Update unbound 1.13.0 --> 1.13.1.

Includes numerous bugfixes documented at:
https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-13-1

MFC after:	1 month
This commit is contained in:
Cy Schubert 2021-02-09 20:25:05 -08:00
commit f44e67d120
77 changed files with 1702 additions and 688 deletions

View File

@ -248,6 +248,7 @@ DNSTAP_SOCKET_SRC=dnstap/unbound-dnstap-socket.c
DNSTAP_SOCKET_OBJ=unbound-dnstap-socket.lo
DNSTAP_SOCKET_OBJ_LINK=$(DNSTAP_SOCKET_OBJ) $(COMMON_OBJ) \
$(COMPAT_OBJ) $(SLDNS_OBJ)
DNSTAP_SOCKET_TESTBIN=@DNSTAP_SOCKET_TESTBIN@
LIBUNBOUND_SRC=libunbound/context.c libunbound/libunbound.c \
libunbound/libworker.c
LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo ub_event_pluggable.lo
@ -323,7 +324,7 @@ rsrc_unbound_checkconf.o: $(srcdir)/winrc/rsrc_unbound_checkconf.rc config.h
TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \
lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \
petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \
unbound-dnstap-socket$(EXEEXT) dohclient$(EXEEXT) \
$(DNSTAP_SOCKET_TESTBIN) dohclient$(EXEEXT) \
testbound$(EXEEXT) unittest$(EXEEXT)
tests: all $(TEST_BIN)
@ -349,10 +350,10 @@ unbound$(EXEEXT): $(DAEMON_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
unbound-checkconf$(EXEEXT): $(CHECKCONF_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS)
unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS)
unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS)
@ -370,37 +371,37 @@ anchor-update$(EXEEXT): $(ANCHORUPD_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) -L. -L.libs -lunbound $(LIBS)
unittest$(EXEEXT): $(UNITTEST_OBJ_LINK)
$(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS)
testbound$(EXEEXT): $(TESTBOUND_OBJ_LINK)
$(LINK) -o $@ $(TESTBOUND_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(TESTBOUND_OBJ_LINK) $(SSLLIB) $(LIBS)
lock-verify$(EXEEXT): $(LOCKVERIFY_OBJ_LINK)
$(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) $(SSLLIB) $(LIBS)
petal$(EXEEXT): $(PETAL_OBJ_LINK)
$(LINK) -o $@ $(PETAL_OBJ_LINK) $(SSLLIB) $(LIBS)
pktview$(EXEEXT): $(PKTVIEW_OBJ_LINK)
$(LINK) -o $@ $(PKTVIEW_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(PKTVIEW_OBJ_LINK) $(SSLLIB) $(LIBS)
memstats$(EXEEXT): $(MEMSTATS_OBJ_LINK)
$(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS)
asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la
$(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS)
streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK)
$(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS)
dohclient$(EXEEXT): $(DOHCLIENT_OBJ_LINK)
$(LINK) -o $@ $(DOHCLIENT_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(DOHCLIENT_OBJ_LINK) $(SSLLIB) $(LIBS)
perf$(EXEEXT): $(PERF_OBJ_LINK)
$(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS)
delayer$(EXEEXT): $(DELAYER_OBJ_LINK)
$(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS)
signit$(EXEEXT): testcode/signit.c
$(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS)
@ -423,12 +424,13 @@ dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto
$(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto
unbound-dnstap-socket$(EXEEXT): $(DNSTAP_SOCKET_OBJ_LINK)
$(LINK) -o $@ $(DNSTAP_SOCKET_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS)
$(LINK) -o $@ $(DNSTAP_SOCKET_OBJ_LINK) $(SSLLIB) $(LIBS)
dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h
dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h
dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h
unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h $(srcdir)/dnstap/dtstream.h
dynlibmod.lo dynlibdmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h
# dnscrypt
dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \
@ -826,13 +828,16 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \
$(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
$(srcdir)/ipset/ipset.h $(srcdir)/dynlibmod/dynlibmod.h
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
$(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \
$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h
view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
@ -863,7 +868,8 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/dnstap/dnstap.h
$(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \
alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
@ -884,7 +890,8 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \
$(srcdir)/util/iana_ports.inc
configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
$(srcdir)/util/config_file.h util/configparser.h
configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
@ -913,38 +920,31 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/service
$(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \
$(srcdir)/validator/val_secalgo.h
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h
fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
$(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
$(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \
$(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \
$(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \
$(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h \
$(srcdir)/dynlibmod/dynlibmod.h
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \
$(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
$(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/worker.h $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) \
$(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h
module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
@ -957,12 +957,14 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h
$(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h \
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
@ -978,11 +980,11 @@ rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/itera
$(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h
edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/config_file.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h
edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h
dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/net_help.h
@ -1016,7 +1018,8 @@ tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/u
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h
ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
$(srcdir)/util/tube.h \
ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
@ -1026,7 +1029,8 @@ ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h
autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
@ -1039,7 +1043,8 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h
$(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \
val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \
@ -1069,11 +1074,13 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/
val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h
val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \
$(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \
@ -1091,15 +1098,17 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida
val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \
$(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/sldns/sbuffer.h
$(srcdir)/sldns/sbuffer.h \
val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \
$(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
$(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/sldns/wire2str.h
$(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
@ -1120,15 +1129,43 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h
subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h
edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
$(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
$(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
$(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
$(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \
$(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h
addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h
subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h
cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h
redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h
subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h \
$(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h \
$(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h
redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \
$(srcdir)/sldns/sbuffer.h
respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
@ -1143,31 +1180,40 @@ checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/u
$(srcdir)/testcode/checklocks.h
dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
$(srcdir)/util/locks.h $(srcdir)/dnstap/dnstap.h \
dnstap/dnstap.pb-c.h
$(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/dnstap/dnstap.h \
$(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h dnstap/dnstap.pb-c.h
dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \
dynlibmod.lo dynlibmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h \
dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \
$(srcdir)/util/net_help.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/sldns/sbuffer.h \
ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h\
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h
dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
$(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/storage/lookup3.h
ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h
ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \
$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \
$(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \
$(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h
ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h
$(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
$(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h
@ -1176,7 +1222,8 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \
$(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
@ -1184,7 +1231,8 @@ unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/r
$(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/random.h $(srcdir)/respip/respip.h \
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/services/outside_network.h
unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \
$(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
@ -1216,7 +1264,13 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod
unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/parseutil.h
unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h
unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \
$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
$(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
$(srcdir)/edns-subnet/edns-subnet.h
unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \
@ -1233,40 +1287,43 @@ acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/ac
$(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \
$(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
$(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
$(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/str2wire.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
$(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
$(srcdir)/sldns/keyraw.h
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
$(srcdir)/daemon/remote.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \
$(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
@ -1291,19 +1348,21 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
$(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
$(srcdir)/util/ub_event.h
$(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
@ -1311,23 +1370,24 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
$(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h \
$(srcdir)/dnstap/dtstream.h
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
$(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \
$(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \
$(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
@ -1346,34 +1406,35 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
$(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h \
$(srcdir)/dnstap/dtstream.h
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
$(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
$(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
$(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
@ -1391,7 +1452,9 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
$(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \
@ -1401,13 +1464,14 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t
$(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
$(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
@ -1442,7 +1506,8 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
$(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
@ -1463,76 +1528,83 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/respip/respip.h
$(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/util/edns.h
libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
$(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \
$(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
$(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h $(srcdir)/util/edns.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h
libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
$(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/sldns/str2wire.h
libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
$(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/storage/lookup3.h \
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \
streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \
$(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
$(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
$(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
$(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/modstack.h $(srcdir)/respip/respip.h
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h
petal.lo petal.o: $(srcdir)/testcode/petal.c config.h
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \
$(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \
$(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/config_file.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
dnstap/dnstap.pb-c.h \
$(srcdir)/util/config_file.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h \
@ -1540,8 +1612,8 @@ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \
$(srcdir)/util/net_help.h
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h
w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
$(srcdir)/winrc/w_inst.h
@ -1549,12 +1621,14 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv
$(srcdir)/winrc/w_inst.h
anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h
keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h
keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/sldns/rrdef.h \
sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h
wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h
$(srcdir)/sldns/keyraw.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/sldns/sbuffer.h
parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h
@ -1562,9 +1636,11 @@ rrdef.lo rrdef.o: $(srcdir)/sldns/rrdef.c config.h $(srcdir)/sldns/rrdef.h $(src
str2wire.lo str2wire.o: $(srcdir)/sldns/str2wire.c config.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h
dohclient.lo dohclient.o: $(srcdir)/testcode/dohclient.c config.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h \
ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h
gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h
@ -1579,9 +1655,11 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h
strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \
getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c
getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \
getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h

View File

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9390,7 +9390,7 @@ AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2018 Free Software Foundation, Inc.
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9421,7 +9421,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 2006-2018 Free Software Foundation, Inc.
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

View File

@ -2,7 +2,9 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 35
# Version 37
# 2021-01-05 fix defun for aclocal
# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE
# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
@ -447,15 +449,12 @@ AC_DEFUN([ACX_CHECK_FORMAT_ATTRIBUTE],
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute)
AC_CACHE_VAL(ac_cv_c_format_attribute,
[ac_cv_c_format_attribute=no
AC_TRY_COMPILE(
[#include <stdio.h>
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
void f (char *format, ...) __attribute__ ((format (printf, 1, 2)));
void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2)));
], [
]], [[
f ("%s", "str");
],
[ac_cv_c_format_attribute="yes"],
[ac_cv_c_format_attribute="no"])
]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"])
])
AC_MSG_RESULT($ac_cv_c_format_attribute)
@ -484,14 +483,11 @@ AC_DEFUN([ACX_CHECK_UNUSED_ATTRIBUTE],
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute)
AC_CACHE_VAL(ac_cv_c_unused_attribute,
[ac_cv_c_unused_attribute=no
AC_TRY_COMPILE(
[#include <stdio.h>
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
void f (char *u __attribute__((unused)));
], [
]], [[
f ("x");
],
[ac_cv_c_unused_attribute="yes"],
[ac_cv_c_unused_attribute="no"])
]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"])
])
dnl Setup ATTR_UNUSED config.h parts.
@ -548,7 +544,7 @@ dnl as a requirement so that is gets called before LIBTOOL
dnl because libtools 'AC_REQUIRE' names are right after this one, before
dnl this function contents.
AC_REQUIRE([ACX_LIBTOOL_C_PRE])
AC_PROG_LIBTOOL
LT_INIT
])
dnl Detect if u_char type is defined, otherwise define it.
@ -677,14 +673,14 @@ AC_DEFUN([ACX_SSL_CHECKS], [
AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
AC_TRY_LINK(, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
], [
]])],[
AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
], [
],[
AC_MSG_RESULT(no)
# check if -lwsock32 or -lgdi32 are needed.
BAKLIBS="$LIBS"
@ -692,10 +688,10 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBS="$LIBS -lgdi32 -lws2_32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
AC_TRY_LINK([], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
],[
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
@ -706,10 +702,10 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
AC_TRY_LINK([], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
],[
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
@ -720,10 +716,10 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
AC_TRY_LINK([], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
],[
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
@ -750,8 +746,7 @@ dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL],
[
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
@ -769,8 +764,7 @@ dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
[
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
@ -1062,7 +1056,7 @@ dnl defines MKDIR_HAS_ONE_ARG
AC_DEFUN([ACX_MKDIR_ONE_ARG],
[
AC_MSG_CHECKING([whether mkdir has one arg])
AC_TRY_COMPILE([
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <stdio.h>
#include <unistd.h>
#ifdef HAVE_WINSOCK2_H
@ -1071,14 +1065,12 @@ AC_TRY_COMPILE([
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
], [
]], [[
(void)mkdir("directory");
],
AC_MSG_RESULT(yes)
]])],[AC_MSG_RESULT(yes)
AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.])
,
AC_MSG_RESULT(no)
)
],[AC_MSG_RESULT(no)
])
])dnl end of ACX_MKDIR_ONE_ARG
dnl Check for ioctlsocket function. works on mingw32 too.

View File

@ -85,11 +85,11 @@ $ac_distutils_result])
LIBS="$LIBS $PYTHON_LDFLAGS"
CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
AC_TRY_LINK([
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <Python.h>
],[
]],[[
Py_Initialize();
],[pythonexists=yes],[pythonexists=no])
]])],[pythonexists=yes],[pythonexists=no])
AC_MSG_RESULT([$pythonexists])

View File

@ -465,6 +465,7 @@ packed_rrset_ttl_subtract(struct packed_rrset_data* data, time_t subtract)
data->rr_ttl[i] -= subtract;
else data->rr_ttl[i] = 0;
}
data->ttl_add = (subtract < data->ttl_add) ? (data->ttl_add - subtract) : 0;
}
/* Adjust the TTL of a DNS message and its RRs by 'adjust'. If 'adjust' is

View File

@ -1,8 +1,8 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright 1992-2020 Free Software Foundation, Inc.
# Copyright 1992-2021 Free Software Foundation, Inc.
timestamp='2020-11-19'
timestamp='2021-01-25'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -50,7 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright 1992-2020 Free Software Foundation, Inc.
Copyright 1992-2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -188,10 +188,9 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
#
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=$( (uname -p 2>/dev/null || \
"/sbin/$sysctl" 2>/dev/null || \
"/usr/sbin/$sysctl" 2>/dev/null || \
/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
/usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
echo unknown))
case "$UNAME_MACHINE_ARCH" in
aarch64eb) machine=aarch64_be-unknown ;;
@ -996,6 +995,9 @@ EOF
k1om:Linux:*:*)
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
m32r*:Linux:*:*)
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
@ -1084,7 +1086,7 @@ EOF
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-"$LIBC"
exit ;;
riscv32:Linux:*:* | riscv64:Linux:*:*)
riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*)
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
@ -1480,8 +1482,8 @@ EOF
i*86:rdos:*:*)
echo "$UNAME_MACHINE"-pc-rdos
exit ;;
i*86:AROS:*:*)
echo "$UNAME_MACHINE"-pc-aros
*:AROS:*:*)
echo "$UNAME_MACHINE"-unknown-aros
exit ;;
x86_64:VMkernel:*:*)
echo "$UNAME_MACHINE"-unknown-esx

View File

@ -747,7 +747,8 @@
your system. */
#undef PTHREAD_CREATE_JOINABLE
/* Define as the return type of signal handlers (`int' or `void'). */
/* Return type of signal handlers, but autoconf 2.70 says 'your code may
safely assume C89 semantics that RETSIGTYPE is void.' */
#undef RETSIGTYPE
/* if REUSEPORT is enabled by default */

View File

@ -1,8 +1,8 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright 1992-2020 Free Software Foundation, Inc.
# Copyright 1992-2021 Free Software Foundation, Inc.
timestamp='2020-12-02'
timestamp='2021-01-08'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -67,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright 1992-2020 Free Software Foundation, Inc.
Copyright 1992-2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -1185,6 +1185,7 @@ case $cpu-$vendor in
| k1om \
| le32 | le64 \
| lm32 \
| loongarch32 | loongarch64 | loongarchx32 \
| m32c | m32r | m32rle \
| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
@ -1229,7 +1230,7 @@ case $cpu-$vendor in
| powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
| pru \
| pyramid \
| riscv | riscv32 | riscv64 \
| riscv | riscv32 | riscv32be | riscv64 | riscv64be \
| rl78 | romp | rs6000 | rx \
| s390 | s390x \
| score \
@ -1682,11 +1683,14 @@ fi
# Now, validate our (potentially fixed-up) OS.
case $os in
# Sometimes we do "kernel-abi", so those need to count as OSes.
# Sometimes we do "kernel-libc", so those need to count as OSes.
musl* | newlib* | uclibc*)
;;
# Likewise for "kernel-libc"
eabi | eabihf | gnueabi | gnueabihf)
# Likewise for "kernel-abi"
eabi* | gnueabi*)
;;
# VxWorks passes extra cpu info in the 4th filed.
simlinux | simwindows | spe)
;;
# Now accept the basic system types.
# The portable systems comes first.
@ -1750,6 +1754,8 @@ case $kernel-$os in
;;
kfreebsd*-gnu* | kopensolaris*-gnu*)
;;
vxworks-simlinux | vxworks-simwindows | vxworks-spe)
;;
nto-qnx*)
;;
os2-emx)

View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.13.0.
# Generated by GNU Autoconf 2.69 for unbound 1.13.1.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.13.0'
PACKAGE_STRING='unbound 1.13.0'
PACKAGE_VERSION='1.13.1'
PACKAGE_STRING='unbound 1.13.1'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@ -649,6 +649,7 @@ ENABLE_DNSCRYPT
ENABLE_DNSCRYPT_XCHACHA20
DNSTAP_OBJ
DNSTAP_SRC
DNSTAP_SOCKET_TESTBIN
DNSTAP_SOCKET_PATH
opt_dnstap_socket_path
ENABLE_DNSTAP
@ -1459,7 +1460,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.13.0 to adapt to many kinds of systems.
\`configure' configures unbound 1.13.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1524,7 +1525,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.13.0:";;
short | recursive ) echo "Configuration of unbound 1.13.1:";;
esac
cat <<\_ACEOF
@ -1752,7 +1753,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.13.0
unbound configure 1.13.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2461,7 +2462,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.13.0, which was
It was created by unbound $as_me 1.13.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2813,11 +2814,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=13
UNBOUND_VERSION_MICRO=0
UNBOUND_VERSION_MICRO=1
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=11
LIBUNBOUND_REVISION=12
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -2896,6 +2897,7 @@ LIBUNBOUND_AGE=1
# 1.11.0 had 9:9:1
# 1.12.0 had 9:10:1
# 1.13.0 had 9:11:1
# 1.13.1 had 9:12:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -4176,7 +4178,6 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
$as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
if test "$ac_cv_header_minix_config_h" = "yes"; then
$as_echo "#define _NETBSD_SOURCE 1" >>confdefs.h
@ -15579,38 +15580,8 @@ $as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
$as_echo_n "checking return type of signal handlers... " >&6; }
if ${ac_cv_type_signal+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <sys/types.h>
#include <signal.h>
int
main ()
{
return *(signal (0, 0)) (0) == 1;
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_type_signal=int
else
ac_cv_type_signal=void
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5
$as_echo "$ac_cv_type_signal" >&6; }
cat >>confdefs.h <<_ACEOF
#define RETSIGTYPE $ac_cv_type_signal
_ACEOF
$as_echo "#define RETSIGTYPE void" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
@ -17249,9 +17220,68 @@ $as_echo "#define WITH_DYNLIBMODULE 1" >>confdefs.h
DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h'
if test $on_mingw = "no"; then
DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic"
# link with -ldl if not already there, for all executables because
# dlopen call is in the dynlib module. For unbound executable, also
# export symbols.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
$as_echo_n "checking for library containing dlopen... " >&6; }
if ${ac_cv_search_dlopen+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char dlopen ();
int
main ()
{
return dlopen ();
;
return 0;
}
_ACEOF
for ac_lib in '' dl; do
if test -z "$ac_lib"; then
ac_res="none required"
else
DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.a"
ac_res=-l$ac_lib
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_search_dlopen=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
if ${ac_cv_search_dlopen+:} false; then :
break
fi
done
if ${ac_cv_search_dlopen+:} false; then :
else
ac_cv_search_dlopen=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
$as_echo "$ac_cv_search_dlopen" >&6; }
ac_res=$ac_cv_search_dlopen
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
fi
DYNLIBMOD_EXTRALIBS="-export-dynamic"
else
DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a"
fi
fi
@ -18271,17 +18301,13 @@ $as_echo_n "checking if libssl needs -lcrypt32... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char EVP_sha256 ();
int
main ()
{
return EVP_sha256 ();
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
}
@ -19783,6 +19809,7 @@ if test x_$enable_static_exe = x_yes; then
LIBS="$LIBS -lgdi32"
fi
LIBS="$LIBS -lz"
LIBS="$LIBS -l:libssp.a"
fi
fi
@ -19802,6 +19829,7 @@ if test x_$enable_fully_static = x_yes; then
LIBS="$LIBS -lgdi32"
fi
LIBS="$LIBS -lz"
LIBS="$LIBS -l:libssp.a"
fi
fi
@ -21209,6 +21237,7 @@ _ACEOF
DNSTAP_SOCKET_PATH="$hdr_dnstap_socket_path"
DNSTAP_SOCKET_TESTBIN='unbound-dnstap-socket$(EXEEXT)'
DNSTAP_SRC="dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dnstap_fstrm.c dnstap/dtstream.c"
@ -21715,7 +21744,7 @@ _ACEOF
version=1.13.0
version=1.13.1
date=`date +'%b %e, %Y'`
@ -22234,7 +22263,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.13.0, which was
This file was extended by unbound $as_me 1.13.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -22300,7 +22329,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.13.0
unbound config.status 1.13.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

