T fd, &r);
|
|
||||||
#endif
|
|
||||||
while(1) {
|
while(1) {
|
||||||
if(select(fd+1, &r, NULL, NULL, &t) == -1) {
|
struct pollfd fds;
|
||||||
|
memset(&fds, 0, sizeof(fds));
|
||||||
|
|
||||||
|
fds.fd = tube->sr;
|
||||||
|
fds.events = POLLIN | POLLERR | POLLHUP;
|
||||||
|
ret = poll(&fds, 1, msec);
|
||||||
|
|
||||||
|
if(ret == -1) {
|
||||||
if(errno == EAGAIN || errno == EINTR)
|
if(errno == EAGAIN || errno == EINTR)
|
||||||
continue;
|
continue;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return (int)(FD_ISSET(fd, &r));
|
|
||||||
|
if(ret != 0)
|
||||||
|
return 1;
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tube_read_fd(struct tube* tube)
|
int tube_read_fd(struct tube* tube)
|
||||||
@ -529,6 +543,7 @@ struct tube* tube_create(void)
|
|||||||
if(tube->event == WSA_INVALID_EVENT) {
|
if(tube->event == WSA_INVALID_EVENT) {
|
||||||
free(tube);
|
free(tube);
|
||||||
log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError()));
|
log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError()));
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
if(!WSAResetEvent(tube->event)) {
|
if(!WSAResetEvent(tube->event)) {
|
||||||
log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError()));
|
log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError()));
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
#define CONFCMDLINE "--with-ssl=/usr --with-libexpat=/usr --disable-dnscrypt --disable-dnstap --enable-ecdsa --disable-event-api --enable-gost --with-libevent --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads--prefix=/usr --localstatedir=/var/unbound --mandir=/usr/share/man --build=freebsd"
|
#define CONFCMDLINE "--with-ssl=/usr --with-libexpat=/usr --disable-dnscrypt --disable-dnstap --enable-ecdsa --disable-event-api --enable-gost --with-libevent --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads--prefix=/usr --localstatedir=/var/unbound --mandir=/usr/share/man --build=freebsd"
|
||||||
|
|
||||||
/* Pathname to the Unbound configuration file */
|
/* Pathname to the Unbound configuration file */
|
||||||
#define CONFIGFILE "/var/unbound/unbound.conf"
|
#define CONFIGFILE "/usr/local/etc/unbound/unbound.conf"
|
||||||
|
|
||||||
/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work
|
/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work
|
||||||
*/
|
*/
|
||||||
@ -30,6 +30,12 @@
|
|||||||
/* Whether daemon is deprecated */
|
/* Whether daemon is deprecated */
|
||||||
/* #undef DEPRECATED_DAEMON */
|
/* #undef DEPRECATED_DAEMON */
|
||||||
|
|
||||||
|
/* Deprecate RSA 1024 bit length, makes that an unsupported key */
|
||||||
|
/* #undef DEPRECATE_RSA_1024 */
|
||||||
|
|
||||||
|
/* Deprecate RSA 1024 bit length, makes that an unsupported key */
|
||||||
|
/* #undef DEPRECATE_RSA_1024 */
|
||||||
|
|
||||||
/* Define this to enable kernel based UDP source port randomization. */
|
/* Define this to enable kernel based UDP source port randomization. */
|
||||||
/* #undef DISABLE_EXPLICIT_PORT_RANDOMISATION */
|
/* #undef DISABLE_EXPLICIT_PORT_RANDOMISATION */
|
||||||
|
|
||||||
@ -71,6 +77,12 @@
|
|||||||
/* If we have be64toh */
|
/* If we have be64toh */
|
||||||
/* #undef HAVE_BE64TOH */
|
/* #undef HAVE_BE64TOH */
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `BIO_set_callback_ex' function. */
|
||||||
|
/* #undef HAVE_BIO_SET_CALLBACK_EX */
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `BIO_set_callback_ex' function. */
|
||||||
|
/* #undef HAVE_BIO_SET_CALLBACK_EX */
|
||||||
|
|
||||||
