system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 18:56:38 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

import unbound 1.5.2

Browse source
This commit is contained in:
Dag-Erling Smørgrav 2015-04-26 11:23:26 +00:00
parent 54dd3272da
commit d3348d437f
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/unbound/dist/; revision=282009
svn path=/vendor/unbound/1.5.2/; revision=282010; tag=vendor/unbound/1.5.2
59 changed files with 3593 additions and 2691 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

184
Makefile.in
View file

@ -459,8 +459,8 @@ strip:
$(STRIP) unbound$(EXEEXT)
$(STRIP) unbound-checkconf$(EXEEXT)
$(STRIP) unbound-control$(EXEEXT)
$(STRIP) unbound-host$(EXEEXT)
$(STRIP) unbound-anchor$(EXEEXT)
$(STRIP) unbound-host$(EXEEXT) || $(STRIP) .libs/unbound-host$(EXEEXT)
$(STRIP) unbound-anchor$(EXEEXT) || $(STRIP) .libs/unbound-anchor$(EXEEXT)
pythonmod-install:
$(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG)
@ -576,6 +576,7 @@ depend:
-e 's?$$(srcdir)/util/configlexer.c?util/configlexer.c?g' \
-e 's?$$(srcdir)/util/configparser.c?util/configparser.c?g' \
-e 's?$$(srcdir)/util/configparser.h?util/configparser.h?g' \
-e 's?$$(srcdir)/dnstap/dnstap_config.h??g' \
-e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \
-e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \
> $(DEPEND_TMP)
@ -689,13 +690,14 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/ldns/sbuffer.h
listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
$(srcdir)/ldns/sbuffer.h
$(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
$(srcdir)/util/net_help.h $(srcdir)/ldns/sbuffer.h
localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
$(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
@ -711,15 +713,16 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service
$(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
$(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/netevent.h
$(srcdir)/util/netevent.h
outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
$(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rtt.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/dnstap/dnstap.h \
alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
@ -732,8 +735,8 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/parseutil.h \
$(srcdir)/util/iana_ports.inc
$(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/ldns/wire2str.h \
$(srcdir)/ldns/parseutil.h $(srcdir)/util/iana_ports.inc
configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
$(srcdir)/util/config_file.h util/configparser.h
configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
@ -743,15 +746,16 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
$(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
$(srcdir)/validator/autotrust.h $(srcdir)/util/storage/dnstree.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h $(srcdir)/util/config_file.h
$(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
$(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
$(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/config_file.h
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/ldns/sbuffer.h
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
@ -767,6 +771,7 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/dnstap/dnstap.h \
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
@ -854,8 +859,8 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida
$(srcdir)/validator/val_utils.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/validator/val_secalgo.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \
$(srcdir)/ldns/sbuffer.h \
@ -884,6 +889,11 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src
$(srcdir)/util/regional.h
checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/testcode/checklocks.h
dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
$(srcdir)/dnstap/dnstap.h \
$(srcdir)/dnstap/dnstap.pb-c.h
dnstap.pb-c.lo dnstap.pb-c.o: $(srcdir)/dnstap/dnstap.pb-c.c $(srcdir)/dnstap/dnstap.pb-c.h
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/rrdef.h
@ -894,7 +904,8 @@ unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir
$(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \
$(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
$(srcdir)/util/log.h \
$(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/random.h
unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \
@ -935,19 +946,21 @@ cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h \
$(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h \
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/util/rbtree.h \
$(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/wire2str.h \
$(srcdir)/ldns/str2wire.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
@ -959,11 +972,12 @@ remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h \
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/localzone.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \
$(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/localzone.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
@ -973,14 +987,15 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/outside_network.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h \
$(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h \
$(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
@ -993,7 +1008,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
@ -1008,9 +1024,10 @@ testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/test
$(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/ldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
@ -1021,7 +1038,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
@ -1036,10 +1054,11 @@ acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/ac
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
@ -1049,12 +1068,12 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/outside_network.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h \
$(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h \
$(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/testcode/testpkts.h \
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h
@ -1063,10 +1082,10 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
$(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
@ -1118,13 +1137,14 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/netevent.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \
$(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/str2wire.h
$(srcdir)/util/netevent.h $(srcdir)/services/mesh.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/str2wire.h
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/wire2str.h
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
@ -1144,7 +1164,8 @@ perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir
delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
$(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h
$(srcdir)/util/log.h \
$(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/ldns/rrdef.h \
@ -1155,13 +1176,14 @@ pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c conf
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
$(srcdir)/ldns/sbuffer.h
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/ldns/sbuffer.h
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/winsock_event.h
w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \

14
compat/getentropy_linux.c
View file

@ -474,22 +474,24 @@ getentropy_fallback(void *buf, size_t len)
HD(cnt);
}
#ifdef AT_RANDOM
#ifdef HAVE_GETAUXVAL
# ifdef AT_RANDOM
/* Not as random as you think but we take what we are given */
p = (char *) getauxval(AT_RANDOM);
if (p)
HR(p, 16);
#endif
#ifdef AT_SYSINFO_EHDR
# endif
# ifdef AT_SYSINFO_EHDR
p = (char *) getauxval(AT_SYSINFO_EHDR);
if (p)
HR(p, pgs);
#endif
#ifdef AT_BASE
# endif
# ifdef AT_BASE
p = (char *) getauxval(AT_BASE);
if (p)
HD(p);
#endif
# endif
#endif /* HAVE_GETAUXVAL */
SHA512_Final(results, &ctx);
memcpy((char*)buf + i, results, min(sizeof(results), len - i));

9
config.h.in
View file

@ -42,7 +42,7 @@
/* Whether the C compiler accepts the "unused" attribute */
#undef HAVE_ATTR_UNUSED
/* Define to 1 if your system has a working `chown' function. */
/* Define to 1 if you have the `chown' function. */
#undef HAVE_CHOWN
/* Define to 1 if you have the `chroot' function. */
@ -146,6 +146,9 @@
/* Whether getaddrinfo is available */
#undef HAVE_GETADDRINFO
/* Define to 1 if you have the `getauxval' function. */
#undef HAVE_GETAUXVAL
/* Define to 1 if you have the `getentropy' function. */
#undef HAVE_GETENTROPY
@ -799,6 +802,10 @@
#define ARG_LL "%I64"
#endif
#ifndef AF_LOCAL
#define AF_LOCAL AF_UNIX
#endif
#ifdef HAVE_ATTR_FORMAT

65
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.5.1.
# Generated by GNU Autoconf 2.69 for unbound 1.5.2.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.5.1'
PACKAGE_STRING='unbound 1.5.1'
PACKAGE_VERSION='1.5.2'
PACKAGE_STRING='unbound 1.5.2'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
PACKAGE_URL=''
@ -733,6 +733,7 @@ UNBOUND_PIDFILE
UNBOUND_SHARE_DIR
UNBOUND_CHROOT_DIR
UNBOUND_RUN_DIR
ub_conf_dir
ub_conf_file
EGREP
GREP
@ -1387,7 +1388,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.5.1 to adapt to many kinds of systems.
\`configure' configures unbound 1.5.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1452,7 +1453,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.5.1:";;
short | recursive ) echo "Configuration of unbound 1.5.2:";;
esac
cat <<\_ACEOF
@ -1627,7 +1628,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.5.1
unbound configure 1.5.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2336,7 +2337,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.5.1, which was
It was created by unbound $as_me 1.5.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2688,11 +2689,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=5
UNBOUND_VERSION_MICRO=1
UNBOUND_VERSION_MICRO=2
LIBUNBOUND_CURRENT=5
LIBUNBOUND_REVISION=3
LIBUNBOUND_REVISION=5
LIBUNBOUND_AGE=3
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -2732,7 +2733,8 @@ LIBUNBOUND_AGE=3
# 1.4.21 had 4:1:2
# 1.4.22 had 4:1:2
# 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr
# 1.5.1 had 5:4:3
# 1.5.1 had 5:3:3
# 1.5.2 had 5:5:3
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -4047,6 +4049,30 @@ cat >>confdefs.h <<_ACEOF
#define CONFIGFILE "$hdr_config"
_ACEOF
ub_conf_dir=`$as_dirname -- "$ub_conf_file" ||
$as_expr X"$ub_conf_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ub_conf_file" : 'X\(//\)[^/]' \| \
X"$ub_conf_file" : 'X\(//\)$' \| \
X"$ub_conf_file" : 'X\(/\)' \| . 2>/dev/null ||
$as_echo X"$ub_conf_file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'`
# Determine run, chroot directory and pidfile locations
@ -17932,7 +17958,7 @@ if test "$ac_res" != no; then :
fi
for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent
for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -18269,6 +18295,17 @@ _ACEOF
fi
done
for ac_func in getauxval
do :
ac_fn_c_check_func "$LINENO" "getauxval" "ac_cv_func_getauxval"
if test "x$ac_cv_func_getauxval" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_GETAUXVAL 1
_ACEOF
fi
done
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
@ -18768,7 +18805,7 @@ _ACEOF
version=1.5.1
version=1.5.2
date=`date +'%b %e, %Y'`
@ -19283,7 +19320,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.5.1, which was
This file was extended by unbound $as_me 1.5.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -19349,7 +19386,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.5.1
unbound config.status 1.5.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

16
configure.ac
View file

@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[5])
m4_define([VERSION_MICRO],[1])
m4_define([VERSION_MICRO],[2])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=5
LIBUNBOUND_REVISION=3
LIBUNBOUND_REVISION=5
LIBUNBOUND_AGE=3
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -57,7 +57,8 @@ LIBUNBOUND_AGE=3
# 1.4.21 had 4:1:2
# 1.4.22 had 4:1:2
# 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr
# 1.5.1 had 5:4:3
# 1.5.1 had 5:3:3
# 1.5.2 had 5:5:3
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -118,6 +119,8 @@ AC_ARG_WITH([conf_file],
AC_SUBST(ub_conf_file)
ACX_ESCAPE_BACKSLASH($ub_conf_file, hdr_config)
AC_DEFINE_UNQUOTED(CONFIGFILE, ["$hdr_config"], [Pathname to the Unbound configuration file])
ub_conf_dir=`AS_DIRNAME(["$ub_conf_file"])`
AC_SUBST(ub_conf_dir)
# Determine run, chroot directory and pidfile locations
AC_ARG_WITH(run-dir,
@ -975,7 +978,7 @@ AC_INCLUDES_DEFAULT
#endif
])
AC_SEARCH_LIBS([setusercontext], [util])
AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent])
AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent])
AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
@ -1026,6 +1029,7 @@ if test "$USE_NSS" = "no"; then
AC_LIBOBJ(sha512)
])
AC_CHECK_HEADERS([sys/sysctl.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([getauxval])
AC_SEARCH_LIBS([clock_gettime], [rt])
;;
esac
@ -1211,6 +1215,10 @@ dnl includes
#else
#define ARG_LL "%I64"
#endif
#ifndef AF_LOCAL
#define AF_LOCAL AF_UNIX
#endif
]
AHX_CONFIG_FORMAT_ATTRIBUTE

64
contrib/unbound_cache.cmd
View file

@ -2,7 +2,7 @@
rem --------------------------------------------------------------
rem -- DNS cache save/load script
rem --
rem -- Version 1.0
rem -- Version 1.2
rem -- By Yuri Voinov (c) 2014
rem --------------------------------------------------------------
@ -19,47 +19,87 @@ exit 1
:start
set arg=%1
rem arg1 - command (optional)
rem arg2 - file name (optional)
set arg1=%1
set arg2=%2
if /I "%arg%" == "-h" goto help
if /I "%arg1%" == "-h" goto help
if "%arg%" == "" (
if "%arg1%" == "" (
echo Loading cache from %program_path%\%fname%
dir /a %program_path%\%fname%
type %program_path%\%fname%|%uc% load_cache
goto end
)
if /I "%arg%" == "-s" (
if defined %arg2% (goto Not_Defined) else (goto Defined)
rem If file not specified; use default dump file
:Not_defined
if /I "%arg1%" == "-s" (
echo Saving cache to %program_path%\%fname%
%uc% dump_cache>%program_path%\%fname%
dir /a %program_path%\%fname%
echo ok
goto end
)
if /I "%arg%" == "-l" (
if /I "%arg1%" == "-l" (
echo Loading cache from %program_path%\%fname%
dir /a %program_path%\%fname%
type %program_path%\%fname%|%uc% load_cache
goto end
)
if /I "%arg1%" == "-r" (
echo Saving cache to %program_path%\%fname%
dir /a %program_path%\%fname%
%uc% dump_cache>%program_path%\%fname%
echo ok
echo Loading cache from %program_path%\%fname%
type %program_path%\%fname%|%uc% load_cache
goto end
)
if /I "%arg%" == "-r" (
echo Saving cache to %program_path%\%fname%
%uc% dump_cache>%program_path%\%fname%
rem If file name specified; use this filename
:Defined
if /I "%arg1%" == "-s" (
echo Saving cache to %arg2%
%uc% dump_cache>%arg2%
dir /a %arg2%
echo ok
echo Loading cache from %program_path%\%fname%
type %program_path%\%fname%|%uc% load_cache
goto end
)
if /I "%arg1%" == "-l" (
echo Loading cache from %arg2%
dir /a %arg2%
type %arg2%|%uc% load_cache
goto end
)
if /I "%arg1%" == "-r" (
echo Saving cache to %arg2%
dir /a %arg2%
%uc% dump_cache>%arg2%
echo ok
echo Loading cache from %arg2%
type %arg2%|%uc% load_cache
goto end
)
:help
echo Usage: unbound_cache.cmd [-s] or [-l] or [-r] or [-h]
echo Usage: unbound_cache.cmd [-s] or [-l] or [-r] or [-h] [filename]
echo.
echo l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value.
echo s - Save - save Unbound DNS cache contents to plain file with domain names.
echo r - Reload - reloadind new cache entries and refresh existing cache
echo h - this screen.
echo filename - file to save/load dumped cache. If not specified, %program_path%\%fname% will be used instead.
echo Note: Run without any arguments will be in default mode.
echo Also, unbound-control must be configured.
exit 1
:end
exit 0