View File

@ -1,6 +1,6 @@
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_PREREQ([2.56])
sinclude(acx_nlnetlabs.m4)
sinclude(ax_pthread.m4)
sinclude(acx_python.m4)
@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[13])
m4_define([VERSION_MICRO],[0])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound)
m4_define([VERSION_MICRO],[1])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=11
LIBUNBOUND_REVISION=12
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -97,6 +97,7 @@ LIBUNBOUND_AGE=1
# 1.11.0 had 9:9:1
# 1.12.0 had 9:10:1
# 1.13.0 had 9:11:1
# 1.13.1 had 9:12:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -125,7 +126,7 @@ cmdln="`echo $@ | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/'g`"
AC_DEFINE_UNQUOTED(CONFCMDLINE, ["$cmdln"], [Command line arguments used with configure])
CFLAGS="$CFLAGS"
AC_AIX
AC_USE_SYSTEM_EXTENSIONS
if test "$ac_cv_header_minix_config_h" = "yes"; then
AC_DEFINE(_NETBSD_SOURCE,1, [Enable for compile on Minix])
fi
@ -166,8 +167,7 @@ else
ub_conf_file="C:\\Program Files\\Unbound\\service.conf"
fi
AC_ARG_WITH([conf_file],
AC_HELP_STRING([--with-conf-file=path],
[Pathname to the Unbound configuration file]),
AS_HELP_STRING([--with-conf-file=path],[Pathname to the Unbound configuration file]),
[ub_conf_file="$withval"])
AC_SUBST(ub_conf_file)
ACX_ESCAPE_BACKSLASH($ub_conf_file, hdr_config)
@ -177,8 +177,7 @@ AC_SUBST(ub_conf_dir)
# Determine run, chroot directory and pidfile locations
AC_ARG_WITH(run-dir,
AC_HELP_STRING([--with-run-dir=path],
[set default directory to chdir to (by default dir part of cfg file)]),
AS_HELP_STRING([--with-run-dir=path],[set default directory to chdir to (by default dir part of cfg file)]),
UNBOUND_RUN_DIR="$withval",
if test $on_mingw = no; then
UNBOUND_RUN_DIR=`dirname "$ub_conf_file"`
@ -191,8 +190,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_RUN_DIR, hdr_run)
AC_DEFINE_UNQUOTED(RUN_DIR, ["$hdr_run"], [Directory to chdir to])
AC_ARG_WITH(chroot-dir,
AC_HELP_STRING([--with-chroot-dir=path],
[set default directory to chroot to (by default same as run-dir)]),
AS_HELP_STRING([--with-chroot-dir=path],[set default directory to chroot to (by default same as run-dir)]),
UNBOUND_CHROOT_DIR="$withval",
if test $on_mingw = no; then
UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR"
@ -205,16 +203,14 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_CHROOT_DIR, hdr_chroot)
AC_DEFINE_UNQUOTED(CHROOT_DIR, ["$hdr_chroot"], [Directory to chroot to])
AC_ARG_WITH(share-dir,
AC_HELP_STRING([--with-share-dir=path],
[set default directory with shared data (by default same as share/unbound)]),
AS_HELP_STRING([--with-share-dir=path],[set default directory with shared data (by default same as share/unbound)]),
UNBOUND_SHARE_DIR="$withval",
UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR")
AC_SUBST(UNBOUND_SHARE_DIR)
AC_DEFINE_UNQUOTED(SHARE_DIR, ["$UNBOUND_SHARE_DIR"], [Shared data])
AC_ARG_WITH(pidfile,
AC_HELP_STRING([--with-pidfile=filename],
[set default pathname to unbound pidfile (default run-dir/unbound.pid)]),
AS_HELP_STRING([--with-pidfile=filename],[set default pathname to unbound pidfile (default run-dir/unbound.pid)]),
UNBOUND_PIDFILE="$withval",
if test $on_mingw = no; then
UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid"
@ -227,8 +223,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid)
AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location])
AC_ARG_WITH(rootkey-file,
AC_HELP_STRING([--with-rootkey-file=filename],
[set default pathname to root key file (default run-dir/root.key). This file is read and written.]),
AS_HELP_STRING([--with-rootkey-file=filename],[set default pathname to root key file (default run-dir/root.key). This file is read and written.]),
UNBOUND_ROOTKEY_FILE="$withval",
if test $on_mingw = no; then
UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key"
@ -241,8 +236,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey)
AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location])
AC_ARG_WITH(rootcert-file,
AC_HELP_STRING([--with-rootcert-file=filename],
[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]),
AS_HELP_STRING([--with-rootcert-file=filename],[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]),
UNBOUND_ROOTCERT_FILE="$withval",
if test $on_mingw = no; then
UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem"
@ -255,8 +249,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem)
AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location])
AC_ARG_WITH(username,
AC_HELP_STRING([--with-username=user],
[set default user that unbound changes to (default user is unbound)]),
AS_HELP_STRING([--with-username=user],[set default user that unbound changes to (default user is unbound)]),
UNBOUND_USERNAME="$withval",
UNBOUND_USERNAME="unbound")
AC_SUBST(UNBOUND_USERNAME)
@ -268,7 +261,7 @@ AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource f
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_LANG_C
AC_LANG([C])
# allow user to override the -g -O2 flags.
default_cflags=no
if test "x$CFLAGS" = "x" ; then
@ -281,8 +274,8 @@ ACX_DEPFLAG
ACX_DETERMINE_EXT_FLAGS_UNBOUND
# debug mode flags warnings
AC_ARG_ENABLE(checking, AC_HELP_STRING([--enable-checking], [Enable warnings, asserts, makefile-dependencies]))
AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [same as enable-checking]))
AC_ARG_ENABLE(checking, AS_HELP_STRING([--enable-checking],[Enable warnings, asserts, makefile-dependencies]))
AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[same as enable-checking]))
if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug";
else debug_enabled="$enable_checking"; fi
AC_SUBST(debug_enabled)
@ -316,14 +309,11 @@ AC_DEFUN([CHECK_WEAK_ATTRIBUTE],
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "weak" attribute)
AC_CACHE_VAL(ac_cv_c_weak_attribute,
[ac_cv_c_weak_attribute=no
AC_TRY_COMPILE(
[ #include <stdio.h>
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h>
__attribute__((weak)) void f(int x) { printf("%d", x); }
], [
]], [[
f(1);
],
[ac_cv_c_weak_attribute="yes"],
[ac_cv_c_weak_attribute="no"])
]])],[ac_cv_c_weak_attribute="yes"],[ac_cv_c_weak_attribute="no"])
])
AC_MSG_RESULT($ac_cv_c_weak_attribute)
@ -340,14 +330,11 @@ AC_DEFUN([CHECK_NORETURN_ATTRIBUTE],
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "noreturn" attribute)
AC_CACHE_VAL(ac_cv_c_noreturn_attribute,
[ac_cv_c_noreturn_attribute=no
AC_TRY_COMPILE(
[ #include <stdio.h>
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h>
__attribute__((noreturn)) void f(int x) { printf("%d", x); }
], [
]], [[
f(1);
],
[ac_cv_c_noreturn_attribute="yes"],
[ac_cv_c_noreturn_attribute="no"])
]])],[ac_cv_c_noreturn_attribute="yes"],[ac_cv_c_noreturn_attribute="no"])
])
AC_MSG_RESULT($ac_cv_c_noreturn_attribute)
@ -385,7 +372,7 @@ EOF
fi
])
AC_PROG_LEX
AC_PROG_LEX([noyywrap])
if test "$LEX" != "" -a "$LEX" != ":"; then
ACX_YYLEX_DESTROY
fi
@ -494,7 +481,7 @@ fi
# check some functions of the OS before linking libs (while still runnable).
AC_FUNC_CHOWN
AC_FUNC_FORK
AC_TYPE_SIGNAL
AC_DEFINE(RETSIGTYPE,void,[Return type of signal handlers, but autoconf 2.70 says 'your code may safely assume C89 semantics that RETSIGTYPE is void.'])
AC_FUNC_FSEEKO
ACX_SYS_LARGEFILE
ACX_CHECK_NONBLOCKING_BROKEN
@ -513,14 +500,11 @@ sinclude(systemd.m4)
# Include systemd.m4 - end
# set memory allocation checking if requested
AC_ARG_ENABLE(alloc-checks, AC_HELP_STRING([--enable-alloc-checks],
[ enable to memory allocation statistics, for debug purposes ]),
AC_ARG_ENABLE(alloc-checks, AS_HELP_STRING([--enable-alloc-checks],[ enable to memory allocation statistics, for debug purposes ]),
, )
AC_ARG_ENABLE(alloc-lite, AC_HELP_STRING([--enable-alloc-lite],
[ enable for lightweight alloc assertions, for debug purposes ]),
AC_ARG_ENABLE(alloc-lite, AS_HELP_STRING([--enable-alloc-lite],[ enable for lightweight alloc assertions, for debug purposes ]),
, )
AC_ARG_ENABLE(alloc-nonregional, AC_HELP_STRING([--enable-alloc-nonregional],
[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]),
AC_ARG_ENABLE(alloc-nonregional, AS_HELP_STRING([--enable-alloc-nonregional],[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]),
, )
if test x_$enable_alloc_nonregional = x_yes; then
AC_DEFINE(UNBOUND_ALLOC_NONREGIONAL, 1, [use malloc not regions, for debug use])
@ -564,8 +548,7 @@ else
# check this first, so that the pthread lib does not get linked in via
# libssl or libpython, and thus distorts the tests, and we end up using
# the non-threadsafe C libraries.
AC_ARG_WITH(pthreads, AC_HELP_STRING([--with-pthreads],
[use pthreads library, or --without-pthreads to disable threading support.]),
AC_ARG_WITH(pthreads, AS_HELP_STRING([--with-pthreads],[use pthreads library, or --without-pthreads to disable threading support.]),
[ ],[ withval="yes" ])
ub_have_pthreads=no
if test x_$withval != x_no; then
@ -612,12 +595,11 @@ int main(void) {return 0;}
fi
# check solaris thread library
AC_ARG_WITH(solaris-threads, AC_HELP_STRING([--with-solaris-threads],
[use solaris native thread library.]), [ ],[ withval="no" ])
AC_ARG_WITH(solaris-threads, AS_HELP_STRING([--with-solaris-threads],[use solaris native thread library.]), [ ],[ withval="no" ])
ub_have_sol_threads=no
if test x_$withval != x_no; then
if test x_$ub_have_pthreads != x_no; then
AC_WARN([Have pthreads already, ignoring --with-solaris-threads])
AC_MSG_WARN([Have pthreads already, ignoring --with-solaris-threads])
else
AC_SEARCH_LIBS(thr_create, [thread],
[
@ -627,7 +609,7 @@ if test x_$withval != x_no; then
[CFLAGS="$CFLAGS -D_REENTRANT"])
ub_have_sol_threads=yes
] , [
AC_ERROR([no solaris threads found.])
AC_MSG_ERROR([no solaris threads found.])
])
fi
fi
@ -635,7 +617,7 @@ fi
fi # end of non-mingw check of thread libraries
# Check for SYSLOG_FACILITY
AC_ARG_WITH(syslog-facility, AC_HELP_STRING([--with-syslog-facility=LOCAL0 - LOCAL7], [ set SYSLOG_FACILITY, default DAEMON ]),
AC_ARG_WITH(syslog-facility, AS_HELP_STRING([--with-syslog-facility=LOCAL0 - LOCAL7],[ set SYSLOG_FACILITY, default DAEMON ]),
[ UNBOUND_SYSLOG_FACILITY="$withval" ], [])
case "${UNBOUND_SYSLOG_FACILITY}" in
@ -648,8 +630,7 @@ AC_DEFINE_UNQUOTED(UB_SYSLOG_FACILITY,${UNBOUND_SYSLOG_FACILITY},[the SYSLOG_FAC
# Check for dynamic library module
AC_ARG_WITH(dynlibmodule,
AC_HELP_STRING([--with-dynlibmodule],
[build dynamic library module, or --without-dynlibmodule to disable it. (default=no)]),
AS_HELP_STRING([--with-dynlibmodule],[build dynamic library module, or --without-dynlibmodule to disable it. (default=no)]),
[], [ withval="no" ])
if test x_$withval != x_no; then
@ -661,17 +642,20 @@ if test x_$withval != x_no; then
DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h'
AC_SUBST(DYNLIBMOD_HEADER)
if test $on_mingw = "no"; then
DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic"
# link with -ldl if not already there, for all executables because
# dlopen call is in the dynlib module. For unbound executable, also
# export symbols.
AC_SEARCH_LIBS([dlopen], [dl])
DYNLIBMOD_EXTRALIBS="-export-dynamic"
else
DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.a"
DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a"
fi
AC_SUBST(DYNLIBMOD_EXTRALIBS)
fi
# Check for PyUnbound
AC_ARG_WITH(pyunbound,
AC_HELP_STRING([--with-pyunbound],
[build PyUnbound, or --without-pyunbound to skip it. (default=no)]),
AS_HELP_STRING([--with-pyunbound],[build PyUnbound, or --without-pyunbound to skip it. (default=no)]),
[], [ withval="no" ])
ub_test_python=no
@ -683,8 +667,7 @@ fi
# Check for Python module
AC_ARG_WITH(pythonmodule,
AC_HELP_STRING([--with-pythonmodule],
[build Python module, or --without-pythonmodule to disable script engine. (default=no)]),
AS_HELP_STRING([--with-pythonmodule],[build Python module, or --without-pythonmodule to disable script engine. (default=no)]),
[], [ withval="no" ])
ub_with_pythonmod=no
@ -702,7 +685,7 @@ if test x_$ub_test_python != x_no; then
AC_PYTHON_DEVEL
if test ! -z "$PYTHON_VERSION"; then
if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then
AC_ERROR([Python version >= 2.4.0 is required])
AC_MSG_ERROR([Python version >= 2.4.0 is required])
fi
[PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"]
@ -730,7 +713,7 @@ if test x_$ub_test_python != x_no; then
# Check for SWIG
ub_have_swig=no
AC_ARG_ENABLE(swig-version-check, AC_HELP_STRING([--disable-swig-version-check], [Disable swig version check to build python modules with older swig even though that is unreliable]))
AC_ARG_ENABLE(swig-version-check, AS_HELP_STRING([--disable-swig-version-check],[Disable swig version check to build python modules with older swig even though that is unreliable]))
if test "$enable_swig_version_check" = "yes"; then
AC_PROG_SWIG(2.0.1)
else
@ -738,7 +721,7 @@ if test x_$ub_test_python != x_no; then
fi
AC_MSG_CHECKING(SWIG)
if test ! -x "$SWIG"; then
AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound])
AC_MSG_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound])
else
AC_DEFINE(HAVE_SWIG, 1, [Define if you have Swig libraries and header files.])
AC_SUBST(swig, "$SWIG")
@ -793,8 +776,7 @@ AC_SUBST(CONFIG_DATE)
# libnss
USE_NSS="no"
AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path],
[use libnss instead of openssl, installed at path.]),
AC_ARG_WITH([nss], AS_HELP_STRING([--with-nss=path],[use libnss instead of openssl, installed at path.]),
[
USE_NSS="yes"
AC_DEFINE(HAVE_NSS, 1, [Use libnss for crypto])
@ -816,8 +798,7 @@ AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path],
# libnettle
USE_NETTLE="no"
AC_ARG_WITH([nettle], AC_HELP_STRING([--with-nettle=path],
[use libnettle as crypto library, installed at path.]),
AC_ARG_WITH([nettle], AS_HELP_STRING([--with-nettle=path],[use libnettle as crypto library, installed at path.]),
[
USE_NETTLE="yes"
AC_DEFINE(HAVE_NETTLE, 1, [Use libnettle for crypto])
@ -849,7 +830,10 @@ AC_SUBST(PC_CRYPTO_DEPENDENCY)
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
AC_MSG_CHECKING([if libssl needs -lcrypt32])
AC_TRY_LINK_FUNC([EVP_sha256], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])], [
AC_MSG_RESULT([no])
LIBS="$BAKLIBS"
], [
@ -937,7 +921,7 @@ fi
AC_SUBST(SSLLIB)
# libbsd
AC_ARG_WITH([libbsd], AC_HELP_STRING([--with-libbsd], [Use portable libbsd functions]), [
AC_ARG_WITH([libbsd], AS_HELP_STRING([--with-libbsd],[Use portable libbsd functions]), [
AC_CHECK_HEADERS([bsd/string.h bsd/stdlib.h],,, [AC_INCLUDES_DEFAULT])
if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then
for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do
@ -950,7 +934,7 @@ AC_ARG_WITH([libbsd], AC_HELP_STRING([--with-libbsd], [Use portable libbsd funct
fi
])
AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support]))
AC_ARG_ENABLE(sha1, AS_HELP_STRING([--disable-sha1],[Disable SHA1 RRSIG support, does not disable nsec3 support]))
case "$enable_sha1" in
no)
;;
@ -960,7 +944,7 @@ case "$enable_sha1" in
esac
AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support]))
AC_ARG_ENABLE(sha2, AS_HELP_STRING([--disable-sha2],[Disable SHA256 and SHA512 RRSIG support]))
case "$enable_sha2" in
no)
;;
@ -969,7 +953,7 @@ case "$enable_sha2" in
;;
esac
AC_ARG_ENABLE(subnet, AC_HELP_STRING([--enable-subnet], [Enable client subnet]))
AC_ARG_ENABLE(subnet, AS_HELP_STRING([--enable-subnet],[Enable client subnet]))
case "$enable_subnet" in
yes)
AC_DEFINE([CLIENT_SUBNET], [1], [Define this to enable client subnet option.])
@ -1080,7 +1064,7 @@ fi
AC_MSG_RESULT($ac_cv_c_gost_works)
])dnl
AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support]))
AC_ARG_ENABLE(gost, AS_HELP_STRING([--disable-gost],[Disable GOST support]))
use_gost="no"
if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
case "$enable_gost" in
@ -1098,7 +1082,7 @@ case "$enable_gost" in
esac
fi dnl !USE_NSS && !USE_NETTLE
AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support]))
AC_ARG_ENABLE(ecdsa, AS_HELP_STRING([--disable-ecdsa],[Disable ECDSA support]))
use_ecdsa="no"
case "$enable_ecdsa" in
no)
@ -1130,7 +1114,7 @@ case "$enable_ecdsa" in
;;
esac
AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support]))
AC_ARG_ENABLE(dsa, AS_HELP_STRING([--disable-dsa],[Disable DSA support]))
use_dsa="no"
case "$enable_dsa" in
yes)
@ -1170,7 +1154,7 @@ AC_INCLUDES_DEFAULT
;;
esac
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support]))
AC_ARG_ENABLE(ed25519, AS_HELP_STRING([--disable-ed25519],[Disable ED25519 support]))
use_ed25519="no"
case "$enable_ed25519" in
no)
@ -1193,7 +1177,7 @@ case "$enable_ed25519" in
;;
esac
AC_ARG_ENABLE(ed448, AC_HELP_STRING([--disable-ed448], [Disable ED448 support]))
AC_ARG_ENABLE(ed448, AS_HELP_STRING([--disable-ed448],[Disable ED448 support]))
use_ed448="no"
case "$enable_ed448" in
no)
@ -1213,7 +1197,7 @@ case "$enable_ed448" in
;;
esac
AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h]))
AC_ARG_ENABLE(event-api, AS_HELP_STRING([--enable-event-api],[Enable (experimental) pluggable event base libunbound API installed to unbound-event.h]))
case "$enable_event_api" in
yes)
AC_SUBST(UNBOUND_EVENT_INSTALL, [unbound-event-install])
@ -1223,7 +1207,7 @@ case "$enable_event_api" in
;;
esac
AC_ARG_ENABLE(tfo-client, AC_HELP_STRING([--enable-tfo-client], [Enable TCP Fast Open for client mode]))
AC_ARG_ENABLE(tfo-client, AS_HELP_STRING([--enable-tfo-client],[Enable TCP Fast Open for client mode]))
case "$enable_tfo_client" in
yes)
case `uname` in
@ -1247,7 +1231,7 @@ case "$enable_tfo_client" in
;;
esac
AC_ARG_ENABLE(tfo-server, AC_HELP_STRING([--enable-tfo-server], [Enable TCP Fast Open for server mode]))
AC_ARG_ENABLE(tfo-server, AS_HELP_STRING([--enable-tfo-server],[Enable TCP Fast Open for server mode]))
case "$enable_tfo_server" in
yes)
AC_CHECK_DECL([TCP_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO])], [AC_MSG_ERROR([TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server])], [AC_INCLUDES_DEFAULT
@ -1260,8 +1244,7 @@ case "$enable_tfo_server" in
esac
# check for libevent
AC_ARG_WITH(libevent, AC_HELP_STRING([--with-libevent=pathname],
[use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]),
AC_ARG_WITH(libevent, AS_HELP_STRING([--with-libevent=pathname],[use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]),
[ ],[ with_libevent="no" ])
if test "x_$with_libevent" != x_no; then
AC_DEFINE([USE_LIBEVENT], [1], [Define if you enable libevent])
@ -1355,8 +1338,7 @@ else
fi
# check for libexpat
AC_ARG_WITH(libexpat, AC_HELP_STRING([--with-libexpat=path],
[specify explicit path for libexpat.]),
AC_ARG_WITH(libexpat, AS_HELP_STRING([--with-libexpat=path],[specify explicit path for libexpat.]),
[ ],[ withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" ])
AC_MSG_CHECKING(for libexpat)
found_libexpat="no"
@ -1373,7 +1355,7 @@ for dir in $withval ; do
fi
done
if test x_$found_libexpat != x_yes; then
AC_ERROR([Could not find libexpat, expat.h])
AC_MSG_ERROR([Could not find libexpat, expat.h])
fi
AC_CHECK_HEADERS([expat.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT
@ -1381,8 +1363,7 @@ AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT
])
# hiredis (redis C client for cachedb)
AC_ARG_WITH(libhiredis, AC_HELP_STRING([--with-libhiredis=path],
[specify explicit path for libhiredis.]),
AC_ARG_WITH(libhiredis, AS_HELP_STRING([--with-libhiredis=path],[specify explicit path for libhiredis.]),
[ ],[ withval="no" ])
found_libhiredis="no"
if test x_$withval = x_yes -o x_$withval != x_no; then
@ -1405,7 +1386,7 @@ if test x_$withval = x_yes -o x_$withval != x_no; then
fi
done
if test x_$found_libhiredis != x_yes; then
AC_ERROR([Could not find libhiredis, hiredis.h])
AC_MSG_ERROR([Could not find libhiredis, hiredis.h])
fi
AC_CHECK_HEADERS([hiredis/hiredis.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_DECLS([redisConnect], [], [], [AC_INCLUDES_DEFAULT
@ -1414,8 +1395,7 @@ if test x_$withval = x_yes -o x_$withval != x_no; then
fi
# nghttp2
AC_ARG_WITH(libnghttp2, AC_HELP_STRING([--with-libnghttp2=path],
[specify explicit path for libnghttp2.]),
AC_ARG_WITH(libnghttp2, AS_HELP_STRING([--with-libnghttp2=path],[specify explicit path for libnghttp2.]),
[ ],[ withval="no" ])
found_libnghttp2="no"
if test x_$withval = x_yes -o x_$withval != x_no; then
@ -1438,7 +1418,7 @@ if test x_$withval = x_yes -o x_$withval != x_no; then
fi
done
if test x_$found_libnghttp2 != x_yes; then
AC_ERROR([Could not find libnghttp2, nghttp2.h])
AC_MSG_ERROR([Could not find libnghttp2, nghttp2.h])
fi
AC_CHECK_HEADERS([nghttp2/nghttp2.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_DECLS([nghttp2_session_server_new], [], [], [AC_INCLUDES_DEFAULT
@ -1449,8 +1429,7 @@ fi
# set static linking for uninstalled libraries if requested
AC_SUBST(staticexe)
staticexe=""
AC_ARG_ENABLE(static-exe, AC_HELP_STRING([--enable-static-exe],
[ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]),
AC_ARG_ENABLE(static-exe, AS_HELP_STRING([--enable-static-exe],[ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]),
, )
if test x_$enable_static_exe = x_yes; then
staticexe="-static"
@ -1463,12 +1442,12 @@ if test x_$enable_static_exe = x_yes; then
LIBS="$LIBS -lgdi32"
fi
LIBS="$LIBS -lz"
LIBS="$LIBS -l:libssp.a"
fi
fi
# set full static linking if requested
AC_ARG_ENABLE(fully-static, AC_HELP_STRING([--enable-fully-static],
[ enable to compile fully static ]),
AC_ARG_ENABLE(fully-static, AS_HELP_STRING([--enable-fully-static],[ enable to compile fully static ]),
, )
if test x_$enable_fully_static = x_yes; then
staticexe="-all-static"
@ -1480,12 +1459,12 @@ if test x_$enable_fully_static = x_yes; then
LIBS="$LIBS -lgdi32"
fi
LIBS="$LIBS -lz"
LIBS="$LIBS -l:libssp.a"
fi
fi
# set lock checking if requested
AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks],
[ enable to check lock and unlock calls, for debug purposes ]),
AC_ARG_ENABLE(lock_checks, AS_HELP_STRING([--enable-lock-checks],[ enable to check lock and unlock calls, for debug purposes ]),
, )
if test x_$enable_lock_checks = x_yes; then
AC_DEFINE(ENABLE_LOCK_CHECKS, 1, [Define if you want to use debug lock checking (slow).])
@ -1727,7 +1706,7 @@ AC_SUBST(LIBOBJ_WITHOUT_CTIME)
AC_REPLACE_FUNCS(ctime_r)
AC_REPLACE_FUNCS(strsep)
AC_ARG_ENABLE(allsymbols, AC_HELP_STRING([--enable-allsymbols], [export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols]))
AC_ARG_ENABLE(allsymbols, AS_HELP_STRING([--enable-allsymbols],[export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols]))
case "$enable_allsymbols" in
yes)
COMMON_OBJ_ALL_SYMBOLS=""
@ -1770,7 +1749,7 @@ dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock],
AC_DEFINE_UNQUOTED(DNSTAP_SOCKET_PATH,
["$hdr_dnstap_socket_path"], [default dnstap socket path])
AC_SUBST(DNSTAP_SOCKET_PATH,["$hdr_dnstap_socket_path"])
AC_SUBST(DNSTAP_SOCKET_TESTBIN,['unbound-dnstap-socket$(EXEEXT)'])
AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dnstap_fstrm.c dnstap/dtstream.c"])
AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo dnstap_fstrm.lo dtstream.lo"])
],
@ -1793,7 +1772,7 @@ dnsc_DNSCRYPT([
)
# check for cachedb if requested
AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage]))
AC_ARG_ENABLE(cachedb, AS_HELP_STRING([--enable-cachedb],[enable cachedb module that can use external cache storage]))
# turn on cachedb when hiredis support is enabled.
if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi
case "$enable_cachedb" in
@ -1806,7 +1785,7 @@ case "$enable_cachedb" in
esac
# check for ipsecmod if requested
AC_ARG_ENABLE(ipsecmod, AC_HELP_STRING([--enable-ipsecmod], [Enable ipsecmod module that facilitates opportunistic IPsec]))
AC_ARG_ENABLE(ipsecmod, AS_HELP_STRING([--enable-ipsecmod],[Enable ipsecmod module that facilitates opportunistic IPsec]))
case "$enable_ipsecmod" in
yes)
AC_DEFINE([USE_IPSECMOD], [1], [Define to 1 to use ipsecmod support.])
@ -1821,7 +1800,7 @@ case "$enable_ipsecmod" in
esac
# check for ipset if requested
AC_ARG_ENABLE(ipset, AC_HELP_STRING([--enable-ipset], [enable ipset module]))
AC_ARG_ENABLE(ipset, AS_HELP_STRING([--enable-ipset],[enable ipset module]))
case "$enable_ipset" in
yes)
AC_DEFINE([USE_IPSET], [1], [Define to 1 to use ipset support])
@ -1831,8 +1810,7 @@ case "$enable_ipset" in
AC_SUBST(IPSET_OBJ)
# mnl
AC_ARG_WITH(libmnl, AC_HELP_STRING([--with-libmnl=path],
[specify explicit path for libmnl.]),
AC_ARG_WITH(libmnl, AS_HELP_STRING([--with-libmnl=path],[specify explicit path for libmnl.]),
[ ],[ withval="yes" ])
found_libmnl="no"
AC_MSG_CHECKING(for libmnl)
@ -1853,14 +1831,14 @@ case "$enable_ipset" in
fi
done
if test x_$found_libmnl != x_yes; then
AC_ERROR([Could not find libmnl, libmnl.h])
AC_MSG_ERROR([Could not find libmnl, libmnl.h])
fi
;;
no|*)
# nothing
;;
esac
AC_ARG_ENABLE(explicit-port-randomisation, AC_HELP_STRING([--disable-explicit-port-randomisation], [disable explicit source port randomisation and rely on the kernel to provide random source ports]))
AC_ARG_ENABLE(explicit-port-randomisation, AS_HELP_STRING([--disable-explicit-port-randomisation],[disable explicit source port randomisation and rely on the kernel to provide random source ports]))
case "$enable_explicit_port_randomisation" in
no)
AC_DEFINE([DISABLE_EXPLICIT_PORT_RANDOMISATION], [1], [Define this to enable kernel based UDP source port randomization.])
@ -1908,8 +1886,7 @@ AC_SUBST(SOURCEFILE)
# see if we want to build the library or everything
ALLTARGET="alltargets"
INSTALLTARGET="install-all"
AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only],
[do not build daemon and tool programs]),
AC_ARG_WITH(libunbound-only, AS_HELP_STRING([--with-libunbound-only],[do not build daemon and tool programs]),
[
if test "$withval" = "yes"; then
ALLTARGET="lib"
@ -1918,10 +1895,10 @@ AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only],
])
if test $ALLTARGET = "alltargets"; then
if test $USE_NSS = "yes"; then
AC_ERROR([--with-nss can only be used in combination with --with-libunbound-only.])
AC_MSG_ERROR([--with-nss can only be used in combination with --with-libunbound-only.])
fi
if test $USE_NETTLE = "yes"; then
AC_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.])
AC_MSG_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.])
fi
fi
@ -2198,5 +2175,5 @@ AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO])
AC_SUBST(date, [`date +'%b %e, %Y'`])
AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service contrib/unbound_portable.service])
AC_CONFIG_HEADER([config.h])
AC_CONFIG_HEADERS([config.h])
AC_OUTPUT

