7 October 2009: Wouter
- release 1.3.4 tag.
- Fixed bug where NSEC3 signature was not checked. This meant that
a DS could be spoofed away by a carefully crafted packet.
A downgrade attack on existing secure delegations.
- updated iana port list.
4 August 2009: Wouter
- Added test that the examples from draft rsasha256-14 verify.
- iana portlist updated.
3 August 2009: Wouter
- nicer warning when algorithm not supported, tells you to upgrade.
- iana portlist updated.
27 July 2009: Wouter
- Updated unbound-cacti contribution from Dmitriy Demidov, with
the queue statistics displayed in its own graph.
- iana portlist updated.
22 July 2009: Wouter
- Fix bug found by Michael Tokarev where unbound would try to
prime the root servers even though forwarders are configured for
the root.
- tagged 1.3.3rc1
21 July 2009: Wouter
- Fix server selection, so that it waits for open target queries when
faced with lameness.
20 July 2009: Wouter
- Ignore transient sendto errors, no route to host, and host, net down.
- contrib/update-anchor.sh has -r option for root-hints.
- feature val-log-level: 1 prints validation failures so you can
keep track of them during dnssec deployment.
16 July 2009: Wouter
- fix replacement malloc code. Used in crosscompile.
- makedist -w creates crosscompiled setup.exe on fedora11.
15 July 2009: Wouter
- dependencies for compat items, for crosscompile.
- mingw32 crosscompile changes, dependencies and zipfile creation.
and with System.dll from the windows NSIS you can make setup.exe.
- package libgcc_s_sjlj exception handler for NSISdl.dll.
14 July 2009: Wouter
- updated ldns tarball for solaris x64 compile assistance.
- no need to define RAND_MAX from config.h.
- iana portlist updated.
- configure changes and ldns update for mingw32 crosscompile.
13 July 2009: Wouter
- Fix for crash at start on windows.
- tag for release 1.3.2.
- trunk has version 1.3.3.
- Fix for ID bits on windows to use all 16. RAND_MAX was not
defined like you'd expect on mingw. Reported by Mees de Roo.
9 July 2009: Wouter
- tag for release 1.3.1.
- trunk has version 1.3.2.
7 July 2009: Wouter
- iana portlist updated.
6 July 2009: Wouter
- prettier error handling in SSL setup.
- makedist.sh uname fix (same as ldns).
- updated fedora spec file.
3 July 2009: Wouter
- fixup linking when ldnsdir is "".
30 June 2009: Wouter
- more lenient truncation checks.
29 June 2009: Wouter
- ldns trunk r2959 imported as tarball, because of solaris cc compile
support for c99. r2960 for better configure.
- better wrongly_truncated check.
- On Linux, fragment IPv6 datagrams to the IPv6 minimum MTU, to
avoid dropped packets at routers.
26 June 2009: Wouter
- Fix EDNS fallback when EDNS works for short answers but long answers
are dropped.
22 June 2009: Wouter
- fixup iter priv strict aliasing while preserving size of sockaddr.
- iana portlist updated. (one less port allocated, one more fraction
of a bit for security!)
- updated fedora specfile in contrib from Paul Wouters.
19 June 2009: Wouter
- Fixup strict aliasing warning in iter priv code.
and config_file code.
- iana portlist updated.
- harden-referral-path: handle cases where NS is in answer section.
18 June 2009: Wouter
- Fix of message parse bug where (specifically) an NSEC and RRSIG
in the wrong order would be parsed, but put wrongly into internal
structures so that later validation would fail.
- Extreme lenience for wrongly truncated replies where a positive
reply has an NS in the authority but no signatures. They are
turned into minimal responses with only the (secure) answer.
- autoconf 2.63 for configure.
- python warnings suppress. Keep python API away from header files.
17 June 2009: Wouter
- CREDITS entry for cz.nic, sponsoring a 'summer of code' that was
used for the python code in unbound. (http://www.nic.cz/vip/ in cz).
16 June 2009: Wouter
- Fixup opportunistic target query generation to it does not
generate queries that are known to fail.
- Touchup on munin total memory report.
- messages picked out of the cache by the iterator are checked
if their cname chain is still correct and if validation status
has to be reexamined.
15 June 2009: Wouter
- iana portlist updated.
14 June 2009: Wouter
- Fixed bug where cached responses would lose their security
status on second validation, which especially impacted dlv
lookups. Reported by Hauke Lampe.
13 June 2009: Wouter
- bug #254. removed random whitespace from example.conf.
12 June 2009: Wouter
- Fixup potential wrong NSEC picked out of the cache.
- If unfulfilled callbacks are deleted they are called with an error.
- fptr wlist checks for mesh callbacks.
- fwd above stub in configuration works.
11 June 2009: Wouter
- Fix queries for type DS when forward or stub zones are there.
They are performed to higherup domains, and thus treated as if
going to higher zones when looking up the right forward or stub
server. This makes a stub pointing to a local server that has
a local view of example.com signed with the same keys as are
publicly used work. Reported by Johan Ihren.
- Added build-unbound-localzone-from-hosts.pl to contrib, from
Dennis DeDonatis. It converts /etc/hosts into config statements.
- same thing fixed for forward-zone and DS, chain of trust from
public internet into the forward-zone works now. Added unit test.
9 June 2009: Wouter
- openssl key files are opened apache-style, when user is root and
before chrooting. This makes permissions on remote-control key
files easier to set up. Fixes bug #251.
- flush_type and flush_name remove msg cache entries.
- codereview - dp copy bogus setting fix.
8 June 2009: Wouter
- Removed RFC5011 REVOKE flag support. Partial 5011 support may cause
inadvertant behaviour.
- 1.3.0 tarball for release created.
- 1.3.1 development in svn trunk.
- iana portlist updated.
- fix lint from complaining on ldns/sha.h.
- help compiler figure out aliasing in priv_rrset_bad() routine.
- fail to configure with python if swig is not found.
- unbound_munin_ in contrib uses ps to show rss if sbrk does not work.
3 June 2009: Wouter
- fixup bad free() when wrongly encoded DSA signature is seen.
Reported by Paul Wouters.
- review comments from Matthijs.
2 June 2009: Wouter
- --enable-sha2 option. The draft rsasha256 changed its algorithm
numbers too often. Therefore it is more prudent to disable the
RSASHA256 and RSASHA512 support by default.
- ldns trunk included as new tarball.
- recreated the 1.3.0 tag in svn. rc1 tarball generated at this point.
29 May 2009: Wouter
- fixup doc bug in README reported by Matthew Dempsky.
28 May 2009: Wouter
- update iana port list
- update ldns lib tarball
27 May 2009: Wouter
- detect lack of IPv6 support on XP (with a different error code).
- Fixup a crash-on-exit which was triggered by a very long queue.
Unbound would try to re-use ports that came free, but this is
of course not really possible because everything is deleted.
Most easily triggered on XP (not Vista), maybe because of the
network stack encouraging large messages backlogs.
- change in debug statements.
- Fixed bug that could cause a crash if root prime failed when there
were message backlogs.
26 May 2009: Wouter
- Thanks again to Brett Carr, found an assertion that was not true.
Assertion checked if recursion parent query still existed.
29 April 2009: Wouter
- Thanks to Brett Carr, caught windows resource leak, use
closesocket() and not close() on sockets or else the network stack
starts to leak handles.
- Removed usage of windows Mutex because windows cannot handle enough
mutexes open. Provide own mutex implementation using primitives.
28 April 2009: Wouter
- created svn tag for 1.3.0.
27 April 2009: Wouter
- optimised cname from cache.
- ifdef windows functions in testbound.
23 April 2009: Wouter
- fix for threadsafety in solaris thr_key_create() in tests.
- iana portlist updated.
- fix pylib test for Darwin.
- fix pymod test for Darwin and a python threading bug in pymod init.
- check python >= 2.4 in configure.
- -ldl check for libcrypto 1.0.0beta.
21 April 2009: Wouter
- fix for build outside sourcedir.
- fix for configure script swig detection.
17 April 2009: Wouter
- Fix reentrant in minievent handler for unix. Could have resulted
in spurious event callbacks.
- timers do not take up a fd slot for winsock handler.
- faster fix for winsock reentrant check.
- fix rsasha512 unit test for new (interim) algorithm number.
- fix test:ldns doesn't like DOS line endings in keyfiles on unix.
- fix compile warning on ubuntu (configlexer fwrite return value).
- move python include directives into CPPFLAGS instead of CFLAGS.
16 April 2009: Wouter
- winsock event handler exit very quickly on signal, even if
under heavy load.
- iana portlist updated.
- fixup windows winsock handler reentrant problem.
14 April 2009: Wouter
- bug #245: fix munin plugin, perform cleanup of stale lockfiles.
- makedist.sh; better help text.
- cache-min-ttl option and tests.
- mingw detect error condition on TCP sockets (NOTCONN).
9 April 2009: Wouter
- Fix for removal of RSASHA256_NSEC3 protonumber from ldns.
- ldns tarball updated.
- iana portlist update.
- detect GOST support in openssl-1.0.0-beta1, and fix compile problem
because that openssl defines the name STRING for itself.
6 April 2009: Wouter
- windows compile fix.
- Detect FreeBSD jail without ipv6 addresses assigned.
- python libunbound wrapper unit test.
- installs the following files. Default is to not build them.
from configure --with-pythonmodule:
/usr/lib/python2.x/site-packages/unboundmodule.py
from configure --with-pyunbound:
/usr/lib/python2.x/site-packages/unbound.py
/usr/lib/python2.x/site-packages/_unbound.so*
The example python scripts (pythonmod/examples and
libunbound/python/examples) are not installed.
- python invalidate routine respects packed rrset ids and locks.
- clock skew checks in unbound, config statements.
- nxdomain ttl considerations in requirements.txt
3 April 2009: Wouter
- Fixed a bug that caused messages to be stored in the cache too
long. Hard to trigger, but NXDOMAINs for nameservers or CNAME
targets have been more vulnerable to the TTL miscalculation bug.
- documentation test fixed for python addition.
2 April 2009: Wouter
- pyunbound (libunbound python plugin) compiles using libtool.
- documentation for pythonmod and pyunbound is generated in doc/html.
- iana portlist updated.
- fixed bug in unbound-control flush_zone where it would not flush
every message in the target domain. This especially impacted
NXDOMAIN messages which could remain in the cache regardless.
- python module test package.
1 April 2009: Wouter
- suppress errors when trying to contact authority servers that gave
ipv6 AAAA records for their nameservers with ipv4 mapped contents.
Still tries to do so, could work when deployed in intranet.
Higher verbosity shows the error.
- new libunbound calls documented.
- pyunbound in libunbound/python. Removed compile warnings.
Makefile to make it.
30 March 2009: Wouter
- Fixup LDFLAGS from libevent sourcedir compile configure restore.
- Fixup so no non-absolute rpaths are added.
- Fixup validation of RRSIG queries, they are let through.
- read /dev/random before chroot
- checkconf fix no python checks when no python module enabled.
- fix configure, pthread first, so other libs do not change outcome.
27 March 2009: Wouter
- nicer -h output. report linked libraries and modules.
- prints modules in intuitive order (config file friendly).
- python compiles easily on BSD.
26 March 2009: Wouter
- ignore swig varargs warnings with gcc.
- remove duplicate example.conf text from python example configs.
- outofdir compile fix for python.
- pyunbound works.
- print modules compiled in on -h. manpage.
25 March 2009: Wouter
- initial import of the python contribution from Zdenek Vasicek and
Marek Vavrusa.
- pythonmod in Makefile; changes to remove warnings/errors for 1.3.0.
24 March 2009: Wouter
- more neat configure.ac. Removed duplicate config.h includes.
- neater config.h.in.
- iana portlist updated.
- fix util/configlexer.c and solaris -std=c99 flag.
- fix postcommit aclocal errors.
- spaces stripped. Makefile cleaner, /usr omitted from -I, -L, -R.
- swap order of host detect and libtool generation.
23 March 2009: Wouter
- added launchd plist example file for MacOSX to contrib.
- deprecation test for daemon(3).
- moved common configure actions to m4 include, prettier Makefile.
20 March 2009: Wouter
- bug #239: module-config entries order is important. Documented.
- build fix for test asynclook.
19 March 2009: Wouter
- winrc/README.txt dos-format text file.
- iana portlist updated.
- use _beginthreadex() when available (performs stack alignment).
- defaults for windows baked into configure.ac (used if on mingw).
18 March 2009: Wouter
- Added tests, unknown algorithms become insecure. fallback works.
- Fix for and test for unknown algorithms in a trust anchor
definition. Trust anchors with no supported algos are ignored.
This means a (higher)DS or DLV entry for them could succeed, and
otherwise they are treated as insecure.
- domain-insecure: "example.com" statement added. Sets domain
insecure regardless of chain of trust DSs or DLVs. The inverse
of a trust-anchor.
17 March 2009: Wouter
- unit test for unsupported algorithm in anchor warning.
- fixed so queries do not fail on opportunistic target queries.
16 March 2009: Wouter
- fixup diff error printout in contrib/update-itar.sh.
- added contrib/unbound_cacti for statistics support in cacti,
contributed by Dmitriy Demidov.
13 March 2009: Wouter
- doxygen and lex/yacc on linux.
- strip update-anchor on makedist -w.
- fix testbound on windows.
- default log to syslog for windows.
- uninstaller can stop unbound - changed text on it to reflect that.
- remove debugging from windows 'cron' actions.
12 March 2009: Wouter
- log to App.logs on windows prints executable identity.
- fixup tests.
- munin plugin fix benign locking error printout.
- anchor-update for windows, called every 24 hours; unbound reloads.
11 March 2009: Wouter
- winsock event handler resets WSAevents after signalled.
- winsock event handler tests if signals are really signalled.
- install and service with log to file works on XP and Vista on
default install location.
- on windows logging to the Application logbook works (as a service).
- fix RUN_DIR on windows compile setting in makedist.
- windows registry has Software\Unbound\ConfigFile element.
If does not exist, the default is used. The -c switch overrides it.
- fix makedist version cleanup function.
10 March 2009: Wouter
- makedist -w strips out old rc.. and snapshot info from version.
- setup.exe starts and stops unbound after install, before uninstall.
- unbound-checkconf recognizes absolute pathnames on windows (C:...).
9 March 2009: Wouter
- Nullsoft NSIS installer creation script.
5 March 2009: Wouter
- fixup memory leak introduced on 18feb in mesh reentrant fix.
3 March 2009: Wouter
- combined icon with 16x16(4) 32x32(4) 48x48(8) 64x64(8).
- service works on xp/vista, no config necessary (using defaults).
- windows registry settings.