85
contrib/unbound_cache.sh
View file

@ -1,13 +1,13 @@
#!/sbin/sh
#
# --------------------------------------------------------------
# -- DNS cache save/load script
# --
# -- Version 1.0
# -- Version 1.2
# -- By Yuri Voinov (c) 2006, 2014
# --------------------------------------------------------------
#
# ident "@(#)unbound_cache.sh 1.1 14/04/26 YV"
# ident "@(#)unbound_cache.sh 1.2 14/10/30 YV"
#
#############
@ -27,9 +27,10 @@ BASENAME=`which basename`
CAT=`which cat`
CUT=`which cut`
ECHO=`which echo`
EXPR=`which expr`
GETOPT=`which getopt`
ID=`which id`
PRINTF=`which printf`
LS=`which ls`
###############
# Subroutines #
@ -38,12 +39,13 @@ PRINTF=`which printf`
usage_note ()
{
# Script usage note
$ECHO "Usage: `$BASENAME $0` [-s] or [-l] or [-r] or [-h]"
$ECHO
$ECHO "Usage: `$BASENAME $0` [-s] or [-l] or [-r] or [-h] [filename]"
$ECHO .
$ECHO "l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value."
$ECHO "s - Save - save Unbound DNS cache contents to plain file with domain names."
$ECHO "r - Reload - reloadind new cache entries and refresh existing cache"
$ECHO "h - this screen."
$ECHO "filename - file to save/load dumped cache. If not specified, $CONF/$FNAME will be used instead."
$ECHO "Note: Run without any arguments will be in default mode."
$ECHO " Also, unbound-control must be configured."
exit 0
@ -68,7 +70,12 @@ check_uc ()
check_saved_file ()
{
if [ ! -f "$CONF/$FNAME" ]; then
filename=$1
if [ ! -z "$filename" -a ! -f "$filename" ]; then
$ECHO .
$ECHO "ERROR: File $filename does not exists. Save it first."
exit 1
elif [ ! -f "$CONF/$FNAME" ]; then
$ECHO .
$ECHO "ERROR: File $CONF/$FNAME does not exists. Save it first."
exit 1
@ -78,24 +85,42 @@ check_saved_file ()
save_cache ()
{
# Save unbound cache
$PRINTF "Saving cache in $CONF/$FNAME..."
$UC dump_cache>$CONF/$FNAME
filename=$1
if [ -z "$filename" ]; then
$ECHO "Saving cache in $CONF/$FNAME..."
$UC dump_cache>$CONF/$FNAME
$LS -lh $CONF/$FNAME
else
$ECHO "Saving cache in $filename..."
$UC dump_cache>$filename
$LS -lh $filename
fi
$ECHO "ok"
}
load_cache ()
{
# Load saved cache contents and warmup DNS cache
$PRINTF "Loading cache from saved $CONF/$FNAME..."
check_saved_file
$CAT $CONF/$FNAME|$UC load_cache
# Load saved cache contents and warmup cache
filename=$1
if [ -z "$filename" ]; then
$ECHO "Loading cache from saved $CONF/$FNAME..."
$LS -lh $CONF/$FNAME
check_saved_file $filename
$CAT $CONF/$FNAME|$UC load_cache
else
$ECHO "Loading cache from saved $filename..."
$LS -lh $filename
check_saved_file $filename
$CAT $filename|$UC load_cache
fi
}
reload_cache ()
{
# Reloading and refresh existing cache and saved dump
save_cache
load_cache
filename=$1
save_cache $filename
load_cache $filename
}
##############
@ -109,27 +134,41 @@ root_check
check_uc
# Check command-line arguments
if [ "x$1" = "x" ]; then
# If arguments list empty, load cache by default
if [ "x$*" = "x" ]; then
# If arguments list empty,load cache by default
load_cache
else
arg_list=$1
arg_list=$*
# Parse command line
set -- `$GETOPT sSlLrRhH: $arg_list` || {
usage_note 1>&2
}
# Read arguments
# Read arguments
for i in $arg_list
do
case $i in
-s | -S) save_cache;;
-l | -L) load_cache;;
-r | -R) reload_cache;;
-s | -S) save="1";;
-l | -L) save="0";;
-r | -R) save="2";;
-h | -H | \?) usage_note;;
*) shift
file=$1
break;;
esac
break
shift
done
# Remove trailing --
shift `$EXPR $OPTIND - 1`
fi
if [ "$save" = "1" ]; then
save_cache $file
elif [ "$save" = "0" ]; then
load_cache $file
elif [ "$save" = "2" ]; then
reload_cache $file
fi
exit 0