View File

0
contrib/unbound/contrib/create_unbound_ad_servers.sh Executable file → Normal file
View File

0
contrib/unbound/contrib/parseunbound.pl Executable file → Normal file
View File

0
contrib/unbound/contrib/unbound_cache.sh Executable file → Normal file
View File

0
contrib/unbound/contrib/warmup.sh Executable file → Normal file
View File

View File

@ -2860,6 +2860,57 @@ do_ip_ratelimit_list(RES* ssl, struct worker* worker, char* arg)
slabhash_traverse(a.infra->client_ip_rates, 0, ip_rate_list, &a);
}
/** do the rpz_enable/disable command */
static void
do_rpz_enable_disable(RES* ssl, struct worker* worker, char* arg, int enable) {
size_t nmlen;
int nmlabs;
uint8_t *nm = NULL;
struct auth_zones *az = worker->env.auth_zones;
struct auth_zone *z = NULL;
if (!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
return;
if (az) {
lock_rw_rdlock(&az->lock);
z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN);
if (z) {
lock_rw_wrlock(&z->lock);
}
lock_rw_unlock(&az->lock);
}
free(nm);
if (!z) {
(void) ssl_printf(ssl, "error no auth-zone %s\n", arg);
return;
}
if (!z->rpz) {
(void) ssl_printf(ssl, "error auth-zone %s not RPZ\n", arg);
lock_rw_unlock(&z->lock);
return;
}
if (enable) {
rpz_enable(z->rpz);
} else {
rpz_disable(z->rpz);
}
lock_rw_unlock(&z->lock);
send_ok(ssl);
}
/** do the rpz_enable command */
static void
do_rpz_enable(RES* ssl, struct worker* worker, char* arg)
{
do_rpz_enable_disable(ssl, worker, arg, 1);
}
/** do the rpz_disable command */
static void
do_rpz_disable(RES* ssl, struct worker* worker, char* arg)
{
do_rpz_enable_disable(ssl, worker, arg, 0);
}
/** tell other processes to execute the command */
static void
distribute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd)
@ -3060,6 +3111,10 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
do_flush_bogus(ssl, worker);
} else if(cmdcmp(p, "flush_negative", 14)) {
do_flush_negative(ssl, worker);
} else if(cmdcmp(p, "rpz_enable", 10)) {
do_rpz_enable(ssl, worker, skipwhite(p+10));
} else if(cmdcmp(p, "rpz_disable", 11)) {
do_rpz_disable(ssl, worker, skipwhite(p+11));
} else {
(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
}

View File

@ -513,7 +513,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
edns->ext_rcode = 0;
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL,
msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad))
msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
return 0;
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
&msg->qinfo, id, flags, edns);
@ -544,7 +545,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
edns->ext_rcode = 0;
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, msg->rep,
(int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad))
(int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad,
worker->env.now_tv))
return 0;
msg->rep->flags |= BIT_QR|BIT_RA;
if(!apply_edns_options(edns, &edns_bak, worker->env.cfg,
@ -553,7 +555,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
repinfo->c->buffer, 0, 1, worker->scratchpad,
udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) {
if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL,
LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad))
LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
edns->opt_list = NULL;
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
&msg->qinfo, id, flags, edns);
@ -684,7 +687,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
edns->ext_rcode = 0;
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep,
LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad))
LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
goto bail_out;
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
qinfo, id, flags, edns);
@ -718,7 +722,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
edns->ext_rcode = 0;
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep,
(int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad))
(int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad,
worker->env.now_tv))
goto bail_out;
*alias_rrset = NULL; /* avoid confusion if caller set it to non-NULL */
if((worker->daemon->use_response_ip || worker->daemon->use_rpz) &&
@ -754,7 +759,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
repinfo->c->buffer, timenow, 1, worker->scratchpad,
udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer)) {
if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL,
LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad))
LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
edns->opt_list = NULL;
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
qinfo, id, flags, edns);
@ -842,7 +848,8 @@ chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns,
edns->udp_size = EDNS_ADVERTISED_SIZE;
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL,
LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad))
LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
edns->opt_list = NULL;
if(sldns_buffer_capacity(pkt) >=
sldns_buffer_limit(pkt)+calc_edns_field_size(edns))
@ -1282,6 +1289,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
edns.udp_size = EDNS_ADVERTISED_SIZE;
edns.bits &= EDNS_DO;
edns.opt_list = NULL;
edns.padding_block_size = 0;
verbose(VERB_ALGO, "query with bad edns version.");
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo,

View File

@ -198,14 +198,17 @@ uitoa(unsigned n, char* s)
static uint32_t
extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset)
{
uint32_t ipv4;
uint32_t ipv4 = 0;
int i, pos;
log_assert(ipv6_len == 16); (void)ipv6_len;
ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8))
| (uint32_t)ipv6[offset/8+1] << (16 + (offset%8))
| (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8))
| (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8));
if (offset/8+4 < 16)
ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8);
log_assert(offset == 32 || offset == 40 || offset == 48 || offset == 56 ||
offset == 64 || offset == 96);
for(i = 0, pos = offset / 8; i < 4; i++, pos++) {
if (pos == 8)
pos++;
ipv4 = ipv4 << 8;
ipv4 |= ipv6[pos];
}
return ipv4;
}
@ -296,18 +299,18 @@ synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len,
int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[],
size_t aaaa_len)
{
size_t i;
int pos;
log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16);
log_assert(prefix_net == 32 || prefix_net == 40 || prefix_net == 48 ||
prefix_net == 56 || prefix_net == 64 || prefix_net == 96);
(void)prefix_addr_len; (void)a_len; (void)aaaa_len;
memcpy(aaaa, prefix_addr, 16);
aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8);
aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8);
aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8);
aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8);
aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8);
aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8);
aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8);
if (prefix_net/8+4 < 16) /* <-- my beautiful symmetry is destroyed! */
aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8);
for(i = 0, pos = prefix_net / 8; i < a_len; i++, pos++) {
if(pos == 8)
aaaa[pos++] = 0;
aaaa[pos] = a[i];
}
}
@ -374,8 +377,10 @@ dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg)
log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix);
return 0;
}
if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) {
log_err("dns64-prefix length it not between 0 and 96: %s",
if (dns64_env->prefix_net != 32 && dns64_env->prefix_net != 40 &&
dns64_env->prefix_net != 48 && dns64_env->prefix_net != 56 &&
dns64_env->prefix_net != 64 && dns64_env->prefix_net != 96 ) {
log_err("dns64-prefix length it not 32, 40, 48, 56, 64 or 96: %s",
cfg->dns64_prefix);
return 0;
}
@ -722,7 +727,7 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
*dd_out = NULL;
return; /* integer overflow protection in alloc */
}
if (!(dd = *dd_out = regional_alloc(region,
if (!(dd = *dd_out = regional_alloc_zero(region,
sizeof(struct packed_rrset_data)
+ fd->count * (sizeof(size_t) + sizeof(time_t) +
sizeof(uint8_t*) + 2 + 16)))) {

View File

@ -11,7 +11,7 @@ AC_DEFUN([dnsc_DNSCRYPT],
[opt_dnscrypt=$enableval], [opt_dnscrypt=no])
if test "x$opt_dnscrypt" != "xno"; then
AC_ARG_WITH([libsodium], AC_HELP_STRING([--with-libsodium=path],
AC_ARG_WITH([libsodium], AS_HELP_STRING([--with-libsodium=path],
[Path where libsodium is installed, for dnscrypt]), [
CFLAGS="$CFLAGS -I$withval/include"
LDFLAGS="$LDFLAGS -L$withval/lib"

View File

@ -20,7 +20,7 @@ AC_DEFUN([dt_DNSTAP],
if test -z "$PROTOC_C"; then
AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!])
fi
AC_ARG_WITH([protobuf-c], AC_HELP_STRING([--with-protobuf-c=path],
AC_ARG_WITH([protobuf-c], AS_HELP_STRING([--with-protobuf-c=path],
[Path where protobuf-c is installed, for dnstap]), [
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f $withval/include/google/protobuf-c/protobuf-c.h; then

View File

@ -727,7 +727,7 @@ static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len)
}
/** delete the tap structure */
void tap_data_free(struct tap_data* data)
static void tap_data_free(struct tap_data* data)
{
ub_event_del(data->ev);
ub_event_free(data->ev);
@ -1166,7 +1166,8 @@ int sig_quit = 0;
/** signal handler for user quit */
static RETSIGTYPE main_sigh(int sig)
{
verbose(VERB_ALGO, "exit on signal %d\n", sig);
if(!sig_quit)
fprintf(stderr, "exit on signal %d\n", sig);
if(sig_base) {
ub_event_base_loopexit(sig_base);
sig_base = NULL;
@ -1354,6 +1355,10 @@ int main(int argc, char** argv)
struct tube;
struct query_info;
#include "util/data/packed_rrset.h"
#include "daemon/worker.h"
#include "daemon/remote.h"
#include "util/fptr_wlist.h"
#include "libunbound/context.h"
void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),

View File

@ -1,8 +1,137 @@
2 February 2021: Wouter
- branch-1.13.1 is created, with release-1.13.1rc1 tag.
- Fix dynlibmod link on rhel8 for -ldl inclusion.
- Fix windows dependency on libssp.dll because of default stack
protector in mingw.
- Fix indentation of root anchor for use by windows install script.
1 February 2021: George
- Attempt to fix NULL keys in the reuse_tcp tree; relates to #411.
29 January 2021: Wouter
- Fix for doxygen 1.8.20 compatibility.
28 January 2021: Wouter
- Annotate that we ignore the return value of if_indextoname.
- Fix to use correct type for label count in rpz routine.
- Fix empty clause warning in config_file nsid parse.
- Fix to use correct type for label count in ipdnametoaddr rpz routine.
- Fix empty clause warning in edns pass for padding.
- Fix fwd ancil test post script when not supported.
26 January 2021: George
- Merge PR #408 from fobser: Prevent a few more yacc clashes.
- Merge PR #275 from Roland van Rijswijk-Deij: Add feature to return the
original instead of a decrementing TTL ('serve-original-ttl')
- Merge PR #355 from noloader: Make ICANN Update CA and DS Trust Anchor
static data.
- Ignore cache blacklisting when trying to reply with expired data from
cache (#394).
26 January 2021: Wouter
- Fix compile of unbound-dnstap-socket without dnstap installed.
22 January 2021: Willem
- Padding of queries and responses with DNS over TLS as specified in
RFC7830 and RFC8467.
22 January 2021: George
- Fix TTL of SOA record for negative answers (localzone and
authzone data) to be the minimum of the SOA TTL and the SOA.MINIMUM.
19 January 2021: Willem
- Support for RFC5001: DNS Name Server Identifier (NSID) Option
with the nsid: option in unbound.conf
18 January 2021: Wouter
- Fix #404: DNS query with small edns bufsize fail.
- Fix declaration before statement and signed comparison warning in
dns64.
15 January 2021: Wouter
- Merge #402 from fobser: Implement IPv4-Embedded addresses according
to RFC6052.
14 January 2021: Wouter
- Fix for #93: dynlibmodule import library is named libunbound.dll.a.
13 January 2021: Wouter
- Merge #399 from xiangbao227: The lock of lruhash table should
unlocked after markdel entry.
- Fix for #93: dynlibmodule link fix for Windows.
12 January 2021: Wouter
- Fix #397: [Feature request] add new type always_null to local-zone
similar to always_nxdomain.
- Fix so local zone types always_nodata and always_deny can be used
from the config file.
8 January 2021: Wouter
- Merge PR #391 from fhriley: Add start_time to reply callbacks so
modules can compute the response time.
- For #391: use struct timeval* start_time for callback information.
- For #391: fix indentation.
- For #391: more double casts in python start time calculation.
- Add comment documentation.
- Fix clang analysis warning.
6 January 2021: Wouter
- Fix #379: zone loading over HTTP appears to have buffer issues.
- Merge PR #395 from mptre: add missing null check.
- Fix #387: client-subnet-always-forward seems to effectively bypass
any caching?
5 January 2021: Wouter
- Fix #385: autoconf 2.70 impacts unbound build
- Merge PR #375 by fhriley: Add rpz_enable and rpz_disable commands
to unbound-control.
4 January 2021: Wouter
- For #376: Fix that comm point event is not double removed or double
added to event map.
- iana portlist updated.
16 December 2020: George
- Fix error cases when udp-connect is set and send() returns an error
(modified patch from Xin Li @delphij).
11 December 2020: Wouter
- Fix #371: unbound-control timeout when Unbound is not running.
- Fix to squelch permission denied and other errors from remote host,
they are logged at higher verbosity but not on low verbosity.
- Merge PR #335 from fobser: Sprinkle in some static to prevent
missing prototype warnings.
- Merge PR #373 from fobser: Warning: arithmetic on a pointer to void
is a GNU extension.
- Fix missing prototypes in the code.
3 December 2020: Wouter
- make depend.
- iana portlist updated.
2 December 2020: Wouter
- Fix #360: for the additionally reported TCP Fast Open makes TCP
connections fail, in that case we print a hint that this is
happening with the error in the logs.
- Fix #356: deadlock when listening tcp.
- Fix unbound-dnstap-socket to not use log routine from interrupt
handler and not print so frequently when invoked in sequence.
- Fix on windows to ignore connection failure on UDP, unless verbose.
- Fix for #283: fix stream reuse and tcp fast open.
- Fix update, with write event check with streamreuse and fastopen.
1 December 2020: Wouter
- Fix #358: Squelch udp connect 'no route to host' errors on low
verbosity.
30 November 2020: Wouter
- Fix assertion failure on double callback when iterator loses
interest in query at head of line that then has the tcp stream
not kept for reuse.
- tag for the 1.13.0rc4 release.
- tag for the 1.13.0rc4 release. This also became the 1.13.0
release version on 3 dec 2020 with the streamreuse and fastopen
fix from 2 dec 2020. The code repo continues for 1.13.1 in
development.
27 November 2020: Wouter
- Fix compile warning for type cast in http2_submit_dns_response.

