d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of Unbound 1.7.2.

Browse Source
This commit is contained in:
des 2018-09-10 16:30:18 +00:00
parent 3bddc2e691
commit e6e29960e0
265 changed files with 4332 additions and 3551 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile.in
View File

@ -327,7 +327,7 @@ unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS)
unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(LIBS)
$(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS)
unbound-anchor$(EXEEXT): $(UBANCHOR_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(UBANCHOR_OBJ_LINK) -L. -L.libs -lunbound -lexpat $(SSLLIB) $(LIBS)
@ -360,7 +360,7 @@ memstats$(EXEEXT): $(MEMSTATS_OBJ_LINK)
$(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS)
asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) $(LIBS) -L. -L.libs -lunbound
$(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS)
streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK)
$(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS)
@ -1463,7 +1463,7 @@ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h
$(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h
w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
$(srcdir)/winrc/w_inst.h

73
compat/arc4random.c
View File

@ -71,6 +71,72 @@ static struct {
static inline void _rs_rekey(u_char *dat, size_t datlen);
/*
* Basic sanity checking; wish we could do better.
*/
static int
fallback_gotdata(char *buf, size_t len)
{
char any_set = 0;
size_t i;
for (i = 0; i < len; ++i)
any_set |= buf[i];
if (any_set == 0)
return -1;
return 0;
}
/* fallback for getentropy in case libc returns failure */
static int
fallback_getentropy_urandom(void *buf, size_t len)
{
size_t i;
int fd, flags;
int save_errno = errno;
start:
flags = O_RDONLY;
#ifdef O_NOFOLLOW
flags |= O_NOFOLLOW;
#endif
#ifdef O_CLOEXEC
flags |= O_CLOEXEC;
#endif
fd = open("/dev/urandom", flags, 0);
if (fd == -1) {
if (errno == EINTR)
goto start;
goto nodevrandom;
}
#ifndef O_CLOEXEC
# ifdef HAVE_FCNTL
fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
# endif
#endif
for (i = 0; i < len; ) {
size_t wanted = len - i;
ssize_t ret = read(fd, (char*)buf + i, wanted);
if (ret == -1) {
if (errno == EAGAIN || errno == EINTR)
continue;
close(fd);
goto nodevrandom;
}
i += ret;
}
close(fd);
if (fallback_gotdata(buf, len) == 0) {
errno = save_errno;
return 0; /* satisfied */
}
nodevrandom:
errno = EIO;
return -1;
}
static inline void
_rs_init(u_char *buf, size_t n)
{
@ -114,11 +180,14 @@ _rs_stir(void)
u_char rnd[KEYSZ + IVSZ];
if (getentropy(rnd, sizeof rnd) == -1) {
if(errno != ENOSYS ||
fallback_getentropy_urandom(rnd, sizeof rnd) == -1) {
#ifdef SIGKILL
raise(SIGKILL);
raise(SIGKILL);
#else
exit(9); /* windows */
exit(9); /* windows */
#endif
}
}
if (!rs)

3
config.h.in
View File

@ -30,6 +30,9 @@
internal symbols */
#undef EXPORT_ALL_SYMBOLS
/* Define to 1 if you have the `accept4' function. */
#undef HAVE_ACCEPT4
/* Define to 1 if you have the `arc4random' function. */
#undef HAVE_ARC4RANDOM

31
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.7.1.
# Generated by GNU Autoconf 2.69 for unbound 1.7.2.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.7.1'
PACKAGE_STRING='unbound 1.7.1'
PACKAGE_VERSION='1.7.2'
PACKAGE_STRING='unbound 1.7.2'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
PACKAGE_URL=''
@ -1440,7 +1440,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.7.1 to adapt to many kinds of systems.
\`configure' configures unbound 1.7.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1505,7 +1505,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.7.1:";;
short | recursive ) echo "Configuration of unbound 1.7.2:";;
esac
cat <<\_ACEOF
@ -1722,7 +1722,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.7.1
unbound configure 1.7.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2431,7 +2431,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.7.1, which was
It was created by unbound $as_me 1.7.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2783,11 +2783,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=7
UNBOUND_VERSION_MICRO=1
UNBOUND_VERSION_MICRO=2
LIBUNBOUND_CURRENT=7
LIBUNBOUND_REVISION=9
LIBUNBOUND_REVISION=10
LIBUNBOUND_AGE=5
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -2848,6 +2848,7 @@ LIBUNBOUND_AGE=5
# 1.6.8 had 7:7:5
# 1.7.0 had 7:8:5
# 1.7.1 had 7:9:5
# 1.7.2 had 7:10:5
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -19467,7 +19468,7 @@ else
WINDRES="$ac_cv_prog_WINDRES"
fi
LIBS="$LIBS -liphlpapi"
LIBS="$LIBS -liphlpapi -lcrypt32"
WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe"
WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c"
@ -19701,7 +19702,7 @@ if test "$ac_res" != no; then :
fi
for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget
for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -20854,6 +20855,8 @@ if test "${enable_cachedb+set}" = set; then :
enableval=$enable_cachedb;
fi
# turn on cachedb when hiredis support is enabled.
if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi
case "$enable_cachedb" in
yes)
@ -21041,7 +21044,7 @@ _ACEOF
version=1.7.1
version=1.7.2
date=`date +'%b %e, %Y'`
@ -21560,7 +21563,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.7.1, which was
This file was extended by unbound $as_me 1.7.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -21626,7 +21629,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.7.1
unbound config.status 1.7.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