2 March 2009: Wouter
- fixup --export-symbols to be -export-symbls for libtool.
This should fix extraneous symbols exported from libunbound.
Thanks to Ondrej Sury and Robert Edmonds for finding it.
- iana portlist updated.
- document FAQ entry on stub/forward zones and default blocking.
- fix asynclook test app for libunbound not exporting symbols.
- service install and remove utils that work with vista UAC.
27 February 2009: Wouter
- Fixup lexer, to not give warnings about fwrite. Appeared in
new lexer features.
- makedistro functionality for mingw. Has RC support.
- support spaces and backslashes in configured defaults paths.
- register, deregister in service control manager.
25 February 2009: Wouter
- windres usage for application resources.
24 February 2009: Wouter
- isc moved their dlv key download location.
- fixup warning on vista/mingw.
- makedist -w for window zip distribution first version.
20 February 2009: Wouter
- Fixup contrib/update-itar.sh, the exit codes 1 and 0 were swapped.
Nicer script layout. Added url to site in -h output.
19 February 2009: Wouter
- unbound-checkconf and unbound print warnings when trust anchors
have unsupported algorithms.
- added contrib/update-itar.sh This script is similar to
update-anchor.sh, and updates from the IANA ITAR repository.
You can provide your own PGP key and trust repo, or can use the
builtin. The program uses wget and gpg to work.
- iana portlist updated.
- update-itar.sh: using ftp:// urls because https godaddy certificate
is not available everywhere and then gives fatal errors. The
security is provided by pgp signature.
18 February 2009: Wouter
- more cycle detection. Also for target queries.
- fixup bug where during deletion of the mesh queries the callbacks
that were reentrant caused assertion failures. Keep the mesh in
a reentrant safe state. Affects libunbound, reload of server,
on quit and flush_requestlist.
- iana portlist updated.
13 February 2009: Wouter
- forwarder information now per-thread duplicated.
This keeps it read only for speed, with no locking necessary.
- forward command for unbound control to change forwarders to use
on the fly.
- document that unbound-host reads no config file by default.
- updated iana portlist.
12 February 2009: Wouter
- call setusercontext if available (on BSD).
- small refactor of stats clearing.
- #227: flush_stats feature for unbound-control.
- stats_noreset feature for unbound-control.
- flush_requestlist feature for unbound-control.
- libunbound version upped API (was changed 5 feb).
- unbound-control status shows if root forwarding is in use.
- slightly nicer memory management in iter-fwd code.
10 February 2009: Wouter
- keys with rfc5011 REVOKE flag are skipped and not considered when
validating data.
- iana portlist updated
- #226: dump_requestlist feature for unbound-control.
6 February 2009: Wouter
- contrib contains specfile for fedora 1.2.1 (from Paul Wouters).
- iana portlist updated.
- fixup EOL in include directive (reported by Paul Wouters).
You can no longer specify newlines in the names of included files.
- config parser changed. Gives some syntax errors closer to where they
occurred. Does not enforce a space after keyword anymore.
Does not allow literal newlines inside quoted strings anymore.
- verbosity level 5 logs customer IP for new requestlist entries.
- test fix, lexer and cancel test.
- new option log-time-ascii: yes if you enable it prints timestamps
in the log file as Feb 06 13:45:26 (like syslog does).
- detect event_base_new in libevent-1.4.1 and later and use it.
- #231 unbound-checkconf -o option prints that value from config file.
Useful for scripting in management scripts and the like.
5 February 2009: Wouter
- ldns 1.5.0 rc as tarball included.
- 1.3.0 development continues:
change in libunbound API: ub_cancel can return an error, that
the async_id did not exist, or that it was already delivered.
The result could have been delivered just before the cancel
routine managed to acquire the lock, so a caller may get the
result at the same time they call cancel. For this case,
ub_cancel tries to return an error code.
Fixes race condition in ub_cancel() libunbound function.
- MacOSX Leopard cleaner text output from configure.
- initgroups(3) is called to drop secondary group permissions, if
applicable.
- configure option --with-ldns-builtin forces the use of the
inluded ldns package with the unbound source. The -I include
is put before the others, so it avoids bad include files from
an older ldns install.
- daemon(3) posix call is used when available.
- testbound test for older fix added.
4 February 2009: Wouter
- tag for release 1.2.1.
- trunk setup for 1.3.0 development.
3 February 2009: Wouter
- noted feature requests in doc/TODO.
- printout more detailed errors on ssl certificate loading failures.
- updated IANA portlist.
16 January 2009: Wouter
- more quiet about ipv6 network failures, i.e. when ipv6 is not
available (network unreachable). Debug still printed on high
verbosity.
- unbound-host -4 and -6 options. Stops annoying ipv6 errors when
debugging with unbound-host -4 -d ...
- more cycle detection for NS-check, addr-check, root-prime and
stub-prime queries in the iterator. Avoids possible deadlock
when priming fails.
15 January 2009: Wouter
- bug #229: fixup configure checks for compilation with Solaris
Sun cc compiler, ./configure CC=/opt/SUNWspro/bin/cc
- fixup suncc warnings.
- fix bug where unbound could crash using libevent 1.3 and older.
- update testset for recent retry change.
14 January 2009: Wouter
- 1.2.1 feature: negative caching for failed queries.
Queries that failed are cached for 5 seconds (NORR_TTL).
If the failure is local, like out of memory, it is not cached.
- the TTL comparison for the cache used different comparisons,
causing many cache responses that used the iterator and validator
state machines unnecessarily.
- retry from 4 to 5 so that EDNS drop retry is part of the first
query resolve attempt, and cached error does not stop EDNS fallback.
- remove debug prints that protect against bad referrals.
- honor QUIET=no on make commandline (or QUIET=yes ).
13 January 2009: Wouter
- fixed bug in lameness marking, removed printouts.
- find NS rrset more cleanly for qtype NS.
- Moved changes to 1.2.0 for release. Thanks to Mark Zealey for
reporting and logs.
- 1.2.1 feature: stops resolving AAAAs promiscuously when they
are in the negative cache.
12 January 2009: Wouter
- fixed bug in infrastructure lameness cache, did not lowercase
name of zone to hash when setting lame.
- lameness debugging printouts.
9 January 2009: Wouter
- created svn tag for 1.2.0 release.
- svn trunk contains 1.2.1 version number.
- iana portlist updated for todays list.
- removed debug print.
8 January 2009: Wouter
- new version of ldns-trunk (today) included as tarball, fixed
bug #224, building with -j race condition.
- remove possible race condition in the test for race conditions.
7 January 2009: Wouter
- version 1.2.0 in preparation.
- feature to allow wildcards (*, ?, [], {}. ~) in trusted-keys-file
statements. (Adapted from patch by Paul Wouters).
- typo fix and iana portlist updated.
- porting testsuite; unused var warning, and type fixup.
6 January 2009: Wouter
- fixup packet-of-death when compiled with --enable-debug.
A malformed packet could cause an internal assertion failure.
- added test for HINFO canonicalisation behaviour.
- fixup reported problem with transparent local-zone data where
queries with different type could get nxdomain. Now queries
with a different name get resolved normally, with different type
get a correct NOERROR/NODATA answer.
- HINFO no longer downcased for validation, making unbound compatible
with bind and ldns.
- fix reading included config files when chrooted.
Give full path names for include files.
Relative path names work if the start dir equals the working dir.
- fix libunbound message transport when no packet buffer is available.
5 January 2009: Wouter
- fixup getaddrinfo failure handling for remote control port.
- added L.ROOT-SERVERS.NET. AAAA 2001:500:3::42 to builtin root hints.
- fixup so it works with libev-3.51 from http://dist.schmorp.de/libev/
- comm_timer_set performs base_set operation after event_add.
18 December 2008: Wouter
- fixed bug reported by Duane Wessels: error in DLV lookup, would make
some zones that had correct DLV keys as insecure.
- follows -rc makedist from ldns changes (no _rc).
- ldns tarball updated with 1.4.1rc for DLV unit test.
- verbose prints about recursion lame detection and server selection.
- fixup BSD port for infra host storage. It hashed wrongly.
- fixup makedist snapshot name generation.
- do not reopen syslog to avoid dev/log dependency.
17 December 2008: Wouter
- follows ldns makedist.sh. -rc option. autom4te dir removed.
- unbound-control status command.
- extended statistics has a number of ipv6 queries counter.
contrib/unbound_munin_ was updated to draw ipv6 in the hits graph.
16 December 2008: Wouter
- follow makedist improvements from ldns, for maintainers prereleases.
- snapshot version uses _ not - to help rpm distinguish the
version number.
11 December 2008: Wouter
- better fix for bug #219: use LOG_NDELAY with openlog() call.
Thanks to Tamas Tevesz.
9 December 2008: Wouter
- bug #221 fixed: unbound checkconf checks if key files exist if
remote control is enabled. Also fixed NULL printf when not chrooted.
- iana portlist updated.
3 December 2008: Wouter
- Fix problem reported by Jaco Engelbrecht where unbound-control stats
freezes up unbound if this was compiled without threading, and
was using multiple processes.
- iana portlist updated.
- test for remote control with interprocess communication.
- created command distribution mechanism so that remote control
commands other than 'stats' work on all processes in a nonthreaded
compiled version. dump/load cache work, on the first process.
- fixup remote control local_data addition memory corruption bug.
1 December 2008: Wouter
- SElinux policy files in contrib/selinux for the unbound daemon,
by Paul Wouters and Adam Tkac.
25 November 2008: Wouter
- configure complains when --without-ssl is given (bug #220).
- skip unsupported feature tests on vista/mingw.
- fixup testcode/streamtcp to work on vista/mingw.
- root-hints test checks version of dig required.
- blacklisted servers are polled at a low rate (1%) to see if they
come back up. But not if there is some other working server.
24 November 2008: Wouter
- document that the user of the server daemon needs read privileges
on the keys and certificates generated by unbound-control-setup.
This is different per system or distribution, usually, running the
script under the same username as the server uses suffices.
i.e. sudo -u unbound unbound-control-setup
- testset port to vista/mingw.
- tcp_sigpipe to freebsd port.
21 November 2008: Wouter
- fixed tcp accept, errors were printed when they should not.
- unbound-control-setup.sh removes read/write permissions other
from the keys it creates (as suggested by Dmitriy Demidov).
20 November 2008: Wouter
- fixup fatal error due to faulty error checking after tcp accept.
- add check in rlimit to avoid integer underflow.
- rlimit check with new formula; better estimate for number interfaces
- nicer comments in rlimit check.
- tag 1.1.1 created in svn.
- trunk label is 1.1.2
19 November 2008: Wouter
- bug #219: fixed so that syslog which delays opening until the first
log line is written, gets a log line while not chroot'ed yet.
18 November 2008: Wouter
- iana portlist updated.
- removed cast in unit test debug print that was not 64bit safe.
- trunk back to 1.1.0; copied to tags 1.1.0 release.
- trunk to has version number 1.1.1 again.
- in 1.1.1; make clean nicer. grammar in manpage.
17 November 2008: Wouter
- theoretical fix for problems reported on mailing list.
If a delegation point has no A but only AAAA and do-ip6 is no,
resolution would fail. Fixed to ask for the A and AAAA records.
It has to ask for both always, so that it can fail quietly, from
TLD perspective, when a zone is only reachable on one transport.
- test for above, only AAAA and doip6 is no. Fix causes A record
for nameserver to be fetched.
- fixup address duplication on cache fillup for delegation points.
- testset updated for new query answer requirements.
14 November 2008: Wouter
- created 1.1.0 release tag in svn.
- trunk moved to 1.1.1
- fixup unittest-neg for locking.
13 November 2008: Wouter
- added fedora init and specfile to contrib (by Paul Wouters).
- added configure check for ldns 1.4.0 (using its compat funcs).
- neater comments in worker.h.
- removed doc/plan and updated doc/TODO.
- silenced EHOSTDOWN (verbosity 2 or higher to see it).
- review comments from Jelte, Matthijs. Neater code.
12 November 2008: Wouter
- add unbound-control manpage to makedist replace list.
11 November 2008: Wouter
- unit test for negative cache, stress tests the refcounting.
- fix for refcounting error that could cause fptr_wlist fatal exit
in the negative cache rbtree (upcoming 1.1 feature). (Thanks to
Attila Nagy for testing).
- nicer comments in cachedump about failed RR to string conversion.
- fix 32bit wrap around when printing large (4G and more) mem usage
for extended statistics.
10 November 2008: Wouter
- fixup the getaddrinfo compat code rename.
8 November 2008: Wouter
- added configure check for eee build warning.
7 November 2008: Wouter
- fix bug 217: fixed, setreuid and setregid do not work on MacOSX10.4.
- detect nonblocking problems in network stack in configure script.
6 November 2008: Wouter
- dname_priv must decompress the name before comparison.
- iana portlist updated.
5 November 2008: Wouter
- fixed possible memory leak in key_entry_key deletion.
Would leak a couple bytes when trust anchors were replaced.
- if query and reply qname overlap, the bytes are skipped not copied.
- fixed file descriptor leak when messages were jostled out that
had outstanding (TCP) replies.
- DNAMEs used from cache have their synthesized CNAMEs initialized
properly.
- fixed file descriptor leak for localzone type deny (for TCP).
- fixed memleak at exit for nsec3 negative cached zones.
- fixed memleak for the keyword 'nodefault' when reading config.
- made verbosity of 'edns incapable peer' warning higher, so you
do not get spammed by it.
- caught elusive Bad file descriptor error bug, that would print the
error while unnecessarily try to listen to a closed fd. Fixed.
4 November 2008: Wouter
- fixed -Wwrite-strings warnings that result in better code.
3 November 2008: Wouter
- fixup build process for Mac OSX linker, use ldns b32 compat funcs.
- generated configure with autoconf-2.61.
- iana portlist updated.
- detect if libssl needs libdl. For static linking with libssl.
- changed to use new algorithm identifiers for sha256/sha512
from ldns 1.4.0 (need very latest version).
- updated the included ldns tarball.
- proper detection of SHA256 and SHA512 functions (not just sizes).
23 October 2008: Wouter
- a little more debug info for failure on signer names. prints names.
22 October 2008: Wouter
- CFLAGS are picked up by configure from the environment.
- iana portlist updated.
- updated ldns to use 1.4.0-pre20081022 so it picks up CFLAGS too.
- new stub-prime: yesno option. Default is off, so it does not prime.
can be turned on to get same behaviour as previous unbound release.
- made automated test that checks if builtin root hints are uptodate.
- finished draft-wijngaards-dnsext-resolver-side-mitigation
implementation. The unwanted-reply-threshold can be set.
- fixup so fptr_whitelist test in alloc.c works.