/* Define to 1 if you have the <bsd/stdlib.h> header file. */
|
/* Define to 1 if you have the <bsd/stdlib.h> header file. */
|
||||||
/* #undef HAVE_BSD_STDLIB_H */
|
/* #undef HAVE_BSD_STDLIB_H */
|
||||||
|
|
||||||
@ -105,7 +117,7 @@
|
|||||||
|
|
||||||
/* Define to 1 if you have the declaration of `evsignal_assign', and to 0 if
|
/* Define to 1 if you have the declaration of `evsignal_assign', and to 0 if
|
||||||
you don't. */
|
you don't. */
|
||||||
/* #undef HAVE_DECL_EVSIGNAL_ASSIGN */
|
#define HAVE_DECL_EVSIGNAL_ASSIGN 1
|
||||||
|
|
||||||
/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you
|
/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you
|
||||||
don't. */
|
don't. */
|
||||||
@ -218,6 +230,15 @@
|
|||||||
/* Define to 1 if you have the `EVP_cleanup' function. */
|
/* Define to 1 if you have the `EVP_cleanup' function. */
|
||||||
/* #undef HAVE_EVP_CLEANUP */
|
/* #undef HAVE_EVP_CLEANUP */
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `EVP_default_properties_is_fips_enabled'
|
||||||
|
function. */
|
||||||
|
/* #undef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED */
|
||||||
|
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `EVP_default_properties_is_fips_enabled'
|
||||||
|
function. */
|
||||||
|
/* #undef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED */
|
||||||
|
|
||||||
/* Define to 1 if you have the `EVP_DigestVerify' function. */
|
/* Define to 1 if you have the `EVP_DigestVerify' function. */
|
||||||
#define HAVE_EVP_DIGESTVERIFY 1
|
#define HAVE_EVP_DIGESTVERIFY 1
|
||||||
|
|
||||||
@ -290,6 +311,12 @@
|
|||||||
/* Define to 1 if you have the `getrlimit' function. */
|
/* Define to 1 if you have the `getrlimit' function. */
|
||||||
#define HAVE_GETRLIMIT 1
|
#define HAVE_GETRLIMIT 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `gettid' function. */
|
||||||
|
/* #undef HAVE_GETTID */
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `gettid' function. */
|
||||||
|
/* #undef HAVE_GETTID */
|
||||||
|
|
||||||
/* Define to 1 if you have the `glob' function. */
|
/* Define to 1 if you have the `glob' function. */
|
||||||
#define HAVE_GLOB 1
|
#define HAVE_GLOB 1
|
||||||
|
|
||||||
@ -314,6 +341,12 @@
|
|||||||
/* Define to 1 if you have the <ifaddrs.h> header file. */
|
/* Define to 1 if you have the <ifaddrs.h> header file. */
|
||||||
#define HAVE_IFADDRS_H 1
|
#define HAVE_IFADDRS_H 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `if_nametoindex' function. */
|
||||||
|
#define HAVE_IF_NAMETOINDEX 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `if_nametoindex' function. */
|
||||||
|
#define HAVE_IF_NAMETOINDEX 1
|
||||||
|
|
||||||
/* Define to 1 if you have the `inet_aton' function. */
|
/* Define to 1 if you have the `inet_aton' function. */
|
||||||
#define HAVE_INET_ATON 1
|
#define HAVE_INET_ATON 1
|
||||||
|
|
||||||
@ -362,8 +395,8 @@
|
|||||||
/* Define to 1 if you have the `memmove' function. */
|
/* Define to 1 if you have the `memmove' function. */
|
||||||
#define HAVE_MEMMOVE 1
|
#define HAVE_MEMMOVE 1
|
||||||
|
|
||||||
/* Define to 1 if you have the <memory.h> header file. */
|
/* Define to 1 if you have the <minix/config.h> header file. */
|
||||||
#define HAVE_MEMORY_H 1
|
/* #undef HAVE_MINIX_CONFIG_H */
|
||||||
|
|
||||||
/* Define to 1 if you have the <netdb.h> header file. */
|
/* Define to 1 if you have the <netdb.h> header file. */
|
||||||
#define HAVE_NETDB_H 1
|
#define HAVE_NETDB_H 1
|
||||||
@ -374,6 +407,9 @@
|
|||||||
/* Define to 1 if you have the <netinet/tcp.h> header file. */