172
contrib/unbound_munin_
View file

@ -210,6 +210,7 @@ exist_config ( ) {
if grep '^'$1'=' $state >/dev/null 2>&1; then
echo "$mn.label $2"
echo "$mn.min 0"
echo "$mn.type ABSOLUTE"
fi
}
@ -218,6 +219,7 @@ p_config ( ) {
mn=`echo $1 | sed $ABBREV | tr . _`
echo $mn.label "$2"
echo $mn.min 0
echo $mn.type $3
}
if test "$1" = "config" ; then
@ -228,20 +230,21 @@ if test "$1" = "config" ; then
hits)
echo "graph_title Unbound DNS traffic and cache hits"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / second"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state |
sed -e 's/=.*//'`; do
exist_config $x "queries handled by `basename $x .num.queries`"
done
p_config "total.num.queries" "total queries from clients"
p_config "total.num.cachehits" "cache hits"
p_config "total.num.prefetch" "cache prefetch"
p_config "num.query.tcp" "TCP queries"
p_config "num.query.tcpout" "TCP out queries"
p_config "num.query.ipv6" "IPv6 queries"
p_config "unwanted.queries" "queries that failed acl"
p_config "unwanted.replies" "unwanted or unsolicited replies"
p_config "total.num.queries" "total queries from clients" "ABSOLUTE"
p_config "total.num.cachehits" "cache hits" "ABSOLUTE"
p_config "total.num.prefetch" "cache prefetch" "ABSOLUTE"
p_config "num.query.tcp" "TCP queries" "ABSOLUTE"
p_config "num.query.tcpout" "TCP out queries" "ABSOLUTE"
p_config "num.query.ipv6" "IPv6 queries" "ABSOLUTE"
p_config "unwanted.queries" "queries that failed acl" "ABSOLUTE"
p_config "unwanted.replies" "unwanted or unsolicited replies" "ABSOLUTE"
echo "u_replies.warning $warn"
echo "u_replies.critical $crit"
echo "graph_info DNS queries to the recursive resolver. The unwanted replies could be innocent duplicate packets, late replies, or spoof threats."
@ -250,11 +253,12 @@ if test "$1" = "config" ; then
echo "graph_title Unbound requestlist size"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel number of queries"
echo "graph_scale no"
echo "graph_category DNS"
p_config "total.requestlist.avg" "Average size of queue on insert"
p_config "total.requestlist.max" "Max size of queue (in 5 min)"
p_config "total.requestlist.overwritten" "Number of queries replaced by new ones"
p_config "total.requestlist.exceeded" "Number of queries dropped due to lack of space"
p_config "total.requestlist.avg" "Average size of queue on insert" "GAUGE"
p_config "total.requestlist.max" "Max size of queue (in 5 min)" "GAUGE"
p_config "total.requestlist.overwritten" "Number of queries replaced by new ones" "GAUGE"
p_config "total.requestlist.exceeded" "Number of queries dropped due to lack of space" "GAUGE"
echo "graph_info The queries that did not hit the cache and need recursion service take up space in the requestlist. If there are too many queries, first queries get overwritten, and at last resort dropped."
;;
memory)
@ -262,128 +266,144 @@ if test "$1" = "config" ; then
echo "graph_args --base 1024 -l 0"
echo "graph_vlabel memory used in bytes"
echo "graph_category DNS"
p_config "mem.total.sbrk" "Total memory"
p_config "mem.cache.rrset" "RRset cache memory"
p_config "mem.cache.message" "Message cache memory"
p_config "mem.mod.iterator" "Iterator module memory"
p_config "mem.mod.validator" "Validator module and key cache memory"
p_config "msg.cache.count" "msg cache count"
p_config "rrset.cache.count" "rrset cache count"
p_config "infra.cache.count" "infra cache count"
p_config "key.cache.count" "key cache count"
p_config "mem.total.sbrk" "Total memory" "GAUGE"
p_config "mem.cache.rrset" "RRset cache memory" "GAUGE"
p_config "mem.cache.message" "Message cache memory" "GAUGE"
p_config "mem.mod.iterator" "Iterator module memory" "GAUGE"
p_config "mem.mod.validator" "Validator module and key cache memory" "GAUGE"
p_config "msg.cache.count" "msg cache count" "GAUGE"
p_config "rrset.cache.count" "rrset cache count" "GAUGE"
p_config "infra.cache.count" "infra cache count" "GAUGE"
p_config "key.cache.count" "key cache count" "GAUGE"
echo "graph_info The memory used by unbound."
;;
by_type)
echo "graph_title Unbound DNS queries by type"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / second"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^num.query.type" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
tp=`echo $nm | sed -e s/num.query.type.//`
p_config "$nm" "$tp"
p_config "$nm" "$tp" "ABSOLUTE"
done
echo "graph_info queries by DNS RR type queried for"
;;
by_class)
echo "graph_title Unbound DNS queries by class"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / second"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^num.query.class" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
tp=`echo $nm | sed -e s/num.query.class.//`
p_config "$nm" "$tp"
p_config "$nm" "$tp" "ABSOLUTE"
done
echo "graph_info queries by DNS RR class queried for."
;;
by_opcode)
echo "graph_title Unbound DNS queries by opcode"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / second"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^num.query.opcode" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
tp=`echo $nm | sed -e s/num.query.opcode.//`
p_config "$nm" "$tp"
p_config "$nm" "$tp" "ABSOLUTE"
done
echo "graph_info queries by opcode in the query packet."
;;
by_rcode)
echo "graph_title Unbound DNS answers by return code"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel answer packets / second"
echo "graph_vlabel answer packets / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^num.answer.rcode" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
tp=`echo $nm | sed -e s/num.answer.rcode.//`
p_config "$nm" "$tp"
p_config "$nm" "$tp" "ABSOLUTE"
done
p_config "num.answer.secure" "answer secure"
p_config "num.answer.bogus" "answer bogus"
p_config "num.rrset.bogus" "num rrsets marked bogus"
echo "graph_info answers sorted by return value. rrsets bogus is the number of rrsets marked bogus per second by the validator"
p_config "num.answer.secure" "answer secure" "ABSOLUTE"
p_config "num.answer.bogus" "answer bogus" "ABSOLUTE"
p_config "num.rrset.bogus" "num rrsets marked bogus" "ABSOLUTE"
echo "graph_info answers sorted by return value. rrsets bogus is the number of rrsets marked bogus per \${graph_period} by the validator"
;;
by_flags)
echo "graph_title Unbound DNS incoming queries by flags"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / second"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
p_config "num.query.flags.QR" "QR (query reply) flag"
p_config "num.query.flags.AA" "AA (auth answer) flag"
p_config "num.query.flags.TC" "TC (truncated) flag"
p_config "num.query.flags.RD" "RD (recursion desired) flag"
p_config "num.query.flags.RA" "RA (rec avail) flag"
p_config "num.query.flags.Z" "Z (zero) flag"
p_config "num.query.flags.AD" "AD (auth data) flag"
p_config "num.query.flags.CD" "CD (check disabled) flag"
p_config "num.query.edns.present" "EDNS OPT present"
p_config "num.query.edns.DO" "DO (DNSSEC OK) flag"
p_config "num.query.flags.QR" "QR (query reply) flag" "ABSOLUTE"
p_config "num.query.flags.AA" "AA (auth answer) flag" "ABSOLUTE"
p_config "num.query.flags.TC" "TC (truncated) flag" "ABSOLUTE"
p_config "num.query.flags.RD" "RD (recursion desired) flag" "ABSOLUTE"
p_config "num.query.flags.RA" "RA (rec avail) flag" "ABSOLUTE"
p_config "num.query.flags.Z" "Z (zero) flag" "ABSOLUTE"
p_config "num.query.flags.AD" "AD (auth data) flag" "ABSOLUTE"
p_config "num.query.flags.CD" "CD (check disabled) flag" "ABSOLUTE"
p_config "num.query.edns.present" "EDNS OPT present" "ABSOLUTE"
p_config "num.query.edns.DO" "DO (DNSSEC OK) flag" "ABSOLUTE"
echo "graph_info This graphs plots the flags inside incoming queries. For example, if QR, AA, TC, RA, Z flags are set, the query can be rejected. RD, AD, CD and DO are legitimately set by some software."
;;
histogram)
echo "graph_title Unbound DNS histogram of reply time"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / second"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
echo hcache.label "cache hits"
echo hcache.min 0
echo hcache.type ABSOLUTE
echo hcache.draw AREA
echo hcache.colour 999999
echo h64ms.label "0 msec - 66 msec"
echo h64ms.min 0
echo h64ms.type ABSOLUTE
echo h64ms.draw STACK
echo h64ms.colour 0000FF
echo h128ms.label "66 msec - 131 msec"
echo h128ms.min 0
echo h128ms.type ABSOLUTE
echo h128ms.colour 1F00DF
echo h128ms.draw STACK
echo h256ms.label "131 msec - 262 msec"
echo h256ms.min 0
echo h256ms.type ABSOLUTE
echo h256ms.draw STACK
echo h256ms.colour 3F00BF
echo h512ms.label "262 msec - 524 msec"
echo h512ms.min 0
echo h512ms.type ABSOLUTE
echo h512ms.draw STACK
echo h512ms.colour 5F009F
echo h1s.label "524 msec - 1 sec"
echo h1s.min 0
echo h1s.type ABSOLUTE
echo h1s.draw STACK
echo h1s.colour 7F007F
echo h2s.label "1 sec - 2 sec"
echo h2s.min 0
echo h2s.type ABSOLUTE
echo h2s.draw STACK
echo h2s.colour 9F005F
echo h4s.label "2 sec - 4 sec"
echo h4s.min 0
echo h4s.type ABSOLUTE
echo h4s.draw STACK
echo h4s.colour BF003F
echo h8s.label "4 sec - 8 sec"
echo h8s.min 0
echo h8s.type ABSOLUTE
echo h8s.draw STACK
echo h8s.colour DF001F
echo h16s.label "8 sec - ..."
echo h16s.min 0
echo h16s.type ABSOLUTE
echo h16s.draw STACK
echo h16s.colour FF0000
echo "graph_info Histogram of the reply times for queries."
@ -404,20 +424,6 @@ if test $value = 0 || test $value = "0.000000"; then
fi
elapsed="$value"
# print value for $1 / elapsed
print_qps ( ) {
mn=`echo $1 | sed $ABBREV | tr . _`
get_value $1
echo "$mn.value" `echo scale=6';' $value / $elapsed | bc `
}
# print qps if line already found in $2
print_qps_line ( ) {
mn=`echo $1 | sed $ABBREV | tr . _`
value="`echo $2 | sed -e 's/^.*=//'`"
echo "$mn.value" `echo scale=6';' $value / $elapsed | bc `
}
# print value for $1
print_value ( ) {
mn=`echo $1 | sed $ABBREV | tr . _`
@ -425,6 +431,14 @@ print_value ( ) {
echo "$mn.value" $value
}
# print value if line already found in $2
print_value_line ( ) {
mn=`echo $1 | sed $ABBREV | tr . _`
value="`echo $2 | sed -e 's/^.*=//'`"
echo "$mn.value" $value
}
case $id in
hits)
for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state |
@ -433,7 +447,7 @@ hits)
num.query.tcpout num.query.ipv6 unwanted.queries \
unwanted.replies; do
if grep "^"$x"=" $state >/dev/null 2>&1; then
print_qps $x
print_value $x
fi
done
;;
@ -467,38 +481,38 @@ memory)
by_type)
for x in `grep "^num.query.type" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
print_qps_line $nm $x
print_value_line $nm $x
done
;;
by_class)
for x in `grep "^num.query.class" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
print_qps_line $nm $x
print_value_line $nm $x
done
;;
by_opcode)
for x in `grep "^num.query.opcode" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
print_qps_line $nm $x
print_value_line $nm $x
done
;;
by_rcode)
for x in `grep "^num.answer.rcode" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
print_qps_line $nm $x
print_value_line $nm $x
done
print_qps "num.answer.secure"
print_qps "num.answer.bogus"
print_qps "num.rrset.bogus"
print_value "num.answer.secure"
print_value "num.answer.bogus"
print_value "num.rrset.bogus"
;;
by_flags)
for x in num.query.flags.QR num.query.flags.AA num.query.flags.TC num.query.flags.RD num.query.flags.RA num.query.flags.Z num.query.flags.AD num.query.flags.CD num.query.edns.present num.query.edns.DO; do
print_qps $x
print_value $x
done
;;
histogram)
get_value total.num.cachehits
echo hcache.value `echo scale=6';' $value / $elapsed | bc `
echo hcache.value $value
r=0
for x in histogram.000000.000000.to.000000.000001 \
histogram.000000.000001.to.000000.000002 \
@ -520,21 +534,21 @@ histogram)
get_value $x
r=`expr $r + $value`
done
echo h64ms.value `echo scale=6';' $r / $elapsed | bc `
echo h64ms.value $r
get_value histogram.000000.065536.to.000000.131072
echo h128ms.value `echo scale=6';' $value / $elapsed | bc `
echo h128ms.value $value
get_value histogram.000000.131072.to.000000.262144
echo h256ms.value `echo scale=6';' $value / $elapsed | bc `
echo h256ms.value $value
get_value histogram.000000.262144.to.000000.524288
echo h512ms.value `echo scale=6';' $value / $elapsed | bc `
echo h512ms.value $value
get_value histogram.000000.524288.to.000001.000000
echo h1s.value `echo scale=6';' $value / $elapsed | bc `
echo h1s.value $value
get_value histogram.000001.000000.to.000002.000000
echo h2s.value `echo scale=6';' $value / $elapsed | bc `
echo h2s.value $value
get_value histogram.000002.000000.to.000004.000000
echo h4s.value `echo scale=6';' $value / $elapsed | bc `
echo h4s.value $value
get_value histogram.000004.000000.to.000008.000000
echo h8s.value `echo scale=6';' $value / $elapsed | bc `
echo h8s.value $value
r=0
for x in histogram.000008.000000.to.000016.000000 \
histogram.000016.000000.to.000032.000000 \
@ -555,6 +569,6 @@ histogram)
get_value $x
r=`expr $r + $value`
done
echo h16s.value `echo scale=6';' $r / $elapsed | bc `
echo h16s.value $r
;;
esac

169
contrib/warmup.cmd
View file

@ -1,68 +1,153 @@
@echo off
rem --------------------------------------------------------------
rem -- Warm up DNS cache script by your own MRU domains
rem -- Warm up DNS cache script by your own MRU domains or from
rem -- file when it specified as script argument.
rem --
rem -- Version 1.0
rem -- Version 1.1
rem -- By Yuri Voinov (c) 2014
rem --------------------------------------------------------------
rem DNS host address
set address="127.0.0.1"
rem Check dig installed
for /f "delims=" %%a in ('where dig') do @set dig=%%a
if /I "%dig%"=="" echo Dig not found. If installed, add path to PATH environment variable. & exit 1
echo Dig found: %dig%
echo Warming up cache by MRU domains...
rem dig -f my_domains 1>nul 2>nul
rem echo Done.
set arg=%1%
if defined %arg% (goto builtin) else (goto from_file)
:builtin
echo Warming up cache by MRU domains...
for %%a in (
mail.ru
my.mail.ru
mra.mail.ru
2gis.ru
admir.kz
adobe.com
agent.mail.ru
news.mail.ru
icq.com
lenta.ru
gazeta.ru
peerbet.ru
www.opennet.ru
snob.ru
aimp.ru
akamai.com
akamai.net
almaty.tele2.kz
aol.com
apple.com
arin.com
artlebedev.ru
mail.google.com
translate.google.com
auto.mail.ru
beeline.kz
bing.com
blogspot.com
comodo.com
dnscrypt.org
drive.google.com
drive.mail.ru
facebook.com
farmanager.com
fb.com
firefox.com
forum.farmanager.com
gazeta.ru
getsharex.com
gismeteo.ru
google.com
google.kz
drive.google.com
blogspot.com
farmanager.com
forum.farmanager.com
google.ru
googlevideo.com
goto.kz
iana.org
icq.com
imap.mail.ru
instagram.com
intel.com
irr.kz
java.com
kaspersky.com
kaspersky.ru
kcell.kz
krisha.kz
lady.mail.ru
lenta.ru
libreoffice.org
linkedin.com
livejournal.com
mail.google.com
mail.ru
microsoft.com
mozilla.org
mra.mail.ru
munin-monitoring.org
my.mail.ru
news.bbcimg.co.uk
news.mail.ru
newsimg.bbc.net.uk
nvidia.com
odnoklassniki.ru
ok.ru
opencsw.org
opendns.com
opendns.org
opennet.ru
opera.com
oracle.com
peerbet.ru
piriform.com
plugring.farmanager.com
privoxy.org
qip.ru
raidcall.com
rambler.ru
reddit.com
ru.wikipedia.org
shallalist.de
skype.com
snob.ru
squid-cache.org
squidclamav.darold.net
squidguard.org
ssl.comodo.com
ssl.verisign.com
symantec.com
symantecliveupdate.com
shalla.de
torstatus.blutmagie.de
torproject.org
dnscrypt.org
unbound.net
getsharex.com
skype.com
vlc.org
aimp.ru
mozilla.org
libreoffice.org
piriform.com
raidcall.com
nvidia.com
intel.com
microsoft.com
windowsupdate.com
ru.wikipedia.org
www.bbc.co.uk
tele2.kz
tengrinews.kz
) do "%dig%" %%a 1>nul 2>nul
thunderbird.com
torproject.org
torstatus.blutmagie.de
translate.google.com
unbound.net
verisign.com
vk.com
vk.me
vk.ru
vkontakte.com
vkontakte.ru
vlc.org
watsapp.net
weather.mail.ru
windowsupdate.com
www.baidu.com
www.bbc.co.uk
www.internic.net
www.opennet.ru
www.topgear.com
ya.ru
yahoo.com
yandex.com
yandex.ru
youtube.com
ytimg.com
) do "%dig%" %%a @%address% 1>nul 2>nul
goto end
:from_file
echo Warming up cache from %1% file...
%dig% -f %arg% @%address% 1>nul 2>nul
:end
echo Saving cache...
unbound_cache.cmd -s
if exist unbound_cache.cmd unbound_cache.cmd -s
echo Done.
exit 0