21 October 2008: Wouter
- fix update-anchors.sh, so it does not report different RR order
as an update. Sorts the keys in the file. Updated copyright.
- fixup testbound on windows, the command control pipe doesn't exist.
- skip 08hostlib test on windows, no fork() available.
- made unbound-remote work on windows.
20 October 2008: Wouter
- quench a log message that is debug only.
- iana portlist updated.
- do not query bogus nameservers. It is like nameservers that have
the NS or A or AAAA record bogus are listed as donotquery.
- if server selection is faced with only bad choices, it will
attempt to get more options to be fetched.
- changed bogus-ttl default value from 900 to 60 seconds.
In anticipation that operator caused failures are more likely than
actual attacks at this time. And thus repeated validation helps
the operators get the problem fixed sooner. It makes validation
failures go away sooner (60 seconds after the zone is fixed).
Also it is likely to try different nameserver targets every minute,
so that if a zone is bad on one server but not another, it is
likely to pick up the 'correct' one after a couple minutes,
and if the TTL is big enough that solves validation for the zone.
- fixup unbound-control compilation on windows.
17 October 2008: Wouter
- port Leopard/G5: fixup type conversion size_t/uint32.
please ranlib, stop file without symbols warning.
- harden referral path now also validates the root after priming.
It looks up the root NS authoritatively as well as the root servers
and attemps to validate the entries.
16 October 2008: Wouter
- Fixup negative TTL values appearing (reported by Attila Nagy).
15 October 2008: Wouter
- better documentation for 0x20; remove fallback TODO, it is done.
- harden-referral-path feature includes A, AAAA queries for glue,
as well as very careful NS caching (only when doing NS query).
A, AAAA use the delegation from the NS-query.
14 October 2008: Wouter
- fwd_three.tpkg test was flaky. If the three requests hit the
wrong threads by chance (or bad OS) then the test would fail.
Made less flaky by increasing number of retries.
- stub_udp.tpkg changed to work, give root hints. fixed ldns_dname_abs.
- ldns tarball is snapshot of ldns r2759 (1.4.0-pre-20081014).
Which includes the ldns_dname_absolute fix.
- fwd_three test remains flaky now that unbound does not stop
listening when full. Thus, removed timeout problem.
It may be serviced by three threads, or maybe by one.
Mostly only useful for lock-check testing now.
13 October 2008: Wouter
- fixed recursion servers deployed as authoritative detection, so
that as a last resort, a +RD query is sent there to get the
correct answer.
- iana port list update.
- ldns tarball is snapshot of ldns r2759 (1.4.0-pre-20081013).
10 October 2008: Wouter
- fixup tests - the negative cache contained the correct NSEC3s for
two tests that are supposed to fail to validate.
9 October 2008: Wouter
- negative cache caps max iterations of NSEC3 done.
- NSEC3 negative cache for qtype DS works.
8 October 2008: Wouter
- NSEC negative cache for DS.
6 October 2008: Wouter
- jostle-timeout option, so you can config for slow links.
- 0x20 fallback code. Tries 3xnumber of nameserver addresses
queries that must all be the same. Sent to random nameservers.
- documented choices for DoS, EDNS, 0x20.
2 October 2008: Wouter
- fixup unlink of pidfile.
- fixup SHA256 algorithm collation code.
- contrib/update-anchor.sh does not overwrite anchors if not needed.
exits 0 when a restart is needed, other values if not.
so, update-anchor.sh -d mydir && /etc/rc.d/unbound restart
can restart unbound exactly when needed.
30 September 2008: Wouter
- fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1.
- tests for sha256 support and downgrade resistance.
- RSASHA256 and RSASHA512 support (using the draft in dnsext),
using the drafted protocol numbers.
- when using stub on localhost (127.0.0.1@10053) unbound works.
Like when running NSD to host a local zone, on the same machine.
The noprime feature. manpages more explanation. Added a test for it.
- shorthand for reverse PTR, local-data-ptr: "1.2.3.4 www.ex.com"
29 September 2008: Wouter
- EDNS lameness detection, if EDNS packets are dropped this is
detected, eventually.
- multiple query timeout rtt backoff does not backoff too much.
26 September 2008: Wouter
- tests for remote-control.
- small memory leak in exception during remote control fixed.
- fixup for lock checking but not unchecking in remote control.
- iana portlist updated.
23 September 2008: Wouter
- Msg cache is loaded. A cache load enables cache responses.
- unbound-control flush [name], flush_type and flush_zone.
22 September 2008: Wouter
- dump_cache and load_cache statements in unbound-control.
RRsets are dumped and loaded correctly.
Msg cache is dumped.
19 September 2008: Wouter
- locking on the localdata structure.
- add and remove local zone and data with unbound-control.
- ldns trunk snapshot updated, make tests work again.
18 September 2008: Wouter
- fixup error in time calculation.
- munin plugin improvements.
- nicer abbreviations for high query types values (ixfr, axfr, any...)
- documented the statistics output in unbound-control man page.
- extended statistics prints out histogram, over unbound-control.
17 September 2008: Wouter
- locking for threadsafe bogus rrset counter.
- ldns trunk no longer exports b32 functions, provide compat.
- ldns tarball updated.
- testcode/ldns-testpkts.c const fixups.
- fixed rcode stat printout.
- munin plugin in contrib.
- stats always printout uptime, because stats plugins need it.
16 September 2008: Wouter
- extended-statistics: yesno config option.
- unwanted replies spoof nearmiss detector.
- iana portlist updated.
15 September 2008: Wouter
- working start, stop, reload commands for unbound-control.
- test for unbound-control working; better exit value for control.
- verbosity control via unbound-control.
- unbound-control stats.
12 September 2008: Wouter
- removed browser control mentions. Proto speccy.
11 September 2008: Wouter
- set nonblocking on new TCP streams, because linux does not inherit
the socket options to the accepted socket.
- fix TCP timeouts.
- SSL protected connection between server and unbound-control.
10 September 2008: Wouter
- remove memleak in privacy addresses on reloads and quits.
- remote control work.
9 September 2008: Wouter
- smallapp/unbound-control-setup.sh script to set up certificates.
4 September 2008: Wouter
- scrubber scrubs away private addresses.
- test for private addresses. man page entry.
- code refactored for name and address tree lookups.
3 September 2008: Wouter
- options for 'DNS Rebinding' protection: private-address and
private-domain.
- dnstree for reuse of routines that help with domain, addr lookups.
- private-address and private-domain config option read, stored.
2 September 2008: Wouter
- DoS protection features. Queries are jostled out to make room.
- testbound can pass time, increasing the internal timer.
- do not mark unsigned additionals bogus, leave unchecked, which
is removed too.
1 September 2008: Wouter
- disallow nonrecursive queries for cache snooping by default.
You can allow is using access-control: <subnet> allow_snoop.
The defaults do allow access no authoritative data without RD bit.
- two tests for it and fixups of tests for nonrec refused.
29 August 2008: Wouter
- version 1.1 number in trunk.
- harden-referral-path option for query for NS records.
Default turns off expensive, experimental option.
28 August 2008: Wouter
- fixup logfile handling; it is created with correct permissions
again. (from bugfix#199).
Some errors are not written to logfile (pidfile writing, forking),
and these are only visible by using the -d commandline flag.
27 August 2008: Wouter
- daemon(3) is causing problems for people. Reverting the patch.
bug#200, and 199 and 203 contain sideline discussion on it.
- bug#199 fixed: pidfile can be outside chroot. openlog is done before
chroot and drop permissions.
- config option to set size of aggressive negative cache,
neg-cache-size.
- bug#203 fixed: dlv has been implemented.
26 August 2008: Wouter
- test for insecure zone when DLV is in use, also does negative cache.
- test for trustanchor when DLV is in use (the anchor works).
- test for DLV used for a zone below a trustanchor.
- added scrub filter for overreaching NSEC records and unit test.
- iana portlist update
- use of setresuid or setreuid when available.
- use daemon(3) if available.
25 August 2008: Wouter
- realclean patch from Robert Edmonds.
22 August 2008: Wouter
- nicer debuglogging of DLV.
- test with secure delegation inside the DLV repository.
21 August 2008: Wouter
- negative cache code linked into validator, for DLV use.
negative cache works for DLV.
- iana portlist update.
- dlv-anchor option for unit tests.
- fixup NSEC_AT_APEX classification for short typemaps.
- ldns-testns has subdomain checks, for unit tests.
20 August 2008: Wouter
- negative cache code, reviewed.
18 August 2008: Wouter
- changes info: in logfile to notice: info: or debug: depending on
the verbosity of the statements. Better logfile message
classification.
- bug #208: extra rc.d unbound flexibility for freebsd/nanobsd.
15 August 2008: Wouter
- DLV nsec code fixed for better detection of closest existing
enclosers from NSEC responses.
- DLV works, straight to the dlv repository, so not for production.
- Iana port update.
14 August 2008: Wouter
- synthesize DLV messages from the rrset cache, like done for DS.
13 August 2008: Wouter
- bug #203: nicer do-auto log message when user sets incompatible
options.
- bug #204: variable name ameliorated in log.c.
- bug #206: in iana_update, no egrep, but awk use.
- ldns snapshot r2699 taken (includes DLV type).
- DLV work, config file element, trust anchor read in.
12 August 2008: Wouter
- finished adjusting testset to provide qtype NS answers.
11 August 2008: Wouter
- Fixup rrset security updates overwriting 2181 trust status.
This makes validated to be insecure data just as worthless as
nonvalidated data, and 2181 rules prevent cache overwrites to them.
- Fix assertion fail on bogus key handling.
- dnssec lameness detection works on first query at trust apex.
- NS queries get proper cache and dnssec lameness treatment.
- fixup compilation without pthreads on linux.
8 August 2008: Wouter
- NS queries are done after every referral.
validator is used on those NS records (if anchors enabled).
7 August 2008: Wouter
- Scrubber more strict. CNAME chains, DNAMEs from cache, other
irrelevant rrsets removed.
- 1.0.2 released from 1.0 support branch.
- fixup update-anchor.sh to work both in BSD shell and bash.
5 August 2008: Wouter
- fixup DS test so apex nodata works again.
4 August 2008: Wouter
- iana port update.
- TODO update.
- fix bug 201: null ptr deref on cleanup while udp pkts wait for port.
- added explanatory text for outgoing-port-permit in manpage.
30 July 2008: Wouter
- fixup bug qtype DS for unsigned zone and signed parent validation.
25 July 2008: Wouter
- added original copyright statement of OpenBSD arc4random code.
- created tube signaling solution on windows, as a pipe replacement.
this makes background asynchronous resolution work on windows.
- removed very insecure socketpair compat code. It also did not
work with event_waiting. Solved by pipe replacement.
- unbound -h prints openssl version number as well.
22 July 2008: Wouter
- moved pipe actions to util/tube.c. easier porting and shared code.
- check _raw() commpoint callbacks with fptr_wlist.
- iana port update.
21 July 2008: Wouter
- #198: nicer entropy warning message. manpage OS hints.
19 July 2008: Wouter
- #198: fixup man page to suggest chroot entropy fix.
18 July 2008: Wouter
- branch for 1.0 support.
- trunk work on tube.c.
17 July 2008: Wouter
- fix bug #196, compile outside source tree.
- fix bug #195, add --with-username=user configure option.
- print error and exit if started with config that requires more
fds than the builtin minievent can handle.
16 July 2008: Wouter
- made svn tag 1.0.1, trunk now 1.0.2
- sha256 checksums enabled in makedist.sh
15 July 2008: Wouter
- Follow draft-ietf-dnsop-default-local-zones-06 added reverse
IPv6 example prefix to AS112 default blocklist.
- fixup lookup of DS records by client with trustanchor for same.
- libunbound ub_resolve, fix handling of error condition during setup.
- lowered log_hex blocksize to fit through BSD syslog linesize.
- no useless initialisation if getpwnam not available.
- iana, ldns snapshot updated.
3 July 2008: Wouter
- Matthijs fixed memory leaks in root hints file reading.
26 June 2008: Wouter
- fixup streamtcp bounds setting for udp mode, in the test framework.
- contrib item for updating trust anchors.
25 June 2008: Wouter
- fixup fwd_ancil test typos.
- Fix for newegg lameness : ok for qtype=A, but lame for others.
- fixup unit test for infra cache, test lame merging.
- porting to mingw, bind, listen, getsockopt and setsockopt error
handling.
24 June 2008: Wouter
- removed testcode/checklocks from production code compilation path.
- streamtcp can use UDP mode (connected UDP socket), for testing IPv6
on windows.
- fwd_ancil test fails if platform support is lacking.
23 June 2008: Wouter
- fixup minitpkg to cleanup on windows with its file locking troubles.
- minitpkg shows skipped tests in report.
- skip ipv6 tests on ipv4 only hosts (requires only ipv6 localhost not
ipv6 connectivity).
- winsock event handler keeps track of sticky TCP events, that have
not been fully handled yet. when interest in the event(s) resumes,
they are sent again. When WOULDBLOCK is returned events are cleared.
- skip tests that need signals when testing on mingw.
18 June 2008: Wouter
- open testbound replay files in binary mode, because fseek/ftell
do not work in ascii-mode on windows. The b does nothing on unix.
unittest and testbound tests work on windows (xp too).
- ioctlsocket prints nicer error message.
- fixed up some TCP porting for winsock.
- lack of IPv6 gives a warning, no fatal error.
- use WSAGetLastError() on windows instead of errno for some errors.
17 June 2008: Wouter
- outgoing num fds 32 by default on windows ; it supports less
fds for waiting on than unixes.
- winsock_event minievent handler for windows. (you could also
attempt to link with libevent/libev ports for windows).
- neater crypto check and gdi32 detection.
- unbound.exe works to resolve and validate www.nlnetlabs.nl on vista.
16 June 2008: Wouter
- on windows, use windows threads, mutex and thread-local-storage(Tls).
- detect if openssl needs gdi32.
- if no threading, THREADS_DISABLED is defined for use in the code.
- sets USE_WINSOCK if using ws2_32 on windows.
- wsa_strerror() function for more readable errors.
- WSA Startup and Cleanup called in unbound.exe.
13 June 2008: Wouter
- port mingw32, more signal ifdefs, detect sleep, usleep,
random, srandom (used inside the tests).
- signed or unsigned FD_SET is cast.
10 June 2008: Wouter
- fixup warnings compiling on eeepc xandros linux.
9 June 2008: Wouter
- in iteration response type code
* first check for SOA record (negative answer) before NS record
and lameness.
* check if no AA bit for non-forwarder, and thus lame zone.
In response to error report by Richard Doty for mail.opusnet.com.