11
configure.ac
View File

@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[7])
m4_define([VERSION_MICRO],[1])
m4_define([VERSION_MICRO],[2])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=7
LIBUNBOUND_REVISION=9
LIBUNBOUND_REVISION=10
LIBUNBOUND_AGE=5
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -79,6 +79,7 @@ LIBUNBOUND_AGE=5
# 1.6.8 had 7:7:5
# 1.7.0 had 7:8:5
# 1.7.1 had 7:9:5
# 1.7.2 had 7:10:5
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -1245,7 +1246,7 @@ if test "$USE_WINSOCK" = 1; then
#include <windows.h>
])
AC_CHECK_TOOL(WINDRES, windres)
LIBS="$LIBS -liphlpapi"
LIBS="$LIBS -liphlpapi -lcrypt32"
WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe"
AC_SUBST(WINAPPS)
WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c"
@ -1318,7 +1319,7 @@ AC_INCLUDES_DEFAULT
#endif
])
AC_SEARCH_LIBS([setusercontext], [util])
AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget])
AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4])
AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
@ -1488,6 +1489,8 @@ dnsc_DNSCRYPT([
# check for cachedb if requested
AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage]))
# turn on cachedb when hiredis support is enabled.
if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi
case "$enable_cachedb" in
yes)
AC_DEFINE([USE_CACHEDB], [1], [Define to 1 to use cachedb support])

4
contrib/libunbound.pc.in
View File

@ -7,7 +7,7 @@ Name: unbound
Description: Library with validating, recursive, and caching DNS resolver
URL: http://www.unbound.net
Version: @PACKAGE_VERSION@
Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ @PC_PY_DEPENDENCY@
Libs: -L${libdir} -lunbound
Requires: @PC_LIBEVENT_DEPENDENCY@ @PC_PY_DEPENDENCY@
Libs: -L${libdir} -lunbound -lssl -lcrypto
Libs.private: @SSLLIB@ @LIBS@
Cflags: -I${includedir}

2
daemon/acl_list.c
View File

@ -111,6 +111,8 @@ acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2,
control = acl_refuse_non_local;
else if(strcmp(s2, "allow_snoop") == 0)
control = acl_allow_snoop;
else if(strcmp(s2, "allow_setrd") == 0)
control = acl_allow_setrd;
else {
log_err("access control type %s unknown", str);
return 0;

4
daemon/acl_list.h
View File

@ -63,7 +63,9 @@ enum acl_access {
/** allow full access for recursion (+RD) queries */
acl_allow,
/** allow full access for all queries, recursion and cache snooping */
acl_allow_snoop
acl_allow_snoop,
/** allow full access for recursion queries and set RD flag regardless of request */
acl_allow_setrd
};
/**

1
daemon/daemon.c
View File

@ -704,6 +704,7 @@ daemon_cleanup(struct daemon* daemon)
free(daemon->workers);
daemon->workers = NULL;
daemon->num = 0;
alloc_clear_special(&daemon->superalloc);
#ifdef USE_DNSTAP
dt_delete(daemon->dtenv);
daemon->dtenv = NULL;

2
daemon/unbound.c
View File

@ -431,7 +431,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
fatal_exit("could not set up listen SSL_CTX");
}
if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL,
cfg->tls_cert_bundle)))
cfg->tls_cert_bundle, cfg->tls_win_cert)))
fatal_exit("could not set up connect SSL_CTX");
#endif

7
daemon/worker.c
View File

@ -1350,6 +1350,13 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
return ret;
}
/* If this request does not have the recursion bit set, verify
* ACLs allow the recursion bit to be treated as set. */
if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) &&
acl == acl_allow_setrd ) {
LDNS_RD_SET(sldns_buffer_begin(c->buffer));
}
/* If this request does not have the recursion bit set, verify
* ACLs allow the snooping. */
if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) &&

74
doc/Changelog
View File

@ -1,8 +1,80 @@
4 June 2018: Wouter
- Fix deadlock caused by incoming notify for auth-zone.
- tag for 1.7.2rc1
1 June 2018: Wouter
- Rename additional-tls-port to tls-additional-ports.
The older name is accepted for backwards compatibility.
30 May 2018: Wouter
- Patch from Syzdek: Add ability to ignore RD bit and treat all
requests as if the RD bit is set.
29 May 2018: Wouter
- in compat/arc4random call getentropy_urandom when getentropy fails
with ENOSYS.
- Fix that fallback for windows port.
28 May 2018: Wouter
- Fix windows tcp and tls spin on events.
- Add routine from getdns to add windows cert store to the SSL_CTX.
- tls-win-cert option that adds the system certificate store for
authenticating DNS-over-TLS connections. It can be used instead
of the tls-cert-bundle option, or with it to add certificates.
25 May 2018: Wouter
- For TCP and TLS connections that don't establish, perform address
update in infra cache, so future selections can exclude them.
- Fix that tcp sticky events are removed for closed fd on windows.
- Fix close events for tcp only.
24 May 2018: Wouter
- Fix that libunbound can do DNS-over-TLS, when configured.
- Fix that windows unbound service can use DNS-over-TLS.
- unbound-host initializes ssl (for potential DNS-over-TLS usage
inside libunbound), when ssl upstream or a cert-bundle is configured.
23 May 2018: Wouter
- Use accept4 to speed up incoming TCP (and TLS) connections,
available on Linux, FreeBSD and OpenBSD.
17 May 2018: Ralph
- Qname minimisation default changed to yes.
15 May 2018: Wouter
- Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand.
11 May 2018: Wouter
- Fix contrib/libunbound.pc for libssl libcrypto references,
from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226914
7 May 2018: Wouter
- Fix windows to not have sticky TLS events for TCP.
- Fix read of DNS over TLS length and data in one read call.
- Fix mesh state assertion failure due to callback removal.
3 May 2018: Wouter
- Fix that configure --with-libhiredis also turns on cachedb.
- Fix gcc 8 buffer warning in testcode.
- Fix function type cast warning in libunbound context callback type.
2 May 2018: Wouter
- Fix fail to reject dead peers in forward-zone, with ssl-upstream.
1 May 2018: Wouter
- Fix that unbound-control reload frees the rrset keys and returns
the memory pages to the system.
30 April 2018: Wouter
- Fix spelling error in man page and note defaults as no instead of
off.
26 April 2018: Wouter
- Fix for crash in daemon_cleanup with dnstap during reload,
from Saksham Manchanda.
- Also that for dnscrypt.
- tag for 1.7.1rc1 release.
- tag for 1.7.1rc1 release. Became 1.7.1 release on 3 May, trunk
is from here 1.7.2 in development.
25 April 2018: Ralph
- Fix memory leak when caching wildcard records for aggressive NSEC use