163
contrib/warmup.sh
View file

@ -1,65 +1,150 @@
#!/bin/sh
# --------------------------------------------------------------
# -- Warm up DNS cache script by your own MRU domains
# -- Warm up DNS cache script by your own MRU domains or from
# -- file when it specified as script argument.
# --
# -- Version 1.0
# -- Version 1.1
# -- By Yuri Voinov (c) 2014
# --------------------------------------------------------------
# Default DNS host address
address="127.0.0.1"
cat=`which cat`
dig=`which dig`
if [ -z "$1" ]; then
echo "Warming up cache by MRU domains..."
$dig -f - >/dev/null 2>&1 <<EOT
mail.ru
my.mail.ru
mra.mail.ru
$dig -f - @$address >/dev/null 2>&1 <<EOT
2gis.ru
admir.kz
adobe.com
agent.mail.ru
news.mail.ru
icq.com
lenta.ru
gazeta.ru
peerbet.ru
www.opennet.ru
snob.ru
aimp.ru
akamai.com
akamai.net
almaty.tele2.kz
aol.com
apple.com
arin.com
artlebedev.ru
mail.google.com
translate.google.com
auto.mail.ru
beeline.kz
bing.com
blogspot.com
clamav.net
comodo.com
dnscrypt.org
drive.google.com
drive.mail.ru
facebook.com
farmanager.com
fb.com
firefox.com
forum.farmanager.com
gazeta.ru
getsharex.com
gismeteo.ru
google.com
google.kz
drive.google.com
blogspot.com
farmanager.com
forum.farmanager.com
google.ru
googlevideo.com
goto.kz
iana.org
icq.com
imap.mail.ru
instagram.com
instagram.com
intel.com
irr.kz
java.com
kaspersky.com
kaspersky.ru
kcell.kz
krisha.kz
lady.mail.ru
lenta.ru
libreoffice.org
linkedin.com
livejournal.com
mail.google.com
mail.ru
microsoft.com
mozilla.org
mra.mail.ru
munin-monitoring.org
my.mail.ru
news.bbcimg.co.uk
news.mail.ru
newsimg.bbc.net.uk
nvidia.com
odnoklassniki.ru
ok.ru
opencsw.org
opendns.com
opendns.org
opennet.ru
opera.com
oracle.com
peerbet.ru
piriform.com
plugring.farmanager.com
privoxy.org
qip.ru
raidcall.com
rambler.ru
reddit.com
ru.wikipedia.org
shallalist.de
skype.com
snob.ru
squid-cache.org
squidclamav.darold.net
squidguard.org
ssl.comodo.com
ssl.verisign.com
symantec.com
symantecliveupdate.com
shalla.de
torstatus.blutmagie.de
torproject.org
dnscrypt.org
unbound.net
getsharex.com
skype.com
vlc.org
aimp.ru
mozilla.org
libreoffice.org
piriform.com
raidcall.com
nvidia.com
intel.com
microsoft.com
windowsupdate.com
ru.wikipedia.org
www.bbc.co.uk
tele2.kz
tengrinews.kz
thunderbird.com
torproject.org
torstatus.blutmagie.de
translate.google.com
unbound.net
verisign.com
vk.com
vk.me
vk.ru
vkontakte.com
vkontakte.ru
vlc.org
watsapp.net
weather.mail.ru
windowsupdate.com
www.baidu.com
www.bbc.co.uk
www.internic.net
www.opennet.ru
www.topgear.com
ya.ru
yahoo.com
yandex.com
yandex.ru
youtube.com
ytimg.com
EOT
else
echo "Warming up cache from $1 file..."
$cat $1 | $dig -f - @$address >/dev/null 2>&1
fi
echo "Done."
echo "Saving cache..."
/usr/local/bin/unbound_cache.sh -s
script=`which unbound_cache.sh`
[ -f "$script" ] && $script -s
echo "Done."
exit 0

4
daemon/remote.c
View file

@ -327,9 +327,13 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
* group as the user we run as.
*/
if(fd != -1) {
#ifdef HAVE_CHOWN
if (cfg->username && cfg->username[0])
chown(ip, cfg->uid, cfg->gid);
chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
#else
(void)cfg;
#endif
}
} else {
hints.ai_socktype = SOCK_STREAM;

4
daemon/unbound.c
View file

@ -504,16 +504,18 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
if(cfg->pidfile && cfg->pidfile[0]) {
writepid(daemon->pidfile, getpid());
if(cfg->username && cfg->username[0]) {
# ifdef HAVE_CHOWN
if(chown(daemon->pidfile, cfg->uid, cfg->gid) == -1) {
log_err("cannot chown %u.%u %s: %s",
(unsigned)cfg->uid, (unsigned)cfg->gid,
daemon->pidfile, strerror(errno));
}
# endif /* HAVE_CHOWN */
}
}
#else
(void)daemon;
#endif
#endif /* HAVE_KILL */
/* Set user context */
#ifdef HAVE_GETPWNAM

2
daemon/worker.c
View file

@ -900,7 +900,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
goto send_reply;
}
if(local_zones_answer(worker->daemon->local_zones, &qinfo, &edns,
c->buffer, worker->scratchpad)) {
c->buffer, worker->scratchpad, repinfo)) {
regional_free_all(worker->scratchpad);
if(sldns_buffer_limit(c->buffer) == 0) {
comm_point_drop_reply(repinfo);

88
doc/Changelog
View file

@ -1,12 +1,94 @@
8 December 2014: Wouter
- Fix CVE-2014-8602: denial of service by making resolver chase
endless series of delegations.
13 February 2015: Wouter
- Fix #643: doc/example.conf.in: unnecessary whitespace.
12 February 2015: Wouter
- tag 1.5.2rc1
11 February 2015: Wouter
- iana portlist update.
10 February 2015: Wouter
- Fix scrubber with harden-glue turned off to reject NS (and other
not-address) records.
9 February 2015: Wouter
- Fix validation failure in case upstream forwarder (ISC BIND) does
not have the same trust anchors and decides to insert unsigned NS
record in authority section.
2 February 2015: Wouter
- infra-cache-min-rtt patch from Florian Riehm, for expected long
uplink roundtrip times.
30 January 2015: Wouter
- Fix 0x20 capsforid fallback to omit gratuitous NS and additional
section changes.
- Portability fix for Solaris ('sun' is not usable for a variable).
29 January 2015: Wouter
- Fix pyunbound byte string representation for python3.
26 January 2015: Wouter
- Fix unintended use of gcc extension for incomplete enum types,
compile with pedantic c99 compliance (from Daniel Dickman).
23 January 2015: Wouter
- windows port fixes, no AF_LOCAL, no chown, no chmod(grp).
16 January 2015: Wouter
- unit test for local unix connection. Documentation and log_addr
does not inspect port for AF_LOCAL.
- unbound-checkconf -f prints chroot with pidfile path.
13 January 2015: Wouter
- iana portlist update.
12 January 2015: Wouter
- Cast sun_len sizeof to socklen_t.
- Fix pyunbound ord call, portable for python 2 and 3.
7 January 2015: Wouter
- Fix warnings in pythonmod changes.
6 January 2015: Wouter
- iana portlist update.
- patch for remote control over local sockets, from Dag-Erling
Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and
control-use-cert: no.
- Fixup that patch and uid lookup (only for daemon).
- coded the default of control-use-cert, to yes.
5 January 2015: Wouter
- getauxval test for ppc64 linux compatibility.
- make strip works for unbound-host and unbound-anchor.
- patch from Stephane Lapie that adds to the python API, that
exposes struct delegpt, and adds the find_delegation function.
- print query name when max target count is exceeded.
- patch from Stuart Henderson that fixes DESTDIR in
unbound-control-setup for installs where config is not in
the prefix location.
- Fix #634: fix fail to start on Linux LTS 3.14.X, ignores missing
IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne).
- Updated contrib warmup.cmd/sh to support two modes - load
from pre-defined list of domains or (with filename as argument)
load from user-specified list of domains, and updated contrib
unbound_cache.sh/cmd to support loading/save/reload cache to/from
default path or (with secondary argument) arbitrary path/filename,
from Yuri Voinov.
- Patch from Philip Paeps to contrib/unbound_munin_ that uses
type ABSOLUTE. Allows munin.conf: [idleserver.example.net]
unbound_munin_hits.graph_period minute
9 December 2014: Wouter
- svn trunk has 1.5.2 in development.
- config.guess and config.sub update from libtoolize.
- local-zone: example.com inform makes unbound log a message with
client IP for queries in that zone. Eg. for finding infected hosts.
8 December 2014: Wouter
- Fix CVE-2014-8602: denial of service by making resolver chase
endless series of delegations.
1 December 2014: Wouter
- Fix bug#632: unbound fails to build on AArch64, protects
getentropy compat code from calling sysctl if it is has been removed.

2
doc/README
View file

@ -1,4 +1,4 @@
README for Unbound 1.5.1
README for Unbound 1.5.2
Copyright 2007 NLnet Labs
http://unbound.net

12
doc/example.conf.in
View file

@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.5.1.
# See unbound.conf(5) man page, version 1.5.2.
#
# this is a comment.
@ -138,6 +138,9 @@ server:
# the time to live (TTL) value for cached roundtrip times, lameness and
# EDNS version information for hosts. In seconds.
# infra-host-ttl: 900
# minimum wait time for responses, increase if uplink is long. In msec.
# infra-cache-min-rtt: 50
# the number of slabs to use for the Infrastructure cache.
# the number of slabs must be a power of 2.
@ -437,7 +440,7 @@ server:
# the amount of memory to use for the negative cache (used for DLV).
# plain value in bytes or you can append k, m or G. default is "1Mb".
# neg-cache-size: 1m
# By default, for a number of zones a small default 'nothing here'
# reply is built-in. Query traffic is thus blocked. If you
# wish to serve such zone you can unblock them by uncommenting one
@ -497,6 +500,7 @@ server:
# o redirect serves the zone data for any subdomain in the zone.
# o nodefault can be used to normally resolve AS112 zones.
# o typetransparent resolves normally for other types and other names
# o inform resolves normally, but logs client IP address
#
# defaults are localhost address, reverse for 127.0.0.1 and ::1
# and nxdomain for AS112 zones. If you configure one of these zones
@ -552,6 +556,10 @@ remote-control:
# set up the keys and certificates with unbound-control-setup.
# control-enable: no
# Set to no and use an absolute path as control-interface to use
# a unix local named pipe for unbound-control.
# control-use-cert: yes
# what interfaces are listened to for remote control.
# give 0.0.0.0 and ::0 to listen to all interfaces.
# control-interface: 127.0.0.1

4
doc/libunbound.3.in
View file

@ -1,4 +1,4 @@
.TH "libunbound" "3" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
.TH "libunbound" "3" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@ -42,7 +42,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.5.1 functions.
\- Unbound DNS validating resolver 1.5.2 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP

2
doc/unbound-anchor.8.in
View file

@ -1,4 +1,4 @@
.TH "unbound-anchor" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
.TH "unbound-anchor" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"

6
doc/unbound-checkconf.8.in
View file

@ -1,4 +1,4 @@
.TH "unbound-checkconf" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
.TH "unbound-checkconf" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"
@ -13,6 +13,7 @@ unbound\-checkconf
.SH "SYNOPSIS"
.B unbound\-checkconf
.RB [ \-h ]
.RB [ \-f ]
.RB [ \-o
.IR option ]
.RI [ cfgfile ]
@ -29,6 +30,9 @@ The available options are:
.B \-h
Show the version and commandline option help.
.TP
.B \-f
Print full pathname, with chroot applied to it. Use with the -o option.
.TP
.B \-o\fI option
If given, after checking the config file the value of this option is
printed to stdout. For "" (disabled) options an empty line is printed.

2
doc/unbound-control.8.in
View file

@ -1,4 +1,4 @@
.TH "unbound-control" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
.TH "unbound-control" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"

2
doc/unbound-host.1.in
View file

@ -1,4 +1,4 @@
.TH "unbound\-host" "1" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
.TH "unbound\-host" "1" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"

4
doc/unbound.8.in
View file

@ -1,4 +1,4 @@
.TH "unbound" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
.TH "unbound" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
.\"
.\" unbound.8 -- unbound manual
.\"
@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
\- Unbound DNS validating resolver 1.5.1.
\- Unbound DNS validating resolver 1.5.2.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]

16
doc/unbound.conf.5.in
View file

@ -1,4 +1,4 @@
.TH "unbound.conf" "5" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
.TH "unbound.conf" "5" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@ -301,6 +301,11 @@ by threads. Must be set to a power of 2.
.B infra\-cache\-numhosts: \fI<number>
Number of hosts for which information is cached. Default is 10000.
.TP
.B infra\-cache\-min\-rtt: \fI<msec>
Lower limit for dynamic retransmit timeout calculation in infrastructure
cache. Default is 50 milliseconds. Increase this value if using forwarders
needing more time to do recursive name resolution.
.TP
.B do\-ip4: \fI<yes or no>
Enable or disable whether ip4 queries are answered or issued. Default is yes.
.TP
@ -791,7 +796,7 @@ data leakage about the local network to the upstream DNS servers.
.B local\-zone: \fI<zone> <type>
Configure a local zone. The type determines the answer to give if
there is no match from local\-data. The types are deny, refuse, static,
transparent, redirect, nodefault, typetransparent, and are explained
transparent, redirect, nodefault, typetransparent, inform, and are explained
below. After that the default settings are listed. Use local\-data: to
enter data into the local zone. Answers for local zones are authoritative
DNS answers. By default the zones are class IN.
@ -841,6 +846,13 @@ local\-data: "example.com. A 127.0.0.1"
queries for www.example.com and www.foo.example.com are redirected, so
that users with web browsers cannot access sites with suffix example.com.
.TP 10
\h'5'\fIinform\fR
The query is answered normally. The client IP address (@portnumber)
is printed to the logfile. The log message is: timestamp, unbound-pid,
info: zonename inform IP@port queryname type class. This option can be
used for normal resolution, but machines looking up infected names are
logged, eg. to run antivirus on them.
.TP 10
\h'5'\fInodefault\fR
Used to turn off default contents for AS112 zones. The other types
also turn off default contents for the zone. The 'nodefault' option