|
/* Define to 1 if you have the <netinet/tcp.h> header file. */
|
||||||
#define HAVE_NETINET_TCP_H 1
|
#define HAVE_NETINET_TCP_H 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <netioapi.h> header file. */
|
||||||
|
/* #undef HAVE_NETIOAPI_H */
|
||||||
|
|
||||||
/* Use libnettle for crypto */
|
/* Use libnettle for crypto */
|
||||||
/* #undef HAVE_NETTLE */
|
/* #undef HAVE_NETTLE */
|
||||||
|
|
||||||
@ -428,6 +464,9 @@
|
|||||||
/* Define to 1 if you have the `OPENSSL_init_ssl' function. */
|
/* Define to 1 if you have the `OPENSSL_init_ssl' function. */
|
||||||
#define HAVE_OPENSSL_INIT_SSL 1
|
#define HAVE_OPENSSL_INIT_SSL 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <openssl/param_build.h> header file. */
|
||||||
|
/* #undef HAVE_OPENSSL_PARAM_BUILD_H */
|
||||||
|
|
||||||
/* Define to 1 if you have the <openssl/rand.h> header file. */
|
/* Define to 1 if you have the <openssl/rand.h> header file. */
|
||||||
#define HAVE_OPENSSL_RAND_H 1
|
#define HAVE_OPENSSL_RAND_H 1
|
||||||
|
|
||||||
@ -437,6 +476,15 @@
|
|||||||
/* Define to 1 if you have the <openssl/ssl.h> header file. */
|
/* Define to 1 if you have the <openssl/ssl.h> header file. */
|
||||||
#define HAVE_OPENSSL_SSL_H 1
|
#define HAVE_OPENSSL_SSL_H 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `OSSL_PARAM_BLD_new' function. */
|
||||||
|
/* #undef HAVE_OSSL_PARAM_BLD_NEW */
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `poll' function. */
|
||||||
|
#define HAVE_POLL 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <poll.h> header file. */
|
||||||
|
#define HAVE_POLL_H 1
|
||||||
|
|
||||||
/* Define if you have POSIX threads libraries and header files. */
|
/* Define if you have POSIX threads libraries and header files. */
|
||||||
#define HAVE_PTHREAD 1
|
#define HAVE_PTHREAD 1
|
||||||
|
|
||||||
@ -518,6 +566,9 @@
|
|||||||
/* Define if you have the SSL libraries installed. */
|
/* Define if you have the SSL libraries installed. */
|
||||||
#define HAVE_SSL /**/
|
#define HAVE_SSL /**/
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `SSL_CTX_set_alpn_protos' function. */
|
||||||
|
#define HAVE_SSL_CTX_SET_ALPN_PROTOS 1
|
||||||
|
|
||||||
/* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */
|
/* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */
|
||||||
#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB 1
|
#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB 1
|
||||||
|
|
||||||
@ -531,9 +582,15 @@
|
|||||||
function. */
|
function. */
|
||||||
/* #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB */
|
/* #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB */
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `SSL_get0_alpn_selected' function. */
|
||||||
|
#define HAVE_SSL_GET0_ALPN_SELECTED 1
|
||||||
|
|
||||||
/* Define to 1 if you have the `SSL_get0_peername' function. */
|
/* Define to 1 if you have the `SSL_get0_peername' function. */
|
||||||
#define HAVE_SSL_GET0_PEERNAME 1
|
#define HAVE_SSL_GET0_PEERNAME 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `SSL_get1_peer_certificate' function. */
|
||||||
|
/* #undef HAVE_SSL_GET1_PEER_CERTIFICATE */
|
||||||
|
|
||||||
/* Define to 1 if you have the `SSL_set1_host' function. */
|
/* Define to 1 if you have the `SSL_set1_host' function. */
|
||||||
#define HAVE_SSL_SET1_HOST 1
|
#define HAVE_SSL_SET1_HOST 1
|
||||||
|
|
||||||
@ -546,6 +603,9 @@
|
|||||||
/* Define to 1 if you have the <stdint.h> header file. */
|
/* Define to 1 if you have the <stdint.h> header file. */