2
doc/README
View File

@ -1,4 +1,4 @@
README for Unbound 1.7.1
README for Unbound 1.7.2
Copyright 2007 NLnet Labs
http://unbound.net

14
doc/example.conf.in
View File

@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.7.1.
# See unbound.conf(5) man page, version 1.7.2.
#
# this is a comment.
@ -223,7 +223,8 @@ server:
# to this server. Specify classless netblocks with /size and action.
# By default everything is refused, except for localhost.
# Choose deny (drop message), refuse (polite error reply),
# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
# allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
# allow_snoop (recursive and nonrecursive ok)
# deny_non_local (drop queries unless can be answered from local-data)
# refuse_non_local (like deny_non_local but polite error reply).
# access-control: 0.0.0.0/0 refuse
@ -372,7 +373,7 @@ server:
# Sent minimum amount of information to upstream servers to enhance
# privacy. Only sent minimum required labels of the QNAME and set QTYPE
# to A when possible.
# qname-minimisation: no
# qname-minimisation: yes
# QNAME minimisation in strict mode. Do not fall-back to sending full
# QNAME to potentially broken nameservers. A lot of domains will not be
@ -681,8 +682,11 @@ server:
# Certificates used to authenticate connections made upstream.
# tls-cert-bundle: ""
# Add system certs to the cert bundle, from the Windows Cert Store
# tls-win-cert: no
# Also serve tls on these port numbers (eg. 443, ...), by listing
# additional-tls-port: portno for each of the port numbers.
# tls-additional-ports: portno for each of the port numbers.
# DNS64 prefix. Must be specified when DNS64 is use.
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
@ -725,7 +729,7 @@ server:
# low-rtt: 45
# select low rtt this many times out of 1000. 0 means the fast server
# select is disabled. prefetches are not sped up.
# low-rtt-pct: 0
# low-rtt-permil: 0
# Specific options for ipsecmod. unbound needs to be configured with
# --enable-ipsecmod for these to take effect.

4
doc/libunbound.3.in
View File

@ -1,4 +1,4 @@
.TH "libunbound" "3" "May 3, 2018" "NLnet Labs" "unbound 1.7.1"
.TH "libunbound" "3" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@ -43,7 +43,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.7.1 functions.
\- Unbound DNS validating resolver 1.7.2 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP

2
doc/unbound-anchor.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-anchor" "8" "May 3, 2018" "NLnet Labs" "unbound 1.7.1"
.TH "unbound-anchor" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"

2
doc/unbound-checkconf.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-checkconf" "8" "May 3, 2018" "NLnet Labs" "unbound 1.7.1"
.TH "unbound-checkconf" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"

2
doc/unbound-control.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-control" "8" "May 3, 2018" "NLnet Labs" "unbound 1.7.1"
.TH "unbound-control" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"

2
doc/unbound-host.1.in
View File

@ -1,4 +1,4 @@
.TH "unbound\-host" "1" "May 3, 2018" "NLnet Labs" "unbound 1.7.1"
.TH "unbound\-host" "1" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"

4
doc/unbound.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound" "8" "May 3, 2018" "NLnet Labs" "unbound 1.7.1"
.TH "unbound" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.\"
.\" unbound.8 -- unbound manual
.\"
@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
\- Unbound DNS validating resolver 1.7.1.
\- Unbound DNS validating resolver 1.7.2.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]