4
iterator/iter_scrub.c
View file

@ -680,7 +680,9 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
* (we dont want its glue that was approved
* during the normalize action) */
del_addi = 1;
} else if(!env->cfg->harden_glue) {
} else if(!env->cfg->harden_glue && (
rrset->type == LDNS_RR_TYPE_A ||
rrset->type == LDNS_RR_TYPE_AAAA)) {
/* store in cache! Since it is relevant
* (from normalize) it will be picked up
* from the cache to be used later */

36
iterator/iter_utils.c
View file

@ -714,6 +714,42 @@ reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region)
return 1;
}
void
caps_strip_reply(struct reply_info* rep)
{
size_t i;
if(!rep) return;
/* see if message is a referral, in which case the additional and
* NS record cannot be removed */
/* referrals have the AA flag unset (strict check, not elsewhere in
* unbound, but for 0x20 this is very convenient). */
if(!(rep->flags&BIT_AA))
return;
/* remove the additional section from the reply */
if(rep->ar_numrrsets != 0) {
verbose(VERB_ALGO, "caps fallback: removing additional section");
rep->rrset_count -= rep->ar_numrrsets;
rep->ar_numrrsets = 0;
}
/* is there an NS set in the authority section to remove? */
/* the failure case (Cisco firewalls) only has one rrset in authsec */
for(i=rep->an_numrrsets; i<rep->an_numrrsets+rep->ns_numrrsets; i++) {
struct ub_packed_rrset_key* s = rep->rrsets[i];
if(ntohs(s->rk.type) == LDNS_RR_TYPE_NS) {
/* remove NS rrset and break from loop (loop limits
* have changed) */
/* move last rrset into this position (there is no
* additional section any more) */
verbose(VERB_ALGO, "caps fallback: removing NS rrset");
if(i < rep->rrset_count-1)
rep->rrsets[i]=rep->rrsets[rep->rrset_count-1];
rep->rrset_count --;
rep->ns_numrrsets --;
break;
}
}
}
void
iter_store_parentside_rrset(struct module_env* env,
struct ub_packed_rrset_key* rrset)

9
iterator/iter_utils.h
View file

@ -222,6 +222,15 @@ int iter_msg_from_zone(struct dns_msg* msg, struct delegpt* dp,
*/
int reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region);
/**
* Remove unused bits from the reply if possible.
* So that caps-for-id (0x20) fallback is more likely to be successful.
* This removes like, the additional section, and NS record in the authority
* section if those records are gratuitous (not for a referral).
* @param rep: the reply to strip stuff out of.
*/
void caps_strip_reply(struct reply_info* rep);
/**
* Store parent-side rrset in seperate rrset cache entries for later
* last-resort * lookups in case the child-side versions of this information

15
iterator/iterator.c
View file

@ -1383,8 +1383,10 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq,
return 0;
if(iq->depth > 0 && iq->target_count &&
iq->target_count[1] > MAX_TARGET_COUNT) {
verbose(VERB_QUERY, "request has exceeded the maximum "
"number of glue fetches %d", iq->target_count[1]);
char s[LDNS_MAX_DOMAINLEN+1];
dname_str(qstate->qinfo.qname, s);
verbose(VERB_QUERY, "request %s has exceeded the maximum "
"number of glue fetches %d", s, iq->target_count[1]);
return 0;
}
@ -1581,8 +1583,10 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
}
if(iq->depth > 0 && iq->target_count &&
iq->target_count[1] > MAX_TARGET_COUNT) {
verbose(VERB_QUERY, "request has exceeded the maximum "
"number of glue fetches %d", iq->target_count[1]);
char s[LDNS_MAX_DOMAINLEN+1];
dname_str(qstate->qinfo.qname, s);
verbose(VERB_QUERY, "request %s has exceeded the maximum "
"number of glue fetches %d", s, iq->target_count[1]);
return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
}
/* mark cycle targets for parent-side lookups */
@ -2878,6 +2882,9 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq,
iq->response->rep);
if(event == module_event_capsfail || iq->caps_fallback) {
/* for fallback we care about main answer, not additionals */
/* removing that makes comparison more likely to succeed */
caps_strip_reply(iq->response->rep);
if(!iq->caps_fallback) {
/* start fallback */
iq->caps_fallback = 1;

6
libunbound/libworker.c
View file

@ -606,7 +606,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
if(local_zones_answer(ctx->local_zones, &qinfo, &edns,
w->back->udp_buff, w->env->scratch)) {
w->back->udp_buff, w->env->scratch, NULL)) {
regional_free_all(w->env->scratch);
libworker_fillup_fg(q, LDNS_RCODE_NOERROR,
w->back->udp_buff, sec_status_insecure, NULL);
@ -676,7 +676,7 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q,
sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
if(local_zones_answer(ctx->local_zones, &qinfo, &edns,
w->back->udp_buff, w->env->scratch)) {
w->back->udp_buff, w->env->scratch, NULL)) {
regional_free_all(w->env->scratch);
free(qinfo.qname);
libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
@ -796,7 +796,7 @@ handle_newq(struct libworker* w, uint8_t* buf, uint32_t len)
sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
if(local_zones_answer(w->ctx->local_zones, &qinfo, &edns,
w->back->udp_buff, w->env->scratch)) {
w->back->udp_buff, w->env->scratch, NULL)) {
regional_free_all(w->env->scratch);
q->msg_security = sec_status_insecure;
add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL);

8
libunbound/python/libunbound.i
View file

@ -44,6 +44,10 @@
%pythoncode %{
import encodings.idna
try:
import builtins
except ImportError:
import __builtin__ as builtins
# Ensure compatibility with older python versions
if 'bytes' not in vars():
@ -52,7 +56,7 @@
def ord(s):
if isinstance(s, int):
return s
return __builtins__.ord(s)
return builtins.ord(s)
%}
//%include "doc.i"
@ -699,7 +703,7 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
while (idx < slen):
complen = ord(s[idx])
# In python 3.x `str()` converts the string to unicode which is the expected text string type
res.append(str(s[idx+1:idx+1+complen]))
res.append(str(s[idx+1:idx+1+complen].decode()))
idx += complen + 1
return res

155
pythonmod/interface.i
View file

@ -26,6 +26,9 @@
#include "util/storage/lruhash.h"
#include "services/cache/dns.h"
#include "services/mesh.h"
#include "iterator/iter_delegpt.h"
#include "iterator/iter_hints.h"
#include "iterator/iter_utils.h"
#include "ldns/wire2str.h"
#include "ldns/str2wire.h"
#include "ldns/pkthdr.h"
@ -671,6 +674,99 @@ struct config_file {
char* python_script;
};
/* ************************************************************************************ *
ASN: Adding structures related to forwards_lookup and dns_cache_find_delegation
* ************************************************************************************ */
struct delegpt_ns {
struct delegpt_ns* next;
int resolved;
uint8_t got4;
uint8_t got6;
uint8_t lame;
uint8_t done_pside4;
uint8_t done_pside6;
};
struct delegpt_addr {
struct delegpt_addr* next_result;
struct delegpt_addr* next_usable;
struct delegpt_addr* next_target;
int attempts;
int sel_rtt;
int bogus;
int lame;
};
struct delegpt {
int namelabs;
struct delegpt_ns* nslist;
struct delegpt_addr* target_list;
struct delegpt_addr* usable_list;
struct delegpt_addr* result_list;
int bogus;
uint8_t has_parent_side_NS;
uint8_t dp_type_mlc;
};
%inline %{
PyObject* _get_dp_dname(struct delegpt* dp) {
return PyString_FromStringAndSize((char*)dp->name, dp->namelen);
}
PyObject* _get_dp_dname_components(struct delegpt* dp) {
return GetNameAsLabelList((char*)dp->name, dp->namelen);
}
PyObject* _get_dpns_dname(struct delegpt_ns* dpns) {
return PyString_FromStringAndSize((char*)dpns->name, dpns->namelen);
}
PyObject* _get_dpns_dname_components(struct delegpt_ns* dpns) {
return GetNameAsLabelList((char*)dpns->name, dpns->namelen);
}
PyObject* _delegpt_addr_addr_get(struct delegpt_addr* target) {
char dest[64];
delegpt_addr_addr2str(target, dest, 64);
if (dest[0] == 0)
return Py_None;
return PyString_FromString(dest);
}
%}
%extend delegpt {
%pythoncode %{
__swig_getmethods__["dname"] = _unboundmodule._get_dp_dname
if _newclass:dname = _swig_property(_unboundmodule._get_dp_dname)
__swig_getmethods__["dname_list"] = _unboundmodule._get_dp_dname_components
if _newclass:dname_list = _swig_property(_unboundmodule._get_dp_dname_components)
def _get_dname_str(self): return dnameAsStr(self.dname)
__swig_getmethods__["dname_str"] = _get_dname_str
if _newclass:dname_str = _swig_property(_get_dname_str)
%}
}
%extend delegpt_ns {
%pythoncode %{
__swig_getmethods__["dname"] = _unboundmodule._get_dpns_dname
if _newclass:dname = _swig_property(_unboundmodule._get_dpns_dname)
__swig_getmethods__["dname_list"] = _unboundmodule._get_dpns_dname_components
if _newclass:dname_list = _swig_property(_unboundmodule._get_dpns_dname_components)
def _get_dname_str(self): return dnameAsStr(self.dname)
__swig_getmethods__["dname_str"] = _get_dname_str
if _newclass:dname_str = _swig_property(_get_dname_str)
%}
}
%extend delegpt_addr {
%pythoncode %{
def _addr_get(self): return _delegpt_addr_addr_get(self)
__swig_getmethods__["addr"] = _addr_get
if _newclass:addr = _swig_property(_addr_get)
%}
}
/* ************************************************************************************ *
Enums
* ************************************************************************************ */
@ -879,6 +975,65 @@ int set_return_msg(struct module_qstate* qstate,
return status
%}
/* ************************************************************************************ *
ASN: Delegation pointer related functions
* ************************************************************************************ */
/* Functions which we will need to lookup delegations */
struct delegpt* dns_cache_find_delegation(struct module_env* env,
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
struct regional* region, struct dns_msg** msg, uint32_t timenow);
int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
struct delegpt* dp);
struct iter_hints_stub* hints_lookup_stub(struct iter_hints* hints,
uint8_t* qname, uint16_t qclass, struct delegpt* dp);
/* Custom function to perform logic similar to the one in daemon/cachedump.c */
struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t nmlen);
%{
#define BIT_RD 0x100
struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t nmlen)
{
struct delegpt *dp;
struct dns_msg *msg = NULL;
struct regional* region = qstate->env->scratch;
char b[260];
struct query_info qinfo;
struct iter_hints_stub* stub;
uint32_t timenow = *qstate->env->now;
regional_free_all(region);
qinfo.qname = (uint8_t*)nm;
qinfo.qname_len = nmlen;
qinfo.qtype = LDNS_RR_TYPE_A;
qinfo.qclass = LDNS_RR_CLASS_IN;
while(1) {
dp = dns_cache_find_delegation(qstate->env, (uint8_t*)nm, nmlen, qinfo.qtype, qinfo.qclass, region, &msg, timenow);
if(!dp)
return NULL;
if(iter_dp_is_useless(&qinfo, BIT_RD, dp)) {
if (dname_is_root((uint8_t*)nm))
return NULL;
nm = (char*)dp->name;
nmlen = dp->namelen;
dname_remove_label((uint8_t**)&nm, &nmlen);
dname_str((uint8_t*)nm, b);
continue;
}
stub = hints_lookup_stub(qstate->env->hints, qinfo.qname, qinfo.qclass, dp);
if (stub) {
return stub->dp;
} else {
return dp;
}
}
return NULL;
}
%}
/* ************************************************************************************ *
Functions
* ************************************************************************************ */

15
pythonmod/pythonmod_utils.c
View file

@ -48,6 +48,7 @@
#include "util/data/msgreply.h"
#include "util/storage/slabhash.h"
#include "util/regional.h"
#include "iterator/iter_delegpt.h"
#include "ldns/sbuffer.h"
#undef _POSIX_C_SOURCE
@ -176,3 +177,17 @@ void reply_addr2str(struct comm_reply* reply, char* dest, int maxlen)
return;
dest[maxlen-1] = 0;
}
/* Convert target->addr to string */
void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest, int maxlen)
{
int af = (int)((struct sockaddr_in*) &(target->addr))->sin_family;
void* sinaddr = &((struct sockaddr_in*) &(target->addr))->sin_addr;
if(af == AF_INET6)
sinaddr = &((struct sockaddr_in6*)&(target->addr))->sin6_addr;
dest[0] = 0;
if (inet_ntop(af, sinaddr, dest, (socklen_t)maxlen) == 0)
return;
dest[maxlen-1] = 0;
}