View File

@ -39,6 +39,7 @@ RFC 4343: case insensitive handling of domain names.
RFC 4509: SHA256 DS hash.
RFC 4592: wildcards.
RFC 4697: No DNS Resolution Misbehavior.
RFC 5001: DNS Name Server Identifier (NSID) Option
RFC 5011: update of trust anchors with timers.
RFC 5155: NSEC3, NSEC3PARAM types
RFC 5358: reflectors-are-evil: access control list for recursive

View File

@ -1,4 +1,4 @@
README for Unbound 1.13.0
README for Unbound 1.13.1
Copyright 2007 NLnet Labs
http://unbound.net

View File

@ -14,7 +14,6 @@ o (option) store primed key data in a overlaid keyhints file (sort of like draft
o windows version, auto update feature, a query to check for the version.
o command the server with TSIG inband. get-config, clearcache,
get stats, get memstats, get ..., reload, clear one zone from cache
o NSID rfc 5001 support.
o timers rfc 5011 support.
o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
o make timeout backoffs randomized (a couple percent random) to spread traffic.

View File

@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.13.0.
# See unbound.conf(5) man page, version 1.13.1.
#
# this is a comment.
@ -377,6 +377,9 @@ server:
# the version to report. Leave "" or default to return package version.
# version: ""
# NSID identity (hex string, or "ascii_somestring"). default disabled.
# nsid: "aabbccdd"
# the target fetch policy.
# series of integers describing the policy per dependency depth.
# The number of values in the list determines the maximum dependency
@ -388,7 +391,7 @@ server:
# target-fetch-policy: "3 2 1 0 0"
# Harden against very small EDNS buffer sizes.
# harden-short-bufsize: no
# harden-short-bufsize: yes
# Harden against unseemly large queries.
# harden-large-queries: no
@ -595,6 +598,13 @@ server:
# A recommended value is 1800.
# serve-expired-client-timeout: 0
# Return the original TTL as received from the upstream name server rather
# than the decrementing TTL as stored in the cache. Enabling this feature
# does not impact cache expiry, it only changes the TTL unbound embeds in
# responses to queries. Note that enabling this feature implicitly disables
# enforcement of the configured minimum and maximum TTL.
# serve-original-ttl: no
# Have the validator log failed validations for your diagnosis.
# 0: off. 1: A line per failed user query. 2: With reason and bad IP.
# val-log-level: 0
@ -704,8 +714,10 @@ server:
# o inform acts like transparent, but logs client IP address
# o inform_deny drops queries and logs client IP address
# o inform_redirect redirects queries and logs client IP address
# o always_transparent, always_refuse, always_nxdomain, resolve in
# that way but ignore local data for that name
# o always_transparent, always_refuse, always_nxdomain, always_nodata,
# always_deny resolve in that way but ignore local data for
# that name
# o always_null returns 0.0.0.0 or ::0 for any name in the zone.
# o noview breaks out of that view towards global local-zones.
#
# defaults are localhost address, reverse for 127.0.0.1 and ::1
@ -753,6 +765,12 @@ server:
# cipher setting for TLSv1.3
# tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
# Pad responses to padded queries received over TLS
# pad-responses: yes
# Padded responses will be padded to the closest multiple of this size.
# pad-responses-block-size: 468
# Use the SNI extension for TLS connections. Default is yes.
# Changing the value requires a reload.
# tls-use-sni: yes
@ -775,6 +793,12 @@ server:
# Add system certs to the cert bundle, from the Windows Cert Store
# tls-win-cert: no
# Pad queries over TLS upstreams
# pad-queries: yes
# Padded queries will be padded to the closest multiple of this size.
# pad-queries-block-size: 128
# Also serve tls on these port numbers (eg. 443, ...), by listing
# tls-additional-port: portno for each of the port numbers.

View File

@ -1,4 +1,4 @@
.TH "libunbound" "3" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.TH "libunbound" "3" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@ -44,7 +44,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.13.0 functions.
\- Unbound DNS validating resolver 1.13.1 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP

View File

@ -1,4 +1,4 @@
.TH "unbound-anchor" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.TH "unbound-anchor" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"

View File

@ -1,4 +1,4 @@
.TH "unbound-checkconf" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.TH "unbound-checkconf" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"

View File

@ -1,4 +1,4 @@
.TH "unbound-control" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.TH "unbound-control" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"
@ -305,6 +305,12 @@ Transfer the auth zone from master. The auth zone probe sequence is started,
where the masters are probed to see if they have an updated zone (with the SOA
serial check). And then the zone is transferred for a newer zone version.
.TP
.B rpz_enable \fIzone\fR
Enable the RPZ zone if it had previously been disabled.
.TP
.B rpz_enable \fIzone\fR
Disable the RPZ zone.
.TP
.B view_list_local_zones \fIview\fR
\fIlist_local_zones\fR for given view.
.TP

View File

@ -1,4 +1,4 @@
.TH "unbound\-host" "1" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.TH "unbound\-host" "1" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"

View File

@ -1,4 +1,4 @@
.TH "unbound" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.TH "unbound" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
.\"
.\" unbound.8 -- unbound manual
.\"
@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
\- Unbound DNS validating resolver 1.13.0.
\- Unbound DNS validating resolver 1.13.1.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]

View File

@ -1,4 +1,4 @@
.TH "unbound.conf" "5" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.TH "unbound.conf" "5" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@ -564,6 +564,25 @@ and that is the default.
Set the list of ciphersuites to allow when serving TLS. This is for newer
TLS 1.3 connections. Use "" for defaults, and that is the default.
.TP
.B pad\-responses: \fI<yes or no>
If enabled, TLS serviced queries that contained an EDNS Padding option will
cause responses padded to the closest multiple of the size specified in
\fBpad\-responses\-block\-size\fR.
Default is yes.
.TP
.B pad\-responses\-block\-size: \fI<number>
The block size with which to pad responses serviced over TLS. Only responses
to padded queries will be padded.
Default is 468.
.TP
.B pad\-queries: \fI<yes or no>
If enabled, all queries sent over TLS upstreams will be padded to the closest
multiple of the size specified in \fBpad\-queries\-block\-size\fR.
Default is yes.
.TP
.B pad\-queries\-block\-size: \fI<number>
The block size with which to pad queries sent over TLS upstreams.
Default is 128.
.B tls\-use\-sni: \fI<yes or no>
Enable or disable sending the SNI extension on TLS connections.
Default is yes.
@ -819,6 +838,11 @@ If enabled version.server and version.bind queries are refused.
Set the version to report. If set to "", the default, then the package
version is returned.
.TP
.B nsid:\fR <string>
Add the specified nsid to the EDNS section of the answer when queried
with an NSID EDNS enabled packet. As a sequence of hex characters or
with ascii_ prefix and then an ascii string.
.TP
.B hide\-trustanchor: \fI<yes or no>
If enabled trustanchor.unbound queries are refused.
.TP
@ -839,9 +863,8 @@ closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour
rumoured to be closer to that of BIND 8.
.TP
.B harden\-short\-bufsize: \fI<yes or no>
Very small EDNS buffer sizes from queries are ignored. Default is off, since
it is legal protocol wise to send these, and unbound tries to give very
small answers to these queries, where possible.
Very small EDNS buffer sizes from queries are ignored. Default is on, as
described in the standard.
.TP
.B harden\-large\-queries: \fI<yes or no>
Very large queries are ignored. Default is off, since it is legal protocol
@ -1163,6 +1186,19 @@ responding with expired data. A recommended value per
RFC 8767 is 1800. Setting this to 0 will disable this
behavior. Default is 0.
.TP
.B serve\-original\-ttl: \fI<yes or no>
If enabled, unbound will always return the original TTL as received from
the upstream name server rather than the decrementing TTL as
stored in the cache. This feature may be useful if unbound serves as a
front-end to a hidden authoritative name server. Enabling this feature does
not impact cache expiry, it only changes the TTL unbound embeds in responses to
queries. Note that enabling this feature implicitly disables enforcement of
the configured minimum and maximum TTL, as it is assumed users who enable this
feature do not want unbound to change the TTL obtained from an upstream server.
Thus, the values set using \fBcache\-min\-ttl\fR and \fBcache\-max\-ttl\fR are
ignored.
Default is "no".
.TP
.B val\-nsec3\-keysize\-iterations: \fI<"list of values">
List of keysize and iteration count values, separated by spaces, surrounded
by quotes. Default is "1024 150 2048 500 4096 2500". This determines the
@ -1231,7 +1267,7 @@ address space are not validated. This is usually required whenever
Configure a local zone. The type determines the answer to give if
there is no match from local\-data. The types are deny, refuse, static,
transparent, redirect, nodefault, typetransparent, inform, inform_deny,
inform_redirect, always_transparent, always_refuse, always_nxdomain, noview,
inform_redirect, always_transparent, always_refuse, always_nxdomain, always_null, noview,
and are explained below. After that the default settings are listed. Use
local\-data: to enter data into the local zone. Answers for local zones
are authoritative DNS answers. By default the zones are class IN.
@ -1305,6 +1341,17 @@ Like refuse, but ignores local data and refuses the query.
\h'5'\fIalways_nxdomain\fR
Like static, but ignores local data and returns nxdomain for the query.
.TP 10
\h'5'\fIalways_nodata\fR
Like static, but ignores local data and returns nodata for the query.
.TP 10
\h'5'\fIalways_deny\fR
Like deny, but ignores local data and drops the query.
.TP 10
\h'5'\fIalways_null\fR
Always returns 0.0.0.0 or ::0 for every name in the zone. Like redirect
with zero data for A and AAAA. Ignores local data in the zone. Used for
some block lists.
.TP 10
\h'5'\fInoview\fR
Breaks out of that view and moves towards the global local zones for answer
to the query. If the view first is no, it'll resolve normally. If view first
@ -2033,7 +2080,8 @@ Specify whether the ECS address check (configured using
query contains an ECS record, or only for queries for which the ECS record is
generated using the querier address (and therefore did not contain ECS data in
the client query). If enabled, the address check is skipped when the client
query contains an ECS record. Default is no.
query contains an ECS record. And the lookup in the regular cache is skipped.
Default is no.
.TP
.B max\-client\-subnet\-ipv6: \fI<number>\fR
Specifies the maximum prefix length of the client source address we are willing

View File

@ -1143,7 +1143,7 @@ COMPACT_LATEX = NO
# by the printer. Possible values are: a4, a4wide, letter, legal and
# executive. If left blank a4wide will be used.
PAPER_TYPE = a4wide
#PAPER_TYPE = a4wide
# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
# packages that should be included in the LaTeX output.
@ -1451,7 +1451,7 @@ EXTERNAL_GROUPS = YES
# The PERL_PATH should be the absolute path and name of the perl script
# interpreter (i.e. the result of `which perl').
PERL_PATH = /usr/bin/perl
#PERL_PATH = /usr/bin/perl
#---------------------------------------------------------------------------
# Configuration options related to the dot tool
@ -1473,7 +1473,7 @@ CLASS_DIAGRAMS = YES
# the mscgen tool resides. If left empty the tool is assumed to be found in the
# default search path.
MSCGEN_PATH =
#MSCGEN_PATH =
# If set to YES, the inheritance and collaboration graphs will hide
# inheritance and usage relations if the target is undocumented

View File

@ -5,16 +5,16 @@
* module actions.
*/
#include "config.h"
#include "dynlibmod/dynlibmod.h"
#include "util/module.h"
#include "util/config_file.h"
#include "dynlibmod/dynlibmod.h"
#if HAVE_WINDOWS_H
#include <windows.h>
#define __DYNMOD HMODULE
#define __DYNSYM FARPROC
#define __LOADSYM GetProcAddress
void log_dlerror() {
static void log_dlerror() {
DWORD dwLastError = GetLastError();
LPSTR MessageBuffer;
DWORD dwBufferLength;
@ -37,11 +37,11 @@ void log_dlerror() {
}
HMODULE open_library(const char* fname) {
static HMODULE open_library(const char* fname) {
return LoadLibrary(fname);
}
void close_library(const char* fname, __DYNMOD handle) {
static void close_library(const char* fname, __DYNMOD handle) {
(void)fname;
(void)handle;
}
@ -50,15 +50,15 @@ void close_library(const char* fname, __DYNMOD handle) {
#define __DYNMOD void*
#define __DYNSYM void*
#define __LOADSYM dlsym
void log_dlerror() {
static void log_dlerror() {
log_err("dynlibmod: %s", dlerror());
}
void* open_library(const char* fname) {
static void* open_library(const char* fname) {
return dlopen(fname, RTLD_LAZY | RTLD_GLOBAL);
}
void close_library(const char* fname, __DYNMOD handle) {
static void close_library(const char* fname, __DYNMOD handle) {
if(!handle) return;
if(dlclose(handle) != 0) {
log_err("dlclose %s: %s", fname, strerror(errno));
@ -212,10 +212,10 @@ size_t dynlibmod_get_mem(struct module_env* env, int id) {
int dynlib_inplace_cb_reply_generic(struct query_info* qinfo,
struct module_qstate* qstate, struct reply_info* rep, int rcode,
struct edns_data* edns, struct edns_option** opt_list_out,
struct comm_reply* repinfo, struct regional* region, int id,
void* callback) {
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time, int id, void* callback) {
struct cb_pair* cb_pair = (struct cb_pair*) callback;
return ((inplace_cb_reply_func_type*) cb_pair->cb)(qinfo, qstate, rep, rcode, edns, opt_list_out, repinfo, region, id, cb_pair->cb_arg);
return ((inplace_cb_reply_func_type*) cb_pair->cb)(qinfo, qstate, rep, rcode, edns, opt_list_out, repinfo, region, start_time, id, cb_pair->cb_arg);
}
int dynlib_inplace_cb_query_generic(struct query_info* qinfo, uint16_t flags,

View File

@ -70,8 +70,8 @@ size_t dynlibmod_get_mem(struct module_env* env, int id);
int dynlib_inplace_cb_reply_generic(struct query_info* qinfo,
struct module_qstate* qstate, struct reply_info* rep, int rcode,
struct edns_data* edns, struct edns_option** opt_list_out,
struct comm_reply* repinfo, struct regional* region, int id,
void* callback);
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time, int id, void* callback);
int dynlib_inplace_cb_query_generic(struct query_info* qinfo, uint16_t flags,
struct module_qstate* qstate, struct sockaddr_storage* addr,

View File

@ -7,8 +7,10 @@
* And to build for windows, first make unbound with the --with-dynlibmod
* switch, then use this command:
* x86_64-w64-mingw32-gcc -m64 -I../.. -shared -Wall -Werror -fpic
* -o helloworld.dll helloworld.c -L../.. -l:libunbound.a
* to cross-compile a 64-bit Windows DLL.
* -o helloworld.dll helloworld.c -L../.. -l:libunbound.dll.a
* to cross-compile a 64-bit Windows DLL. The libunbound.dll.a is produced
* by the compile step that makes unbound.exe and allows the dynlib dll to
* access definitions in unbound.exe.
*/
#include "../../config.h"
@ -30,8 +32,8 @@
int reply_callback(struct query_info* qinfo,
struct module_qstate* qstate, struct reply_info* rep, int rcode,
struct edns_data* edns, struct edns_option** opt_list_out,
struct comm_reply* repinfo, struct regional* region, int id,
void* callback);
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time, int id, void* callback);
/* Init is called when the module is first loaded. It should be used to set up
* the environment for this module and do any other initialisation required. */
@ -116,8 +118,8 @@ EXPORT size_t get_mem(struct module_env* env, int id) {
int reply_callback(struct query_info* qinfo,
struct module_qstate* qstate, struct reply_info* rep, int rcode,
struct edns_data* edns, struct edns_option** opt_list_out,
struct comm_reply* repinfo, struct regional* region, int id,
void* callback) {
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time, int id, void* callback) {
log_info("dynlib: hello world from callback");
struct dynlibmod_env* env = qstate->env->modinfo[id];
if (env->dyn_env != NULL) {

0
contrib/unbound/ipset/ipset.c Executable file → Normal file
View File

0
contrib/unbound/ipset/ipset.h Executable file → Normal file
View File

View File

@ -73,6 +73,9 @@
#include "iterator/iter_hints.h"
#include "sldns/sbuffer.h"
#include "sldns/str2wire.h"
#ifdef USE_DNSTAP
#include "dnstap/dtstream.h"
#endif
#ifdef HAVE_TARGETCONDITIONALS_H
#include <TargetConditionals.h>
@ -574,6 +577,7 @@ setup_qinfo_edns(struct libworker* w, struct ctx_query* q,
edns->edns_version = 0;
edns->bits = EDNS_DO;
edns->opt_list = NULL;
edns->padding_block_size = 0;
if(sldns_buffer_capacity(w->back->udp_buff) < 65535)
edns->udp_size = (uint16_t)sldns_buffer_capacity(
w->back->udp_buff);

0
contrib/unbound/ltmain.sh Executable file → Normal file
View File

View File

@ -523,7 +523,7 @@ copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region)
return NULL; /* guard against integer overflow */
dsize += data->rr_len[i];
}
d = regional_alloc(region, dsize);
d = regional_alloc_zero(region, dsize);
if(!d)
return NULL;
*d = *data;