42
doc/unbound.conf.5.in
View File

@ -1,4 +1,4 @@
.TH "unbound.conf" "5" "May 3, 2018" "NLnet Labs" "unbound 1.7.1"
.TH "unbound.conf" "5" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@ -403,6 +403,8 @@ Enabled or disable whether the upstream queries use TLS only for transport.
Default is no. Useful in tunneling scenarios. The TLS contains plain DNS in
TCP wireformat. The other server must support this (see
\fBtls\-service\-key\fR).
If you enable this, also configure a tls\-cert\-bundle or use tls\-win\cert to
load CA certs, otherwise the connections cannot be authenticated.
.TP
.B ssl\-upstream: \fI<yes or no>
Alternate syntax for \fBtls\-upstream\fR. If both are present in the config
@ -444,8 +446,14 @@ urls, and also DNS over TLS connections.
.B ssl\-cert\-bundle: \fI<file>
Alternate syntax for \fBtls\-cert\-bundle\fR.
.TP
.B additional\-tls\-port: \fI<portnr>
List portnumbers as additional\-tls\-port, and when interfaces are defined,
.B tls\-win\-cert: \fI<yes or no>
Add the system certificates to the cert bundle certificates for authentication.
If no cert bundle, it uses only these certificates. Default is no.
On windows this option uses the certificates from the cert store. Use
the tls\-cert\-bundle option on other systems.
.TP
.B tls\-additional\-ports: \fI<portnr>
List portnumbers as tls\-additional\-ports, and when interfaces are defined,
eg. with the @port suffix, as this port number, they provide dns over TLS
service. Can list multiple, each on a new statement.
.TP
@ -461,7 +469,8 @@ Default is yes.
.B access\-control: \fI<IP netblock> <action>
The netblock is given as an IP4 or IP6 address with /size appended for a
classless network block. The action can be \fIdeny\fR, \fIrefuse\fR,
\fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR.
\fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or
\fIrefuse_non_local\fR.
The most specific netblock match is used, if none match \fIdeny\fR is used.
.IP
The action \fIdeny\fR stops queries from hosts from that netblock.
@ -480,6 +489,15 @@ in the reply. This supports normal operations where nonrecursive queries
are made for the authoritative data. For nonrecursive queries any replies
from the dynamic cache are refused.
.IP
The \fIallow_setrd\fR action ignores the recursion desired (RD) bit and
treats all requests as if the recursion desired bit is set. Note that this
behavior violates RFC 1034 which states that a name server should never perform
recursive service unless asked via the RD bit since this interferes with
trouble shooting of name servers and their databases. This prohibited behavior
may be useful if another DNS server must forward requests for specific
zones to a resolver DNS server, but only supports stub domains and
sends queries to the resolver DNS server with the RD bit cleared.
.IP
The action \fIallow_snoop\fR gives nonrecursive access too. This give
both recursive and non recursive access. The name \fIallow_snoop\fR refers
to cache snooping, a technique to use nonrecursive queries to examine
@ -691,7 +709,7 @@ infrastructure data. Validates the replies if trust anchors are configured
and the zones are signed. This enforces DNSSEC validation on nameserver
NS sets and the nameserver addresses that are encountered on the referral
path to the answer.
Default off, because it burdens the authority servers, and it is
Default no, because it burdens the authority servers, and it is
not RFC standard, and could lead to performance problems because of the
extra query load that is generated. Experimental option.
If you enable it consider adding more numbers after the target\-fetch\-policy
@ -722,7 +740,7 @@ Send minimum amount of information to upstream servers to enhance privacy.
Only sent minimum required labels of the QNAME and set QTYPE to A when
possible. Best effort approach; full QNAME and original QTYPE will be sent when
upstream replies with a RCODE other than NOERROR, except when receiving
NXDOMAIN from a DNSSEC signed zone. Default is off.
NXDOMAIN from a DNSSEC signed zone. Default is yes.
.TP
.B qname\-minimisation\-strict: \fI<yes or no>
QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to
@ -1315,10 +1333,10 @@ factor given.
.TP 5
.B low\-rtt: \fI<msec time>
Set the time in millisecond that is considere a low ping time for fast
server selection with the low\-rtt\-pct option, that turns this on or off.
server selection with the low\-rtt\-permil option, that turns this on or off.
The default is 45 msec, a number from IPv6 quick response documents.
.TP 5
.B low\-rtt\-pct: \fI<number>
.B low\-rtt\-permil: \fI<number>
Specify how many times out of 1000 to pick the fast server from the low
rtt band. 0 turns the feature off. A value of 900 would pick the fast
server when such fast servers are available 90 percent of the time, and
@ -1328,7 +1346,7 @@ sped up, because there is no one waiting for it, and it presents a good
moment to perform server exploration. The low\-rtt option can be used
to specify which servers are picked for fast server selection, servers
with a ping roundtrip time below that value are considered.
The default for low\-rtt\-pct is 0.
The default for low\-rtt\-permil is 0.
.SS "Remote Control Options"
In the
.B remote\-control:
@ -1429,7 +1447,7 @@ IP address of stub zone nameserver. Can be IP 4 or IP 6.
To use a nondefault port for DNS communication append '@' with the port number.
.TP
.B stub\-prime: \fI<yes or no>
This option is by default off. If enabled it performs NS set priming,
This option is by default no. If enabled it performs NS set priming,
which is similar to root hints, where it starts using the list of nameservers
currently published by the zone. Thus, if the hint list is slightly outdated,
the resolver picks up a correct list online.
@ -1490,6 +1508,8 @@ The default is no.
.B forward\-tls\-upstream: \fI<yes or no>
Enabled or disable whether the queries to this forwarder use TLS for transport.
Default is no.
If you enable this, also configure a tls\-cert\-bundle or use tls\-win\cert to
load CA certs, otherwise the connections cannot be authenticated.
.TP
.B forward\-ssl\-upstream: \fI<yes or no>
Alternate syntax for \fBforward\-tls\-upstream\fR.
@ -1827,7 +1847,7 @@ If Unbound was built with
on a system that has installed the hiredis C client library of Redis,
then the "redis" backend can be used.
This backend communicates with the specified Redis server over a TCP
connection to store and retrive cache data.
connection to store and retrieve cache data.
It can be used as a persistent and/or shared cache backend.
It should be noted that Unbound never removes data stored in the Redis server,
even if some data have expired in terms of DNS TTL or the Redis server has

4
iterator/iter_utils.c
View File

@ -329,9 +329,9 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env,
return 0 to force the caller to fetch more */
}
if(env->cfg->low_rtt_pct != 0 && prefetch == 0 &&
if(env->cfg->low_rtt_permil != 0 && prefetch == 0 &&
low_rtt < env->cfg->low_rtt &&
ub_random_max(env->rnd, 1000) < env->cfg->low_rtt_pct) {
ub_random_max(env->rnd, 1000) < env->cfg->low_rtt_permil) {
/* the query is not prefetch, but for a downstream client,
* there is a low_rtt (fast) server. We choose that x% of the
* time */

5
libunbound/context.c
View File

@ -130,7 +130,7 @@ find_id(struct ub_ctx* ctx, int* id)
struct ctx_query*
context_new(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass,
ub_callback_type cb, void* cbarg)
ub_callback_type cb, ub_event_callback_type cb_event, void* cbarg)
{
struct ctx_query* q = (struct ctx_query*)calloc(1, sizeof(*q));
if(!q) return NULL;
@ -142,8 +142,9 @@ context_new(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass,
}
lock_basic_unlock(&ctx->cfglock);
q->node.key = &q->querynum;
q->async = (cb != NULL);
q->async = (cb != NULL || cb_event != NULL);
q->cb = cb;
q->cb_event = cb_event;
q->cb_arg = cbarg;
q->res = (struct ub_result*)calloc(1, sizeof(*q->res));
if(!q->res) {

9
libunbound/context.h
View File

@ -45,6 +45,7 @@
#include "util/rbtree.h"
#include "services/modstack.h"
#include "libunbound/unbound.h"
#include "libunbound/unbound-event.h"
#include "util/data/packed_rrset.h"
struct libworker;
struct tube;
@ -148,8 +149,10 @@ struct ctx_query {
/** was this query cancelled (for bg worker) */
int cancelled;
/** for async query, the callback function */
/** for async query, the callback function of type ub_callback_type */
ub_callback_type cb;
/** for event callbacks the type is ub_event_callback_type */
ub_event_callback_type cb_event;
/** for async query, the callback user arg */
void* cb_arg;
@ -238,11 +241,13 @@ void context_query_delete(struct ctx_query* q);
* @param rrtype: type
* @param rrclass: class
* @param cb: callback for async, or NULL for sync.
* @param cb_event: event callback for async, or NULL for sync.
* @param cbarg: user arg for async queries.
* @return new ctx_query or NULL for malloc failure.
*/
struct ctx_query* context_new(struct ub_ctx* ctx, const char* name, int rrtype,
int rrclass, ub_callback_type cb, void* cbarg);
int rrclass, ub_callback_type cb, ub_event_callback_type cb_event,
void* cbarg);
/**
* Get a new alloc. Creates a new one or uses a cached one.