|
||||||
#define HAVE_STDINT_H 1
|
#define HAVE_STDINT_H 1
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <stdio.h> header file. */
|
||||||
|
#define HAVE_STDIO_H 1
|
||||||
|
|
||||||
/* Define to 1 if you have the <stdlib.h> header file. */
|
/* Define to 1 if you have the <stdlib.h> header file. */
|
||||||
#define HAVE_STDLIB_H 1
|
#define HAVE_STDLIB_H 1
|
||||||
|
|
||||||
@ -648,6 +708,9 @@
|
|||||||
/* Define to 1 if you have the <vfork.h> header file. */
|
/* Define to 1 if you have the <vfork.h> header file. */
|
||||||
/* #undef HAVE_VFORK_H */
|
/* #undef HAVE_VFORK_H */
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <wchar.h> header file. */
|
||||||
|
#define HAVE_WCHAR_H 1
|
||||||
|
|
||||||
/* Define to 1 if you have the <windows.h> header file. */
|
/* Define to 1 if you have the <windows.h> header file. */
|
||||||
/* #undef HAVE_WINDOWS_H */
|
/* #undef HAVE_WINDOWS_H */
|
||||||
|
|
||||||
@ -731,7 +794,7 @@
|
|||||||
#define PACKAGE_NAME "unbound"
|
#define PACKAGE_NAME "unbound"
|
||||||
|
|
||||||
/* Define to the full name and version of this package. */
|
/* Define to the full name and version of this package. */
|
||||||
#define PACKAGE_STRING "unbound 1.17.0"
|
#define PACKAGE_STRING "unbound 1.17.1"
|
||||||
|
|
||||||
/* Define to the one symbol short name of this package. */
|
/* Define to the one symbol short name of this package. */
|
||||||
#define PACKAGE_TARNAME "unbound"
|
#define PACKAGE_TARNAME "unbound"
|
||||||
@ -740,7 +803,7 @@
|
|||||||
#define PACKAGE_URL ""
|
#define PACKAGE_URL ""
|
||||||
|
|
||||||
/* Define to the version of this package. */
|
/* Define to the version of this package. */
|
||||||
#define PACKAGE_VERSION "1.17.0"
|
#define PACKAGE_VERSION "1.17.1"
|
||||||
|
|
||||||
/* default pidfile location */
|
/* default pidfile location */
|
||||||
#define PIDFILE "/var/unbound/unbound.pid"
|
#define PIDFILE "/var/unbound/unbound.pid"
|
||||||
@ -749,7 +812,8 @@
|
|||||||
your system. */
|
your system. */
|
||||||
/* #undef PTHREAD_CREATE_JOINABLE */
|
/* #undef PTHREAD_CREATE_JOINABLE */
|
||||||
|
|
||||||
/* Define as the return type of signal handlers (`int' or `void'). */
|
/* Return type of signal handlers, but autoconf 2.70 says 'your code may
|
||||||
|
safely assume C89 semantics that RETSIGTYPE is void.' */
|
||||||
#define RETSIGTYPE void
|
#define RETSIGTYPE void
|
||||||
|
|
||||||
/* if REUSEPORT is enabled by default */
|
/* if REUSEPORT is enabled by default */
|
||||||
@ -762,7 +826,7 @@
|
|||||||
#define ROOT_CERT_FILE "/var/unbound/icannbundle.pem"
|
#define ROOT_CERT_FILE "/var/unbound/icannbundle.pem"
|
||||||
|
|
||||||
/* version number for resource files */
|
/* version number for resource files */
|
||||||
#define RSRC_PACKAGE_VERSION 1,17,0,0
|
#define RSRC_PACKAGE_VERSION 1,17,1,0
|
||||||
|
|
||||||
/* Directory to chdir to */
|
/* Directory to chdir to */
|
||||||
#define RUN_DIR "/var/unbound"
|
#define RUN_DIR "/var/unbound"
|
||||||
@ -770,11 +834,17 @@
|
|||||||
/* Shared data */
|
/* Shared data */
|
||||||
#define SHARE_DIR "/var/unbound"
|
#define SHARE_DIR "/var/unbound"
|
||||||
|
|
||||||
/* The size of `size_t'. */
|
|
||||||
#ifdef __LP64__
|
#ifdef __LP64__
|
||||||
|
/* The size of `size_t', as computed by sizeof. */
|
||||||
#define SIZEOF_SIZE_T 8
|
#define SIZEOF_SIZE_T 8
|
||||||
|
/* The size of `size_t'. */
|
||||||
|
/* The size of `pthread_t', as computed by sizeof. */
|
||||||
|
#define SIZEOF_PTHREAD_T 8
|
||||||
#else
|
#else
|
||||||
#define SIZEOF_SIZE_T 4
|