View File

@ -2331,7 +2331,8 @@ static int
az_add_negative_soa(struct auth_zone* z, struct regional* region,
struct dns_msg* msg)
{
uint32_t minimum;
time_t minimum;
size_t i;
struct packed_rrset_data* d;
struct auth_rrset* soa;
struct auth_data* apex = az_find_name(z, z->name, z->namelen);
@ -2348,9 +2349,11 @@ az_add_negative_soa(struct auth_zone* z, struct regional* region,
/* last 4 bytes are minimum ttl in network format */
if(d->count == 0) return 0;
if(d->rr_len[0] < 2+4) return 0;
minimum = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4));
d->ttl = (time_t)minimum;
d->rr_ttl[0] = (time_t)minimum;
minimum = (time_t)sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4));
minimum = d->ttl<minimum?d->ttl:minimum;
d->ttl = minimum;
for(i=0; i < d->count + d->rrsig_count; i++)
d->rr_ttl[i] = minimum;
msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
@ -3286,7 +3289,7 @@ auth_answer_encode(struct query_info* qinfo, struct module_env* env,
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep,
(int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp)
(int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp, env->now_tv)
|| !reply_info_answer_encode(qinfo, msg->rep,
*(uint16_t*)sldns_buffer_begin(buf),
sldns_buffer_read_u16_at(buf, 2),
@ -3310,7 +3313,7 @@ auth_error_encode(struct query_info* qinfo, struct module_env* env,
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
rcode, edns, repinfo, temp))
rcode, edns, repinfo, temp, env->now_tv))
edns->opt_list = NULL;
error_encode(buf, rcode|BIT_AA, qinfo,
*(uint16_t*)sldns_buffer_begin(buf),
@ -5107,6 +5110,7 @@ xfr_transfer_lookup_host(struct auth_xfer* xfr, struct module_env* env)
edns.edns_version = 0;
edns.bits = EDNS_DO;
edns.opt_list = NULL;
edns.padding_block_size = 0;
if(sldns_buffer_capacity(buf) < 65535)
edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
else edns.udp_size = 65535;
@ -6295,6 +6299,7 @@ xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env)
edns.edns_version = 0;
edns.bits = EDNS_DO;
edns.opt_list = NULL;
edns.padding_block_size = 0;
if(sldns_buffer_capacity(buf) < 65535)
edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
else edns.udp_size = 65535;

View File

@ -45,6 +45,7 @@
#include "util/config_file.h"
#include "util/data/packed_rrset.h"
#include "util/data/msgreply.h"
#include "util/data/msgparse.h"
#include "util/regional.h"
#include "util/alloc.h"
#include "util/net_help.h"
@ -396,6 +397,7 @@ rrset_update_sec_status(struct rrset_cache* r,
cachedata->ttl = updata->ttl + now;
for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
cachedata->rr_ttl[i] = updata->rr_ttl[i]+now;
cachedata->ttl_add = now;
}
}
lock_rw_unlock(&e->lock);

View File

@ -1456,7 +1456,7 @@ resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addres
log_err("inet_ntop failed");
return 0;
}
if_indextoname(in6->sin6_scope_id,
(void)if_indextoname(in6->sin6_scope_id,
(char *)if_index_name);
if (strlen(if_index_name) != 0) {
snprintf(addr_buf, sizeof(addr_buf),
@ -1821,12 +1821,12 @@ tcp_req_info_setup_listen(struct tcp_req_info* req)
req->cp->tcp_is_reading = 0;
comm_point_stop_listening(req->cp);
comm_point_start_listening(req->cp, -1,
req->cp->tcp_timeout_msec);
adjusted_tcp_timeout(req->cp));
} else if(rd) {
req->cp->tcp_is_reading = 1;
comm_point_stop_listening(req->cp);
comm_point_start_listening(req->cp, -1,
req->cp->tcp_timeout_msec);
adjusted_tcp_timeout(req->cp));
/* and also read it (from SSL stack buffers), so
* no event read event is expected since the remainder of
* the TLS frame is sitting in the buffers. */
@ -1834,7 +1834,7 @@ tcp_req_info_setup_listen(struct tcp_req_info* req)
} else {
comm_point_stop_listening(req->cp);
comm_point_start_listening(req->cp, -1,
req->cp->tcp_timeout_msec);
adjusted_tcp_timeout(req->cp));
comm_point_listen_for_rw(req->cp, 0, 0);
}
}
@ -1947,7 +1947,7 @@ tcp_req_info_handle_readdone(struct tcp_req_info* req)
send_it:
c->tcp_is_reading = 0;
comm_point_stop_listening(c);
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
comm_point_start_listening(c, -1, adjusted_tcp_timeout(c));
return;
}
req->in_worker_handle = 0;
@ -2065,7 +2065,7 @@ tcp_req_info_send_reply(struct tcp_req_info* req)
/* switch to listen to write events */
comm_point_stop_listening(req->cp);
comm_point_start_listening(req->cp, -1,
req->cp->tcp_timeout_msec);
adjusted_tcp_timeout(req->cp));
return;
}
/* queue up the answer behind the others already pending */
@ -2793,7 +2793,7 @@ void http2_req_stream_clear(struct http2_stream* h2_stream)
}
}
nghttp2_session_callbacks* http2_req_callbacks_create()
nghttp2_session_callbacks* http2_req_callbacks_create(void)
{
nghttp2_session_callbacks *callbacks;
if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) {

View File

@ -404,7 +404,7 @@ size_t http2_get_response_buffer_size(void);
* Create nghttp2 callbacks to handle HTTP2 requests.
* @return malloc'ed struct, NULL on failure
*/
nghttp2_session_callbacks* http2_req_callbacks_create();
nghttp2_session_callbacks* http2_req_callbacks_create(void);
/** Free http2 stream buffers and decrease buffer counters */
void http2_req_stream_clear(struct http2_stream* h2_stream);

View File

@ -463,6 +463,48 @@ lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen,
return 1;
}
/* Mark the SOA record for the zone. This only marks the SOA rrset; the data
* for the RR is entered later on local_zone_enter_rr() as with the other
* records. An artifical soa_negative record with a modified TTL (minimum of
* the TTL and the SOA.MINIMUM) is also created and marked for usage with
* negative answers and to avoid allocations during those answers. */
static int
lz_mark_soa_for_zone(struct local_zone* z, struct ub_packed_rrset_key* soa_rrset,
uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr)
{
struct packed_rrset_data* pd = (struct packed_rrset_data*)
regional_alloc_zero(z->region, sizeof(*pd));
struct ub_packed_rrset_key* rrset_negative = (struct ub_packed_rrset_key*)
regional_alloc_zero(z->region, sizeof(*rrset_negative));
time_t minimum;
if(!rrset_negative||!pd) {
log_err("out of memory");
return 0;
}
/* Mark the original SOA record and then continue with the negative one. */
z->soa = soa_rrset;
rrset_negative->entry.key = rrset_negative;
pd->trust = rrset_trust_prim_noglue;
pd->security = sec_status_insecure;
rrset_negative->entry.data = pd;
rrset_negative->rk.dname = soa_rrset->rk.dname;
rrset_negative->rk.dname_len = soa_rrset->rk.dname_len;
rrset_negative->rk.type = soa_rrset->rk.type;
rrset_negative->rk.rrset_class = soa_rrset->rk.rrset_class;
if(!rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr))
return 0;
/* last 4 bytes are minimum ttl in network format */
if(pd->count == 0 || pd->rr_len[0] < 2+4)
return 0;
minimum = (time_t)sldns_read_uint32(pd->rr_data[0]+(pd->rr_len[0]-4));
minimum = ttl<minimum?ttl:minimum;
pd->ttl = minimum;
pd->rr_ttl[0] = minimum;
z->soa_negative = rrset_negative;
return 1;
}
int
local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen,
int nmlabs, uint16_t rrtype, uint16_t rrclass, time_t ttl,
@ -502,8 +544,10 @@ local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen,
if(query_dname_compare(node->name, z->name) == 0) {
if(rrtype == LDNS_RR_TYPE_NSEC)
rrset->rrset->rk.flags = PACKED_RRSET_NSEC_AT_APEX;
if(rrtype == LDNS_RR_TYPE_SOA)
z->soa = rrset->rrset;
if(rrtype == LDNS_RR_TYPE_SOA &&
!lz_mark_soa_for_zone(z, rrset->rrset, rdata, rdata_len, ttl,
rrstr))
return 0;
}
}
pd = (struct packed_rrset_data*)rrset->rrset->entry.data;
@ -1215,7 +1259,7 @@ local_encode(struct query_info* qinfo, struct module_env* env,
edns->ext_rcode = 0;
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns,
repinfo, temp) || !reply_info_answer_encode(qinfo, &rep,
repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep,
*(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2),
buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) {
error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
@ -1237,7 +1281,7 @@ local_error_encode(struct query_info* qinfo, struct module_env* env,
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
rcode, edns, repinfo, temp))
rcode, edns, repinfo, temp, env->now_tv))
edns->opt_list = NULL;
error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
sldns_buffer_read_u16_at(buf, 2), edns);
@ -1548,9 +1592,9 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env,
lz_type == local_zone_inform_redirect ||
lz_type == local_zone_always_nodata)?
LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN;
if(z->soa)
if(z->soa && z->soa_negative)
return local_encode(qinfo, env, edns, repinfo, buf, temp,
z->soa, 0, rcode);
z->soa_negative, 0, rcode);
local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode,
(rcode|BIT_AA));
return 1;
@ -1558,6 +1602,46 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env,
|| lz_type == local_zone_always_transparent) {
/* no NODATA or NXDOMAINS for this zone type */
return 0;
} else if(lz_type == local_zone_always_null) {
/* 0.0.0.0 or ::0 or noerror/nodata for this zone type,
* used for blocklists. */
if(qinfo->qtype == LDNS_RR_TYPE_A ||
qinfo->qtype == LDNS_RR_TYPE_AAAA) {
struct ub_packed_rrset_key lrr;
struct packed_rrset_data d;
time_t rr_ttl = 3600;
size_t rr_len = 0;
uint8_t rr_data[2+16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
uint8_t* rr_datas = rr_data;
memset(&lrr, 0, sizeof(lrr));
memset(&d, 0, sizeof(d));
lrr.entry.data = &d;
lrr.rk.dname = qinfo->qname;
lrr.rk.dname_len = qinfo->qname_len;
lrr.rk.type = htons(qinfo->qtype);
lrr.rk.rrset_class = htons(qinfo->qclass);
if(qinfo->qtype == LDNS_RR_TYPE_A) {
rr_len = 4;
sldns_write_uint16(rr_data, rr_len);
rr_len += 2;
} else {
rr_len = 16;
sldns_write_uint16(rr_data, rr_len);
rr_len += 2;
}
d.ttl = rr_ttl;
d.count = 1;
d.rr_len = &rr_len;
d.rr_data = &rr_datas;
d.rr_ttl = &rr_ttl;
return local_encode(qinfo, env, edns, repinfo, buf, temp,
&lrr, 1, LDNS_RCODE_NOERROR);
} else {
local_error_encode(qinfo, env, edns, repinfo, buf,
temp, LDNS_RCODE_NOERROR,
(LDNS_RCODE_NOERROR|BIT_AA));
}
return 1;
}
/* else lz_type == local_zone_transparent */
@ -1565,9 +1649,9 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env,
* does not, then we should make this noerror/nodata */
if(ld && ld->rrsets) {
int rcode = LDNS_RCODE_NOERROR;
if(z->soa)
if(z->soa && z->soa_negative)
return local_encode(qinfo, env, edns, repinfo, buf, temp,
z->soa, 0, rcode);
z->soa_negative, 0, rcode);
local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode,
(rcode|BIT_AA));
return 1;
@ -1762,6 +1846,7 @@ const char* local_zone_type2str(enum localzone_type t)
case local_zone_always_nxdomain: return "always_nxdomain";
case local_zone_always_nodata: return "always_nodata";
case local_zone_always_deny: return "always_deny";
case local_zone_always_null: return "always_null";
case local_zone_noview: return "noview";
case local_zone_invalid: return "invalid";
}
@ -1798,6 +1883,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t)
*t = local_zone_always_nodata;
else if(strcmp(type, "always_deny") == 0)
*t = local_zone_always_deny;
else if(strcmp(type, "always_null") == 0)
*t = local_zone_always_null;
else if(strcmp(type, "noview") == 0)
*t = local_zone_noview;
else if(strcmp(type, "nodefault") == 0)
@ -2000,8 +2087,10 @@ void local_zones_del_data(struct local_zones* zones,
/* no memory recycling for zone deletions ... */
d->rrsets = NULL;
/* did we delete the soa record ? */
if(query_dname_compare(d->name, z->name) == 0)
if(query_dname_compare(d->name, z->name) == 0) {
z->soa = NULL;
z->soa_negative = NULL;
}
/* cleanup the empty nonterminals for this name */
del_empty_term(z, d, name, len, labs);

View File

@ -96,6 +96,9 @@ enum localzone_type {
local_zone_always_nodata,
/** drop query, even when there is local data */
local_zone_always_deny,
/** answer with 0.0.0.0 or ::0 or noerror/nodata, even when there is
* local data */
local_zone_always_null,
/** answer not from the view, but global or no-answer */
local_zone_noview,
/** Invalid type, cannot be used to generate answer */
@ -155,6 +158,10 @@ struct local_zone {
rbtree_type data;
/** if data contains zone apex SOA data, this is a ptr to it. */
struct ub_packed_rrset_key* soa;
/** if data contains zone apex SOA data, this is a prt to an
* artificial negative SOA rrset (TTL is the minimum of the TTL and the
* SOA.MINIMUM). */
struct ub_packed_rrset_key* soa_negative;
};
/**

View File

@ -498,7 +498,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
if(!s) {
log_err("mesh_state_create: out of memory; SERVFAIL");
if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL,
LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch))
LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv))
edns->opt_list = NULL;
error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
qinfo, qid, qflags, edns);
@ -514,7 +514,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
if(!s->s.edns_opts_front_in) {
log_err("mesh_state_create: out of memory; SERVFAIL");
if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL,
NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch))
NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv))
edns->opt_list = NULL;
error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
qinfo, qid, qflags, edns);
@ -587,7 +587,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
servfail_mem:
if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, &s->s,
NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch))
NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv))
edns->opt_list = NULL;
error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
qinfo, qid, qflags, edns);
@ -1112,10 +1112,12 @@ int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub)
* @param rcode: if not 0, error code.
* @param rep: reply to send (or NULL if rcode is set).
* @param r: callback entry
* @param start_time: the time to pass to callback functions, it is 0 or
* a value from one of the packets if the mesh state had packets.
*/
static void
mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
struct mesh_cb* r)
struct mesh_cb* r, struct timeval* start_time)
{
int secure;
char* reason = NULL;
@ -1136,11 +1138,11 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
if(rcode) {
if(rcode == LDNS_RCODE_SERVFAIL) {
if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
rep, rcode, &r->edns, NULL, m->s.region))
rep, rcode, &r->edns, NULL, m->s.region, start_time))
r->edns.opt_list = NULL;
} else {
if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
&r->edns, NULL, m->s.region))
&r->edns, NULL, m->s.region, start_time))
r->edns.opt_list = NULL;
}
fptr_ok(fptr_whitelist_mesh_cb(r->cb));
@ -1155,7 +1157,7 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
r->edns.bits &= EDNS_DO;
if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep,
LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region) ||
LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region, start_time) ||
!reply_info_answer_encode(&m->s.qinfo, rep, r->qid,
r->qflags, r->buf, 0, 1,
m->s.env->scratch, udp_size, &r->edns,
@ -1256,11 +1258,11 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
m->s.qinfo.local_alias = r->local_alias;
if(rcode == LDNS_RCODE_SERVFAIL) {
if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
rep, rcode, &r->edns, &r->query_reply, m->s.region))
rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time))
r->edns.opt_list = NULL;
} else {
if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
&r->edns, &r->query_reply, m->s.region))
&r->edns, &r->query_reply, m->s.region, &r->start_time))
r->edns.opt_list = NULL;
}
error_encode(r_buffer, rcode, &m->s.qinfo, r->qid,
@ -1277,7 +1279,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
m->s.qinfo.qname = r->qname;
m->s.qinfo.local_alias = r->local_alias;
if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep,
LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region) ||
LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region, &r->start_time) ||
!apply_edns_options(&r->edns, &edns_bak,
m->s.env->cfg, r->query_reply.c,
m->s.region) ||
@ -1287,7 +1289,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
secure))
{
if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region))
rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time))
r->edns.opt_list = NULL;
error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
&m->s.qinfo, r->qid, r->qflags, &r->edns);
@ -1330,6 +1332,7 @@ void mesh_query_done(struct mesh_state* mstate)
struct mesh_cb* c;
struct reply_info* rep = (mstate->s.return_msg?
mstate->s.return_msg->rep:NULL);
struct timeval tv = {0, 0};
/* No need for the serve expired timer anymore; we are going to reply. */
if(mstate->s.serve_expired_data) {
comm_timer_delete(mstate->s.serve_expired_data->timer);
@ -1349,6 +1352,8 @@ void mesh_query_done(struct mesh_state* mstate)
}
}
for(r = mstate->reply_list; r; r = r->next) {
tv = r->start_time;
/* if a response-ip address block has been stored the
* information should be logged for each client. */
if(mstate->s.respip_action_info &&
@ -1421,7 +1426,7 @@ void mesh_query_done(struct mesh_state* mstate)
if(!mstate->reply_list && !mstate->cb_list &&
mstate->super_set.count == 0)
mstate->s.env->mesh->num_detached_states++;
mesh_do_callback(mstate, mstate->s.return_rcode, rep, c);
mesh_do_callback(mstate, mstate->s.return_rcode, rep, c, &tv);
}
}
@ -1917,13 +1922,16 @@ mesh_serve_expired_callback(void* arg)
struct respip_action_info actinfo;
struct query_info* lookup_qinfo = &qstate->qinfo;
struct query_info qinfo_tmp;
struct timeval tv = {0, 0};
int must_validate = (!(qstate->query_flags&BIT_CD)
|| qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate;
if(!qstate->serve_expired_data) return;
verbose(VERB_ALGO, "Serve expired: Trying to reply with expired data");
comm_timer_delete(qstate->serve_expired_data->timer);
qstate->serve_expired_data->timer = NULL;
if(qstate->blacklist || qstate->no_cache_lookup || qstate->is_drop) {
/* If is_drop or no_cache_lookup (modules that handle their own cache e.g.,
* subnetmod) ignore stale data from the main cache. */
if(qstate->no_cache_lookup || qstate->is_drop) {
verbose(VERB_ALGO,
"Serve expired: Not allowed to look into cache for stale");
return;
@ -1988,6 +1996,8 @@ mesh_serve_expired_callback(void* arg)
log_dns_msg("Serve expired lookup", &qstate->qinfo, msg->rep);
for(r = mstate->reply_list; r; r = r->next) {
tv = r->start_time;
/* If address info is returned, it means the action should be an
* 'inform' variant and the information should be logged. */
if(actinfo.addrinfo) {
@ -2042,6 +2052,6 @@ mesh_serve_expired_callback(void* arg)
if(!mstate->reply_list && !mstate->cb_list &&
mstate->super_set.count == 0)
qstate->env->mesh->num_detached_states++;
mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c);
mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c, &tv);
}
}