7
libunbound/libunbound.c
View File

@ -690,7 +690,7 @@ ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype,
}
/* create new ctx_query and attempt to add to the list */
lock_basic_unlock(&ctx->cfglock);
q = context_new(ctx, name, rrtype, rrclass, NULL, NULL);
q = context_new(ctx, name, rrtype, rrclass, NULL, NULL, NULL);
if(!q)
return UB_NOMEM;
/* become a resolver thread for a bit */
@ -747,8 +747,7 @@ ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
ub_comm_base_now(ctx->event_worker->base);
/* create new ctx_query and attempt to add to the list */
q = context_new(ctx, name, rrtype, rrclass, (ub_callback_type)callback,
mydata);
q = context_new(ctx, name, rrtype, rrclass, NULL, callback, mydata);
if(!q)
return UB_NOMEM;
@ -793,7 +792,7 @@ ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype,
}
/* create new ctx_query and attempt to add to the list */
q = context_new(ctx, name, rrtype, rrclass, callback, mydata);
q = context_new(ctx, name, rrtype, rrclass, callback, NULL, mydata);
if(!q)
return UB_NOMEM;

6
libunbound/libworker.c
View File

@ -158,9 +158,9 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
hints_delete(w->env->hints);
w->env->hints = NULL;
}
if(cfg->ssl_upstream) {
if(cfg->ssl_upstream || (cfg->tls_cert_bundle && cfg->tls_cert_bundle[0]) || cfg->tls_win_cert) {
w->sslctx = connect_sslctx_create(NULL, NULL,
cfg->tls_cert_bundle);
cfg->tls_cert_bundle, cfg->tls_win_cert);
if(!w->sslctx) {
/* to make the setup fail after unlock */
hints_delete(w->env->hints);
@ -637,7 +637,7 @@ libworker_event_done_cb(void* arg, int rcode, sldns_buffer* buf,
enum sec_status s, char* why_bogus)
{
struct ctx_query* q = (struct ctx_query*)arg;
ub_event_callback_type cb = (ub_event_callback_type)q->cb;
ub_event_callback_type cb = q->cb_event;
void* cb_arg = q->cb_arg;
int cancelled = q->cancelled;

5
services/authzone.c
View File

@ -3425,14 +3425,17 @@ xfr_process_notify(struct auth_xfer* xfr, struct module_env* env,
{
/* if the serial of notify is older than we have, don't fetch
* a zone, we already have it */
if(has_serial && !xfr_serial_means_update(xfr, serial))
if(has_serial && !xfr_serial_means_update(xfr, serial)) {
lock_basic_unlock(&xfr->lock);
return;
}
/* start new probe with this addr src, or note serial */
if(!xfr_start_probe(xfr, env, fromhost)) {
/* not started because already in progress, note the serial */
xfr_note_notify_serial(xfr, has_serial, serial);
lock_basic_unlock(&xfr->lock);
}
/* successful end of start_probe unlocked xfr->lock */
}
int auth_zones_notify(struct auth_zones* az, struct module_env* env,

18
services/listen_dnsport.c
View File

@ -1059,7 +1059,7 @@ set_recvpktinfo(int s, int family)
/** see if interface is ssl, its port number == the ssl port number */
static int
if_is_ssl(const char* ifname, const char* port, int ssl_port,
struct config_strlist* additional_tls_port)
struct config_strlist* tls_additional_ports)
{
struct config_strlist* s;
char* p = strchr(ifname, '@');
@ -1067,7 +1067,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
return 1;
if(p && atoi(p+1) == ssl_port)
return 1;
for(s = additional_tls_port; s; s = s->next) {
for(s = tls_additional_ports; s; s = s->next) {
if(p && atoi(p+1) == atoi(s->str))
return 1;
if(!p && atoi(port) == atoi(s->str))
@ -1089,7 +1089,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
* @param rcv: receive buffer size for UDP
* @param snd: send buffer size for UDP
* @param ssl_port: ssl service port number
* @param additional_tls_port: list of additional ssl service port numbers.
* @param tls_additional_ports: list of additional ssl service port numbers.
* @param reuseport: try to set SO_REUSEPORT if nonNULL and true.
* set to false on exit if reuseport failed due to no kernel support.
* @param transparent: set IP_TRANSPARENT socket option.
@ -1103,7 +1103,7 @@ static int
ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
struct addrinfo *hints, const char* port, struct listen_port** list,
size_t rcv, size_t snd, int ssl_port,
struct config_strlist* additional_tls_port, int* reuseport,
struct config_strlist* tls_additional_ports, int* reuseport,
int transparent, int tcp_mss, int freebind, int use_systemd,
int dnscrypt_port)
{
@ -1170,7 +1170,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
}
if(do_tcp) {
int is_ssl = if_is_ssl(ifname, port, ssl_port,
additional_tls_port);
tls_additional_ports);
if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
&noip6, 0, 0, reuseport, transparent, tcp_mss,
freebind, use_systemd)) == -1) {
@ -1356,7 +1356,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
do_auto, cfg->do_udp, do_tcp,
&hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->additional_tls_port,
cfg->ssl_port, cfg->tls_additional_ports,
reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) {
@ -1370,7 +1370,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
do_auto, cfg->do_udp, do_tcp,
&hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->additional_tls_port,
cfg->ssl_port, cfg->tls_additional_ports,
reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) {
@ -1386,7 +1386,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
do_tcp, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->additional_tls_port,
cfg->ssl_port, cfg->tls_additional_ports,
reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) {
@ -1400,7 +1400,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
do_tcp, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->additional_tls_port,
cfg->ssl_port, cfg->tls_additional_ports,
reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) {