- fixup unput warning from lexer on freeBSD.
- bug#183. pidfile, rundir, and chroot configure options. Also the
example.conf and manual pages get the configured defaults.
You can use: (or accept the defaults to /usr/local/etc/unbound/)
--with-conf-file=filename
--with-pidfile=filename
--with-run-dir=path
--with-chroot-dir=path
8 June 2008: Wouter
- if multiple CNAMEs, use the first one. Fixup akamai CNAME bug.
Reported by Robert Edmonds.
- iana port updated.
4 June 2008: Wouter
- updated libtool files with newer version.
- iana portlist updated.
3 June 2008: Wouter
- fixup local-zone: "30.172.in-addr.arpa." nodefault, so that the
trailing dot is not used during comparison.
2 June 2008: Wouter
- Jelte fixed bugs in my absence
- bug 178: fixed unportable shell usage in configure (relied on
bash shell).
- bug 180: fixed buffer overflow in unbound-checkconf use of strncat.
- bug 181: fixed buffer overflow in ldns (called by unbound to parse
config file parts).
- fixes by Wouter
- bug 177: fixed compilation failure on opensuse, the
--disable-static configure flag caused problems. (Patch from
Klaus Singvogel)
- bug 179: same fix as 177.
- bug 185: --disable-shared not passed along to ldns included with
unbound. Fixed so that configure parameters are passed to the
subdir configure script.
fixed that ./libtool is used always, you can still override
manually with ./configure libtool=mylibtool or set $libtool in
the environment.
- update of the ldns tarball to current ldns svn version (fix 181).
- bug 184: -r option for unbound-host, read resolv.conf for
forwarder. (Note that forwarder must support DNSSEC for validation
to succeed).
23 May 2008: Wouter
- mingw32 porting.
- test for sys/wait.h
- WSAEWOULDBLOCK test after nonblocking TCP connect.
- write_iov_buffer removed: unused and no struct iov on windows.
- signed/unsigned warning fixup mini_event.
- use ioctlsocket to set nonblocking I/O if fnctl is unavailable.
- skip signals that are not defined
- detect pwd.h.
- detect getpwnam, getrlimit, setsid, sbrk, chroot.
- default config has no chroot if chroot() unavailable.
- if no kill() then no pidfile is read or written.
- gmtime_r is replaced by nonthreadsafe alternative if unavail.
used in rrsig time validation errors.
22 May 2008: Wouter
- contrib unbound.spec from Patrick Vande Walle.
- fixup bug#175: call tzset before chroot to have correct timestamps
in system log.
- do not generate lex input and lex unput functions.
- mingw port. replacement functions labelled _unbound.
- fix bug 174 - check for tcp_sigpipe that ldns-testns is installed.
19 May 2008: Wouter
- fedora 9, check in6_pktinfo define in configure.
- CREDITS fixup of history.
- ignore ldns-1.2.2 if installed, use builtin 1.3.0-pre alternative.
16 May 2008: Wouter
- fixup for MacOSX hosts file reading (reported by John Dickinson).
- created 1.0.0 svn tag.
- trunk version 1.0.1.
14 May 2008: Wouter
- accepted patch from Ondrej Sury for library version libtool option.
- configure --disable-rpath fixes up libtool for rpath trouble.
Adapted from debian package patch file.
13 May 2008: Wouter
- Added root ipv6 addresses to builtin root hints.
- TODO modified for post 1.0 plans.
- trunk version set to 1.0.0.
- no unnecessary linking with librt (only when libevent/libev used).
7 May 2008: Wouter
- fixup no-ip4 problem with error callback in outside network.
25 April 2008: Wouter
- DESTDIR is honored by the Makefile for rpms.
- contrib files unbound.spec and unbound.init, builds working RPM
on FC7 Linux, a chrooted caching resolver, and libunbound.
- iana ports update.
24 April 2008: Wouter
- chroot checks improved. working directory relative to chroot.
checks if config file path is inside chroot. Documentation on it.
- nicer example.conf text.
- created 0.11 tag.
23 April 2008: Wouter
- parseunbound.pl contrib update from Kai Storbeck for threads.
- iana ports update
22 April 2008: Wouter
- ignore SIGPIPE.
- unit test for SIGPIPE ignore.
21 April 2008: Wouter
- FEATURES document.
- fixup reread of config file if it was given as a full path
and chroot was used.
16 April 2008: Wouter
- requirements doc, updated clean query returns.
- parseunbound.pl update from Kai Storbeck.
- sunos4 porting changes.
15 April 2008: Wouter
- fixup default rc.d pidfile location to /usr/local/etc.
- iana ports updated.
- copyright updated in ldns-testpkts to keep same as in ldns.
- fixup checkconf chroot tests a bit more, chdir must be inside
chroot dir.
- documented 'gcc: unrecognized -KPIC option' errors on Solaris.
- example.conf values changed to /usr/local/etc/unbound
- DSA test work.
- DSA signatures: unbound is compatible with both encodings found.
It will detect and convert when necessary.
14 April 2008: Wouter
- got update for parseunbound.pl statistics script from Kai Storbeck.
- tpkg tests for udp wait list.
- documented 0x20 status.
- fixup chroot and checkconf, it is much smarter now.
- fixup DSA EVP signature decoding. Solution that Jelte found copied.
- and check first sig byte for the encoding type.
11 April 2008: Wouter
- random port selection out of the configged ports.
- fixup threadsafety for libevent-1.4.3+ (event_base_get_method).
- removed base_port.
- created 256-port ephemeral space for the OS, 59802 available.
- fixup consistency of port_if out array during heavy use.
10 April 2008: Wouter
- --with-libevent works with latest libevent 1.4.99-trunk.
- added log file statistics perl script to contrib.
- automatic iana ports update from makefile. 60058 available.
9 April 2008: Wouter
- configure can detect libev(from its build directory) when passed
--with-libevent=/home/wouter/libev-3.2
libev-3.2 is a little faster than libevent-1.4.3-stable (about 5%).
- unused commpoints not listed in epoll list.
- statistics-cumulative option so that the values are not reset.
- config creates array of available ports, 61841 available,
it excludes <1024 and iana assigned numbers.
config statements to modify the available port numbers.
8 April 2008: Wouter
- unbound tries to set the ulimit fds when started as server.
if that does not work, it will scale back its requirements.
27 March 2008: Wouter
- documented /dev/random symlink from chrootdir as FAQ entry.
26 March 2008: Wouter
- implemented AD bit signaling. If a query sets AD bit (but not DO)
then the AD bit is set in the reply if the answer validated.
Without including DNSSEC signatures. Useful if you have a trusted
path from the client to the resolver. Follows dnssec-updates draft.
25 March 2008: Wouter
- implemented check that for NXDOMAIN and NOERROR answers a query
section must be present in the reply (by the scrubber). And it must
be equal to the question sent, at least lowercase folded.
Previously this feature happened because the cache code refused
to store such messages. However blocking by the scrubber makes
sure nothing gets into the RRset cache. Also, this looks like a
timeout (instead of an allocation failure) and this retries are
done (which is useful in a spoofing situation).
- RTT banding. Band size 400 msec, this makes band around zero (fast)
include unknown servers. This makes unbound explore unknown servers.
7 March 2008: Wouter
- -C config feature for harvest program.
- harvest handles CNAMEs too.
5 March 2008: Wouter
- patch from Hugo Koji Kobayashi for iterator logs spelling.
4 March 2008: Wouter
- From report by Jinmei Tatuya, rfc2181 trust value for remainder
of a cname trust chain is lower; not full answer_AA.
- test for this fix.
- default config file location is /usr/local/etc/unbound.
Thus prefix is used to determine the location. This is also the
chroot and pidfile default location.
3 March 2008: Wouter
- Create 0.10 svn tag.
- 0.11 version in trunk.
- indentation nicer.
29 February 2008: Wouter
- documentation update.
- fixup port to Solaris of perf test tool.
- updated ldns-tarball with decl-after-statement fixes.
28 February 2008: Wouter
- fixed memory leaks in libunbound (during cancellation and wait).
- libunbound returns the answer packet in full.
- snprintf compat update.
- harvest performs lookup.
- ldns-tarball update with fix for ldns_dname_label.
- installs to sbin by default.
- install all manual pages (unbound-host and libunbound too).
27 February 2008: Wouter
- option to use caps for id randomness.
- config file option use-caps-for-id: yes
- harvest debug tool
26 February 2008: Wouter
- delay utility delays TCP as well. If the server that is forwarded
to has a TCP error, the delay utility closes the connection.
- delay does REUSE_ADDR, and can handle a server that closes its end.
- answers use casing from query.
25 February 2008: Wouter
- delay utility works. Gets decent thoughput too (>20000).
22 February 2008: Wouter
- +2% for recursions, if identical queries (except for destination
and query ID) in the reply list, avoid re-encoding the answer.
- removed TODO items for optimizations that do not show up in
profile reports.
- default is now minievent - not libevent. As its faster and
not needed for regular installs, only for very large port ranges.
- loop check different speedup pkt-dname-reading, 1% faster for
nocache-recursion check.
- less hashing during msg parse, 4% for recursion.
- small speed fix for dname_count_size_labels, +1 or +2% recursion.
- some speed results noted:
optimization resulted in +40% for recursion (cache miss) and
+70 to +80 for cache hits, and +96% for version.bind.
zone nsec3 example, 100 NXDOMAIN queries, NSD 35182.8 Ub 36048.4
www.nlnetlabs.nl from cache: BIND 8987.99 Ub 31218.3
www with DO bit set : BIND 8269.31 Ub 28735.6 qps.
So, unbound can be about equal qps to NSD in cache hits.
And about 3.4x faster than BIND in cache performance.
- delay utility for testing.
21 February 2008: Wouter
- speedup of root-delegation message encoding by 15%.
- minor speedup of compress tree_lookup, maybe 1%.
- speedup of dname_lab_cmp and memlowercmp - the top functions in
profiler output, maybe a couple percent when it matters.
20 February 2008: Wouter
- setup speec_cache for need-ldns-testns in dotests.
- check number of queued replies on incoming queries to avoid overload
on that account.
- fptr whitelist checks are not disabled in optimize mode.
- do-daemonize config file option.
- minievent time share initializes time at start.
- updated testdata for nsec3 new algorithm numbers (6, 7).
- small performance test of packet encoding (root delegation).
19 February 2008: Wouter
- applied patch to unbound-host man page from Jan-Piet Mens.
- fix donotquery-localhost: yes default (it erroneously was switched
to default 'no').
- time is only gotten once and the value is shared across unbound.
- unittest cleans up crypto, so that it has no memory leaks.
- mini_event shares the time value with unbound this results in
+3% speed for cache responses and +9% for recursions.
- ldns tarball update with new NSEC3 sign code numbers.
- perform several reads per UDP operation. This improves performance
in DoS conditions, and costs very little in normal conditions.
improves cache response +50%, and recursions +10%.
- modified asynclook test. because the callback from async is not
in any sort of lock (and thus can use all library functions freely),
this causes a tiny race condition window when the last lock is
released for a callback and a new cancel() for that callback.
The only way to remove this is by putting callbacks into some
lock window. I'd rather have the small possibility of a callback
for a cancelled function then no use of library functions in
callbacks. Could be possible to only outlaw process(), wait(),
cancel() from callbacks, by adding another lock, but I'd rather not.
18 February 2008: Wouter
- patch to unbound-host from Jan-Piet Mens.
- unbound host prints errors if fails to configure context.
- fixup perf to resend faster, so that long waiting requests do
not hold up the queue, they become lost packets or SERVFAILs,
or can be sent a little while later (i.e. processing time may
take long, but throughput has to be high).
- fixup iterator operating in no cache conditions (RD flag unset
after a CNAME).
- streamlined code for RD flag setting.
- profiled code and changed dname compares to be faster.
The speedup is about +3% to +8% (depending on the test).
- minievent tests for eintr and eagain.
15 February 2008: Wouter
- added FreeBSD rc.d script to contrib.
- --prefix option for configure also changes directory: pidfile:
and chroot: defaults in config file.
- added cache speed test, for cache size OK and cache too small.
14 February 2008: Wouter
- start without a config file (will complain, but start with
defaults).
- perf test program works.
13 February 2008: Wouter
- 0.9 released.
- 1.0 development. Printout ldns version on unbound -h.
- start of perf tool.
- bugfix to read empty lines from /etc/hosts.
12 February 2008: Wouter
- fixup problem with configure calling itself if ldns-src tarball
is not present.
11 February 2008: Wouter
- changed library to use ub_ instead of ub_val_ as prefix.
- statistics output text nice.
- etc/hosts handling.
- library function to put logging to a stream.
- set any option interface.
8 February 2008: Wouter
- test program for multiple queries over a TCP channel.
- tpkg test for stream tcp queries.
- unbound replies to multiple TCP queries on a TCP channel.
- fixup misclassification of root referral with NS in answer
when validating a nonrec query.
- tag 0.9
- layout of manpages, spelling fix in header, manpages process by
makedist, list asynclook and tcpstream tests as ldns-testns
required.
7 February 2008: Wouter
- moved up all current level 2 to be level 3. And 3 to 4.
to make room for new debug level 2 for detailed information
for operators.
- verbosity level 2. Describes recursion and validation.
- cleaner configure script and fixes for libevent solaris.
- signedness for log output memory sizes in high verbosity.
6 February 2008: Wouter
- clearer explanation of threading configure options.
- fixup asynclook test for nothreading (it creates only one process
to do the extended test).
- changed name of ub_val_result_free to ub_val_resolve_free.
- removes warning message during library linking, renamed
libunbound/unbound.c -> libunbound.c and worker to libworker.
- fallback without EDNS if result is NOTIMPL as well as on FORMERR.
5 February 2008: Wouter
- statistics-interval: seconds option added.
- test for statistics option
- ignore errors making directories, these can occur in parallel builds
- fixup Makefile strip command and libunbound docs typo.
31 January 2008: Wouter
- bg thread/process reads and writes the pipe nonblocking all the time
so that even if the pipe is buffered or so, the bg thread does not
block, and services both pipes and queries.
30 January 2008: Wouter
- check trailing / on chrootdir in checkconf.
- check if root hints and anchor files are in chrootdir.
- no route to host tcp error is verbosity level 2.
- removed unused send_reply_iov. and its configure check.
- added prints of 'remote address is 1.2.3.4 port 53' to errors
from netevent; the basic socket errors.
28 January 2008: Wouter
- fixup uninit use of buffer by libunbound (query id, flags) for
local_zone answers.
- fixup uninit warning from random.c; also seems to fix sporadic
sigFPE coming out of openssl.