View File

@ -90,6 +90,10 @@ static int randomize_and_send_udp(struct pending* pend, sldns_buffer* packet,
static void waiting_list_remove(struct outside_network* outnet,
struct waiting_tcp* w);
/** remove reused element from tree and lru list */
static void reuse_tcp_remove_tree_list(struct outside_network* outnet,
struct reuse_tcp* reuse);
int
pending_cmp(const void* key1, const void* key2)
{
@ -424,8 +428,11 @@ static int
reuse_tcp_insert(struct outside_network* outnet, struct pending_tcp* pend_tcp)
{
log_reuse_tcp(VERB_CLIENT, "reuse_tcp_insert", &pend_tcp->reuse);
if(pend_tcp->reuse.item_on_lru_list)
if(pend_tcp->reuse.item_on_lru_list) {
if(!pend_tcp->reuse.node.key)
log_err("internal error: reuse_tcp_insert: on lru list without key");
return 1;
}
pend_tcp->reuse.node.key = &pend_tcp->reuse;
pend_tcp->reuse.pending = pend_tcp;
if(!rbtree_insert(&outnet->tcp_reuse, &pend_tcp->reuse.node)) {
@ -477,7 +484,7 @@ reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr,
if(outnet->tcp_reuse.root == NULL ||
outnet->tcp_reuse.root == RBTREE_NULL)
return NULL;
if(rbtree_find_less_equal(&outnet->tcp_reuse, &key_p.reuse.node,
if(rbtree_find_less_equal(&outnet->tcp_reuse, &key_p.reuse,
&result)) {
/* exact match */
/* but the key is on stack, and ptr is compared, impossible */
@ -661,6 +668,14 @@ outnet_tcp_take_into_use(struct waiting_tcp* w)
pend->reuse.cp_more_write_again = 0;
memcpy(&pend->c->repinfo.addr, &w->addr, w->addrlen);
pend->reuse.pending = pend;
/* Remove from tree in case the is_ssl will be different and causes the
* identity of the reuse_tcp to change; could result in nodes not being
* deleted from the tree (because the new identity does not match the
* previous node) but their ->key would be changed to NULL. */
if(pend->reuse.node.key)
reuse_tcp_remove_tree_list(w->outnet, &pend->reuse);
if(pend->c->ssl)
pend->reuse.is_ssl = 1;
else pend->reuse.is_ssl = 0;
@ -677,8 +692,10 @@ outnet_tcp_take_into_use(struct waiting_tcp* w)
static void
reuse_tcp_lru_touch(struct outside_network* outnet, struct reuse_tcp* reuse)
{
if(!reuse->item_on_lru_list)
if(!reuse->item_on_lru_list) {
log_err("internal error: we need to touch the lru_list but item not in list");
return; /* not on the list, no lru to modify */
}
if(!reuse->lru_prev)
return; /* already first in the list */
/* remove at current position */
@ -847,7 +864,7 @@ reuse_tcp_remove_tree_list(struct outside_network* outnet,
verbose(VERB_CLIENT, "reuse_tcp_remove_tree_list");
if(reuse->node.key) {
/* delete it from reuse tree */
(void)rbtree_delete(&outnet->tcp_reuse, &reuse->node);
(void)rbtree_delete(&outnet->tcp_reuse, reuse);
reuse->node.key = NULL;
}
/* delete from reuse list */
@ -1745,6 +1762,33 @@ select_id(struct outside_network* outnet, struct pending* pend,
return 1;
}
/** return true is UDP connect error needs to be logged */
static int udp_connect_needs_log(int err)
{
switch(err) {
case ECONNREFUSED:
# ifdef ENETUNREACH
case ENETUNREACH:
# endif
# ifdef EHOSTDOWN
case EHOSTDOWN:
# endif
# ifdef EHOSTUNREACH
case EHOSTUNREACH:
# endif
# ifdef ENETDOWN
case ENETDOWN:
# endif
if(verbosity >= VERB_ALGO)
return 1;
return 0;
default:
break;
}
return 1;
}
/** Select random interface and port */
static int
select_ifport(struct outside_network* outnet, struct pending* pend,
@ -1804,9 +1848,11 @@ select_ifport(struct outside_network* outnet, struct pending* pend,
/* connect() to the destination */
if(connect(fd, (struct sockaddr*)&pend->addr,
pend->addrlen) < 0) {
log_err_addr("udp connect failed",
strerror(errno), &pend->addr,
pend->addrlen);
if(udp_connect_needs_log(errno)) {
log_err_addr("udp connect failed",
strerror(errno), &pend->addr,
pend->addrlen);
}
sock_close(fd);
return 0;
}
@ -2213,7 +2259,8 @@ static struct serviced_query*
serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
int want_dnssec, int nocaps, int tcp_upstream, int ssl_upstream,
char* tls_auth_name, struct sockaddr_storage* addr, socklen_t addrlen,
uint8_t* zone, size_t zonelen, int qtype, struct edns_option* opt_list)
uint8_t* zone, size_t zonelen, int qtype, struct edns_option* opt_list,
size_t pad_queries_block_size)
{
struct serviced_query* sq = (struct serviced_query*)malloc(sizeof(*sq));
#ifdef UNBOUND_DEBUG
@ -2271,6 +2318,7 @@ serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
sq->status = serviced_initial;
sq->retry = 0;
sq->to_be_deleted = 0;
sq->padding_block_size = pad_queries_block_size;
#ifdef UNBOUND_DEBUG
ins =
#else
@ -2452,6 +2500,7 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)
if(with_edns) {
/* add edns section */
struct edns_data edns;
struct edns_option padding_option;
edns.edns_present = 1;
edns.ext_rcode = 0;
edns.edns_version = EDNS_ADVERTISED_VERSION;
@ -2474,6 +2523,14 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)
edns.bits = EDNS_DO;
if(sq->dnssec & BIT_CD)
LDNS_CD_SET(sldns_buffer_begin(buff));
if (sq->ssl_upstream && sq->padding_block_size) {
padding_option.opt_code = LDNS_EDNS_PADDING;
padding_option.opt_len = 0;
padding_option.opt_data = NULL;
padding_option.next = edns.opt_list;
edns.opt_list = &padding_option;
edns.padding_block_size = sq->padding_block_size;
}
attach_edns_record(buff, &edns);
}
}
@ -2997,7 +3054,9 @@ outnet_serviced_query(struct outside_network* outnet,
sq = serviced_create(outnet, buff, dnssec, want_dnssec, nocaps,
tcp_upstream, ssl_upstream, tls_auth_name, addr,
addrlen, zone, zonelen, (int)qinfo->qtype,
qstate->edns_opts_back_out);
qstate->edns_opts_back_out,
( ssl_upstream && env->cfg->pad_queries
? env->cfg->pad_queries_block_size : 0 ));
if(!sq) {
free(cb);
return NULL;

View File

@ -502,6 +502,8 @@ struct serviced_query {
struct service_callback* cblist;
/** the UDP or TCP query that is pending, see status which */
void* pending;
/** block size with which to pad encrypted queries (default: 128) */
size_t padding_block_size;
};
/**

View File

@ -668,7 +668,8 @@ rpz_find_zone(struct rpz* r, uint8_t* qname, size_t qname_len, uint16_t qclass,
int only_exact, int wr, int zones_keep_lock)
{
uint8_t* ce;
size_t ce_len, ce_labs;
size_t ce_len;
int ce_labs;
uint8_t wc[LDNS_MAX_DOMAINLEN+1];
int exact;
struct local_zone* z = NULL;
@ -963,8 +964,8 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
for(a = az->rpz_first; a; a = a->rpz_az_next) {
lock_rw_rdlock(&a->lock);
r = a->rpz;
if(!r->taglist || taglist_intersect(r->taglist,
r->taglistlen, taglist, taglen)) {
if(!r->disabled && (!r->taglist || taglist_intersect(r->taglist,
r->taglistlen, taglist, taglen))) {
z = rpz_find_zone(r, qinfo->qname, qinfo->qname_len,
qinfo->qclass, 0, 0, 0);
if(z && r->action_override == RPZ_DISABLED_ACTION) {
@ -1044,3 +1045,17 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
return ret;
}
void rpz_enable(struct rpz* r)
{
if(!r)
return;
r->disabled = 0;
}
void rpz_disable(struct rpz* r)
{
if(!r)
return;
r->disabled = 1;
}

View File

@ -99,6 +99,7 @@ struct rpz {
int log;
char* log_name;
struct regional* region;
int disabled;
};
/**
@ -198,4 +199,16 @@ void rpz_finish_config(struct rpz* r);
enum respip_action
rpz_action_to_respip_action(enum rpz_action a);
/**
* Enable RPZ
* @param r: RPZ struct to enable
*/
void rpz_enable(struct rpz* r);
/**
* Disable RPZ
* @param r: RPZ struct to disable
*/
void rpz_disable(struct rpz* r);
#endif /* SERVICES_RPZ_H */

View File

@ -155,6 +155,36 @@
char* wsa_strerror(int err);
#endif
static const char ICANN_UPDATE_CA[] =
/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */
"-----BEGIN CERTIFICATE-----\n"
"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
"-----END CERTIFICATE-----\n";
static const char DS_TRUST_ANCHOR[] =
/* The anchors must start on a new line with ". IN DS and end with \n"[;]
* because the makedist script greps on the source here */
/* anchor 20326 is from 2017 */
". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n";
/** verbosity for this application */
static int verb = 0;
@ -213,48 +243,21 @@ usage(void)
static const char*
get_builtin_cert(void)
{
return
/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */
"-----BEGIN CERTIFICATE-----\n"
"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
"-----END CERTIFICATE-----\n"
;
return ICANN_UPDATE_CA;
}
/** return the built in root DS trust anchor */
static const char*
get_builtin_ds(void)
{
return
/* The anchors must start on a new line with ". IN DS and end with \n"[;]
* because the makedist script greps on the source here */
/* anchor 20326 is from 2017 */
". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n";
return DS_TRUST_ANCHOR;
}
/** print hex data */
static void
print_data(const char* msg, const char* data, int len)
print_data(const char* msg, const char* data, size_t len)
{
int i;
size_t i;
printf("%s: ", msg);
for(i=0; i<len; i++) {
printf(" %2.2x", (unsigned char)data[i]);
@ -1103,7 +1106,7 @@ read_http_result(SSL* ssl)
data = read_data_chunk(ssl, len);
}
if(!data) return NULL;
if(verb >= 4) print_data("read data", data, (int)len);
if(verb >= 4) print_data("read data", data, len);
m = BIO_new(BIO_s_mem());
if(!m) {
if(verb) printf("out of memory\n");

View File

@ -82,6 +82,9 @@ static void usage(void) ATTR_NORETURN;
static void ssl_err(const char* s) ATTR_NORETURN;
static void ssl_path_err(const char* s, const char *path) ATTR_NORETURN;
/** timeout to wait for connection over stream, in msec */
#define UNBOUND_CONTROL_CONNECT_TIMEOUT 5000
/** Give unbound-control usage, and exit (1). */
static void
usage(void)
@ -164,6 +167,9 @@ usage(void)
printf(" view_local_data_remove view name remove local-data in view\n");
printf(" view_local_datas_remove view remove list of local-data from view\n");
printf(" one entry per line read from stdin\n");
printf(" rpz_enable zone Enable the RPZ zone if it had previously\n");
printf(" been disabled\n");
printf(" rpz_disable zone Disable the RPZ zone\n");
printf("Version %s\n", PACKAGE_VERSION);
printf("BSD licensed, see LICENSE in source package for details.\n");
printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
@ -545,6 +551,30 @@ setup_ctx(struct config_file* cfg)
return ctx;
}
/** check connect error */
static void
checkconnecterr(int err, const char* svr, struct sockaddr_storage* addr,
socklen_t addrlen, int statuscmd, int useport)
{
#ifndef USE_WINSOCK
if(!useport) log_err("connect: %s for %s", strerror(err), svr);
else log_err_addr("connect", strerror(err), addr, addrlen);
if(err == ECONNREFUSED && statuscmd) {
printf("unbound is stopped\n");
exit(3);
}
#else
int wsaerr = err;
if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr);
else log_err_addr("connect", wsa_strerror(wsaerr), addr, addrlen);
if(wsaerr == WSAECONNREFUSED && statuscmd) {
printf("unbound is stopped\n");
exit(3);
}
#endif
exit(1);
}
/** contact the server with TCP connect */
static int
contact_server(const char* svr, struct config_file* cfg, int statuscmd)
@ -598,26 +628,75 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
if(fd == -1) {
fatal_exit("socket: %s", sock_strerror(errno));
}
fd_set_nonblock(fd);
if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) {
#ifndef USE_WINSOCK
int err = errno;
if(!useport) log_err("connect: %s for %s", strerror(err), svr);
else log_err_addr("connect", strerror(err), &addr, addrlen);
if(err == ECONNREFUSED && statuscmd) {
printf("unbound is stopped\n");
exit(3);
}
#else
int wsaerr = WSAGetLastError();
if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr);
else log_err_addr("connect", wsa_strerror(wsaerr), &addr, addrlen);
if(wsaerr == WSAECONNREFUSED && statuscmd) {
printf("unbound is stopped\n");
exit(3);
#ifdef EINPROGRESS
if(errno != EINPROGRESS) {
checkconnecterr(errno, svr, &addr,
addrlen, statuscmd, useport);
}
#endif
#else
if(WSAGetLastError() != WSAEINPROGRESS &&
WSAGetLastError() != WSAEWOULDBLOCK) {
checkconnecterr(WSAGetLastError(), svr, &addr,
addrlen, statuscmd, useport);
}
#endif
exit(1);
}
while(1) {
fd_set rset, wset, eset;
struct timeval tv;
FD_ZERO(&rset);
FD_SET(FD_SET_T fd, &rset);
FD_ZERO(&wset);
FD_SET(FD_SET_T fd, &wset);
FD_ZERO(&eset);
FD_SET(FD_SET_T fd, &eset);
tv.tv_sec = UNBOUND_CONTROL_CONNECT_TIMEOUT/1000;
tv.tv_usec= (UNBOUND_CONTROL_CONNECT_TIMEOUT%1000)*1000;
if(select(fd+1, &rset, &wset, &eset, &tv) == -1) {
fatal_exit("select: %s", sock_strerror(errno));
}
if(!FD_ISSET(fd, &rset) && !FD_ISSET(fd, &wset) &&
!FD_ISSET(fd, &eset)) {
fatal_exit("timeout: could not connect to server");
} else {
/* check nonblocking connect error */
int error = 0;
socklen_t len = (socklen_t)sizeof(error);
if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error,
&len) < 0) {
#ifndef USE_WINSOCK
error = errno; /* on solaris errno is error */
#else
error = WSAGetLastError();
#endif
}
if(error != 0) {
#ifndef USE_WINSOCK
#ifdef EINPROGRESS
if(error == EINPROGRESS)
continue; /* try again later */
#endif
#ifdef EWOULDBLOCK
if(error == EWOULDBLOCK)
continue; /* try again later */
#endif
#else
if(error == WSAEINPROGRESS)
continue; /* try again later */
if(error == WSAEWOULDBLOCK)
continue; /* try again later */
#endif
checkconnecterr(error, svr, &addr, addrlen,
statuscmd, useport);
}
}
break;
}
fd_set_block(fd);
return fd;
}

View File

@ -46,6 +46,9 @@
#include "util/fptr_wlist.h"
#include "util/log.h"
#include "services/mesh.h"
#ifdef USE_DNSTAP
#include "dnstap/dtstream.h"
#endif
void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),

View File

@ -220,7 +220,7 @@ config_create(void)
cfg->views = NULL;
cfg->acls = NULL;
cfg->tcp_connection_limits = NULL;
cfg->harden_short_bufsize = 0;
cfg->harden_short_bufsize = 1;
cfg->harden_large_queries = 0;
cfg->harden_glue = 1;
cfg->harden_dnssec_stripped = 1;
@ -237,6 +237,9 @@ config_create(void)
cfg->hide_trustanchor = 0;
cfg->identity = NULL;
cfg->version = NULL;
cfg->nsid_cfg_str = NULL;
cfg->nsid = NULL;
cfg->nsid_len = 0;
cfg->auto_trust_anchor_file_list = NULL;
cfg->trust_anchor_file_list = NULL;
cfg->trust_anchor_list = NULL;
@ -258,6 +261,7 @@ config_create(void)
cfg->serve_expired_ttl_reset = 0;
cfg->serve_expired_reply_ttl = 30;
cfg->serve_expired_client_timeout = 0;
cfg->serve_original_ttl = 0;
cfg->add_holddown = 30*24*3600;
cfg->del_holddown = 30*24*3600;
cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */
@ -335,6 +339,10 @@ config_create(void)
cfg->dnscrypt_shared_secret_cache_slabs = 4;
cfg->dnscrypt_nonce_cache_size = 4*1024*1024;
cfg->dnscrypt_nonce_cache_slabs = 4;
cfg->pad_responses = 1;
cfg->pad_responses_block_size = 468; /* from RFC8467 */
cfg->pad_queries = 1;
cfg->pad_queries_block_size = 128; /* from RFC8467 */
#ifdef USE_IPSECMOD
cfg->ipsecmod_enabled = 1;
cfg->ipsecmod_ignore_bogus = 0;
@ -388,6 +396,7 @@ struct config_file* config_create_forlib(void)
cfg->val_log_level = 2; /* to fill why_bogus with */
cfg->val_log_squelch = 1;
cfg->minimal_responses = 0;
cfg->harden_short_bufsize = 1;
return cfg;
}
@ -580,6 +589,20 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("hide-trustanchor:", hide_trustanchor)
else S_STR("identity:", identity)
else S_STR("version:", version)
else if(strcmp(opt, "nsid:") == 0) {
free(cfg->nsid_cfg_str);
if (!(cfg->nsid_cfg_str = strdup(val)))
return 0;
/* Empty string is just validly unsetting nsid */
if (*val == 0) {
free(cfg->nsid);
cfg->nsid = NULL;
cfg->nsid_len = 0;
return 1;
}
cfg->nsid = cfg_parse_nsid(val, &cfg->nsid_len);
return cfg->nsid != NULL;
}
else S_STRLIST("root-hints:", root_hints)
else S_STR("target-fetch-policy:", target_fetch_policy)
else S_YNO("harden-glue:", harden_glue)
@ -624,6 +647,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else if(strcmp(opt, "serve-expired-reply-ttl:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->serve_expired_reply_ttl = atoi(val); SERVE_EXPIRED_REPLY_TTL=(time_t)cfg->serve_expired_reply_ttl;}
else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout)
else S_YNO("serve-original-ttl:", serve_original_ttl)
else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations)
else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown)
else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown)
@ -719,6 +743,10 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
else S_YNO("qname-minimisation:", qname_minimisation)
else S_YNO("qname-minimisation-strict:", qname_minimisation_strict)
else S_YNO("pad-responses:", pad_responses)
else S_SIZET_NONZERO("pad-responses-block-size:", pad_responses_block_size)
else S_YNO("pad-queries:", pad_queries)
else S_SIZET_NONZERO("pad-queries-block-size:", pad_queries_block_size)
#ifdef USE_IPSECMOD
else S_YNO("ipsecmod-enabled:", ipsecmod_enabled)
else S_YNO("ipsecmod-ignore-bogus:", ipsecmod_ignore_bogus)
@ -1015,6 +1043,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "hide-trustanchor", hide_trustanchor)
else O_STR(opt, "identity", identity)
else O_STR(opt, "version", version)
else O_STR(opt, "nsid", nsid_cfg_str)
else O_STR(opt, "target-fetch-policy", target_fetch_policy)
else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize)
else O_YNO(opt, "harden-large-queries", harden_large_queries)
@ -1039,6 +1068,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "serve-expired-ttl-reset", serve_expired_ttl_reset)
else O_DEC(opt, "serve-expired-reply-ttl", serve_expired_reply_ttl)
else O_DEC(opt, "serve-expired-client-timeout", serve_expired_client_timeout)
else O_YNO(opt, "serve-original-ttl", serve_original_ttl)
else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations)
else O_UNS(opt, "add-holddown", add_holddown)
else O_UNS(opt, "del-holddown", del_holddown)
@ -1158,6 +1188,10 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_LS3(opt, "access-control-tag-action", acl_tag_actions)
else O_LS3(opt, "access-control-tag-data", acl_tag_datas)
else O_LS2(opt, "access-control-view", acl_view)
else O_YNO(opt, "pad-responses", pad_responses)
else O_DEC(opt, "pad-responses-block-size", pad_responses_block_size)
else O_YNO(opt, "pad-queries", pad_queries)
else O_DEC(opt, "pad-queries-block-size", pad_queries_block_size)
else O_LS2(opt, "edns-client-strings", edns_client_strings)
#ifdef USE_IPSECMOD
else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled)
@ -1482,6 +1516,8 @@ config_delete(struct config_file* cfg)
#endif
free(cfg->identity);
free(cfg->version);
free(cfg->nsid_cfg_str);
free(cfg->nsid);
free(cfg->module_conf);
free(cfg->outgoing_avail_ports);
config_delstrlist(cfg->caps_whitelist);
@ -2020,6 +2056,38 @@ uint8_t* config_parse_taglist(struct config_file* cfg, char* str,
return taglist;
}
uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len)
{
uint8_t* nsid = NULL;
if (strncasecmp(str, "ascii_", 6) == 0) {
if ((nsid = (uint8_t *)strdup(str + 6)))
*nsid_len = strlen(str + 6);
} else if (strlen(str) % 2) {
; /* hex string has even number of characters */
}
else if (*str && (nsid = calloc(1, strlen(str) / 2))) {
const char *ch;
uint8_t *dp;
for ( ch = str, dp = nsid
; isxdigit(ch[0]) && isxdigit(ch[1])
; ch += 2, dp++) {
*dp = (uint8_t)sldns_hexdigit_to_int(ch[0]) * 16;
*dp += (uint8_t)sldns_hexdigit_to_int(ch[1]);
}
if (*ch) {
free(nsid);
nsid = NULL;
} else
*nsid_len = strlen(str) / 2;
}
return nsid;
}
char* config_taglist2str(struct config_file* cfg, uint8_t* taglist,
size_t taglen)
{
@ -2062,6 +2130,7 @@ config_apply(struct config_file* config)
SERVE_EXPIRED = config->serve_expired;
SERVE_EXPIRED_TTL = (time_t)config->serve_expired_ttl;
SERVE_EXPIRED_REPLY_TTL = (time_t)config->serve_expired_reply_ttl;
SERVE_ORIGINAL_TTL = config->serve_original_ttl;
MAX_NEG_TTL = (time_t)config->max_negative_ttl;
RTT_MIN_TIMEOUT = config->infra_cache_min_rtt;
EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size;

View File

@ -338,6 +338,10 @@ struct config_file {
char* identity;
/** version, package version returned if "". */
char* version;
/** nsid */
char *nsid_cfg_str;
uint8_t *nsid;
uint16_t nsid_len;
/** the module configuration string */
char* module_conf;
@ -388,6 +392,8 @@ struct config_file {
/** serve expired entries only after trying to update the entries and this
* timeout (in milliseconds) is reached */
int serve_expired_client_timeout;
/** serve original TTLs rather than decrementing ones */
int serve_original_ttl;
/** nsec3 maximum iterations per key size, string */
char* val_nsec3_key_iterations;
/** autotrust add holddown time, in seconds */
@ -596,6 +602,17 @@ struct config_file {
size_t dnscrypt_nonce_cache_size;
/** number of slabs for dnscrypt nonces cache */
size_t dnscrypt_nonce_cache_slabs;
/** EDNS padding according to RFC7830 and RFC8467 */
/** true to enable padding of responses (default: on) */
int pad_responses;
/** block size with which to pad encrypted responses (default: 468) */
size_t pad_responses_block_size;
/** true to enable padding of queries (default: on) */
int pad_queries;
/** block size with which to pad encrypted queries (default: 128) */
size_t pad_queries_block_size;
/** IPsec module */
#ifdef USE_IPSECMOD
/** false to bypass the IPsec module */
@ -1070,6 +1087,16 @@ int cfg_count_numbers(const char* str);
*/
int cfg_parse_memsize(const char* str, size_t* res);
/**
* Parse nsid from string into binary nsid. nsid is either a hexidecimal
* string or an ascii string prepended with ascii_ in which case the
* characters after ascii_ are simply copied.
* @param str: the string to parse.
* @param nsid_len: returns length of nsid in bytes.
* @return malloced bytes or NULL on parse error or malloc failure.
*/
uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len);
/**
* Add a tag name to the config. It is added at the end with a new ID value.
* @param cfg: the config structure.