#define SIZEOF_SIZE_T 4
|
||||||
|
/* The size of `size_t'. */
|
||||||
|
/* The size of `pthread_t', as computed by sizeof. */
|
||||||
|
#define SIZEOF_PTHREAD_T 4
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* The size of `time_t', as computed by sizeof. */
|
/* The size of `time_t', as computed by sizeof. */
|
||||||
@ -784,13 +854,22 @@
|
|||||||
#define SIZEOF_TIME_T 8
|
#define SIZEOF_TIME_T 8
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* The size of `unsigned long', as computed by sizeof. */
|
||||||
|
#ifdef __LP64__
|
||||||
|
#define SIZEOF_UNSIGNED_LONG 8
|
||||||
|
#else
|
||||||
|
#define SIZEOF_UNSIGNED_LONG 4
|
||||||
|
#endif
|
||||||
|
|
||||||
/* define if (v)snprintf does not return length needed, (but length used) */
|
/* define if (v)snprintf does not return length needed, (but length used) */
|
||||||
/* #undef SNPRINTF_RET_BROKEN */
|
/* #undef SNPRINTF_RET_BROKEN */
|
||||||
|
|
||||||
/* Define to 1 if libsodium supports sodium_set_misuse_handler */
|
/* Define to 1 if libsodium supports sodium_set_misuse_handler */
|
||||||
/* #undef SODIUM_MISUSE_HANDLER */
|
/* #undef SODIUM_MISUSE_HANDLER */
|
||||||
|
|
||||||
/* Define to 1 if you have the ANSI C header files. */
|
/* Define to 1 if all of the C90 standard headers exist (not just the ones
|
||||||
|
required in a freestanding environment). This macro is provided for
|
||||||
|
backward compatibility; new code need not use it. */
|
||||||
#define STDC_HEADERS 1
|
#define STDC_HEADERS 1
|
||||||
|
|
||||||
/* use default strptime. */
|
/* use default strptime. */
|
||||||
@ -856,6 +935,14 @@
|
|||||||
/* Define if you enable libevent */
|
/* Define if you enable libevent */
|
||||||
#define USE_LIBEVENT 1
|
#define USE_LIBEVENT 1
|
||||||
|
|
||||||
|
/* Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a
|
||||||
|
default outgoing port range. This is only for the libunbound on Linux and
|
||||||
|
does not affect unbound resolving daemon itself. This may severely limit
|
||||||
|
the number of available outgoing ports and thus decrease randomness. Define
|
||||||
|
this only when the target system restricts (e.g. some of SELinux enabled
|
||||||
|
distributions) the use of non-ephemeral ports. */
|
||||||
|
/* #undef USE_LINUX_IP_LOCAL_PORT_RANGE */
|
||||||
|
|
||||||
/* Define if you want to use internal select based events */
|
/* Define if you want to use internal select based events */
|
||||||
#define USE_MINI_EVENT 1
|
#define USE_MINI_EVENT 1
|
||||||
|
|
||||||
@ -878,21 +965,87 @@
|
|||||||
#ifndef _ALL_SOURCE
|
#ifndef _ALL_SOURCE
|
||||||
# define _ALL_SOURCE 1
|
# define _ALL_SOURCE 1
|
||||||
#endif
|
#endif
|
||||||
|
/* Enable general extensions on macOS. */
|
||||||
|
#ifndef _DARWIN_C_SOURCE
|
||||||
|
# define _DARWIN_C_SOURCE 1
|
||||||
|
#endif
|
||||||
|
/* Enable general extensions on Solaris. */
|
||||||
|
#ifndef __EXTENSIONS__
|
||||||
|
# define __EXTENSIONS__ 1
|
||||||
|
#endif
|
||||||
/* Enable GNU extensions on systems that have them. */
|
/* Enable GNU extensions on systems that have them. */
|
||||||
#ifndef _GNU_SOURCE
|
#ifndef _GNU_SOURCE
|
||||||
# define _GNU_SOURCE 1
|
# define _GNU_SOURCE 1
|
||||||
#endif
|
#endif
|
||||||
/* Enable threading extensions on Solaris. */
|
/* Enable X/Open compliant socket functions that do not require linking
|
||||||
|
with -lxnet on HP-UX 11.11. */
|
||||||
|
#ifndef _HPUX_ALT_XOPEN_SOCKET_API
|
||||||
|
# define _HPUX_ALT_XOPEN_SOCKET_API 1
|
||||||
|
#endif
|
||||||
|
/* Identify the host operating system as Minix.