4
pythonmod/pythonmod_utils.h
View file

@ -42,6 +42,7 @@
#define PYTHONMOD_UTILS_H
#include "util/module.h"
struct delegpt_addr;
/**
* Store the reply_info and query_info pair in message cache (qstate->msg_cache)
@ -86,4 +87,7 @@ int createResponse(struct module_qstate* qstate, sldns_buffer* pkt);
*/
void reply_addr2str(struct comm_reply* reply, char* dest, int maxlen);
/* Convert target->addr to string */
void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest, int maxlen);
#endif /* PYTHONMOD_UTILS_H */

66
services/listen_dnsport.c
View file

@ -372,29 +372,47 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
* (and also uses the interface mtu to determine the size of the packets).
* So there won't be any EMSGSIZE error. Against DNS fragmentation attacks.
* FreeBSD already has same semantics without setting the option. */
# if defined(IP_PMTUDISC_OMIT)
int action = IP_PMTUDISC_OMIT;
# else
int action = IP_PMTUDISC_DONT;
# endif
int omit_set = 0;
int action;
# if defined(IP_PMTUDISC_OMIT)
action = IP_PMTUDISC_OMIT;
if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
&action, (socklen_t)sizeof(action)) < 0) {
log_err("setsockopt(..., IP_MTU_DISCOVER, "
# if defined(IP_PMTUDISC_OMIT)
"IP_PMTUDISC_OMIT"
# else
"IP_PMTUDISC_DONT"
# endif
"...) failed: %s",
strerror(errno));
if (errno != EINVAL) {
log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s",
strerror(errno));
# ifndef USE_WINSOCK
close(s);
close(s);
# else
closesocket(s);
closesocket(s);
# endif
*noproto = 0;
*inuse = 0;
return -1;
*noproto = 0;
*inuse = 0;
return -1;
}
}
else
{
omit_set = 1;
}
# endif
if (omit_set == 0) {
action = IP_PMTUDISC_DONT;
if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
&action, (socklen_t)sizeof(action)) < 0) {
log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s",
strerror(errno));
# ifndef USE_WINSOCK
close(s);
# else
closesocket(s);
# endif
*noproto = 0;
*inuse = 0;
return -1;
}
}
# elif defined(IP_DONTFRAG)
int off = 0;
@ -580,15 +598,16 @@ create_local_accept_sock(const char *path, int* noproto)
{
#ifdef HAVE_SYS_UN_H
int s;
struct sockaddr_un sun;
struct sockaddr_un usock;
verbose(VERB_ALGO, "creating unix socket %s", path);
#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
/* this member exists on BSDs, not Linux */
sun.sun_len = (sa_family_t)sizeof(sun);
usock.sun_len = (socklen_t)sizeof(usock);
#endif
sun.sun_family = AF_LOCAL;
usock.sun_family = AF_LOCAL;
/* length is 92-108, 104 on FreeBSD */
(void)strlcpy(sun.sun_path, path, sizeof(sun.sun_path));
(void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path));
if ((s = socket(PF_LOCAL, SOCK_STREAM, 0)) == -1) {
log_err("Cannot create local socket %s (%s)",
@ -603,7 +622,7 @@ create_local_accept_sock(const char *path, int* noproto)
return -1;
}
if (bind(s, (struct sockaddr *)&sun,
if (bind(s, (struct sockaddr *)&usock,
(socklen_t)sizeof(struct sockaddr_un)) == -1) {
log_err("Cannot bind local socket %s (%s)",
path, strerror(errno));
@ -623,6 +642,7 @@ create_local_accept_sock(const char *path, int* noproto)
(void)noproto; /*unused*/
return s;
#else
(void)path;
log_err("Local sockets are not supported");
*noproto = 1;
return -1;

29
services/localzone.c
View file

@ -48,6 +48,7 @@
#include "util/data/packed_rrset.h"
#include "util/data/msgencode.h"
#include "util/net_help.h"
#include "util/netevent.h"
#include "util/data/msgreply.h"
#include "util/data/msgparse.h"
@ -1022,6 +1023,10 @@ void local_zones_print(struct local_zones* zones)
log_nametypeclass(0, "static zone",
z->name, 0, z->dclass);
break;
case local_zone_inform:
log_nametypeclass(0, "inform zone",
z->name, 0, z->dclass);
break;
default:
log_nametypeclass(0, "badtyped zone",
z->name, 0, z->dclass);
@ -1169,9 +1174,25 @@ lz_zone_answer(struct local_zone* z, struct query_info* qinfo,
return 0;
}
/** print log information for an inform zone query */
static void
lz_inform_print(struct local_zone* z, struct query_info* qinfo,
struct comm_reply* repinfo)
{
char ip[128], txt[512];
char zname[LDNS_MAX_DOMAINLEN+1];
uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
dname_str(z->name, zname);
addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip,
(unsigned)port);
log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass);
}
int
local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
struct edns_data* edns, sldns_buffer* buf, struct regional* temp)
struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
struct comm_reply* repinfo)
{
/* see if query is covered by a zone,
* if so: - try to match (exact) local data
@ -1190,6 +1211,9 @@ local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
lock_rw_rdlock(&z->lock);
lock_rw_unlock(&zones->lock);
if(z->type == local_zone_inform && repinfo)
lz_inform_print(z, qinfo, repinfo);
if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) {
lock_rw_unlock(&z->lock);
return 1;
@ -1209,6 +1233,7 @@ const char* local_zone_type2str(enum localzone_type t)
case local_zone_typetransparent: return "typetransparent";
case local_zone_static: return "static";
case local_zone_nodefault: return "nodefault";
case local_zone_inform: return "inform";
}
return "badtyped";
}
@ -1227,6 +1252,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t)
*t = local_zone_typetransparent;
else if(strcmp(type, "redirect") == 0)
*t = local_zone_redirect;
else if(strcmp(type, "inform") == 0)
*t = local_zone_inform;
else return 0;
return 1;
}

9
services/localzone.h
View file

@ -49,6 +49,7 @@ struct config_file;
struct edns_data;
struct query_info;
struct sldns_buffer;
struct comm_reply;
/**
* Local zone type
@ -70,7 +71,9 @@ enum localzone_type {
local_zone_redirect,
/** remove default AS112 blocking contents for zone
* nodefault is used in config not during service. */
local_zone_nodefault
local_zone_nodefault,
/** log client address, but no block (transparent) */
local_zone_inform
};
/**
@ -220,12 +223,14 @@ void local_zones_print(struct local_zones* zones);
* @param edns: edns info (parsed).
* @param buf: buffer with query ID and flags, also for reply.
* @param temp: temporary storage region.
* @param repinfo: source address for checks. may be NULL.
* @return true if answer is in buffer. false if query is not answered
* by authority data. If the reply should be dropped altogether, the return
* value is true, but the buffer is cleared (empty).
*/
int local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp);
struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp,
struct comm_reply* repinfo);
/**
* Parse the string into localzone type.

20
smallapp/unbound-checkconf.c
View file

@ -78,6 +78,7 @@ usage()
printf(" Checks unbound configuration file for errors.\n");
printf("file if omitted %s is used.\n", CONFIGFILE);
printf("-o option print value of option to stdout.\n");
printf("-f output full pathname with chroot applied, eg. with -o pidfile.\n");
printf("-h show this usage help.\n");
printf("Version %s\n", PACKAGE_VERSION);
printf("BSD licensed, see LICENSE in source package for details.\n");
@ -90,10 +91,15 @@ usage()
* @param cfg: config
* @param opt: option name without trailing :.
* This is different from config_set_option.
* @param final: if final pathname with chroot applied has to be printed.
*/
static void
print_option(struct config_file* cfg, const char* opt)
print_option(struct config_file* cfg, const char* opt, int final)
{
if(strcmp(opt, "pidfile") == 0 && final) {
printf("%s\n", fname_after_chroot(cfg->pidfile, cfg, 1));
return;
}
if(!config_get_option(cfg, opt, config_print_func, stdout))
fatal_exit("cannot print option '%s'", opt);
}
@ -456,7 +462,7 @@ check_hints(struct config_file* cfg)
/** check config file */
static void
checkconf(const char* cfgfile, const char* opt)
checkconf(const char* cfgfile, const char* opt, int final)
{
struct config_file* cfg = config_create();
if(!cfg)
@ -467,7 +473,7 @@ checkconf(const char* cfgfile, const char* opt)
exit(1);
}
if(opt) {
print_option(cfg, opt);
print_option(cfg, opt, final);
config_delete(cfg);
return;
}
@ -493,6 +499,7 @@ extern char* optarg;
int main(int argc, char* argv[])
{
int c;
int final = 0;
const char* f;
const char* opt = NULL;
const char* cfgfile = CONFIGFILE;
@ -505,8 +512,11 @@ int main(int argc, char* argv[])
cfgfile = CONFIGFILE;
#endif /* USE_WINSOCK */
/* parse the options */
while( (c=getopt(argc, argv, "ho:")) != -1) {
while( (c=getopt(argc, argv, "fho:")) != -1) {
switch(c) {
case 'f':
final = 1;
break;
case 'o':
opt = optarg;
break;
@ -523,7 +533,7 @@ int main(int argc, char* argv[])
if(argc == 1)
f = argv[0];
else f = cfgfile;
checkconf(f, opt);
checkconf(f, opt, final);
checklock_stop();
return 0;
}

3
smallapp/unbound-control-setup.sh.in
View file

@ -36,8 +36,7 @@
# settings:
# directory for files
prefix=@prefix@
DESTDIR=@sysconfdir@/unbound
DESTDIR=@ub_conf_dir@
# issuer and subject name for certificates
SERVERNAME=unbound

8
smallapp/unbound-control.c
View file

@ -204,12 +204,12 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
fatal_exit("could not parse IP@port: %s", svr);
#ifdef HAVE_SYS_UN_H
} else if(svr[0] == '/') {
struct sockaddr_un* sun = (struct sockaddr_un *) &addr;
sun->sun_family = AF_LOCAL;
struct sockaddr_un* usock = (struct sockaddr_un *) &addr;
usock->sun_family = AF_LOCAL;
#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
sun->sun_len = (sa_family_t)sizeof(sun);
usock->sun_len = (socklen_t)sizeof(usock);
#endif
(void)strlcpy(sun->sun_path, svr, sizeof(sun->sun_path));
(void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path));
addrlen = (socklen_t)sizeof(struct sockaddr_un);
addrfamily = AF_LOCAL;
#endif

2
testcode/do-tests.sh
View file

@ -14,7 +14,7 @@ NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
test_tool_avail "dig"
test_tool_avail "ldns-testns"
# test for ipv6, uses streamptcp peculiarity.
# test for ipv6, uses streamtcp peculiarity.
if ./streamtcp -f ::1 2>&1 | grep "not supported" >/dev/null 2>&1; then
HAVE_IPV6=no
else