View File

@ -393,6 +393,7 @@ serve-expired-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL) }
serve-expired-ttl-reset{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) }
serve-expired-reply-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) }
serve-expired-client-timeout{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) }
serve-original-ttl{COLON} { YDVAR(1, VAR_SERVE_ORIGINAL_TTL) }
fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) }
fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) }
val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) }
@ -511,6 +512,10 @@ dnscrypt-shared-secret-cache-slabs{COLON} {
YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) }
dnscrypt-nonce-cache-size{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) }
dnscrypt-nonce-cache-slabs{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) }
pad-responses{COLON} { YDVAR(1, VAR_PAD_RESPONSES) }
pad-responses-block-size{COLON} { YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) }
pad-queries{COLON} { YDVAR(1, VAR_PAD_QUERIES) }
pad-queries-block-size{COLON} { YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) }
ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) }
ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) }
ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) }
@ -532,6 +537,7 @@ udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNS
tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) }
edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) }
nsid{COLON} { YDVAR(1, VAR_NSID ) }
<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
/* Quoted strings. Strip leading and ending quotes */

View File

@ -151,7 +151,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
%token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
%token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_FAKE_DSA
%token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
%token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
%token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
%token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
@ -162,6 +162,8 @@ extern struct config_parser_state* cfg_parser;
%token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
%token VAR_DNSCRYPT_NONCE_CACHE_SIZE
%token VAR_DNSCRYPT_NONCE_CACHE_SLABS
%token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
%token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
%token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
%token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
%token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
@ -179,7 +181,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
%token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
%token VAR_EDNS_CLIENT_STRING_OPCODE
%token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -274,10 +276,14 @@ content_server: server_num_threads | server_verbosity | server_port |
server_disable_dnssec_lame_check | server_access_control_tag |
server_local_zone_override | server_access_control_tag_action |
server_access_control_tag_data | server_access_control_view |
server_qname_minimisation_strict | server_serve_expired |
server_qname_minimisation_strict |
server_pad_responses | server_pad_responses_block_size |
server_pad_queries | server_pad_queries_block_size |
server_serve_expired |
server_serve_expired_ttl | server_serve_expired_ttl_reset |
server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
server_fake_dsa | server_log_identity | server_use_systemd |
server_serve_original_ttl | server_fake_dsa |
server_log_identity | server_use_systemd |
server_response_ip_tag | server_response_ip | server_response_ip_data |
server_shm_enable | server_shm_key | server_fake_sha1 |
server_hide_trustanchor | server_trust_anchor_signaling |
@ -293,7 +299,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_stream_wait_size | server_tls_ciphers |
server_tls_ciphersuites | server_tls_session_ticket_keys |
server_tls_use_sni | server_edns_client_string |
server_edns_client_string_opcode
server_edns_client_string_opcode | server_nsid
;
stubstart: VAR_STUB_ZONE
{
@ -1304,6 +1310,22 @@ server_version: VAR_VERSION STRING_ARG
cfg_parser->cfg->version = $2;
}
;
server_nsid: VAR_NSID STRING_ARG
{
OUTYY(("P(server_nsid:%s)\n", $2));
free(cfg_parser->cfg->nsid_cfg_str);
cfg_parser->cfg->nsid_cfg_str = $2;
free(cfg_parser->cfg->nsid);
cfg_parser->cfg->nsid = NULL;
cfg_parser->cfg->nsid_len = 0;
if (*$2 == 0)
; /* pass; empty string is not setting nsid */
else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
$2, &cfg_parser->cfg->nsid_len)))
yyerror("the NSID must be either a hex string or an "
"ascii character string prepended with ascii_.");
}
;
server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
{
OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
@ -1913,6 +1935,15 @@ server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
free($2);
}
;
server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
{
OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
free($2);
}
;
server_fake_dsa: VAR_FAKE_DSA STRING_ARG
{
OUTYY(("P(server_fake_dsa:%s)\n", $2));
@ -2030,6 +2061,9 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
&& strcmp($3, "always_transparent")!=0
&& strcmp($3, "always_refuse")!=0
&& strcmp($3, "always_nxdomain")!=0
&& strcmp($3, "always_nodata")!=0
&& strcmp($3, "always_deny")!=0
&& strcmp($3, "always_null")!=0
&& strcmp($3, "noview")!=0
&& strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
&& strcmp($3, "inform_redirect") != 0
@ -2038,8 +2072,9 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
"refuse, redirect, transparent, "
"typetransparent, inform, inform_deny, "
"inform_redirect, always_transparent, "
"always_refuse, always_nxdomain, noview "
", nodefault or ipset");
"always_refuse, always_nxdomain, "
"always_nodata, always_deny, always_null, "
"noview, nodefault or ipset");
free($2);
free($3);
} else if(strcmp($3, "nodefault")==0) {
@ -2416,6 +2451,44 @@ server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
free($2);
}
;
server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
{
OUTYY(("P(server_pad_responses:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->pad_responses =
(strcmp($2, "yes")==0);
free($2);
}
;
server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
{
OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
if(atoi($2) == 0)
yyerror("number expected");
else cfg_parser->cfg->pad_responses_block_size = atoi($2);
free($2);
}
;
server_pad_queries: VAR_PAD_QUERIES STRING_ARG
{
OUTYY(("P(server_pad_queries:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->pad_queries =
(strcmp($2, "yes")==0);
free($2);
}
;
server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
{
OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
if(atoi($2) == 0)
yyerror("number expected");
else cfg_parser->cfg->pad_queries_block_size = atoi($2);
free($2);
}
;
server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
{
#ifdef USE_IPSECMOD

View File

@ -73,5 +73,11 @@
#define yyget_leng ub_c_get_leng
#define yylineno ub_c_lineno
#define yyget_text ub_c_get_text
#define yyss ub_c_ss
#define yysslim ub_c_sslim
#define yyssp ub_c_ssp
#define yystacksize ub_c_stacksize
#define yyvs ub_c_vs
#define yyvsp ub_c_vsp
#endif /* UTIL_CONFIGYYRENAME_H */

View File

@ -454,6 +454,7 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
size_t i, j, owner_pos;
int r, owner_labs;
uint16_t owner_ptr = 0;
time_t adjust = 0;
struct packed_rrset_data* data = (struct packed_rrset_data*)
key->entry.data;
@ -464,9 +465,12 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
owner_labs = dname_count_labels(key->rk.dname);
owner_pos = sldns_buffer_position(pkt);
/* For an rrset with a fixed TTL, use the rrset's TTL as given */
/** Determine relative time adjustment for TTL values.
* For an rrset with a fixed TTL, use the rrset's TTL as given. */
if((key->rk.flags & PACKED_RRSET_FIXEDTTL) != 0)
timenow = 0;
adjust = 0;
else
adjust = SERVE_ORIGINAL_TTL ? data->ttl_add : timenow;
if(do_data) {
const sldns_rr_descriptor* c = type_rdata_compressable(key);
@ -479,11 +483,10 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
return r;
sldns_buffer_write(pkt, &key->rk.type, 2);
sldns_buffer_write(pkt, &key->rk.rrset_class, 2);
if(data->rr_ttl[j] < timenow)
if(data->rr_ttl[j] < adjust)
sldns_buffer_write_u32(pkt,
SERVE_EXPIRED?SERVE_EXPIRED_REPLY_TTL:0);
else sldns_buffer_write_u32(pkt,
data->rr_ttl[j]-timenow);
else sldns_buffer_write_u32(pkt, data->rr_ttl[j]-adjust);
if(c) {
if((r=compress_rdata(pkt, data->rr_data[j],
data->rr_len[j], region, tree, c))
@ -517,11 +520,10 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
}
sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_RRSIG);
sldns_buffer_write(pkt, &key->rk.rrset_class, 2);
if(data->rr_ttl[i] < timenow)
if(data->rr_ttl[i] < adjust)
sldns_buffer_write_u32(pkt,
SERVE_EXPIRED?SERVE_EXPIRED_REPLY_TTL:0);
else sldns_buffer_write_u32(pkt,
data->rr_ttl[i]-timenow);
else sldns_buffer_write_u32(pkt, data->rr_ttl[i]-adjust);
/* rrsig rdata cannot be compressed, perform 100+ byte
* memcopy. */
sldns_buffer_write(pkt, data->rr_data[i],
@ -801,14 +803,14 @@ calc_edns_field_size(struct edns_data* edns)
return 1 + 2 + 2 + 4 + 2 + rdatalen;
}
void
attach_edns_record(sldns_buffer* pkt, struct edns_data* edns)
static void
attach_edns_record_max_msg_sz(sldns_buffer* pkt, struct edns_data* edns,
uint16_t max_msg_sz)
{
size_t len;
size_t rdatapos;
struct edns_option* opt;
if(!edns || !edns->edns_present)
return;
struct edns_option* padding_option = NULL;
/* inc additional count */
sldns_buffer_write_u16_at(pkt, 10,
sldns_buffer_read_u16_at(pkt, 10) + 1);
@ -826,17 +828,52 @@ attach_edns_record(sldns_buffer* pkt, struct edns_data* edns)
sldns_buffer_write_u16(pkt, 0); /* rdatalen */
/* write rdata */
for(opt=edns->opt_list; opt; opt=opt->next) {
if (opt->opt_code == LDNS_EDNS_PADDING) {
padding_option = opt;
continue;
}
sldns_buffer_write_u16(pkt, opt->opt_code);
sldns_buffer_write_u16(pkt, opt->opt_len);
if(opt->opt_len != 0)
sldns_buffer_write(pkt, opt->opt_data, opt->opt_len);
}
if (padding_option && edns->padding_block_size ) {
size_t pad_pos = sldns_buffer_position(pkt);
size_t msg_sz = ((pad_pos + 3) / edns->padding_block_size + 1)
* edns->padding_block_size;
size_t pad_sz;
if (msg_sz > max_msg_sz)
msg_sz = max_msg_sz;
/* By use of calc_edns_field_size, calling functions should
* have made sure that there is enough space for at least a
* zero sized padding option.
*/
log_assert(pad_pos + 4 <= msg_sz);
pad_sz = msg_sz - pad_pos - 4;
sldns_buffer_write_u16(pkt, LDNS_EDNS_PADDING);
sldns_buffer_write_u16(pkt, pad_sz);
if (pad_sz) {
memset(sldns_buffer_current(pkt), 0, pad_sz);
sldns_buffer_skip(pkt, pad_sz);
}
}
if(edns->opt_list)
sldns_buffer_write_u16_at(pkt, rdatapos,
sldns_buffer_position(pkt)-rdatapos-2);
sldns_buffer_flip(pkt);
}
void
attach_edns_record(sldns_buffer* pkt, struct edns_data* edns)
{
if(!edns || !edns->edns_present)
return;
attach_edns_record_max_msg_sz(pkt, edns, edns->udp_size);
}
int
reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep,
uint16_t id, uint16_t qflags, sldns_buffer* pkt, time_t timenow,
@ -885,7 +922,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep,
}
if(attach_edns && sldns_buffer_capacity(pkt) >=
sldns_buffer_limit(pkt)+attach_edns)
attach_edns_record(pkt, edns);
attach_edns_record_max_msg_sz(pkt, edns, udpsize+attach_edns);
return 1;
}

View File

@ -1020,6 +1020,7 @@ parse_extract_edns(struct msg_parse* msg, struct edns_data* edns,
edns->bits = sldns_read_uint16(&found->rr_last->ttl_data[2]);
edns->udp_size = ntohs(found->rrset_class);
edns->opt_list = NULL;
edns->padding_block_size = 0;
/* take the options */
rdata_len = found->rr_first->size-2;
@ -1093,6 +1094,7 @@ parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns,
edns->edns_version = sldns_buffer_read_u8(pkt);
edns->bits = sldns_buffer_read_u16(pkt);
edns->opt_list = NULL;
edns->padding_block_size = 0;
/* take the options */
rdata_len = sldns_buffer_read_u16(pkt);

View File

@ -87,6 +87,8 @@ extern time_t SERVE_EXPIRED_TTL;
extern time_t SERVE_EXPIRED_REPLY_TTL;
/** Negative cache time (for entries without any RRs.) */
#define NORR_TTL 5 /* seconds */
/** If we serve the original TTL or decrementing TTLs */
extern int SERVE_ORIGINAL_TTL;
/**
* Data stored in scratch pad memory during parsing.
@ -225,6 +227,8 @@ struct edns_data {
uint16_t udp_size;
/** rdata element list, or NULL if none */
struct edns_option* opt_list;
/** block size to pad */
uint16_t padding_block_size;
};
/**

View File

@ -67,6 +67,8 @@ int SERVE_EXPIRED = 0;
time_t SERVE_EXPIRED_TTL = 0;
/** TTL to use for expired records */
time_t SERVE_EXPIRED_REPLY_TTL = 30;
/** If we serve the original TTL or decrementing TTLs */
int SERVE_ORIGINAL_TTL = 0;
/** allocate qinfo, return 0 on error */
static int
@ -197,9 +199,9 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to,
if(*rr_ttl > MAX_NEG_TTL)
*rr_ttl = MAX_NEG_TTL;
}
if(*rr_ttl < MIN_TTL)
if(!SERVE_ORIGINAL_TTL && (*rr_ttl < MIN_TTL))
*rr_ttl = MIN_TTL;
if(*rr_ttl > MAX_TTL)
if(!SERVE_ORIGINAL_TTL && (*rr_ttl > MAX_TTL))
*rr_ttl = MAX_TTL;
if(*rr_ttl < data->ttl)
data->ttl = *rr_ttl;
@ -321,8 +323,8 @@ parse_create_rrset(sldns_buffer* pkt, struct rrset_parse* pset,
(sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)) +
pset->size;
if(region)
*data = regional_alloc(region, s);
else *data = malloc(s);
*data = regional_alloc_zero(region, s);
else *data = calloc(1, s);
if(!*data)
return 0;
/* copy & decompress */
@ -526,6 +528,7 @@ reply_info_set_ttls(struct reply_info* rep, time_t timenow)
for(j=0; j<data->count + data->rrsig_count; j++) {
data->rr_ttl[j] += timenow;
}
data->ttl_add = timenow;
}
}
@ -1035,7 +1038,8 @@ static int inplace_cb_reply_call_generic(
struct inplace_cb* callback_list, enum inplace_cb_list_type type,
struct query_info* qinfo, struct module_qstate* qstate,
struct reply_info* rep, int rcode, struct edns_data* edns,
struct comm_reply* repinfo, struct regional* region)
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time)
{
struct inplace_cb* cb;
struct edns_option* opt_list_out = NULL;
@ -1048,7 +1052,7 @@ static int inplace_cb_reply_call_generic(
fptr_ok(fptr_whitelist_inplace_cb_reply_generic(
(inplace_cb_reply_func_type*)cb->cb, type));
(void)(*(inplace_cb_reply_func_type*)cb->cb)(qinfo, qstate, rep,
rcode, edns, &opt_list_out, repinfo, region, cb->id, cb->cb_arg);
rcode, edns, &opt_list_out, repinfo, region, start_time, cb->id, cb->cb_arg);
}
edns->opt_list = opt_list_out;
return 1;
@ -1056,37 +1060,41 @@ static int inplace_cb_reply_call_generic(
int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo,
struct module_qstate* qstate, struct reply_info* rep, int rcode,
struct edns_data* edns, struct comm_reply* repinfo, struct regional* region)
struct edns_data* edns, struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time)
{
return inplace_cb_reply_call_generic(
env->inplace_cb_lists[inplace_cb_reply], inplace_cb_reply, qinfo,
qstate, rep, rcode, edns, repinfo, region);
qstate, rep, rcode, edns, repinfo, region, start_time);
}
int inplace_cb_reply_cache_call(struct module_env* env,
struct query_info* qinfo, struct module_qstate* qstate,
struct reply_info* rep, int rcode, struct edns_data* edns,
struct comm_reply* repinfo, struct regional* region)
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time)
{
return inplace_cb_reply_call_generic(
env->inplace_cb_lists[inplace_cb_reply_cache], inplace_cb_reply_cache,
qinfo, qstate, rep, rcode, edns, repinfo, region);
qinfo, qstate, rep, rcode, edns, repinfo, region, start_time);
}
int inplace_cb_reply_local_call(struct module_env* env,
struct query_info* qinfo, struct module_qstate* qstate,
struct reply_info* rep, int rcode, struct edns_data* edns,
struct comm_reply* repinfo, struct regional* region)
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time)
{
return inplace_cb_reply_call_generic(
env->inplace_cb_lists[inplace_cb_reply_local], inplace_cb_reply_local,
qinfo, qstate, rep, rcode, edns, repinfo, region);
qinfo, qstate, rep, rcode, edns, repinfo, region, start_time);
}
int inplace_cb_reply_servfail_call(struct module_env* env,
struct query_info* qinfo, struct module_qstate* qstate,
struct reply_info* rep, int rcode, struct edns_data* edns,
struct comm_reply* repinfo, struct regional* region)
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time)
{
/* We are going to servfail. Remove any potential edns options. */
if(qstate)
@ -1094,7 +1102,7 @@ int inplace_cb_reply_servfail_call(struct module_env* env,
return inplace_cb_reply_call_generic(
env->inplace_cb_lists[inplace_cb_reply_servfail],
inplace_cb_reply_servfail, qinfo, qstate, rep, rcode, edns, repinfo,
region);
region, start_time);
}
int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo,

View File

@ -554,11 +554,14 @@ struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code);
* @param edns: edns data of the reply.
* @param repinfo: comm_reply. Reply information for a communication point.
* @param region: region to store data.
* @param start_time: the start time of recursion, when the packet arrived,
* or the current time for cache responses.
* @return false on failure (a callback function returned an error).
*/
int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo,
struct module_qstate* qstate, struct reply_info* rep, int rcode,
struct edns_data* edns, struct comm_reply* repinfo, struct regional* region);
struct edns_data* edns, struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time);
/**
* Call the registered functions in the inplace_cb_reply_cache linked list.
@ -571,12 +574,15 @@ int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo,
* @param edns: edns data of the reply. Edns input can be found here.
* @param repinfo: comm_reply. Reply information for a communication point.
* @param region: region to store data.
* @param start_time: the start time of recursion, when the packet arrived,
* or the current time for cache responses.
* @return false on failure (a callback function returned an error).
*/
int inplace_cb_reply_cache_call(struct module_env* env,
struct query_info* qinfo, struct module_qstate* qstate,
struct reply_info* rep, int rcode, struct edns_data* edns,
struct comm_reply* repinfo, struct regional* region);
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time);
/**
* Call the registered functions in the inplace_cb_reply_local linked list.
@ -589,12 +595,15 @@ int inplace_cb_reply_cache_call(struct module_env* env,
* @param edns: edns data of the reply. Edns input can be found here.
* @param repinfo: comm_reply. Reply information for a communication point.
* @param region: region to store data.
* @param start_time: the start time of recursion, when the packet arrived,
* or the current time for cache responses.
* @return false on failure (a callback function returned an error).
*/
int inplace_cb_reply_local_call(struct module_env* env,
struct query_info* qinfo, struct module_qstate* qstate,
struct reply_info* rep, int rcode, struct edns_data* edns,
struct comm_reply* repinfo, struct regional* region);
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time);
/**
* Call the registered functions in the inplace_cb_reply linked list.
@ -608,12 +617,15 @@ int inplace_cb_reply_local_call(struct module_env* env,
* is NULL.
* @param repinfo: comm_reply. Reply information for a communication point.
* @param region: region to store data.
* @param start_time: the start time of recursion, when the packet arrived,
* or the current time for cache responses.
* @return false on failure (a callback function returned an error).
*/
int inplace_cb_reply_servfail_call(struct module_env* env,
struct query_info* qinfo, struct module_qstate* qstate,
struct reply_info* rep, int rcode, struct edns_data* edns,
struct comm_reply* repinfo, struct regional* region);
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time);
/**
* Call the registered functions in the inplace_cb_query linked list.