- made openssl entropy warning more silent for library use. Needs
verbosity 1 now.
- fixup forgotten locks for rbtree_searches on ctx->query tree.
- random generator cleanup - RND_STATE_SIZE removed, and instead
a super-rnd can be passed at init to chain init random states.
- test also does lock checks if available.
- protect config access in libworker_setup().
- libevent doesn't like comm_base_exit outside of runloop.
- close fds after removing commpoints only (for epoll, kqueue).
25 January 2008: Wouter
- added tpkg for asynclook and library use.
- allows localhost to be queried when as a library.
- fixup race condition between cancel and answer (in case of
really fast answers that beat the cancel).
- please doxygen, put doxygen comment in one place.
- asynclook -b blocking mode and test.
- refactor asynclook, nicer code.
- fixup race problems from opensll in rand init from library, with
a mutex around the rand init.
- fix pass async_id=NULL to _async resolve().
- rewrote _wait() routine, so that it is threadsafe.
- cancelation is threadsafe.
- asynclook extended test in tpkg.
- fixed two races where forked bg process waits for (somehow shared?)
locks, so does not service the query pipe on the bg side.
Now those locks are only held for fg_threads and for bg_as_a_thread.
24 January 2008: Wouter
- tested the cancel() function.
- asynclook -c (cancel) feature.
- fix fail to allocate context actions.
- make pipe nonblocking at start.
- update plane for retry mode with caution to limit bandwidth.
- fix Makefile for concurrent make of unbound-host.
- renamed ub_val_ctx_wait/poll/process/fd to ub_val*.
- new calls to set forwarding added to header and docs.
23 January 2008: Wouter
- removed debug prints from if-auto, verb-algo enables some.
- libunbound QUIT setup, remove memory leaks, when using threads
will share memory for passing results instead of writing it over
the pipe, only writes ID number over the pipe (towards the handler
thread that does process() ).
22 January 2008: Wouter
- library code for async in libunbound/unbound.c.
- fix link testbound.
- fixup exit bug in mini_event.
- background worker query enter and result functions.
- bg query test application asynclook, it looks up multiple
hostaddresses (A records) at the same time.
21 January 2008: Wouter
- libworker work, netevent raw commpoints, write_msg, serialize.
18 January 2008: Wouter
- touch up of manpage for libunbound.
- support for IP_RECVDSTADDR (for *BSD ip4).
- fix for BSD, do not use ip4to6 mapping, make two sockets, once
ip6 and once ip4, uses socket options.
- goodbye ip4to6 mapping.
- update ldns-testpkts with latest version from ldns-trunk.
- updated makedist for relative ldns pathnames.
- library API with more information inside the result structure.
- work on background resolves.
17 January 2008: Wouter
- fixup configure in case -lldns is installed.
- fixup a couple of doxygen warnings, about enum variables.
- interface-automatic now copies the interface address from the
PKT_INFO structure as well.
- manual page with library API, all on one page 'man libunbound'.
- rewrite of PKTINFO structure, it also captures IP4 PKTINFO.
16 January 2008: Wouter
- incoming queries to the server with TC bit on are replied FORMERR.
- interface-automatic replied the wrong source address on localhost
queries. Seems to be due to ifnum=0 in recvmsg PKTINFO. Trying
to use ifnum=-1 to mean 'no interface, use kernel route'.
15 January 2008: Wouter
- interface-automatic feature. experimental. Nice for anycast.
- tpkg test for ip6 ancillary data.
- removed debug prints.
- porting experience, define for Solaris, test refined for BSD
compatibility. The feature probably will not work on OpenBSD.
- makedist fixup for ldns-src in build-dir.
14 January 2008: Wouter
- in no debug sets NDEBUG to remove asserts.
- configure --enable-debug is needed for dependency generation
for assertions and for compiler warnings.
- ldns.tgz updated with ldns-trunk (where buffer.h is updated).
- fix lint, unit test in optimize mode.
- default access control allows ::ffff:127.0.0.1 v6mapped localhost.
11 January 2008: Wouter
- man page, warning removed.
- added text describing the use of stub zones for private zones.
- checkconf tests for bad hostnames (IP address), and for doubled
interface lines.
- memory sizes can be given with 'k', 'Kb', or M or G appended.
10 January 2008: Wouter
- typo in example.conf.
- made using ldns-src that is included the package more portable
by linking with .lo instead of .o files in the ldns package.
- nicer do-ip6: yes/no documentation.
- nicer linking of libevent .o files.
- man pages render correctly on solaris.
9 January 2008: Wouter
- fixup openssl RAND problem, when the system is not configured to
give entropy, and the rng needs to be seeded.
8 January 2008: Wouter
- print median and quartiles with extensive logging.
4 January 2008: Wouter
- document misconfiguration in private network.
2 January 2008: Wouter
- fixup typo in requirements.
- document that 'refused' is a better choice than 'drop' for
the access control list, as refused will stop retries.
7 December 2007: Wouter
- unbound-host has a -d option to show what happens. This can help
with debugging (why do I get this answer).
- fixup CNAME handling, on nodata, sets and display canonname.
- dot removed from CNAME display.
- respect -v for NXDOMAINs.
- updated ldns-src.tar.gz with ldns-trunk today (1.2.2 fixes).
- size_t to int for portability of the header file.
- fixup bogus handling.
- dependencies and lint for unbound-host.
6 December 2007: Wouter
- library resolution works in foreground mode, unbound-host app
receives data.
- unbound-host prints rdata using ldns.
- unbound-host accepts trust anchors, and prints validation
information when you give -v.
5 December 2007: Wouter
- locking in context_new() inside the function.
- setup of libworker.
4 December 2007: Wouter
- minor Makefile fixup.
- moved module-stack code out of daemon/daemon into services/modstack,
preparing for code-reuse.
- move context into own header file.
- context query structure.
- removed unused variable pwd from checkconf.
- removed unused assignment from outside netw.
- check timeval length of string.
- fixup error in val_utils getsigner.
- fixup same (*var) error in netblocktostr.
- fixup memleak on parse error in localzone.
- fixup memleak on packet parse error.
- put ; after union in parser.y.
- small hardening in iter_operate against iq==NULL.
- hardening, if error reply with rcode=0 (noerror) send servfail.
- fixup same (*var) error in find_rrset in msgparse, was harmless.
- check return value of evtimer_add().
- fixup lockorder in lruhash_reclaim(), building up a list of locked
entries one at a time. Instead they are removed and unlocked.
- fptr_wlist for markdelfunc.
- removed is_locked param from lruhash delkeyfunc.
- moved bin_unlock during bin_split purely to please.
3 December 2007: Wouter
- changed checkconf/ to smallapp/ to make room for more support tools.
(such as unbound-host).
- install dirs created with -m 755 because they need to be accessible.
- library extensive featurelist added to TODO.
- please doxygen, lint.
- library test application, with basic functionality.
- fix for building in a subdirectory.
- link lib fix for Leopard.
30 November 2007: Wouter
- makefile that creates libunbound.la, basic file or libunbound.a
when creating static executables (no libtool).
- more API setup.
29 November 2007: Wouter
- 0.9 public API start.
28 November 2007: Wouter
- Changeup plan for 0.8 - no complication needed, a simple solution
has been chosen for authoritative features.
- you can use single quotes in the config file, so it is possible
to specify TXT records in local data.
- fixup small memory problem in implicit transparent zone creation.
- test for implicit zone creation and multiple RR RRsets local data.
- local-zone nodefault test.
- show testbound testlist on commit.
- iterator normalizer changes CNAME chains ending in NXDOMAIN where
the packet got rcode NXDOMAIN into rcode NOERROR. (since the initial
domain exists).
- nicer verbosity: 0 and 1 levels.
- lower nonRDquery chance of eliciting wrongly typed validation
requiring message from the cache.
- fix for nonRDquery validation typing; nodata is detected when
SOA record in auth section (all validation-requiring nodata messages
have a SOA record in authority, so this is OK for the validator),
and NS record is needed to be a referral.
- duplicate checking when adding NSECs for a CNAME, and test.
- created svn tag 0.8, after completing testbed tests.
27 November 2007: Wouter
- per suggestion in rfc2308, replaced default max-ttl value with 1 day.
- set size of msgparse lookup table to 32, from 1024, so that its size
is below the 2048 regional large size threshold, and does not cause
a call to malloc when a message is parsed.
- update of memstats tool to print number of allocation calls.
This is what is taking time (not space) and indicates the avg size
of the allocations as well. region_alloc stat is removed.
22 November 2007: Wouter
- noted EDNS in-the-middle dropping trouble as a TODO.
At this point theoretical, no user trouble has been reported.
- added all default AS112 zones.
- answers from local zone content.
* positive answer, the rrset in question
* nodata answer (exist, but not that type).
* nxdomain answer (domain does not exist).
* empty-nonterminal answer.
* But not: wildcard, nsec, referral, rrsig, cname/dname,
or additional section processing, NS put in auth.
- test for correct working of static and transparent and couple
of important defaults (localhost, as112, reverses).
Also checks deny and refuse settings.
- fixup implicit zone generation and AA bit for NXDOMAIN on localdata.
21 November 2007: Wouter
- local zone internal data setup.
20 November 2007: Wouter
- 0.8 - str2list config support for double string config options.
- local-zone and local-data options, config storage and documentation.
19 November 2007: Wouter
- do not downcase NSEC and RRSIG for verification. Follows
draft-ietf-dnsext-dnssec-bis-updates-06.txt.
- fixup leaking unbound daemons at end of tests.
- README file updated.
- nice libevent not found error.
- README talks about gnu make.
- 0.8: unit test for addr_mask and fixups for it.
and unit test for addr_in_common().
- 0.8: access-control config file element.
and unit test rpl replay file.
- 0.8: fixup address reporting from netevent.
16 November 2007: Wouter
- privilege separation is not needed in unbound at this time.
TODO item marked as such.
- created beta-0.7 branch for support.
- tagged 0.7 for beta release.
- moved trunk to 0.8 for 0.8(auth features) development.
- 0.8: access control list setup.
15 November 2007: Wouter
- review fixups from Jelte.
14 November 2007: Wouter
- testbed script does not recreate configure, since its in svn now.
- fixup checkconf test so that it does not test
/etc/unbound/unbound.conf.
- tag 0.6.
13 November 2007: Wouter
- remove debug print.
- fixup testbound exit when LIBEVENT_SIGNAL_PROBLEM exists.
12 November 2007: Wouter
- fixup signal handling where SIGTERM could be ignored if a SIGHUP
arrives later on.
- bugreports to unbound-bugs@nlnetlabs.nl
- fixup testbound so it exits cleanly.
- cleanup the caches on a reload, so that rrsetID numbers won't clash.
9 November 2007: Wouter
- took ldns snapshot in repo.
- default config file is /etc/unbound/unbound.conf.
If it doesn't exist, it is installed with the doc/example.conf file.
The file is not deleted on uninstall.
- default listening is not all, but localhost interfaces.
8 November 2007: Wouter
- Fixup chroot and drop user privileges.
- new L root ip address in default hints.
1 November 2007: Wouter
- Fixup of crash on reload, due to anchors in env not NULLed after
dealloc during deinit.
- Fixup of chroot call. Happens after privileges are dropped, so
that checking the passwd entry still works.
- minor touch up of clear() hashtable function.
- VERB_DETAIL prints out what chdir, username, chroot is being done.
- when id numbers run out, caches are cleared, as in design notes.
Tested with a mock setup with very few bits in id, it worked.
- harden-dnssec-stripped: yes is now default. It insists on dnssec
data for trust anchors. Included tests for the feature.
31 October 2007: Wouter
- cache-max-ttl config option.
- building outside sourcedir works again.
- defaults more secure:
username: "unbound"
chroot: "/etc/unbound"
The operator can override them to be less secure ("") if necessary.
- fix horrible oversight in sorting rrset references in a message,
sort per reference key pointer, not on referencepointer itself.
- pidfile: "/etc/unbound/unbound.pid" is now the default.
- tests changed to reflect the updated default.
- created hashtable clear() function that respects locks.
30 October 2007: Wouter
- fixup assertion failure that relied on compressed names to be
smaller than uncompressed names. A packet from comrite.com was seen
to be compressed to a larger size. Added it as unit test.
- quieter logging at low verbosity level for common tcp messages.
- no greedy TTL update.
23 October 2007: Wouter
- fixup (grand-)parent problem for dnssec-lameness detection.
- fixup tests to do additional section processing for lame replies,
since the detection needs that.
- no longer trust in query section in reply during dnssec lame detect.
- dnssec lameness does not make the server never ever queried, but
non-preferred. If no other servers exist or answer, the dnssec lame
server is used; the fastest dnssec lame server is chosen.
- added test then when trust anchor cannot be primed (nodata), the
insecure mode from unbound works.
- Fixup max queries per thread, any more are dropped.
22 October 2007: Wouter
- added donotquerylocalhost config option. Can be turned off for
out test cases.
- ISO C compat changes.
- detect RA-no-AA lameness, as LAME.
- DNSSEC-lameness detection, as LAME.
See notes in requirements.txt for choices made.
- tests for lameness detection.
- added all to make test target; need unbound for fwd tests.
- testbound does not pollute /etc/unbound.
19 October 2007: Wouter
- added configure (and its files) to svn, so that the trunk is easier
to use. ./configure, config.guess, config.sub, ltmain.sh,
and config.h.in.
- added yacc/lex generated files, util/configlexer.c,
util/configparser.c util/configparser.h, to svn.
- without lex no attempt to use it.
- unsecure response validation collated into one block.
- remove warning about const cast of cfgfile name.
- outgoing-interfaces can be different from service interfaces.
- ldns-src configure is done during unbound configure and
ldns-src make is done during unbound make, and so inherits the
make arguments from the unbound make invocation.
- nicer error when libevent problem causes instant exit on signal.
- read root hints from a root hint file (like BIND does).
18 October 2007: Wouter
- addresses are logged with errors.
- fixup testcode fake event to remove pending before callback
since the callback may create new pending items.
- tests updated because retries are now in iterator module.
- ldns-testpkts code is checked for differences between unbound
and ldns by makedist.sh.
- ldns trunk from today added in svn repo for fallback in case
no ldns is installed on the system.
make download_ldns refreshes the tarball with ldns svn trunk.
- ldns-src.tar.gz is used if no ldns is found on the system, and
statically linked into unbound.
- start of regional allocator code.
- regional uses less memory and variables, simplified code.
- remove of region-allocator.
- alloc cache keeps a cache of recently released regional blocks,
up to a maximum.
- make unit test cleanly free memory.
17 October 2007: Wouter
- fixup another cycle detect and ns-addr timeout resolution bug.