4
services/mesh.c
View File

@ -1173,6 +1173,10 @@ void mesh_query_done(struct mesh_state* mstate)
while((c = mstate->cb_list) != NULL) {
/* take this cb off the list; so that the list can be
* changed, eg. by adds from the callback routine */
if(!mstate->reply_list && mstate->cb_list && !c->next) {
/* was a reply state, not anymore */
mstate->s.env->mesh->num_reply_states--;
}
mstate->cb_list = c->next;
if(!mstate->reply_list && !mstate->cb_list &&
mstate->super_set.count == 0)

25
services/outside_network.c
View File

@ -1301,8 +1301,8 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
w->ssl_upstream = sq->ssl_upstream;
w->tls_auth_name = sq->tls_auth_name;
#ifndef S_SPLINT_S
tv.tv_sec = timeout;
tv.tv_usec = 0;
tv.tv_sec = timeout/1000;
tv.tv_usec = (timeout%1000)*1000;
#endif
comm_timer_set(w->timer, &tv);
if(pend) {
@ -1812,7 +1812,12 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error,
}
if(sq->tcp_upstream || sq->ssl_upstream) {
struct timeval now = *sq->outnet->now_tv;
if(now.tv_sec > sq->last_sent_time.tv_sec ||
if(error!=NETEVENT_NOERROR) {
if(!infra_rtt_update(sq->outnet->infra, &sq->addr,
sq->addrlen, sq->zone, sq->zonelen, sq->qtype,
-1, sq->last_rtt, (time_t)now.tv_sec))
log_err("out of memory in TCP exponential backoff.");
} else if(now.tv_sec > sq->last_sent_time.tv_sec ||
(now.tv_sec == sq->last_sent_time.tv_sec &&
now.tv_usec > sq->last_sent_time.tv_usec)) {
/* convert from microseconds to milliseconds */
@ -1822,7 +1827,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error,
log_assert(roundtime >= 0);
/* only store if less then AUTH_TIMEOUT seconds, it could be
* huge due to system-hibernated and we woke up */
if(roundtime < TCP_AUTH_QUERY_TIMEOUT*1000) {
if(roundtime < 60000) {
if(!infra_rtt_update(sq->outnet->infra, &sq->addr,
sq->addrlen, sq->zone, sq->zonelen, sq->qtype,
roundtime, sq->last_rtt, (time_t)now.tv_sec))
@ -1863,18 +1868,26 @@ serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff)
static int
serviced_tcp_send(struct serviced_query* sq, sldns_buffer* buff)
{
int vs, rtt;
int vs, rtt, timeout;
uint8_t edns_lame_known;
if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone,
sq->zonelen, *sq->outnet->now_secs, &vs, &edns_lame_known,
&rtt))
return 0;
sq->last_rtt = rtt;
if(vs != -1)
sq->status = serviced_query_TCP_EDNS;
else sq->status = serviced_query_TCP;
serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS);
sq->last_sent_time = *sq->outnet->now_tv;
sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT,
if(sq->tcp_upstream || sq->ssl_upstream) {
timeout = rtt;
if(rtt >= 376 && rtt < TCP_AUTH_QUERY_TIMEOUT)
timeout = TCP_AUTH_QUERY_TIMEOUT;
} else {
timeout = TCP_AUTH_QUERY_TIMEOUT;
}
sq->pending = pending_tcp_query(sq, buff, timeout,
serviced_tcp_callback, sq);
return sq->pending != NULL;
}

4
services/outside_network.h
View File

@ -376,7 +376,7 @@ struct serviced_query {
int retry;
/** time last UDP was sent */
struct timeval last_sent_time;
/** rtt of last (UDP) message */
/** rtt of last message */
int last_rtt;
/** do we know edns probe status already, for UDP_EDNS queries */
int edns_lame_known;
@ -456,7 +456,7 @@ struct pending* pending_udp_query(struct serviced_query* sq,
* checks id.
* @param sq: serviced query.
* @param packet: wireformat query to send to destination. copied from.
* @param timeout: in seconds from now.
* @param timeout: in milliseconds from now.
* Timer starts running now. Timer may expire if all buffers are used,
* without any query been sent to the server yet.
* @param callback: function to call on error, timeout or reply.

28
smallapp/unbound-host.c
View File

@ -66,6 +66,14 @@
/* nss3 */
#include "nss.h"
#endif
#ifdef HAVE_SSL
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
#endif /* HAVE_SSL */
/** verbosity for unbound-host app */
static int verb = 0;
@ -487,6 +495,26 @@ int main(int argc, char* argv[])
if(argc != 1)
usage();
#ifdef HAVE_SSL
#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
ERR_load_SSL_strings();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
OpenSSL_add_all_algorithms();
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
(void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
#endif
#endif /* HAVE_SSL */
#ifdef HAVE_NSS
if(NSS_NoDB_Init(".") != SECSuccess) {
fprintf(stderr, "could not init NSS\n");

30
testcode/asynclook.c
View File

@ -56,6 +56,15 @@
#undef free
#undef strdup
#endif
#ifdef HAVE_SSL
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
#endif /* HAVE_SSL */
/** keeping track of the async ids */
struct track_id {
@ -459,6 +468,27 @@ int main(int argc, char** argv)
argc -= optind;
argv += optind;
#ifdef HAVE_SSL
#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
ERR_load_SSL_strings();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
OpenSSL_add_all_algorithms();
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
(void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
#endif
#endif /* HAVE_SSL */
if(ext)
return ext_test(ctx, argc, argv);