View File

@ -220,6 +220,7 @@ packed_rrset_ttl_add(struct packed_rrset_data* data, time_t add)
{
size_t i;
size_t total = data->count + data->rrsig_count;
data->ttl_add = add;
data->ttl += add;
for(i=0; i<total; i++)
data->rr_ttl[i] += add;
@ -275,6 +276,7 @@ int packed_rr_to_string(struct ub_packed_rrset_key* rrset, size_t i,
entry.data;
uint8_t rr[65535];
size_t rlen = rrset->rk.dname_len + 2 + 2 + 4 + d->rr_len[i];
time_t adjust = 0;
log_assert(dest_len > 0 && dest);
if(rlen > dest_len) {
dest[0] = 0;
@ -285,8 +287,10 @@ int packed_rr_to_string(struct ub_packed_rrset_key* rrset, size_t i,
memmove(rr+rrset->rk.dname_len, &rrset->rk.type, 2);
else sldns_write_uint16(rr+rrset->rk.dname_len, LDNS_RR_TYPE_RRSIG);
memmove(rr+rrset->rk.dname_len+2, &rrset->rk.rrset_class, 2);
adjust = SERVE_ORIGINAL_TTL ? d->ttl_add : now;
if (d->rr_ttl[i] < adjust) adjust = d->rr_ttl[i]; /* Prevent negative TTL overflow */
sldns_write_uint32(rr+rrset->rk.dname_len+4,
(uint32_t)(d->rr_ttl[i]-now));
(uint32_t)(d->rr_ttl[i]-adjust));
memmove(rr+rrset->rk.dname_len+8, d->rr_data[i], d->rr_len[i]);
if(sldns_wire2str_rr_buf(rr, rlen, dest, dest_len) == -1) {
log_info("rrbuf failure %d %s", (int)d->rr_len[i], dest);
@ -332,6 +336,7 @@ packed_rrset_copy_region(struct ub_packed_rrset_key* key,
struct packed_rrset_data* data = (struct packed_rrset_data*)
key->entry.data;
size_t dsize, i;
time_t adjust = 0;
if(!ck)
return NULL;
ck->id = key->id;
@ -350,14 +355,16 @@ packed_rrset_copy_region(struct ub_packed_rrset_key* key,
ck->entry.data = d;
packed_rrset_ptr_fixup(d);
/* make TTLs relative - once per rrset */
adjust = SERVE_ORIGINAL_TTL ? data->ttl_add : now;
for(i=0; i<d->count + d->rrsig_count; i++) {
if(d->rr_ttl[i] < now)
if(d->rr_ttl[i] < adjust)
d->rr_ttl[i] = SERVE_EXPIRED?SERVE_EXPIRED_REPLY_TTL:0;
else d->rr_ttl[i] -= now;
else d->rr_ttl[i] -= adjust;
}
if(d->ttl < now)
if(d->ttl < adjust)
d->ttl = SERVE_EXPIRED?SERVE_EXPIRED_REPLY_TTL:0;
else d->ttl -= now;
else d->ttl -= adjust;
d->ttl_add = 0; /* TTLs have been made relative */
return ck;
}

View File

@ -233,6 +233,9 @@ enum sec_status {
* the ttl value to send changes due to time.
*/
struct packed_rrset_data {
/** Timestamp added to TTLs in the packed data.
* Needed to support serving original TTLs. */
time_t ttl_add;
/** TTL (in seconds like time()) of the rrset.
* Same for all RRs see rfc2181(5.2). */
time_t ttl;

View File

@ -165,5 +165,21 @@ int apply_edns_options(struct edns_data* edns_out, struct edns_data* edns_in,
!edns_keepalive(edns_out, edns_in, c, region))
return 0;
if (cfg->nsid && edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_NSID)
&& !edns_opt_list_append(&edns_out->opt_list,
LDNS_EDNS_NSID, cfg->nsid_len, cfg->nsid, region))
return 0;
if(!cfg->pad_responses || c->type != comm_tcp || !c->ssl
|| !edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_PADDING)) {
; /* pass */
}
else if(!edns_opt_list_append(&edns_out->opt_list, LDNS_EDNS_PADDING
, 0, NULL, region))
return 0;
else
edns_out->padding_block_size = cfg->pad_responses_block_size;
return 1;
}

View File

@ -2014,6 +2014,7 @@
2368,
2370,
2372,
2378,
2381,
2382,
2383,
@ -3574,7 +3575,6 @@
3977,
3978,
3979,
3980,
3981,
3982,
3983,

View File

@ -257,8 +257,8 @@ struct inplace_cb {
typedef int inplace_cb_reply_func_type(struct query_info* qinfo,
struct module_qstate* qstate, struct reply_info* rep, int rcode,
struct edns_data* edns, struct edns_option** opt_list_out,
struct comm_reply* repinfo, struct regional* region, int id,
void* callback);
struct comm_reply* repinfo, struct regional* region,
struct timeval* start_time, int id, void* callback);
/**
* Inplace callback function called before sending the query to a nameserver.

View File

@ -321,7 +321,7 @@ static int ipdnametoaddr(uint8_t* dname, size_t dnamelen,
struct sockaddr_storage* addr, socklen_t* addrlen, int* af)
{
uint8_t* ia;
size_t dnamelabs = dname_count_labels(dname);
int dnamelabs = dname_count_labels(dname);
uint8_t lablen;
char* e = NULL;
int z = 0;

View File

@ -388,8 +388,9 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet,
} else {
verbose(VERB_OPS, "send failed: %s", sock_strerror(errno));
}
log_addr(VERB_OPS, "remote address is",
(struct sockaddr_storage*)addr, addrlen);
if(addr)
log_addr(VERB_OPS, "remote address is",
(struct sockaddr_storage*)addr, addrlen);
return 0;
} else if((size_t)sent != sldns_buffer_remaining(packet)) {
log_err("sent %d in place of %d bytes",
@ -592,6 +593,8 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
static int udp_recv_needs_log(int err)
{
switch(err) {
case EACCES: /* some hosts send ICMP 'Permission Denied' */
#ifndef USE_WINSOCK
case ECONNREFUSED:
# ifdef ENETUNREACH
case ENETUNREACH:
@ -605,6 +608,13 @@ static int udp_recv_needs_log(int err)
# ifdef ENETDOWN
case ENETDOWN:
# endif
#else /* USE_WINSOCK */
case WSAECONNREFUSED:
case WSAENETUNREACH:
case WSAEHOSTDOWN:
case WSAEHOSTUNREACH:
case WSAENETDOWN:
#endif
if(verbosity >= VERB_ALGO)
return 1;
return 0;
@ -745,7 +755,8 @@ comm_point_udp_callback(int fd, short event, void* arg)
#else
if(WSAGetLastError() != WSAEINPROGRESS &&
WSAGetLastError() != WSAECONNRESET &&
WSAGetLastError()!= WSAEWOULDBLOCK)
WSAGetLastError()!= WSAEWOULDBLOCK &&
udp_recv_needs_log(WSAGetLastError()))
log_err("recvfrom failed: %s",
wsa_strerror(WSAGetLastError()));
#endif
@ -771,6 +782,13 @@ comm_point_udp_callback(int fd, short event, void* arg)
}
}
int adjusted_tcp_timeout(struct comm_point* c)
{
if(c->tcp_timeout_msec < TCP_QUERY_TIMEOUT_MINIMUM)
return TCP_QUERY_TIMEOUT_MINIMUM;
return c->tcp_timeout_msec;
}
/** Use a new tcp handler for new query fd, set to read query */
static void
setup_tcp_handler(struct comm_point* c, int fd, int cur, int max)
@ -804,10 +822,7 @@ setup_tcp_handler(struct comm_point* c, int fd, int cur, int max)
c->tcp_timeout_msec /= 500;
else if (handler_usage > 80)
c->tcp_timeout_msec = 0;
comm_point_start_listening(c, fd,
c->tcp_timeout_msec < TCP_QUERY_TIMEOUT_MINIMUM
? TCP_QUERY_TIMEOUT_MINIMUM
: c->tcp_timeout_msec);
comm_point_start_listening(c, fd, adjusted_tcp_timeout(c));
}
void comm_base_handle_slow_accept(int ATTR_UNUSED(fd),
@ -1117,10 +1132,11 @@ tcp_callback_writer(struct comm_point* c)
if( (*c->callback)(c, c->cb_arg, NETEVENT_PKT_WRITTEN,
&c->repinfo) ) {
comm_point_start_listening(c, -1,
c->tcp_timeout_msec);
adjusted_tcp_timeout(c));
}
} else {
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
comm_point_start_listening(c, -1,
adjusted_tcp_timeout(c));
}
}
}
@ -1141,7 +1157,8 @@ tcp_callback_reader(struct comm_point* c)
comm_point_stop_listening(c);
fptr_ok(fptr_whitelist_comm_point(c->callback));
if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) {
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
comm_point_start_listening(c, -1,
adjusted_tcp_timeout(c));
}
}
}
@ -1603,6 +1620,33 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok)
if(errno == ECONNRESET && verbosity < 2)
return 0; /* silence reset by peer */
#endif
#ifdef ENETUNREACH
if(errno == ENETUNREACH && verbosity < 2)
return 0; /* silence it */
#endif
#ifdef EHOSTDOWN
if(errno == EHOSTDOWN && verbosity < 2)
return 0; /* silence it */
#endif
#ifdef EHOSTUNREACH
if(errno == EHOSTUNREACH && verbosity < 2)
return 0; /* silence it */
#endif
#ifdef ENETDOWN
if(errno == ENETDOWN && verbosity < 2)
return 0; /* silence it */
#endif
#ifdef EACCES
if(errno == EACCES && verbosity < 2)
return 0; /* silence it */
#endif
#ifdef ENOTCONN
if(errno == ENOTCONN) {
log_err_addr("read (in tcp s) failed and this could be because TCP Fast Open is enabled [--disable-tfo-client --disable-tfo-server] but does not work", sock_strerror(errno),
&c->repinfo.addr, c->repinfo.addrlen);
return 0;
}
#endif
#else /* USE_WINSOCK */
if(WSAGetLastError() == WSAECONNRESET)
return 0;
@ -1901,7 +1945,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
log_assert(c->tcp_write_and_read || sldns_buffer_remaining(buffer) > 0);
log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2);
if(c->tcp_write_and_read) {
r = send(fd, (void*)c->tcp_write_pkt + c->tcp_write_byte_count - 2,
r = send(fd, (void*)(c->tcp_write_pkt + c->tcp_write_byte_count - 2),
c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count, 0);
} else {
r = send(fd, (void*)sldns_buffer_current(buffer),
@ -2369,7 +2413,7 @@ http_nonchunk_segment(struct comm_point* c)
return 1;
}
/** handle nonchunked data segment, return 0=fail, 1=wait, 2=process more */
/** handle chunked data segment, return 0=fail, 1=wait, 2=process more */
static int
http_chunked_segment(struct comm_point* c)
{
@ -2379,6 +2423,7 @@ http_chunked_segment(struct comm_point* c)
*/
size_t remainbufferlen;
size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored;
verbose(VERB_ALGO, "http_chunked_segment: got now %d, tcpbytcount %d, http_stored %d, buffer pos %d, buffer limit %d", (int)got_now, (int)c->tcp_byte_count, (int)c->http_stored, (int)sldns_buffer_position(c->buffer), (int)sldns_buffer_limit(c->buffer));
if(c->tcp_byte_count <= got_now) {
/* the chunk has completed (with perhaps some extra data
* from next chunk header and next chunk) */
@ -2446,7 +2491,7 @@ http_chunked_segment(struct comm_point* c)
#ifdef HAVE_NGHTTP2
/** Create new http2 session. Called when creating handling comm point. */
struct http2_session* http2_session_create(struct comm_point* c)
static struct http2_session* http2_session_create(struct comm_point* c)
{
struct http2_session* session = calloc(1, sizeof(*session));
if(!session) {
@ -2460,7 +2505,7 @@ struct http2_session* http2_session_create(struct comm_point* c)
#endif
/** Delete http2 session. After closing connection or on error */
void http2_session_delete(struct http2_session* h2_session)
static void http2_session_delete(struct http2_session* h2_session)
{
#ifdef HAVE_NGHTTP2
if(h2_session->callbacks)
@ -2536,7 +2581,7 @@ void http2_session_add_stream(struct http2_session* h2_session,
/** remove stream from session linked list. After stream close callback or
* closing connection */
void http2_session_remove_stream(struct http2_session* h2_session,
static void http2_session_remove_stream(struct http2_session* h2_session,
struct http2_stream* h2_stream)
{
if(h2_stream->prev)
@ -2662,7 +2707,7 @@ comm_point_http2_handle_read(int ATTR_UNUSED(fd), struct comm_point* c)
if(nghttp2_session_want_write(c->h2_session->session)) {
c->tcp_is_reading = 0;
comm_point_stop_listening(c);
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
comm_point_start_listening(c, -1, adjusted_tcp_timeout(c));
} else if(!nghttp2_session_want_read(c->h2_session->session))
return 0; /* connection can be closed */
return 1;
@ -2718,6 +2763,11 @@ comm_point_http_handle_read(int fd, struct comm_point* c)
}
sldns_buffer_flip(c->buffer);
/* if we are partway in a segment of data, position us at the point
* where we left off previously */
if(c->http_stored < sldns_buffer_limit(c->buffer))
sldns_buffer_set_position(c->buffer, c->http_stored);
else sldns_buffer_set_position(c->buffer, sldns_buffer_limit(c->buffer));
while(sldns_buffer_remaining(c->buffer) > 0) {
/* Handle HTTP/1.x data */
@ -2980,7 +3030,7 @@ comm_point_http2_handle_write(int ATTR_UNUSED(fd), struct comm_point* c)
if(nghttp2_session_want_read(c->h2_session->session)) {
c->tcp_is_reading = 1;
comm_point_stop_listening(c);
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
comm_point_start_listening(c, -1, adjusted_tcp_timeout(c));
} else if(!nghttp2_session_want_write(c->h2_session->session))
return 0; /* connection can be closed */
return 1;
@ -3187,6 +3237,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer,
comm_point_delete(c);
return NULL;
}
c->event_added = 1;
return c;
}
@ -3246,6 +3297,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd,
comm_point_delete(c);
return NULL;
}
c->event_added = 1;
return c;
}
@ -3530,6 +3582,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num,
comm_point_delete(c);
return NULL;
}
c->event_added = 1;
/* now prealloc the handlers */
for(i=0; i<num; i++) {
if(port_type == listen_type_tcp ||
@ -3753,6 +3806,7 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize,
free(c);
return NULL;
}
c->event_added = 1;
return c;
}
@ -3815,6 +3869,7 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing,
free(c);
return NULL;
}
c->event_added = 1;
return c;
}
@ -3825,8 +3880,11 @@ comm_point_close(struct comm_point* c)
return;
if(c->fd != -1) {
verbose(5, "comm_point_close of %d: event_del", c->fd);
if(ub_event_del(c->ev->ev) != 0) {
log_err("could not event_del on close");
if(c->event_added) {
if(ub_event_del(c->ev->ev) != 0) {
log_err("could not event_del on close");
}
c->event_added = 0;
}
}
tcl_close_connection(c->tcl_addr);
@ -3938,11 +3996,11 @@ comm_point_send_reply(struct comm_reply *repinfo)
repinfo->c->tcp_is_reading = 0;
comm_point_stop_listening(repinfo->c);
comm_point_start_listening(repinfo->c, -1,
repinfo->c->tcp_timeout_msec);
adjusted_tcp_timeout(repinfo->c));
return;
} else {
comm_point_start_listening(repinfo->c, -1,
repinfo->c->tcp_timeout_msec);
adjusted_tcp_timeout(repinfo->c));
}
}
}
@ -3975,8 +4033,11 @@ void
comm_point_stop_listening(struct comm_point* c)
{
verbose(VERB_ALGO, "comm point stop listening %d", c->fd);
if(ub_event_del(c->ev->ev) != 0) {
log_err("event_del error to stoplisten");
if(c->event_added) {
if(ub_event_del(c->ev->ev) != 0) {
log_err("event_del error to stoplisten");
}
c->event_added = 0;
}
}
@ -3989,6 +4050,12 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
/* no use to start listening no free slots. */
return;
}
if(c->event_added) {
if(ub_event_del(c->ev->ev) != 0) {
log_err("event_del error to startlisten");
}
c->event_added = 0;
}
if(msec != -1 && msec != 0) {
if(!c->timeout) {
c->timeout = (struct timeval*)malloc(sizeof(
@ -4028,13 +4095,17 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
if(ub_event_add(c->ev->ev, msec==0?NULL:c->timeout) != 0) {
log_err("event_add failed. in cpsl.");
}
c->event_added = 1;
}
void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr)
{
verbose(VERB_ALGO, "comm point listen_for_rw %d %d", c->fd, wr);
if(ub_event_del(c->ev->ev) != 0) {
log_err("event_del error to cplf");
if(c->event_added) {
if(ub_event_del(c->ev->ev) != 0) {
log_err("event_del error to cplf");
}
c->event_added = 0;
}
ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE);
if(rd) ub_event_add_bits(c->ev->ev, UB_EV_READ);
@ -4042,6 +4113,7 @@ void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr)
if(ub_event_add(c->ev->ev, c->timeout) != 0) {
log_err("event_add failed. in cplf.");
}
c->event_added = 1;
}
size_t comm_point_get_mem(struct comm_point* c)

View File

@ -166,6 +166,8 @@ struct comm_reply {
struct comm_point {
/** behind the scenes structure, with say libevent info. alloced. */
struct internal_event* ev;
/** if the event is added or not */
int event_added;
/** file descriptor for communication point */
int fd;
@ -662,6 +664,16 @@ void comm_point_start_listening(struct comm_point* c, int newfd, int msec);
*/
void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr);
/**
* For TCP handlers that use c->tcp_timeout_msec, this routine adjusts
* it with the minimum. Otherwise, a 0 value advertised without the
* minimum applied moves to a 0 in comm_point_start_listening and that
* routine treats it as no timeout, listen forever, which is not wanted.
* @param c: comm point to use the tcp_timeout_msec of.
* @return adjusted tcp_timeout_msec value with the minimum if smaller.
*/
int adjusted_tcp_timeout(struct comm_point* c);
/**
* Get size of memory used by comm point.
* For TCP handlers this includes subhandlers.

View File

@ -398,13 +398,13 @@ lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key)
return;
}
table->num--;
table->space_used -= (*table->sizefunc)(entry->key, entry->data);
lock_quick_unlock(&table->lock);
table->space_used -= (*table->sizefunc)(entry->key, entry->data);
lock_rw_wrlock(&entry->lock);
if(table->markdelfunc)
(*table->markdelfunc)(entry->key);
lock_rw_unlock(&entry->lock);
lock_quick_unlock(&bin->lock);
lock_quick_unlock(&table->lock);
/* finish removal */
d = entry->data;
(*table->delkeyfunc)(entry->key, table->cb_arg);

View File

@ -2365,6 +2365,7 @@ probe_anchor(struct module_env* env, struct trust_anchor* tp)
edns.edns_version = 0;
edns.bits = EDNS_DO;
edns.opt_list = NULL;
edns.padding_block_size = 0;
if(sldns_buffer_capacity(buf) < 65535)
edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
else edns.udp_size = 65535;

View File

@ -731,7 +731,7 @@
#define PACKAGE_NAME "unbound"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "unbound 1.13.0"
#define PACKAGE_STRING "unbound 1.13.1"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "unbound"
@ -740,7 +740,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.13.0"
#define PACKAGE_VERSION "1.13.1"
/* default pidfile location */
#define PIDFILE "/var/unbound/unbound.pid"
@ -762,7 +762,7 @@
#define ROOT_CERT_FILE "/var/unbound/icannbundle.pem"
/* version number for resource files */
#define RSRC_PACKAGE_VERSION 1,13,0,0
#define RSRC_PACKAGE_VERSION 1,13,1,0
/* Directory to chdir to */
#define RUN_DIR "/var/unbound"