This time by refusing delegations from the cache without addresses
when resolving a mandatory-glue nameserver-address for that zone.
We're going to have to ask a TLD server anyway; might as well be
the TLD server for this name. And this resolves a lot of cases where
the other nameserver names lead to cycles or are not available.
- changed random generator from random(3) clone to arc4random wrapped
for thread safety. The random generator is initialised with
entropy from the system.
- fix crash where failure to prime DNSKEY tried to print null pointer
in the log message.
- removed some debug prints, only verb_algo (4) enables them.
- fixup test; new random generator took new paths; such as one
where no scripted answer was available.
- mark insecure RRs as insecure.
- fixup removal of nonsecure items from the additional.
- reduced timeout values to more realistic, 376 msec (262 msec has
90% of roundtrip times, 512 msec has 99% of roundtrip times.)
- server selection failover to next server after timeout (376 msec).
16 October 2007: Wouter
- no malloc in log_hex.
- assertions around system calls.
- protect against gethostname without ending zero.
- ntop output is null terminated by unbound.
- pidfile content null termination
- various snprintf use sizeof(stringbuf) instead of fixed constant.
- changed loopdetect % 8 with & 0x7 since % can become negative for
weird negative input and particular interpretation of integer math.
- dname_pkt_copy checks length of result, to protect result buffers.
prints an error, this should not happen. Bad strings should have
been rejected earlier in the program.
- remove a size_t underflow from msgreply size func.
15 October 2007: Wouter
- nicer warning.
- fix IP6 TCP, wrong definition check. With test package.
- fixup the fact that the query section was not compressed to,
the code was there but was called by value instead of by reference.
And test for the case, uses xxd and nc.
- more portable ip6 check for sockaddr types.
8 October 2007: Wouter
- --disable-rpath option in configure for 64bit systems with
several dynamic lib dirs.
7 October 2007: Wouter
- fixup tests for no AD bit in non-DO queries.
- test that makes sure AD bit is not set on non-DO query.
6 October 2007: Wouter
- removed logfile open early. It did not have the proper permissions;
it was opened as root instead of the user. And we cannot change user
id yet, since chroot and bind ports need to be done.
- callback checks for event callbacks done from mini_event. Because
of deletions cannot do this from netevent. This means when using
libevent the protection does not work on event-callbacks.
- fixup too small reply (did not zero counts).
- fixup reply no longer AD bit when query without DO bit.
5 October 2007: Wouter
- function pointer whitelist.
4 October 2007: Wouter
- overwrite sensitive random seed value after use.
- switch to logfile very soon if not -d (console attached).
- error messages do not reveal the trustanchor contents.
- start work on function pointer whitelists.
3 October 2007: Wouter
- fix for multiple empty nonterminals, after multiple DSes in the
chain of trust.
- mesh checks if modules are looping, and stops them.
- refetch with CNAMEd nameserver address regression test added.
- fixup line count bug in testcode, so testbound prints correct line
number with parse errors.
- unit test for multiple ENT case.
- fix for cname out of validated unsec zone.
- fixup nasty id=0 reuse. Also added assertions to detect its
return (the assertion catches in the existing test cases).
1 October 2007: Wouter
- skip F77, CXX, objC tests in configure step.
- fixup crash in refetch glue after a CNAME.
and protection against similar failures (with error print).
28 September 2007: Wouter
- test case for unbound-checkconf, fixed so it also checks the
interface: statements.
26 September 2007: Wouter
- SIGHUP will reopen the log file.
- Option to log to syslog.
- please lint, fixup tests (that went to syslog on open, oops).
- config check program.
25 September 2007: Wouter
- tests for NSEC3. Fixup bitmap checks for NSEC3.
- positive ANY response needs to check if wildcard expansion, and
check that original data did not exist.
- tests for NSEC3 that wrong use of OPTOUT is bad. For insecure
delegation, for abuse of child zone apex nsec3.
- create 0.5 release tag.
24 September 2007: Wouter
- do not make test programs by default.
- But 'make test' will perform all of the tests.
- Advertise builtin select libevent alternative when no libevent
is found.
- signit can generate NSEC3 hashes, for generating tests.
- multiple nsec3 paramaters in message test.
- too high nsec3 iterations becomes insecure test.
21 September 2007: Wouter
- fixup empty_DS_name allocated in wrong region (port DEC Alpha).
- fixup testcode lock safety (port FreeBSD).
- removes subscript has type char warnings (port Solaris 9).
- fixup of field with format type to int (port MacOS/X intel).
- added test for infinite loop case in nonRD answer validation.
It was a more general problem, but hard to reproduce. When an
unsigned rrset is being validated and the key fetched, the DS
sequence is followed, but if the final name has no DS, then no
proof is possible - the signature has been stripped off.
20 September 2007: Wouter
- fixup and test for NSEC wildcard with empty nonterminals.
- makedist.sh fixup for svn info.
- acl features request in plan.
- improved DS empty nonterminal handling.
- compat with ANS nxdomain for empty nonterminals. Attempts the nodata
proof anyway, which succeeds in ANS failure case.
- striplab protection in case it becomes -1.
- plans for static and blacklist config.
19 September 2007: Wouter
- comments about non-packed usage.
- plan for overload support in 0.6.
- added testbound tests for a failed resolution from the logs
and for failed prime when missing glue.
- fixup so useless delegation points are not returned from the
cache. Also the safety belt is used if priming fails to complete.
- fixup NSEC rdata not to be lowercased, bind compat.
18 September 2007: Wouter
- wildcard nsec3 testcases, and fixup to get correct wildcard name.
- validator prints subtype classification for debug.
17 September 2007: Wouter
- NSEC3 hash cache unit test.
- validator nsec3 nameerror test.
14 September 2007: Wouter
- nsec3 nodata proof, nods proof, wildcard proof.
- nsec3 support for cname chain ending in noerror or nodata.
- validator calls nsec3 proof routines if no NSECs prove anything.
- fixup iterator bug where it stored the answer to a cname under
the wrong qname into the cache. When prepending the cnames, the
qname has to be reset to the original qname.
13 September 2007: Wouter
- nsec3 find matching and covering, ce proof, prove namerror msg.
12 September 2007: Wouter
- fixup of manual page warnings, like for NSD bugreport.
- nsec3 work, config, max iterations, filter, and hash cache.
6 September 2007: Wouter
- fixup to find libevent on mac port install.
- fixup size_t vs unsigned portability in validator/sigcrypt.
- please compiler on different platforms, for unreachable code.
- val_nsec3 file.
- pthread_rwlock type is optional, in case of old pthread libs.
5 September 2007: Wouter
- cname, name error validator tests.
- logging of qtype ANY works.
- ANY type answers get RRSIG in answer section of replies (but not
in other sections, unless DO bit is on).
- testbound can replay a TCP query (set MATCH TCP in the QUERY).
- DS and noDS referral validation test.
- if you configure many trust anchors, parent trust anchors can
securely deny existance of child trust anchors, if validated.
- not all *.name NSECs are present because a wildcard was matched,
and *.name NSECs can prove nodata for empty nonterminals.
Also, for wildcard name NSECs, check they are not from the parent
zone (for wildcarded zone cuts), and check absence of CNAME bit,
for a nodata proof.
- configure option for memory allocation debugging.
- port configure option for memory allocation to solaris10.
4 September 2007: Wouter
- fixup of Leakage warning when serviced queries processed multiple
callbacks for the same query from the same server.
- testbound removes config file from /tmp on failed exit.
- fixup for referral cleanup of the additional section.
- tests for cname, referral validation.
- neater testbound tpkg output.
- DNAMEs no longer match their apex when synthesized from the cache.
- find correct signer name for DNAME responses.
- wildcarded DNAME test and fixup code to detect.
- prepend NSEC and NSEC3 rrsets in the iterator while chasing CNAMEs.
So that wildcarded CNAMEs get their NSEC with them to the answer.
- test for a CNAME to a DNAME to a CNAME to an answer, all from
different domains, for key fetching and signature checking of
CNAME'd messages.
3 September 2007: Wouter
- Fixed error in iterator that would cause assertion failure in
validator. CNAME to a NXDOMAIN response was collated into a response
with both a CNAME and the NXDOMAIN rcode. Added a test that the
rcode is changed to NOERROR (because of the CNAME).
- timeout on tcp does not lead to spurious leakage detect.
- account memory for name of lame zones, so that memory leakages does
not show lame cache growth as a leakage growth.
- config setting for lameness cache expressed in bytes, instead of
number of entries.
- tool too summarize allocations per code line.
31 August 2007: Wouter
- can read bind trusted-keys { ... }; files, in a compatibility mode.
- iterator should not detach target queries that it still could need.
the protection against multiple outstanding queries is moved to a
current_query num check.
- validator nodata, positive, referral tests.
- dname print can print '*' wildcard.
30 August 2007: Wouter
- fixup override date config option.
- config options to control memory usage.
- caught bad free of un-alloced data in worker_send error case.
- memory accounting for key cache (trust anchors and temporary cache).
- memory accounting fixup for outside network tcp pending waits.
- memory accounting fixup for outside network tcp callbacks.
- memory accounting for iterator fixed storage.
- key cache size and slabs config options.
- lib crypto cleanups at exit.
29 August 2007: Wouter
- test tool to sign rrsets for testing validator with.
- added RSA and DSA test keys, public and private pairs, 512 bits.
- default configuration is with validation enabled.
Only a trust-anchor needs to be configured for DNSSEC to work.
- do not convert to DER for DSA signature verification.
- validator replay test file, for a DS to DNSKEY DSA key prime and
positive response.
28 August 2007: Wouter
- removed double use for udp buffers, that could fail,
instead performs a malloc to do the backup.
- validator validates referral messages, by validating all the rrsets
and stores the rrsets in the cache. Further referral (nonRD queries)
replies are made from the rrset cache directly. Unless unchecked
rrsets are encountered, there are then validated.
- enforce that signing is done by a parent domain (or same domain).
- adjust TTL downwards if rrset TTL bigger than signature allows.
- permissive mode feature, sets AD bit for secure, but bogus does
not give servfail (bogus is changed into indeterminate).
- optimization of rrset verification. rr canonical sorting is reused,
for the same rrset. canonical rrset image in buffer is reused for
the same signature.
- if the rrset is too big (64k exactly + large owner name) the
canonicalization routine will fail if it does not fit in buffer.
- faster verification for large sigsets.
- verb_detail mode reports validation failures, but not the entire
algorithm for validation. Key prime failures are reported as
verb_ops level.
27 August 2007: Wouter
- do not garble the edns if a cache answer fails.
- answer norecursive from cache if possible.
- honor clean_additional setting when returning secure non-recursive
referrals.
- do not store referral in msg cache for nonRD queries.
- store verification status in the rrset cache to speed up future
verification.
- mark rrsets indeterminate and insecure if they are found to be so.
and store this in the cache.
24 August 2007: Wouter
- message is bogus if unsecure authority rrsets are present.
- val-clean-additional option, so you can turn it off.
- move rrset verification out of the specific proof types into one
routine. This makes the proof routines prettier.
- fixup cname handling in validator, cname-to-positive and cname-to-
nodata work.
- Do not synthesize DNSKEY and DS responses from the rrset cache if
the rrset is from the additional section. Signatures may have
fallen off the packet, and cause validation failure.
- more verbose signature date errors (with the date attached).
- increased default infrastructure cache size. It is important for
performance, and 1000 entries are only 212k (or a 400 k total cache
size). To 10000 entries (for 2M entries, 4M cache size).
23 August 2007: Wouter
- CNAME handling - move needs_validation to before val_new().
val_new() setups the chase-reply to be an edited copy of the msg.
new classification, and find signer can find for it.
removal of unsigned crap from additional, and query restart for
cname.
- refuse to follow wildcarded DNAMEs when validating.
But you can query for qtype ANY, or qtype DNAME and validate that.
22 August 2007: Wouter
- bogus TTL.
- review - use val_error().
21 August 2007: Wouter
- ANY response validation.
- store security status in cache.
- check cache security status and either send the query to be
validated, return the query to client, or send servfail to client.
Sets AD bit on validated replies.
- do not examine security status on an error reply in mesh_done.
- construct DS, DNSKEY messages from rrset cache.
- manual page entry for override-date.
20 August 2007: Wouter
- validate and positive validation, positive wildcard NSEC validation.
- nodata validation, nxdomain validation.
18 August 2007: Wouter
- process DNSKEY response in FINDKEY state.
17 August 2007: Wouter
- work on DS2KE routine.
- val_nsec.c for validator NSEC proofs.
- unit test for NSEC bitmap reading.
- dname iswild and canonical_compare with unit tests.
16 August 2007: Wouter
- DS sig unit test.
- latest release libevent 1.3c and 1.3d have threading fixed.
- key entry fixup data pointer and ttl absolute.
- This makes a key-prime succeed in validator, with DS or DNSKEY as
trust-anchor.
- fixup canonical compare byfield routine, fix bug and also neater.
- fixed iterator response type classification for queries of type
ANY and NS.
dig ANY gives sometimes NS rrset in AN and NS section, and parser
removes the NS section duplicate. dig NS gives sometimes the NS
in the answer section, as referral.
- validator FINDKEY state.
15 August 2007: Wouter
- crypto calls to verify signatures.
- unit test for rrsig verification.
14 August 2007: Wouter
- default outgoing ports changed to avoid port 2049 by default.
This port is widely blocked by firewalls.
- count infra lameness cache in memory size.
- accounting of memory improved
- outbound entries are allocated in the query region they are for.
- extensive debugging for memory allocations.
- --enable-lock-checks can be used to enable lock checking.
- protect undefs in config.h from autoheaders ministrations.
- print all received udp packets. log hex will print on multiple
lines if needed.
- fixed error in parser with backwards rrsig references.
- mark cycle targets for iterator did not have CD flag so failed
its task.
13 August 2007: Wouter
- fixup makefile, if lexer is missing give nice error and do not
mess up the dependencies.
- canonical compare routine updated.
- canonical hinfo compare.
- printout list of the queries that the mesh is working on.
10 August 2007: Wouter
- malloc and free overrides that track total allocation and frees.
for memory debugging.
- work on canonical sort.
9 August 2007: Wouter
- canonicalization, signature checks
- dname signature label count and unit test.
- added debug heap size print to memory printout.
- typo fixup in worker.c
- -R needed on solaris.
- validator override option for date check testing.
8 August 2007: Wouter
- ldns _raw routines created (in ldns trunk).
- sigcrypt DS digest routines
- val_utils uses sigcrypt to perform signature cryptography.
- sigcrypt keyset processing
7 August 2007: Wouter
- security status type.
- security status is copied when rdata is equal for rrsets.