6
testcode/fake_event.c
View File

@ -1125,7 +1125,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
pend->addrlen = sq->addrlen;
pend->callback = callback;
pend->cb_arg = callback_arg;
pend->timeout = timeout;
pend->timeout = timeout/1000;
pend->transport = transport_tcp;
pend->pkt = NULL;
pend->zone = NULL;
@ -1218,7 +1218,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
log_assert(pend->zone);
pend->callback = callback;
pend->cb_arg = callback_arg;
pend->timeout = UDP_AUTH_QUERY_TIMEOUT;
pend->timeout = UDP_AUTH_QUERY_TIMEOUT/1000;
pend->transport = transport_udp; /* pretend UDP */
pend->pkt = NULL;
pend->runtime = runtime;
@ -1757,7 +1757,7 @@ int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet,
}
pend->callback = fc->cb;
pend->cb_arg = fc->cb_arg;
pend->timeout = UDP_AUTH_QUERY_TIMEOUT;
pend->timeout = UDP_AUTH_QUERY_TIMEOUT/1000;
pend->transport = transport_udp;
pend->pkt = NULL;
pend->runtime = runtime;

2
testcode/streamtcp.c
View File

@ -284,7 +284,7 @@ send_em(const char* svr, int udp, int usessl, int noanswer, int num, char** qs)
SSL* ssl = NULL;
if(!buf) fatal_exit("out of memory");
if(usessl) {
ctx = connect_sslctx_create(NULL, NULL, NULL);
ctx = connect_sslctx_create(NULL, NULL, NULL, 0);
if(!ctx) fatal_exit("cannot create ssl ctx");
ssl = outgoing_ssl_fd(ctx, fd);
if(!ssl) fatal_exit("cannot create ssl");

3
testcode/testbound.c
View File

@ -177,7 +177,8 @@ spool_temp_file(FILE* in, int* lineno, char* id)
while(isspace((unsigned char)*parse))
parse++;
if(strncmp(parse, "$INCLUDE_TEMPFILE", 17) == 0) {
char l2[MAX_LINE_LEN];
char l2[MAX_LINE_LEN-30]; /* -30 makes it fit with
a preceding $INCLUDE in the buf line[] */
char* tid = parse+17;
while(isspace((unsigned char)*tid))
tid++;

3
testcode/unitmain.c
View File

@ -905,6 +905,9 @@ main(int argc, char* argv[])
#ifdef CLIENT_SUBNET
ecs_test();
#endif /* CLIENT_SUBNET */
if(log_get_lock()) {
lock_quick_destroy((lock_quick_type*)log_get_lock());
}
checklock_stop();
printf("%d checks ok.\n", testcount);
#ifdef HAVE_SSL

45
testdata/02-unittest.tdir/02-unittest.test vendored
View File

@ -9,11 +9,48 @@ PRE="../.."
get_make
(cd $PRE ; $MAKE unittest; $MAKE lock-verify)
if (cd $PRE; ./unittest); then
echo "unit test worked."
if test -f $PRE/unbound_do_valgrind_in_test; then
do_valgrind=yes
else
echo "unit test failed."
exit 1
do_valgrind=no
fi
VALGRIND_FLAGS="--leak-check=full --show-leak-kinds=all"
if test $do_valgrind = "yes"; then
echo "valgrind yes"
echo
tmpout=/tmp/tmpout.$$
if (cd $PRE; valgrind $VALGRIND_FLAGS ./unittest >$tmpout 2>&1); then
echo "unit test worked."
else
echo "unit test failed."
exit 1
fi
if grep "All heap blocks were freed -- no leaks are possible" $tmpout; then
: # clean
else
cat $tmpout
echo "Memory leaked in unittest"
grep "in use at exit" $tmpout
exit 1
fi
if grep "ERROR SUMMARY: 0 errors from 0 contexts" $tmpout; then
: # clean
else
cat $tmpout
echo "Errors in unittest"
grep "ERROR SUMMARY" $tmpout
exit 1
fi
rm -f $tmpout
else
# without valgrind
if (cd $PRE; ./unittest); then
echo "unit test worked."
else
echo "unit test failed."
exit 1
fi
fi
if test -f $PRE/ublocktrace.0; then
if (cd $PRE; ./lock-verify ublocktrace.*); then

11
testdata/03-testbound.tdir/03-testbound.test vendored
View File

@ -26,13 +26,15 @@ VALGRIND_FLAGS="--leak-check=full --show-leak-kinds=all"
# self-test (unit test of testbound)
if test $do_valgrind = "yes"; then
echo "valgrind yes"
echo
if (valgrind $VALGRIND_FLAGS $PRE/testbound -s >tmpout 2>&1;); then
echo "selftest OK "
else
echo "selftest FAILED"
exit 1
fi
if grep "All heap blocks were freed -- no leaks are possible" tmpout >/dev/null 2>&1; then
if grep "All heap blocks were freed -- no leaks are possible" tmpout; then
: # clean
else
cat tmpout
@ -40,7 +42,7 @@ if test $do_valgrind = "yes"; then
grep "in use at exit" tmpout
exit 1
fi
if grep "ERROR SUMMARY: 0 errors from 0 contexts" tmpout >/dev/null 2>&1; then
if grep "ERROR SUMMARY: 0 errors from 0 contexts" tmpout; then
: # clean
else
cat tmpout
@ -102,13 +104,14 @@ for input in $PRE/testdata/*.rpl $PRE/testdata/*.crpl; do
fi
if test $do_valgrind = "yes"; then
echo
if (valgrind $VALGRIND_FLAGS $PRE/testbound -p $input >tmpout 2>&1;); then
echo " OK $cleaninput: $header"
else
echo "FAILED $cleaninput: $header"
exitval=1
fi
if grep "All heap blocks were freed -- no leaks are possible" tmpout >/dev/null 2>&1; then
if grep "All heap blocks were freed -- no leaks are possible" tmpout; then
: # clean
else
grep "^==" tmpout
@ -116,7 +119,7 @@ for input in $PRE/testdata/*.rpl $PRE/testdata/*.crpl; do
grep "in use at exit" tmpout
exitval=1
fi
if grep "ERROR SUMMARY: 0 errors from 0 contexts" tmpout >/dev/null 2>&1; then
if grep "ERROR SUMMARY: 0 errors from 0 contexts" tmpout; then
: # clean
else
grep "^==" tmpout

1
testdata/auth_xfr_host.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
auth-zone:
name: "example.com."