|
||||||
|
This macro does not affect the system headers' behavior.
|
||||||
|
A future release of Autoconf may stop defining this macro. */
|
||||||
|
#ifndef _MINIX
|
||||||
|
/* # undef _MINIX */
|
||||||
|
#endif
|
||||||
|
/* Enable general extensions on NetBSD.
|
||||||
|
Enable NetBSD compatibility extensions on Minix. */
|
||||||
|
#ifndef _NETBSD_SOURCE
|
||||||
|
# define _NETBSD_SOURCE 1
|
||||||
|
#endif
|
||||||
|
/* Enable OpenBSD compatibility extensions on NetBSD.
|
||||||
|
Oddly enough, this does nothing on OpenBSD. */
|
||||||
|
#ifndef _OPENBSD_SOURCE
|
||||||
|
# define _OPENBSD_SOURCE 1
|
||||||
|
#endif
|
||||||
|
/* Define to 1 if needed for POSIX-compatible behavior. */
|
||||||
|
#ifndef _POSIX_SOURCE
|
||||||
|
/* # undef _POSIX_SOURCE */
|
||||||
|
#endif
|
||||||
|
/* Define to 2 if needed for POSIX-compatible behavior. */
|
||||||
|
#ifndef _POSIX_1_SOURCE
|
||||||
|
/* # undef _POSIX_1_SOURCE */
|
||||||
|
#endif
|
||||||
|
/* Enable POSIX-compatible threading on Solaris. */
|
||||||
#ifndef _POSIX_PTHREAD_SEMANTICS
|
#ifndef _POSIX_PTHREAD_SEMANTICS
|
||||||
# define _POSIX_PTHREAD_SEMANTICS 1
|
# define _POSIX_PTHREAD_SEMANTICS 1
|
||||||
#endif
|
#endif
|
||||||
|
/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */
|
||||||
|
#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
|
||||||
|
# define __STDC_WANT_IEC_60559_ATTRIBS_EXT__ 1
|
||||||
|
#endif
|
||||||
|
/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */
|
||||||
|
#ifndef __STDC_WANT_IEC_60559_BFP_EXT__
|
||||||
|
# define __STDC_WANT_IEC_60559_BFP_EXT__ 1
|
||||||
|
#endif
|
||||||
|
/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */
|
||||||
|
#ifndef __STDC_WANT_IEC_60559_DFP_EXT__
|
||||||
|
# define __STDC_WANT_IEC_60559_DFP_EXT__ 1
|
||||||
|
#endif
|
||||||
|
/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */
|
||||||
|
#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__
|
||||||
|
# define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1
|
||||||
|
#endif
|
||||||
|
/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */
|
||||||
|
#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__
|
||||||
|
# define __STDC_WANT_IEC_60559_TYPES_EXT__ 1
|
||||||
|
#endif
|
||||||
|
/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */
|
||||||
|
#ifndef __STDC_WANT_LIB_EXT2__
|
||||||
|
# define __STDC_WANT_LIB_EXT2__ 1
|
||||||
|
#endif
|
||||||
|
/* Enable extensions specified by ISO/IEC 24747:2009. */
|
||||||
|
#ifndef __STDC_WANT_MATH_SPEC_FUNCS__
|
||||||
|
# define __STDC_WANT_MATH_SPEC_FUNCS__ 1
|
||||||
|
#endif
|
||||||
/* Enable extensions on HP NonStop. */
|
/* Enable extensions on HP NonStop. */
|
||||||
#ifndef _TANDEM_SOURCE
|
#ifndef _TANDEM_SOURCE
|
||||||
# define _TANDEM_SOURCE 1
|
# define _TANDEM_SOURCE 1
|
||||||
#endif
|
#endif
|
||||||
/* Enable general extensions on Solaris. */
|