133
testcode/testbed.sh
View file

@ -1,133 +0,0 @@
#!/usr/bin/env bash
# Testbed for NSD.
# By Wouter Wijngaards, NLnet Labs, 2006.
# BSD License.
# this version prefers gmake if available.
# adds variable LDNS for the LDNS path to use.
# global settings
CONFIGURE_FLAGS=""
REPORT_FILE=testdata/testbed.report
LOG_FILE=testdata/testbed.log
HOST_FILE=testdata/host_file.$USER
if test ! -f $HOST_FILE; then
echo "No such file: $HOST_FILE"
exit 1
fi
function echossh() # like ssh but echos.
{
echo "> ssh $*"
ssh $*
}
# Compile and run NSD on platforms
function dotest()
# parameters: <host> <dir>
# host is name of ssh host
# dir is directory of nsd trunk on host
{
echo "$1 begin on "`date` | tee -a $REPORT_FILE
DISABLE=""
if test $IP6 = no; then
DISABLE="--disable-ipv6"
fi
if test x$LDNS != x; then
DISABLE="--with-ldns=$LDNS $DISABLE"
fi
if test x$LIBEVENT != x; then
DISABLE="--with-libevent=$LIBEVENT $DISABLE"
fi
cat >makeconf.mak.$$ << EOF
#configure: configure.ac
# $AC_CMD
# touch configure
Makefile: Makefile.in #configure
./configure $CONFIGURE_FLAGS $DISABLE
touch Makefile
EOF
scp makeconf.mak.$$ $1:$2
# determine make to use
tempx=`ssh $1 "cd $2; which gmake"`
MAKE_CMD=`ssh $1 "cd $2; if test -f '$tempx'; then echo $tempx; else echo $MAKE_CMD; fi"`
if test $SVN = yes; then
echossh $1 "cd $2; svn up"
echossh $1 "cd $2; $MAKE_CMD -f makeconf.mak.$$ configure"
else
# svn and autoconf locally
echo "fake svn via svnexport, tar, autoconf, bison, flex."
svn export svn+ssh://open.nlnetlabs.nl/svn/nsd/trunk unbound_ttt
(cd unbound_ttt; $AC_CMD; rm -r autom4te* .c-mode-rc.el .cvsignore)
if test $FIXCONFIGURE = yes; then
echo fixing up configure length test.
(cd unbound_ttt; mv configure oldconf; sed -e 's?while (test "X"?lt_cv_sys_max_cmd_len=65500; echo skip || while (test "X"?' <oldconf >configure; chmod +x ./configure)
fi
du unbound_ttt
rsync -vrcpz --rsync-path=/home/wouter/bin/rsync unbound_ttt $1:unbound_ttt
# tar czf unbound_ttt.tgz unbound_ttt
rm -rf unbound_ttt
# ls -al unbound_ttt.tgz
# scp unbound_ttt.tgz $1:unbound_ttt.tar.gz
# rm unbound_ttt.tgz
# echossh $1 "gtar xzf unbound_ttt.tar.gz && rm unbound_ttt.tar.gz"
fi
echossh $1 "cd $2; $MAKE_CMD -f makeconf.mak.$$ Makefile"
echossh $1 "cd $2; $MAKE_CMD all tests"
echossh $1 "cd $2; $MAKE_CMD doc"
if test $RUN_TEST = yes; then
echossh $1 "cd $2; bash testcode/do-tests.sh"
echossh $1 "cd $2/testdata; sh ../testcode/mini_tpkg.sh -q report" | tee -a $REPORT_FILE
fi
echossh $1 "cd $2; rm -f makeconf.mak.$$"
rm -f makeconf.mak.$$
echo "$1 end on "`date` | tee -a $REPORT_FILE
}
echo "on "`date`" by $USER." > $REPORT_FILE
echo "on "`date`" by $USER." > $LOG_FILE
# read host names
declare -a hostname desc dir vars
IFS=' '
i=0
while read a b c d; do
if echo $a | grep "^#" >/dev/null; then
continue # skip it
fi
# append after arrays
hostname[$i]=$a
desc[$i]=$b
dir[$i]=$c
vars[$i]=$d
i=$(($i+1))
done <$HOST_FILE
echo "testing on $i hosts"
# do the test
for((i=0; i<${#hostname[*]}; i=$i+1)); do
if echo ${hostname[$i]} | grep "^#" >/dev/null; then
continue # skip it
fi
# echo "hostname=[${hostname[$i]}]"
# echo "desc=[${desc[$i]}]"
# echo "dir=[${dir[$i]}]"
# echo "vars=[${vars[$i]}]"
AC_CMD="libtoolize -c --force; autoconf && autoheader"
MAKE_CMD="make"
SVN=yes
IP6=yes
FIXCONFIGURE=no
RUN_TEST=yes
LDNS=
LIBEVENT=
eval ${vars[$i]}
echo "*** ${hostname[$i]} ${desc[$i]} ***" | tee -a $LOG_FILE | tee -a $REPORT_FILE
dotest ${hostname[$i]} ${dir[$i]} 2>&1 | tee -a $LOG_FILE
done
echo "done"

38
testcode/testbed.txt
View file

@ -1,38 +0,0 @@
Testbed.sh help page.
Testbed helps in running the test packages (using tpkg(1)) on several systems.
The script is specially written for unbound (edit it to change to different
software). It is licensed BSD.
The hosts to run on are listed in host_file.<username>. You need to have
public-key authorized ssh access to these systems (or type your password lots
and lots of times). The host_file describes the directories and environment
of each host. You need only user-level access to the host.
The host_file is very restrictive in formatting. Comments are lines starting
with the # mark. The entries must be separated by tabs. Please list the
hostname<tab>description<tab>checkoutdir<tab>variables
hostname: network hostname to ssh to.
desc: pretty text to describe the machine architecture.
checkoutdir: directory on the remote host where a svn checkout is present.
variables: zero or more variables separated by spaces. BLA=value BAR=val.
Only important variable for unbound is the LDNS=<dir> variable that if present
forces --with-ldns=<dir> to be passed to ./configure. In case LDNS is not
installed on the system itself, but present somewhere else.
You can also set LIBEVENT=<dir> for the libevent directory, if it is
installed in a nonstandard location.
*** Running the testbed
Run by executing the script. It will take all the hosts from the file in
turn and update the svn directory there, possible autoreconf if necessary,
possibly ./configure <args> if necessary, make the executables.
Then it will run the testcode/do-tests script. This script should execute
the tests that this host is capable of running.
in testdata/testbed.log has a line-by-line log. See your make errors here.
in testdata/testbed.report has only the tpkg reports. Summary.

BIN
testdata/ctrl_pipe.tpkg vendored Normal file
View file

Binary file not shown.

BIN
testdata/fwd_capsid_strip.tpkg vendored Normal file
View file

Binary file not shown.

151
testdata/val_spurious_ns.rpl vendored Normal file
View file

@ -0,0 +1,151 @@
; config options
; The island of trust is at example.com
server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test validator with spurious unsigned NS in auth section
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
SECTION AUTHORITY
; removed by spurious NS record removal code
;;example.com. IN NS ns.example.com.
;;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
ENTRY_END
SCENARIO_END

10
util/config_file.c
View file

@ -55,6 +55,7 @@
#include "util/regional.h"
#include "util/fptr_wlist.h"
#include "util/data/dname.h"
#include "util/rtt.h"
#include "ldns/wire2str.h"
#include "ldns/parseutil.h"
#ifdef HAVE_GLOB_H
@ -129,6 +130,7 @@ config_create(void)
cfg->prefetch_key = 0;
cfg->infra_cache_slabs = 4;
cfg->infra_cache_numhosts = 10000;
cfg->infra_cache_min_rtt = 50;
cfg->delay_close = 0;
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
goto error_exit;
@ -375,6 +377,10 @@ int config_set_option(struct config_file* cfg, const char* opt,
{ IS_NUMBER_OR_ZERO; cfg->max_ttl = atoi(val); MAX_TTL=(time_t)cfg->max_ttl;}
else if(strcmp(opt, "cache-min-ttl:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val); MIN_TTL=(time_t)cfg->min_ttl;}
else if(strcmp(opt, "infra-cache-min-rtt:") == 0) {
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
}
else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl)
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
@ -623,6 +629,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "cache-min-ttl", min_ttl)
else O_DEC(opt, "infra-host-ttl", host_ttl)
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt)
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
else O_UNS(opt, "delay-close", delay_close)
else O_YNO(opt, "do-ip4", do_ip4)
@ -1188,6 +1195,7 @@ config_apply(struct config_file* config)
{
MAX_TTL = (time_t)config->max_ttl;
MIN_TTL = (time_t)config->min_ttl;
RTT_MIN_TIMEOUT = config->infra_cache_min_rtt;
EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size;
MINIMAL_RESPONSES = config->minimal_responses;
RRSET_ROUNDROBIN = config->rrset_roundrobin;
@ -1205,6 +1213,8 @@ void config_lookup_uid(struct config_file* cfg)
cfg->uid = pwd->pw_uid;
cfg->gid = pwd->pw_gid;
}
#else
(void)cfg;
#endif
}

2
util/config_file.h
View file

@ -119,6 +119,8 @@ struct config_file {
size_t infra_cache_slabs;
/** max number of hosts in the infra cache */
size_t infra_cache_numhosts;
/** min value for infra cache rtt */
int infra_cache_min_rtt;
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
int delay_close;

2556
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

1
util/configlexer.lex
View file

@ -245,6 +245,7 @@ infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) }
infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }

1584
util/configparser.c
View file

File diff suppressed because it is too large Load diff

218
util/configparser.h
View file

@ -139,59 +139,61 @@ extern int yydebug;
VAR_SERVER_CERT_FILE = 348,
VAR_CONTROL_KEY_FILE = 349,
VAR_CONTROL_CERT_FILE = 350,
VAR_EXTENDED_STATISTICS = 351,
VAR_LOCAL_DATA_PTR = 352,
VAR_JOSTLE_TIMEOUT = 353,
VAR_STUB_PRIME = 354,
VAR_UNWANTED_REPLY_THRESHOLD = 355,
VAR_LOG_TIME_ASCII = 356,
VAR_DOMAIN_INSECURE = 357,
VAR_PYTHON = 358,
VAR_PYTHON_SCRIPT = 359,
VAR_VAL_SIG_SKEW_MIN = 360,
VAR_VAL_SIG_SKEW_MAX = 361,
VAR_CACHE_MIN_TTL = 362,
VAR_VAL_LOG_LEVEL = 363,
VAR_AUTO_TRUST_ANCHOR_FILE = 364,
VAR_KEEP_MISSING = 365,
VAR_ADD_HOLDDOWN = 366,
VAR_DEL_HOLDDOWN = 367,
VAR_SO_RCVBUF = 368,
VAR_EDNS_BUFFER_SIZE = 369,
VAR_PREFETCH = 370,
VAR_PREFETCH_KEY = 371,
VAR_SO_SNDBUF = 372,
VAR_SO_REUSEPORT = 373,
VAR_HARDEN_BELOW_NXDOMAIN = 374,
VAR_IGNORE_CD_FLAG = 375,
VAR_LOG_QUERIES = 376,
VAR_TCP_UPSTREAM = 377,
VAR_SSL_UPSTREAM = 378,
VAR_SSL_SERVICE_KEY = 379,
VAR_SSL_SERVICE_PEM = 380,
VAR_SSL_PORT = 381,
VAR_FORWARD_FIRST = 382,
VAR_STUB_FIRST = 383,
VAR_MINIMAL_RESPONSES = 384,
VAR_RRSET_ROUNDROBIN = 385,
VAR_MAX_UDP_SIZE = 386,
VAR_DELAY_CLOSE = 387,
VAR_UNBLOCK_LAN_ZONES = 388,
VAR_DNS64_PREFIX = 389,
VAR_DNS64_SYNTHALL = 390,
VAR_DNSTAP = 391,
VAR_DNSTAP_ENABLE = 392,
VAR_DNSTAP_SOCKET_PATH = 393,
VAR_DNSTAP_SEND_IDENTITY = 394,
VAR_DNSTAP_SEND_VERSION = 395,
VAR_DNSTAP_IDENTITY = 396,
VAR_DNSTAP_VERSION = 397,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 398,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 399,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 400,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 401,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 402,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 403
VAR_CONTROL_USE_CERT = 351,
VAR_EXTENDED_STATISTICS = 352,
VAR_LOCAL_DATA_PTR = 353,
VAR_JOSTLE_TIMEOUT = 354,
VAR_STUB_PRIME = 355,
VAR_UNWANTED_REPLY_THRESHOLD = 356,
VAR_LOG_TIME_ASCII = 357,
VAR_DOMAIN_INSECURE = 358,
VAR_PYTHON = 359,
VAR_PYTHON_SCRIPT = 360,
VAR_VAL_SIG_SKEW_MIN = 361,
VAR_VAL_SIG_SKEW_MAX = 362,
VAR_CACHE_MIN_TTL = 363,
VAR_VAL_LOG_LEVEL = 364,
VAR_AUTO_TRUST_ANCHOR_FILE = 365,
VAR_KEEP_MISSING = 366,
VAR_ADD_HOLDDOWN = 367,
VAR_DEL_HOLDDOWN = 368,
VAR_SO_RCVBUF = 369,
VAR_EDNS_BUFFER_SIZE = 370,
VAR_PREFETCH = 371,
VAR_PREFETCH_KEY = 372,
VAR_SO_SNDBUF = 373,
VAR_SO_REUSEPORT = 374,
VAR_HARDEN_BELOW_NXDOMAIN = 375,
VAR_IGNORE_CD_FLAG = 376,
VAR_LOG_QUERIES = 377,
VAR_TCP_UPSTREAM = 378,
VAR_SSL_UPSTREAM = 379,
VAR_SSL_SERVICE_KEY = 380,
VAR_SSL_SERVICE_PEM = 381,
VAR_SSL_PORT = 382,
VAR_FORWARD_FIRST = 383,
VAR_STUB_FIRST = 384,
VAR_MINIMAL_RESPONSES = 385,
VAR_RRSET_ROUNDROBIN = 386,
VAR_MAX_UDP_SIZE = 387,
VAR_DELAY_CLOSE = 388,
VAR_UNBLOCK_LAN_ZONES = 389,
VAR_INFRA_CACHE_MIN_RTT = 390,
VAR_DNS64_PREFIX = 391,
VAR_DNS64_SYNTHALL = 392,
VAR_DNSTAP = 393,
VAR_DNSTAP_ENABLE = 394,
VAR_DNSTAP_SOCKET_PATH = 395,
VAR_DNSTAP_SEND_IDENTITY = 396,
VAR_DNSTAP_SEND_VERSION = 397,
VAR_DNSTAP_IDENTITY = 398,
VAR_DNSTAP_VERSION = 399,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 400,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 401,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 402,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 403,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 404,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 405
};
#endif
/* Tokens. */
@ -288,59 +290,61 @@ extern int yydebug;
#define VAR_SERVER_CERT_FILE 348
#define VAR_CONTROL_KEY_FILE 349
#define VAR_CONTROL_CERT_FILE 350
#define VAR_EXTENDED_STATISTICS 351
#define VAR_LOCAL_DATA_PTR 352
#define VAR_JOSTLE_TIMEOUT 353
#define VAR_STUB_PRIME 354
#define VAR_UNWANTED_REPLY_THRESHOLD 355
#define VAR_LOG_TIME_ASCII 356
#define VAR_DOMAIN_INSECURE 357
#define VAR_PYTHON 358
#define VAR_PYTHON_SCRIPT 359
#define VAR_VAL_SIG_SKEW_MIN 360
#define VAR_VAL_SIG_SKEW_MAX 361
#define VAR_CACHE_MIN_TTL 362
#define VAR_VAL_LOG_LEVEL 363
#define VAR_AUTO_TRUST_ANCHOR_FILE 364
#define VAR_KEEP_MISSING 365
#define VAR_ADD_HOLDDOWN 366
#define VAR_DEL_HOLDDOWN 367
#define VAR_SO_RCVBUF 368
#define VAR_EDNS_BUFFER_SIZE 369
#define VAR_PREFETCH 370
#define VAR_PREFETCH_KEY 371
#define VAR_SO_SNDBUF 372
#define VAR_SO_REUSEPORT 373
#define VAR_HARDEN_BELOW_NXDOMAIN 374
#define VAR_IGNORE_CD_FLAG 375
#define VAR_LOG_QUERIES 376
#define VAR_TCP_UPSTREAM 377
#define VAR_SSL_UPSTREAM 378
#define VAR_SSL_SERVICE_KEY 379
#define VAR_SSL_SERVICE_PEM 380
#define VAR_SSL_PORT 381
#define VAR_FORWARD_FIRST 382
#define VAR_STUB_FIRST 383
#define VAR_MINIMAL_RESPONSES 384
#define VAR_RRSET_ROUNDROBIN 385
#define VAR_MAX_UDP_SIZE 386
#define VAR_DELAY_CLOSE 387
#define VAR_UNBLOCK_LAN_ZONES 388
#define VAR_DNS64_PREFIX 389
#define VAR_DNS64_SYNTHALL 390
#define VAR_DNSTAP 391
#define VAR_DNSTAP_ENABLE 392
#define VAR_DNSTAP_SOCKET_PATH 393
#define VAR_DNSTAP_SEND_IDENTITY 394
#define VAR_DNSTAP_SEND_VERSION 395
#define VAR_DNSTAP_IDENTITY 396
#define VAR_DNSTAP_VERSION 397
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 398
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 399
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 400
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 401
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 402
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 403
#define VAR_CONTROL_USE_CERT 351
#define VAR_EXTENDED_STATISTICS 352
#define VAR_LOCAL_DATA_PTR 353
#define VAR_JOSTLE_TIMEOUT 354
#define VAR_STUB_PRIME 355
#define VAR_UNWANTED_REPLY_THRESHOLD 356
#define VAR_LOG_TIME_ASCII 357
#define VAR_DOMAIN_INSECURE 358
#define VAR_PYTHON 359
#define VAR_PYTHON_SCRIPT 360
#define VAR_VAL_SIG_SKEW_MIN 361
#define VAR_VAL_SIG_SKEW_MAX 362
#define VAR_CACHE_MIN_TTL 363
#define VAR_VAL_LOG_LEVEL 364
#define VAR_AUTO_TRUST_ANCHOR_FILE 365
#define VAR_KEEP_MISSING 366
#define VAR_ADD_HOLDDOWN 367
#define VAR_DEL_HOLDDOWN 368
#define VAR_SO_RCVBUF 369
#define VAR_EDNS_BUFFER_SIZE 370
#define VAR_PREFETCH 371
#define VAR_PREFETCH_KEY 372
#define VAR_SO_SNDBUF 373
#define VAR_SO_REUSEPORT 374
#define VAR_HARDEN_BELOW_NXDOMAIN 375
#define VAR_IGNORE_CD_FLAG 376
#define VAR_LOG_QUERIES 377
#define VAR_TCP_UPSTREAM 378
#define VAR_SSL_UPSTREAM 379
#define VAR_SSL_SERVICE_KEY 380
#define VAR_SSL_SERVICE_PEM 381
#define VAR_SSL_PORT 382
#define VAR_FORWARD_FIRST 383
#define VAR_STUB_FIRST 384
#define VAR_MINIMAL_RESPONSES 385
#define VAR_RRSET_ROUNDROBIN 386
#define VAR_MAX_UDP_SIZE 387
#define VAR_DELAY_CLOSE 388
#define VAR_UNBLOCK_LAN_ZONES 389
#define VAR_INFRA_CACHE_MIN_RTT 390
#define VAR_DNS64_PREFIX 391
#define VAR_DNS64_SYNTHALL 392
#define VAR_DNSTAP 393
#define VAR_DNSTAP_ENABLE 394
#define VAR_DNSTAP_SOCKET_PATH 395
#define VAR_DNSTAP_SEND_IDENTITY 396
#define VAR_DNSTAP_SEND_VERSION 397
#define VAR_DNSTAP_IDENTITY 398
#define VAR_DNSTAP_VERSION 399
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 400
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 401
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 402
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 403
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 404
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 405
@ -354,7 +358,7 @@ typedef union YYSTYPE
/* Line 2058 of yacc.c */
#line 358 "util/configparser.h"
#line 362 "util/configparser.h"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */

18
util/configparser.y
View file

@ -107,6 +107,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UNBLOCK_LAN_ZONES
%token VAR_INFRA_CACHE_MIN_RTT
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
@ -175,7 +176,8 @@ content_server: server_num_threads | server_verbosity | server_port |
server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
server_so_reuseport | server_delay_close | server_unblock_lan_zones |
server_dns64_prefix | server_dns64_synthall
server_dns64_prefix | server_dns64_synthall |
server_infra_cache_min_rtt
;
stubstart: VAR_STUB_ZONE
{
@ -768,6 +770,15 @@ server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
free($2);
}
;
server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
{
OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
if(atoi($2) == 0 && strcmp($2, "0") != 0)
yyerror("number expected");
else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
free($2);
}
;
server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
{
OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
@ -1105,10 +1116,11 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
&& strcmp($3, "typetransparent")!=0)
&& strcmp($3, "typetransparent")!=0 &&
strcmp($3, "inform")!=0)
yyerror("local-zone type: expected static, deny, "
"refuse, redirect, transparent, "
"typetransparent or nodefault");
"typetransparent, inform or nodefault");
else if(strcmp($3, "nodefault")==0) {
if(!cfg_strlist_insert(&cfg_parser->cfg->
local_zones_nodefault, $2))

5
util/iana_ports.inc
View file

@ -3819,6 +3819,7 @@
4359,
4361,
4362,
4366,
4368,
4369,
4370,
@ -4399,6 +4400,7 @@
6163,
6200,
6201,
6209,
6222,
6241,
6242,
@ -4488,6 +4490,8 @@
6628,
6633,
6634,
6635,
6636,
6653,
6657,
6670,
@ -4671,6 +4675,7 @@
7778,
7779,
7781,
7784,
7786,
7787,
7789,

7
util/net_help.c
View file

@ -156,7 +156,12 @@ log_addr(enum verbosity_value v, const char* str,
case AF_INET6: family="ip6";
sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr;
break;
case AF_LOCAL: family="local"; break;
case AF_LOCAL:
dest[0]=0;
(void)inet_ntop(af, sinaddr, dest,
(socklen_t)sizeof(dest));
verbose(v, "%s local %s", str, dest);
return; /* do not continue and try to get port */
default: break;
}
if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {

2
util/rtt.c
View file

@ -42,6 +42,8 @@
#include "config.h"
#include "util/rtt.h"
/* overwritten by config: infra_cache_min_rtt: */
int RTT_MIN_TIMEOUT = 50;
/** calculate RTO from rtt information */
static int
calc_rto(const struct rtt_info* rtt)

2
util/rtt.h
View file

@ -56,7 +56,7 @@ struct rtt_info {
};
/** min retransmit timeout value, in milliseconds */
#define RTT_MIN_TIMEOUT 50
extern int RTT_MIN_TIMEOUT;
/** max retransmit timeout value, in milliseconds */
#define RTT_MAX_TIMEOUT 120000

3
validator/val_secalgo.c
View file

@ -41,8 +41,9 @@
* and do the library calls (for the crypto library in use).
*/
#include "config.h"
#include "validator/val_secalgo.h"
/* packed_rrset on top to define enum types (forced by c99 standard) */
#include "util/data/packed_rrset.h"
#include "validator/val_secalgo.h"
#include "util/log.h"
#include "ldns/rrdef.h"
#include "ldns/keyraw.h"

12
validator/val_utils.c
View file

@ -846,6 +846,18 @@ val_fill_reply(struct reply_info* chase, struct reply_info* orig,
chase->ar_numrrsets;
}
void val_reply_remove_auth(struct reply_info* rep, size_t index)
{
log_assert(index < rep->rrset_count);
log_assert(index >= rep->an_numrrsets);
log_assert(index < rep->an_numrrsets+rep->ns_numrrsets);
memmove(rep->rrsets+index, rep->rrsets+index+1,
sizeof(struct ub_packed_rrset_key*)*
(rep->rrset_count - index - 1));
rep->ns_numrrsets--;
rep->rrset_count--;
}
void
val_check_nonsecure(struct val_env* ve, struct reply_info* rep)
{

7
validator/val_utils.h
View file

@ -294,6 +294,13 @@ int val_chase_cname(struct query_info* qchase, struct reply_info* rep,
void val_fill_reply(struct reply_info* chase, struct reply_info* orig,
size_t cname_skip, uint8_t* name, size_t len, uint8_t* signer);
/**
* Remove rrset with index from reply, from the authority section.
* @param rep: reply to remove it from.
* @param index: rrset to remove, must be in the authority section.
*/
void val_reply_remove_auth(struct reply_info* rep, size_t index);
/**
* Remove all unsigned or non-secure status rrsets from NS and AR sections.
* So that unsigned data does not get let through to clients, when we have

57
validator/validator.c
View file

@ -574,6 +574,61 @@ detect_wrongly_truncated(struct reply_info* rep)
return 1;
}
/**
* For messages that are not referrals, if the chase reply contains an
* unsigned NS record in the authority section it could have been
* inserted by a (BIND) forwarder that thinks the zone is insecure, and
* that has an NS record without signatures in cache. Remove the NS
* record since the reply does not hinge on that record (in the authority
* section), but do not remove it if it removes the last record from the
* answer+authority sections.
* @param chase_reply: the chased reply, we have a key for this contents,
* so we should have signatures for these rrsets and not having
* signatures means it will be bogus.
* @param orig_reply: original reply, remove NS from there as well because
* we cannot mark the NS record as DNSSEC valid because it is not
* validated by signatures.
*/
static void
remove_spurious_authority(struct reply_info* chase_reply,
struct reply_info* orig_reply)
{
size_t i, found = 0;
int remove = 0;
/* if no answer and only 1 auth RRset, do not remove that one */
if(chase_reply->an_numrrsets == 0 && chase_reply->ns_numrrsets == 1)
return;
/* search authority section for unsigned NS records */
for(i = chase_reply->an_numrrsets;
i < chase_reply->an_numrrsets+chase_reply->ns_numrrsets; i++) {
struct packed_rrset_data* d = (struct packed_rrset_data*)
chase_reply->rrsets[i]->entry.data;
if(ntohs(chase_reply->rrsets[i]->rk.type) == LDNS_RR_TYPE_NS
&& d->rrsig_count == 0) {
found = i;
remove = 1;
break;
}
}
/* see if we found the entry */
if(!remove) return;
log_rrset_key(VERB_ALGO, "Removing spurious unsigned NS record "
"(likely inserted by forwarder)", chase_reply->rrsets[found]);
/* find rrset in orig_reply */
for(i = orig_reply->an_numrrsets;
i < orig_reply->an_numrrsets+orig_reply->ns_numrrsets; i++) {
if(ntohs(orig_reply->rrsets[i]->rk.type) == LDNS_RR_TYPE_NS
&& query_dname_compare(orig_reply->rrsets[i]->rk.dname,
chase_reply->rrsets[found]->rk.dname) == 0) {
/* remove from orig_msg */
val_reply_remove_auth(orig_reply, i);
break;
}
}
/* remove rrset from chase_reply */
val_reply_remove_auth(chase_reply, found);
}
/**
* Given a "positive" response -- a response that contains an answer to the
@ -1642,6 +1697,8 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
}
subtype = val_classify_response(qstate->query_flags, &qstate->qinfo,
&vq->qchase, vq->orig_msg->rep, vq->rrset_skip);
if(subtype != VAL_CLASS_REFERRAL)
remove_spurious_authority(vq->chase_reply, vq->orig_msg->rep);
/* check signatures in the message;
* answer and authority must be valid, additional is only checked. */