- rrset id is updated to invalidate all the message cache entries
that refer to NSEC, NSEC3, DNAME rrsets that have changed.
- val_util work
- val_sigcrypt file for validator signature checks.
6 August 2007: Wouter
- key cache for validator.
- moved isroot and dellabel to own dname routines, with unit test.
3 August 2007: Wouter
- replanning.
- scrubber check section of lame NS set.
- trust anchors can be in config file or read from zone file,
DS and DNSKEY entries.
- unit test trust anchor storage.
- trust anchors converted to packed rrsets.
- key entry definition.
2 August 2007: Wouter
- configure change for latest libevent trunk version (needs -lrt).
- query_done and walk_supers are moved out of module interface.
- fixup delegation point duplicates.
- fixup iterator scrubber; lame NS set is let through the scrubber
so that the classification is lame.
- validator module exists, and does nothing but pass through,
with calling of next module and return.
- validator work.
1 August 2007: Wouter
- set version to 0.5
- module work for module to module interconnections.
- config of modules.
- detect cycle takes flags.
31 July 2007: Wouter
- updated plan
- release 0.4 tag.
30 July 2007: Wouter
- changed random state init, so that sequential process IDs are not
cancelled out by sequential thread-ids in the random number seed.
- the fwd_three test, which sends three queries to unbound, and
unbound is kept waiting by ldns-testns for 3 seconds, failed
because the retry timeout for default by unbound is 3 seconds too,
it would hit that timeout and fail the test. Changed so that unbound
is kept waiting for 2 seconds instead.
27 July 2007: Wouter
- removed useless -C debug option. It did not work.
- text edit of documentation.
- added doc/CREDITS file, referred to by the manpages.
- updated planning.
26 July 2007: Wouter
- cycle detection, for query state dependencies. Will attempt to
circumvent the cycle, but if no other targets available fails.
- unit test for AXFR, IXFR response.
- test for cycle detection.
25 July 2007: Wouter
- testbound read ADDRESS and check it.
- test for version.bind and friends.
- test for iterator chaining through several referrals.
- test and fixup for refetch for glue. Refetch fails if glue
is still not provided.
24 July 2007: Wouter
- Example section in config manual.
- Addr stored for range and moment in replay.
20 July 2007: Wouter
- Check CNAME chain before returning cache entry with CNAMEs.
- Option harden-glue, default is on. It will discard out of zone
data. If disabled, performance is faster, but spoofing attempts
become a possibility. Note that still normalize scrubbing is done,
and that the potentially spoofed data is used for infrastructure
and not returned to the client.
- if glue times out, refetch by asking parent of delegation again.
Much like asking for DS at the parent side.
- TODO items from forgery-resilience draft.
and on memory handling improvements.
- renamed module_event_timeout to module_event_noreply.
- memory reporting code; reports on memory usage after handling
a network packet (not on cache replies).
19 July 2007: Wouter
- shuffle NS selection when getting nameserver target addresses.
- fixup of deadlock warnings, yield cpu in checklock code so that
freebsd scheduler selects correct process to run.
- added identity and version config options and replies.
- store cname messages complete answers.
18 July 2007: Wouter
- do not query addresses, 127.0.0.1, and ::1 by default.
17 July 2007: Wouter
- forward zone options in config file.
- forward per zone in iterator. takes precendence over stubs.
- fixup commithooks.
- removed forward-to and forward-to-port features, subsumed by
new forward zones.
- fix parser to handle absent server: clause.
- change untrusted rrset test to account for scrubber that is now
applied during the test (which removes the poison, by the way).
- feature, addresses can be specified with @portnumber, like nsd.conf.
- test config files changed over to new forwarder syntax.
27 June 2007: Wouter
- delete of mesh does a postorder traverse of the tree.
- found and fixed a memory leak. For TTL=0 messages, that would
not be cached, instead the msg-replyinfo structure was leaked.
- changed server selection so it will filter out hosts that are
unresponsive. This is defined as a host with the maximum rto value.
This means that unbound tried the host for retries up to 120 secs.
The rto value will time out after host-ttl seconds from the cache.
This keeps such unresolvable queries from taking up resources.
- utility for keeping histogram.
26 June 2007: Wouter
- mesh is called by worker, and iterator uses it.
This removes the hierarchical code.
QueryTargets state and Finished state are merged for iterator.
- forwarder mode no longer sets AA bit on first reply.
- rcode in walk_supers is not needed.
25 June 2007: Wouter
- more mesh work.
- error encode routine for ease.
22 June 2007: Wouter
- removed unused _node iterator value from rbtree_t. Takes up space.
- iterator can handle querytargets state without a delegation point
set, so that a priming(stub) subquery error can be handled.
- iterator stores if it is priming or not.
- log_query_info() neater logging.
- changed iterator so that it does not alter module_qstate.qinfo
but keeps a chase query info. Also query_flags are not altered,
the iterator uses chase_flags.
- fixup crash in case no ports for the family exist.
21 June 2007: Wouter
- Fixup secondary buffer in case of error callback.
- cleanup slumber list of runnable states.
- module_subreq_depth fails to work in slumber list.
- fixup query release for cached results to sub targets.
- neater error for tcp connection failure, shows addr in verbose.
- rbtree_init so that it can be used with preallocated memory.
20 June 2007: Wouter
- new -C option to enable coredumps after forking away.
- doc update.
- fixup CNAME generation by scrubber, and memory allocation of it.
- fixup deletion of serviced queries when all callbacks delete too.
- set num target queries to 0 when you move them to slumber list.
- typo in check caused subquery errors to be ignored, fixed.
- make lint happy about rlim_t.
- freeup of modules after freeup of module-states.
- duplicate replies work, this uses secondary udp buffer in outnet.
19 June 2007: Wouter
- nicer layout in stats.c, review 0.3 change.
- spelling improvement, review 0.3 change.
- uncapped timeout for server selection, so that very fast or slow
servers will stand out from the rest.
- target-fetch-policy: "3 2 1 0 0" config setting.
- fixup queries answered without RD bit (for root prime results).
- refuse AXFR and IXFR requests.
- fixup RD flag in error reply from iterator. fixup RA flag from
worker error reply.
- fixup encoding of very short edns buffer sizes, now sets TC bit.
- config options harden-short-bufsize and harden-large-queries.
18 June 2007: Wouter
- same, move subqueries to slumber list when first has resolved.
- fixup last fix for duplicate callbacks.
- another offbyone in targetcounter. Also in Java prototype by the way.
15 June 2007: Wouter
- if a query asks to be notified of the same serviced query result
multiple times, this will succeed. Only one callback will happen;
multiple outbound-list entries result (but the double cleanup of it
will not matter).
- when iterator moves on due to CNAME or referral, it will remove
the subqueries (for other targets). These are put on the slumber
list.
- state module wait subq is OK with no new subqs, an old one may have
stopped, with an error, and it is still waiting for other ones.
- if a query loops, halt entire query (easy way to clean up properly).
14 June 2007: Wouter
- num query targets was > 0 , not >= 0 compared, so that fetch
policy of 0 did nothing.
13 June 2007: Wouter
- debug option: configure --enable-static-exe for compile where
ldns and libevent are linked statically. Default is off.
- make install and make uninstall. Works with static-exe and without.
installation of unbound binary and manual pages.
- alignement problem fix on solaris 64.
- fixup address in case of TCP error.
12 June 2007: Wouter
- num target queries was set to 0 at a bad time. Default it to 0 and
increase as target queries are done.
- synthesize CNAME and DNAME responses from the cache.
- Updated doxygen config for doxygen 1.5.
- aclocal newer version.
- doxygen 1.5 fixes for comments (for the strict check on docs).
11 June 2007: Wouter
- replies on TCP queries have the address field set in replyinfo,
for serviced queries, because the initiator does not know that
a TCP fallback has occured.
- omit DNSSEC types from nonDO replies, except if qtype is ANY or
if qtype directly queries for the type (and then only show that
'unknown type' in the answer section).
- fixed message parsing where rrsigs on their own would be put
in the signature list over the rrsig type.
7 June 2007: Wouter
- fixup error in double linked list insertion for subqueries and
for outbound list of serviced queries for iterator module.
- nicer printout of outgoing port selection.
- fixup cname target readout.
- nicer debug output.
- fixup rrset counts when prepending CNAMEs to the answer.
- fixup rrset TTL for prepended CNAMEs.
- process better check for looping modules, and which submodule to
run next.
- subreq insertion code fixup for slumber list.
- VERB_DETAIL, verbosity: 2 level gives short but readable output.
VERB_ALGO, verbosity: 3 gives extensive output.
- fixup RA bit in cached replies.
- fixup CNAME responses from the cache no longer partial response.
- error in network send handled without leakage.
- enable ip6 from config, and try ip6 addresses if available,
if ip6 is not connected, skips to next server.
5 June 2007: Wouter
- iterator state finished.
- subrequests without parent store in cache and stop.
- worker slumber list for ongoing promiscuous queries.
- subrequest error handling.
- priming failure returns SERVFAIL.
- priming gives LAME result, returns SERVFAIL.
- debug routine to print dns_msg as handled by iterator.
- memleak in config file stubs fixup.
- more small bugs, in scrubber, query compare no ID for lookup,
in dname validation for NS targets.
- sets entry.key for new special allocs.
- lognametypeclass can display unknown types and classes.
4 June 2007: Wouter
- random selection of equally preferred nameserver targets.
- reply info copy routine. Reuses existing code.
- cache lameness in response handling.
- do not touch qstate after worker_process_query because it may have
been deleted by that routine.
- Prime response state.
- Process target response state.
- some memcmp changed to dname_compare for case preservation.
1 June 2007: Wouter
- normalize incoming messages. Like unbound-java, with CNAME chain
checked, DNAME checked, CNAME's synthesized, glue checked.
- sanitize incoming messages.
- split msgreply encode functions into own file msgencode.c.
- msg_parse to queryinfo/replyinfo conversion more versatile.
- process_response, classify response, delegpt_from_message.
31 May 2007: Wouter
- querytargets state.
- dname_subdomain_c() routine.
- server selection, based on RTT. ip6 is filtered out if not available,
and lameness is checked too.
- delegation point copy routine.
30 May 2007: Wouter
- removed FLAG_CD from message and rrset caches. This was useful for
an agnostic forwarder, but not for a sophisticated (trust value per
rrset enabled) cache.
- iterator reponse typing.
- iterator cname handle.
- iterator prime start.
- subquery work.
- processInitRequest and processInitRequest2.
- cache synthesizes referral messages, with DS and NSEC.
- processInitRequest3.
- if a request creates multiple subrequests these are all activated.
29 May 2007: Wouter
- routines to lock and unlock array of rrsets moved to cache/rrset.
- lookup message from msg cache (and copy to region).
- fixed cast error in dns msg lookup.
- message with duplicate rrset does not increase its TTLs twice.
- 'qnamesize' changed to 'qname_len' for similar naming scheme.
25 May 2007: Wouter
- Acknowledge use of unbound-java code in iterator. Nicer readme.
- services/cache/dns.c DNS Cache. Hybrid cache uses msgcache and
rrset cache from module environment.
- packed rrset key has type and class as easily accessable struct
members. They are still kept in network format for fast msg encode.
- dns cache find_delegation routine.
- iterator main functions setup.
- dns cache lookup setup.
24 May 2007: Wouter
- small changes to prepare for subqueries.
- iterator forwarder feature separated out.
- iterator hints stub code, config file stub code, so that first
testing can proceed locally.
- replay tests now have config option to enable forwarding mode.
23 May 2007: Wouter
- outside network does precise timers for roundtrip estimates for rtt
and for setting timeout for UDP. Pending_udp takes milliseconds.
- cleaner iterator sockaddr conversion of forwarder address.
- iterator/iter_utils and iter_delegpt setup.
- root hints.
22 May 2007: Wouter
- outbound query list for modules and support to callback with the
outbound entry to the module.
- testbound support for new serviced queries.
- test for retry to TCP cannot use testbound any longer.
- testns test for EDNS fallback, test for TCP fallback already exists.
- fixes for no-locking compile.
- mini_event timer precision and fix for change in timeouts during
timeout callback. Fix for fwd_three tests, performed nonexit query.
21 May 2007: Wouter
- small comment on hash table locking.
- outside network serviced queries, contain edns and tcp fallback,
and udp retries and rtt timing.
16 May 2007: Wouter
- lruhash_touch() would cause locking order problems. Fixup in
lock-verify in case locking cycle is found.
- services/cache/rrset.c for rrset cache code.
- special rrset_cache LRU updating function that uses the rrset id.
- no dependencies calculation when make clean is called.
- config settings for infra cache.
- daemon code slightly cleaner, only creates caches once.
15 May 2007: Wouter
- host cache code.
- unit test for host cache.
14 May 2007: Wouter
- Port to OS/X and Dec Alpha. Printf format and alignment fixes.
- extensive lock debug report on join timeout.
- proper RTT calculation, in utility code.
- setup of services/cache/infra, host cache.
11 May 2007: Wouter
- iterator/iterator.c module.
- fixup to pass reply_info in testcode and in netevent.
10 May 2007: Wouter
- created release-0.3 svn tag.
- util/module.h
- fixed compression - no longer compresses root name.
9 May 2007: Wouter
- outside network cleans up waiting tcp queries on exit.
- fallback to TCP.
- testbound replay with retry in TCP mode.
- tpkg test for retry in TCP mode, against ldns-testns server.
- daemon checks max number of open files and complains if not enough.
- test where data expires in the cache.
- compiletests: fixed empty body ifstatements in alloc.c, in case
locks are disabled.
8 May 2007: Wouter
- outgoing network keeps list of available tcp buffers for outgoing
tcp queries.
- outgoing-num-tcp config option.
- outgoing network keeps waiting list of queries waiting for buffer.
- netevent supports outgoing tcp commpoints, nonblocking connects.
7 May 2007: Wouter
- EDNS read from query, used to make reply smaller.
- advertised edns value constants.
- EDNS BADVERS response, if asked for too high edns version.
- EDNS extended error reponses once the EDNS record from the query
has successfully been parsed.
4 May 2007: Wouter
- msgreply sizefunc is more accurate.
- config settings for rrset cache size and slabs.
- hashtable insert takes argument so that a thread can use its own
alloc cache to store released keys.
- alloc cache special_release() locks if necessary.
- rrset trustworthiness type added.
- thread keeps a scratchpad region for handling messages.
- writev used in netevent to write tcp length and data after another.
This saves a roundtrip on tcp replies.
- test for one rrset updated in the cache.
- test for one rrset which is not updated, as it is not deemed
trustworthy enough.
- test for TTL refreshed in rrset.