/* Enable X/Open extensions. Define to 500 only if necessary
|
||||||
#ifndef __EXTENSIONS__
|
to make mbstate_t available. */
|
||||||
# define __EXTENSIONS__ 1
|
#ifndef _XOPEN_SOURCE
|
||||||
|
/* # undef _XOPEN_SOURCE */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
@ -918,11 +1071,6 @@
|
|||||||
`char[]'. */
|
`char[]'. */
|
||||||
#define YYTEXT_POINTER 1
|
#define YYTEXT_POINTER 1
|
||||||
|
|
||||||
/* Enable large inode numbers on Mac OS X 10.5. */
|
|
||||||
#ifndef _DARWIN_USE_64_BIT_INODE
|
|
||||||
# define _DARWIN_USE_64_BIT_INODE 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Number of bits in a file offset, on hosts where this is settable. */
|
/* Number of bits in a file offset, on hosts where this is settable. */
|
||||||
/* #undef _FILE_OFFSET_BITS */
|
/* #undef _FILE_OFFSET_BITS */
|
||||||
|
|
||||||
@ -932,18 +1080,12 @@
|
|||||||
/* Define for large files, on AIX-style hosts. */
|
/* Define for large files, on AIX-style hosts. */
|
||||||
/* #undef _LARGE_FILES */
|
/* #undef _LARGE_FILES */
|
||||||
|
|
||||||
/* Define to 1 if on MINIX. */
|
|
||||||
/* #undef _MINIX */
|
|
||||||
|
|
||||||
/* Enable for compile on Minix */
|
/* Enable for compile on Minix */
|
||||||
/* #undef _NETBSD_SOURCE */
|
#define _NETBSD_SOURCE 1
|
||||||
|
|
||||||
/* Define to 2 if the system does not provide POSIX.1 features except with
|
/* defined to use gcc ansi snprintf and sscanf that understands %lld when
|
||||||
this defined. */
|
compiled for windows. */
|
||||||
/* #undef _POSIX_1_SOURCE */
|
/* #undef __USE_MINGW_ANSI_STDIO */
|
||||||
|
|
||||||
/* Define to 1 if you need to in order for `stat' and other things to work. */
|
|
||||||
/* #undef _POSIX_SOURCE */
|
|
||||||
|
|
||||||
/* Define to empty if `const' does not conform to ANSI C. */
|
/* Define to empty if `const' does not conform to ANSI C. */
|
||||||
/* #undef const */
|
/* #undef const */
|
||||||
@ -981,7 +1123,7 @@
|
|||||||
/* Define to `long int' if <sys/types.h> does not define. */
|
/* Define to `long int' if <sys/types.h> does not define. */
|
||||||
/* #undef off_t */
|
/* #undef off_t */
|
||||||
|
|
||||||
/* Define to `int' if <sys/types.h> does not define. */
|
/* Define as a signed integer type capable of holding a process identifier. */
|
||||||
/* #undef pid_t */
|
/* #undef pid_t */
|
||||||
|
|
||||||
/* Define to 'int' if not defined */
|
/* Define to 'int' if not defined */
|
||||||
@ -1124,7 +1266,7 @@
|
|||||||
#include <ws2tcpip.h>
|
#include <ws2tcpip.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef USE_WINSOCK
|
#if !defined(USE_WINSOCK) || !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) || defined(__USE_MINGW_ANSI_STDIO)
|
||||||
#define ARG_LL "%ll"
|
#define ARG_LL "%ll"
|
||||||
#else
|
#else
|
||||||
#define ARG_LL "%I64"
|
#define ARG_LL "%I64"
|
||||||
|
Loading…
Reference in New Issue
Block a user