1
testdata/autotrust_init_failsig.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
log-time-ascii: yes
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/autotrust_revtp_use.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
log-time-ascii: yes
val-override-date: '20091018111500'
fake-sha1: yes

1
testdata/black_data.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/black_dnskey.rpl vendored
View File

@ -6,6 +6,7 @@ server:
target-fetch-policy: "0 0 0 0 0"
fake-sha1: yes
trust-anchor-signaling: no
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/black_ds.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/black_ent.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/black_prime.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/black_prime_entry.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_anchor.rpl vendored
View File

@ -4,6 +4,7 @@ server:
dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_ask_higher.rpl vendored
View File

@ -4,6 +4,7 @@ server:
dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_below_ta.rpl vendored
View File

@ -5,6 +5,7 @@ server:
trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_delegation.rpl vendored
View File

@ -4,6 +4,7 @@ server:
dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_ds_lookup.rpl vendored
View File

@ -4,6 +4,7 @@ server:
dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_insecure.rpl vendored
View File

@ -5,6 +5,7 @@ server:
val-override-date: "20070916134226"
harden-referral-path: no
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_insecure_negcache.rpl vendored
View File

@ -5,6 +5,7 @@ server:
val-override-date: "20070916134226"
harden-referral-path: no
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_keyretry.rpl vendored
View File

@ -4,6 +4,7 @@ server:
dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_negnx.rpl vendored
View File

@ -4,6 +4,7 @@ server:
dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_optout.rpl vendored
View File

@ -5,6 +5,7 @@ server:
trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dlv_remove_pos.rpl vendored
View File

@ -5,6 +5,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/dns64_lookup.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
module-config: "dns64 validator iterator"
dns64-prefix: 64:ff9b::0/96

1
testdata/domain_insec_ds.rpl vendored
View File

@ -5,6 +5,7 @@ server:
domain-insecure: "sub.example.com"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/fetch_glue.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/fetch_glue_cname.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/fwddlv_parse.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw=="
val-override-date: "20090617133009"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/ipsecmod_bogus_ipseckey.crpl vendored
View File

@ -6,6 +6,7 @@ server:
trust-anchor: "example.com. IN DS 48069 8 2 fce2bcb0d88b828064faad58e935ca2e32ff0bbd8bd8407a8f344d8f8e8c438a"
val-override-date: "-1"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
# test that default value of harden-dnssec-stripped is still yes.
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/ipsecmod_enabled.crpl vendored
View File

@ -9,6 +9,7 @@ server:
ipsecmod-strict: no
ipsecmod-max-ttl: 200
ipsecmod-enabled: no
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/ipsecmod_ignore_bogus_ipseckey.crpl vendored
View File

@ -16,6 +16,7 @@ server:
ipsecmod-strict: no
ipsecmod-max-ttl: 200
ipsecmod-ignore-bogus: yes
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/ipsecmod_max_ttl.crpl vendored
View File

@ -8,6 +8,7 @@ server:
ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
ipsecmod-strict: no
ipsecmod-max-ttl: 200
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/ipsecmod_strict.crpl vendored
View File

@ -8,6 +8,7 @@ server:
ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
ipsecmod-strict: yes
ipsecmod-max-ttl: 200
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/ipsecmod_whitelist.crpl vendored
View File

@ -9,6 +9,7 @@ server:
ipsecmod-strict: no
ipsecmod-max-ttl: 200
ipsecmod-whitelist: white.example.com
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_class_any.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/iter_cname_double.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_cname_nx.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_cname_qnamecopy.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_cycle.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_cycle_noh.rpl vendored
View File

@ -2,6 +2,7 @@
server:
harden-glue: "no"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_dname_insec.rpl vendored
View File

@ -2,6 +2,7 @@
server:
harden-referral-path: no
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_dnsseclame_bug.rpl vendored
View File

@ -4,6 +4,7 @@ server:
val-override-date: "20070916134226"
fake-sha1: yes
trust-anchor-signaling: no
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_dnsseclame_ds.rpl vendored
View File

@ -4,6 +4,7 @@ server:
val-override-date: "20070916134226"
fake-sha1: yes
trust-anchor-signaling: no
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_dnsseclame_ds_ok.rpl vendored
View File

@ -3,6 +3,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/iter_dnsseclame_ta.rpl vendored
View File

@ -4,6 +4,7 @@ server:
val-override-date: "20070916134226"
fake-sha1: yes
trust-anchor-signaling: no
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_dnsseclame_ta_ok.rpl vendored
View File

@ -3,6 +3,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

2
testdata/iter_donotq127.rpl vendored
View File

@ -1,4 +1,6 @@
; config options
server:
qname-minimisation: "no"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

1
testdata/iter_ds_locate_ns_detach.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "3 2 1 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_emptydp.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/iter_emptydp_for_glue.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/iter_got6only.rpl vendored
View File

@ -2,6 +2,7 @@
server:
do-ip6: no
target-fetch-policy: "0 0 0 0 0 "
qname-minimisation: "no"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

1
testdata/iter_hint_lame.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_lame_noaa.rpl vendored
View File

@ -2,6 +2,7 @@
server:
harden-referral-path: no
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

2
testdata/iter_lamescrub.rpl vendored
View File

@ -1,4 +1,6 @@
; config options
server:
qname-minimisation: "no"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

1
testdata/iter_mod.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
module-config: "iterator"
stub-zone:

1
testdata/iter_ns_badip.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "3 2 1 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_ns_spoof.rpl vendored
View File

@ -2,6 +2,7 @@
server:
harden-referral-path: yes
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

1
testdata/iter_pcdirect.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

1
testdata/iter_prefetch.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
prefetch: "yes"
stub-zone:

1
testdata/iter_prefetch_childns.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
prefetch: "yes"
stub-zone:

1
testdata/iter_prefetch_ns.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
prefetch: "yes"
stub-zone:

1
testdata/iter_primenoglue.rpl vendored
View File

@ -4,6 +4,7 @@ server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no

1
testdata/iter_privaddr.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12

1
testdata/iter_reclame_one.rpl vendored
View File

@ -1,6 +1,7 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
stub-zone:
name: "."

Some files were not shown because too many files have changed in this diff Show More