3 May 2007: Wouter
- fill refs. Use new parse and encode to answer queries.
- stores rrsets in cache.
- uses new msgreply format in cache.
2 May 2007: Wouter
- dname unit tests in own file and spread out neatly in functions.
- more dname unit tests.
- message encoding creates truncated TC flagged messages if they do
not fit, and will leave out (whole)rrsets from additional if needed.
1 May 2007: Wouter
- decompress query section, extremely lenient acceptance.
But only for answers from other servers, not for plain queries.
- compression and decompression test cases.
- some stats added.
- example.conf interface: line is changed from 127.0.0.1 which leads
to problems if used (restricting communication to the localhost),
to a documentation and test address.
27 April 2007: Wouter
- removed iov usage, it is not good for dns message encoding.
- owner name compression more optimal.
- rrsig owner name compression.
- rdata domain name compression.
26 April 2007: Wouter
- floating point exception fix in lock-verify.
- lint uses make dependency
- fixup lint in dname owner domain name compression code.
- define for offset range that can be compressed to.
25 April 2007: Wouter
- prettier code; parse_rrset->type kept in host byte order.
- datatype used for hashvalue of converted rrsig structure.
- unit test compares edns section data too.
24 April 2007: Wouter
- ttl per RR, for RRSIG rrsets and others.
- dname_print debug function.
- if type is not known, size calc will skip DNAME decompression.
- RRSIG parsing and storing and putting in messages.
- dnssec enabled unit tests (from nlnetlabs.nl and se queries).
- EDNS extraction routine.
20 April 2007: Wouter
- code comes through all of the unit tests now.
- disabled warning about spurious extra data.
- documented the RRSIG parse plan in msgparse.h.
- rrsig reading and outputting.
19 April 2007: Wouter
- fix unit test to actually to tests.
- fix write iov helper, and fakevent code.
- extra builtin testcase (small packet).
- ttl converted to network format in packets.
- flags converted correctly
- rdatalen off by 2 error fixup.
- uses less iov space for header.
18 April 2007: Wouter
- review of msgparse code.
- smaller test cases.
17 April 2007: Wouter
- copy and decompress dnames.
- store calculated hash value too.
- routine to create message out of stored information.
- util/data/msgparse.c for message parsing code.
- unit test, and first fixes because of test.
* forgot rrset_count addition.
* did & of ptr on stack for memory position calculation.
* dname_pkt_copy forgot to read next label length.
- test from file and fixes
* double frees fixed in error conditions.
* types with less than full rdata allowed by parser.
Some dynamic update packets seem to use it.
16 April 2007: Wouter
- following a small change in LDNS, parsing code calculates the
memory size to allocate for rrs.
- code to handle ID creation.
13 April 2007: Wouter
- parse routines. Code that parses rrsets, rrs.
12 April 2007: Wouter
- dname compare routine that preserves case, with unit tests.
11 April 2007: Wouter
- parse work - dname packet parse, msgparse, querysection parse,
start of sectionparse.
10 April 2007: Wouter
- Improved alignment of reply_info packet, nice for 32 and 64 bit.
- Put RRset counts in reply_info, because the number of RRs can change
due to RRset updates.
- import of region-allocator code from nsd.
- set alloc special type to ub_packed_rrset_key.
Uses lruhash entry overflow chain next pointer in alloc cache.
- doxygen documentation for region-allocator.
- setup for parse scratch data.
5 April 2007: Wouter
- discussed packed rrset with Jelte.
4 April 2007: Wouter
- moved to version 0.3.
- added util/data/dname.c
- layout of memory for rrsets.
3 April 2007: Wouter
- detect sign of msghdr.msg_iovlen so that the cast to that type
in netevent (which is there to please lint) can be correct.
The type on several OSes ranges from int, int32, uint32, size_t.
Detects unsigned or signed using math trick.
- constants for DNS flags.
- compilation without locks fixup.
- removed include of unportable header from lookup3.c.
- more portable use of struct msghdr.
- casts for printf warning portability.
- tweaks to tests to port them to the testbed.
- 0.2 tag created.
2 April 2007: Wouter
- check sizes of udp received messages, not too short.
- review changes. Some memmoves can be memcpys: 4byte aligned.
set id correctly on cached answers.
- review changes msgreply.c, memleak on error condition. AA flag
clear on cached reply. Lowercase queries on hashing.
unit test on lowercasing. Test AA bit not set on cached reply.
Note that no TTLs are managed.
29 March 2007: Wouter
- writev or sendmsg used when answering from cache.
This avoids a copy of the data.
- do not do useless byteswap on query id. Store reply flags in uint16
for easier access (and no repeated byteswapping).
- reviewed code.
- configure detects and config.h includes sys/uio.h for writev decl.
28 March 2007: Wouter
- new config option: num-queries-per-thread.
- added tpkg test for answering three queries at the same time
using one thread (from the query service list).
27 March 2007: Wouter
- added test for cache and not cached answers, in testbound replays.
- testbound can give config file and commandline options from the
replay file to unbound.
- created test that checks if items drop out of the cache.
- added word 'partitioned hash table' to documentation on slab hash.
A slab hash is a partitioned hash table.
- worker can handle multiple queries at a time.
26 March 2007: Wouter
- config settings for slab hash message cache.
- test for cached answer.
- Fixup deleting fake answer from testbound list.
23 March 2007: Wouter
- review of yesterday's commits.
- covered up memory leak of the entry locks.
- answers from the cache correctly. Copies flags correctly.
- sanity check for incoming query replies.
- slabbed hash table. Much nicer contention, need dual cpu to see.
22 March 2007: Wouter
- AIX configure check.
- lock-verify can handle references to locks that are created
in files it has not yet read in.
- threaded hash table test.
- unit test runs lock-verify afterwards and checks result.
- need writelock to update data on hash_insert.
- message cache code, msgreply code.
21 March 2007: Wouter
- unit test of hash table, fixup locking problem in table_grow().
- fixup accounting of sizes for removing items from hashtable.
- unit test for hash table, single threaded test of integrity.
- lock-verify reports errors nicely. More quiet in operation.
16 March 2007: Wouter
- lock-verifier, checks consistent order of locking.
14 March 2007: Wouter
- hash table insert (and subroutines) and lookup implemented.
- hash table remove.
- unit tests for hash internal bin, lru functions.
13 March 2007: Wouter
- lock_unprotect in checklocks.
- util/storage/lruhash.h for LRU hash table structure.
12 March 2007: Wouter
- configure.ac moved to 0.2.
- query_info and replymsg util/data structure.
9 March 2007: Wouter
- added rwlock writelock checking.
So it will keep track of the writelock, and readlocks are enforced
to not change protected memory areas.
- log_hex function to dump hex strings to the logfile.
- checklocks zeroes its destroyed lock after checking memory areas.
- unit test for alloc.
- identifier for union in checklocks to please older compilers.
- created 0.1 tag.
8 March 2007: Wouter
- Reviewed checklock code.
7 March 2007: Wouter
- created a wrapper around thread calls that performs some basic
checking for data race and deadlock, and basic performance
contention measurement.
6 March 2007: Wouter
- Testbed works with threading (different machines, different options).
- alloc work, does the special type.
2 March 2007: Wouter
- do not compile fork funcs unless needed. Otherwise will give
type errors as their typedefs have not been enabled.
- log shows thread numbers much more nicely (and portably).
- even on systems with nonthreadsafe libevent signal handling,
unbound will exit if given a signal.
Reloads will not work, and exit is not graceful.
- start of alloc framework layout.
1 March 2007: Wouter
- Signals, libevent and threads work well, with libevent patch and
changes to code (close after event_del).
- set ipc pipes nonblocking.
27 February 2007: Wouter
- ub_thread_join portable definition.
- forking is used if no threading is available.
Tested, it works, since pipes work across processes as well.
Thread_join is replaced with waitpid.
- During reloads the daemon will temporarily handle signals,
so that they do not result in problems.
- Also randomize the outgoing port range for tests.
- If query list is full, will stop selecting listening ports for read.
This makes all threads service incoming requests, instead of one.
No memory is leaking during reloads, service of queries, etc.
- test that uses ldns-testns -f to test threading. Have to answer
three queries at the same time.
- with verbose=0 operates quietly.
26 February 2007: Wouter
- ub_random code used to select ID and port.
- log code prints thread id.
- unbound can thread itself, with reload(HUP) and quit working
correctly.
- don't open pipes for #0, doesn't need it.
- listens to SIGTERM, SIGQUIT, SIGINT (all quit) and SIGHUP (reload).
23 February 2007: Wouter
- Can do reloads on sigHUP. Everything is stopped, and freed,
except the listening ports. Then the config file is reread.
And everything is started again (and listening ports if needed).
- Ports for queries are shared.
- config file added interface:, chroot: and username:.
- config file: directory, logfile, pidfile. And they work too.
- will daemonize by default now. Use -d to stay in the foreground.
- got BSD random[256 state] code, made it threadsafe. util/random.
22 February 2007: Wouter
- Have a config file. Removed commandline options, moved to config.
- tests use config file.
21 February 2007: Wouter
- put -c option in man page.
- minievent fd array capped by FD_SETSIZE.
20 February 2007: Wouter
- Added locks code and pthread spinlock detection.
- can use no locks, or solaris native thread library.
- added yacc and lex configure, and config file parsing code.
also makedist.sh, and manpage.
- put include errno.h in config.h
19 February 2007: Wouter
- Created 0.0 svn tag.
- added acx_pthread.m4 autoconf check for pthreads from
the autoconf archive. It is GPL-with-autoconf-exception Licensed.
You can specify --with-pthreads, or --without-pthreads to configure.
16 February 2007: Wouter
- Updated testbed script, works better by using make on remote end.
- removed check decls, we can compile without them.
- makefile supports LIBOBJ replacements.
- docs checks ignore compat code.
- added util/mini-event.c and .h, a select based alternative used with
./configure --with-libevent=no
It is limited to 1024 file descriptors, and has less features.
- will not create ip6 sockets if ip6 not on the machine.
15 February 2007: Wouter
- port to FreeBSD 4.11 Dec Alpha. Also works on Solaris 10 sparc64,
Solaris 9, FreeBSD 6, Linux i386 and OSX powerpc.
- malloc rndstate, so that it is aligned for access.
- fixed rbtree cleanup with postorder traverse.
- fixed pending messages are deleted when handled.
- You can control verbosity; default is not verbose, every -v
adds more verbosity.
14 February 2007: Wouter
- Included configure.ac changes from ldns.
- detect (some) headers before the standards check.
- do not use isblank to test c99, since its not available on solaris9.
- review of testcode.
* entries in a RANGE are no longer reversed.
* print name of file with replay entry parse errors.
- port to OSX: cast to int for some prints of sizet.
- Makefile copies ldnstestpkts.c before doing dependencies on it.
13 February 2007: Wouter
- work on fake events, first fwd replay works.
- events can do timeouts and errors on queries to servers.
- test package that runs replay scenarios.
12 February 2007: Wouter
- work on fake events.
9 February 2007: Wouter
- replay file reading.
- fake event setup, it creates fake structures, and teardowns,
added signal callbacks to reply to be able to fake those,
and main structure of event replay routines.
8 February 2007: Wouter
- added tcp test.
- replay storage.
- testcode/fake_event work.
7 February 2007: Wouter
- return answer with the same ID as query was sent with.
- created udp forwarder test. I've done some effort to make it perform
quickly. After servers are created, no big sleep statements but
it checks the logfiles to see if servers have come up. Takes 0.14s.
- set addrlen value when calling recvfrom.
- comparison of addrs more portable.
- LIBEVENT option for testbed to set libevent directory.
- work on tcp input.
6 February 2007: Wouter
- reviewed code and improved in places.
5 February 2007: Wouter
- Picked up stdc99 and other define tests from ldns. Improved
POSIX define test to include getaddrinfo.
- defined constants for netevent callback error code.
- unit test for strisip6.
2 February 2007: Wouter
- Created udp4 and udp6 port arrays to provide service for both
address families.
- uses IPV6_USE_MIN_MTU for udp6 ,IPV6_V6ONLY to make ip6 sockets.
- listens on both ip4 and ip6 ports to provide correct return address.
- worker fwder address filled correctly.
- fixup timer code.
- forwards udp queries and sends answer.
1 February 2007: Wouter
- outside network more UDP work.
- moved * closer to type.
- comm_timer object and events.
31 January 2007: Wouter
- Added makedist.sh script to make release tarball.
- Removed listen callback layer, did not add anything.
- Added UDP recv to netevent, worker callback for udp.
- netevent communication reply storage structure.
- minimal query header sanity checking for worker.
- copied over rbtree implementation from NSD (BSD licensed too).
- outgoing network query service work.
30 January 2007: Wouter
- links in example/ldns-testpkts.c and .h for premade packet support.
- added callback argument to listen_dnsport and daemon/worker.
29 January 2007: Wouter
- unbound.8 a short manpage.
26 January 2007: Wouter
- fixed memleak.
- make lint works on BSD and Linux (openssl defines).
- make tags works.
- testbound program start.
25 January 2007: Wouter
- fixed lint so it may work on BSD.
- put license into header of every file.
- created verbosity flag.
- fixed libevent configure flag.
- detects event_base_free() in new libevent 1.2 version.
- getopt in daemon. fatal_exit() and verbose() logging funcs.
- created log_assert, that throws assertions to the logfile.
- listen_dnsport service. Binds ports.
24 January 2007: Wouter
- cleaned up configure.ac.
23 January 2007: Wouter
- added libevent to configure to link with.
- util/netevent setup work.
- configure searches for libevent.
- search for libs at end of configure (when other headers and types
have been found).
- doxygen works with ATTR_UNUSED().
- util/netevent implementation.
22 January 2007: Wouter
- Designed header file for network communication.
16 January 2007: Wouter
- added readme.svn and readme.tests.
4 January 2007: Wouter
- Testbed script (run on multiple platforms the test set).
Works on Sunos9, Sunos10, FreeBSD 6.1, Fedora core 5.
- added unit test tpkg.
3 January 2007: Wouter
- committed first set of files into subversion repository.
svn co svn+ssh://unbound.net/svn/unbound
You need a ssh login. There is no https access yet.
- Added LICENSE, the BSD license.
- Added doc/README with compile help.
- main program stub and quiet makefile.
- minimal logging service (to stderr).
- added postcommit hook that serves emails.
- added first test 00-lint. postcommit also checks if build succeeds.
- 01-doc: doxygen doc target added for html docs. And stringent test
on documented files, functions and parameters.
15 December 2006: Wouter
- Created Makefile.in and configure.ac.
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
a44677c0a8b7b2638e5c6662034592e4
>
files
>
13
