| Age | Commit message (Collapse) | Author |
|---|
|
Do not abuse "dhcp" to say "DHCP and SLAAC".
unwind.conf(5) does so but unwindctl(8) does not; in fact, the latter
already has `status autoconf' to
Show nameservers learned from dhclient(8), dhcpleased(8) or slaacd(8).
Adjust unwind's config manual and internal code accordingly; still accept
the old keyword but do not document it.
hostname.if(5) already advises for `inet[6] autoconf' instead of `dhcp' and
other related daemons don't abuse the word "dhcp" like unwind does.
Feedback sthen
OK florian
|
|
the configuration struct. This is also an implicit list of enabled
resolver strategies. We have also stored an explict lookup array of
enabled strategies outside of the configuration to be able to quickly
answer "is this strategy enabled" without traversing the preferences
list.
Move this table into the configuration so that we don't need to
"repair" it on config reload.
This fixes a bug where on startup the preferences list and enabled
lookup table were not in sync. It didn't matter in practice since we
do a config reload and then pass in DNSSEC trustanchors on startup.
Both actions combined repaired things.
OK benno
|
|
Pointed out by deraadt
|
|
to configure libunbound accordingly. This way it no longer tries to
talk to IPv6 nameservers when only IPv4 is available and vice versa.
input deraadt
OK kn
|
|
When unwind(8) learns new autoconf resolvers (from dhcp or router
advertisements) it checks if a DNS64 is present in this network
location and tries to recover the IPv6 prefix used according to
RFC7050.
The learned autoconf resolvers are then prevented from upgrading to
the validating state since DNS64 breaks DNSSEC.
unwind(8) can now perform its own synthesis. If a query for a AAAA
record results in no answer we re-send the query for A and if that
leads to an answer we synthesize an AAAA answer using the learned
prefixes.
Testing & OK kn
|
|
Problem reported by mortimer
|
|
Since we are only serving localhost we could get away with doing
serving over UDP only because we have a huge MTU on lo0, it's still
not correct behavior.
This also enables sending truncated answers with TC set if the answer
does not fit into the edns announced udp size.
Testing at least by matthieu, jca, otto, phessler
OK phessler
|
|
has the downside to always copy the maximum IMSG size (about 16k)
between the resolver and frontend process for DNS answers because
we had to keep it as simple as possible.
We can now rearange things in -current to be less wasteful. This copies
only the usually small DNS answer.
In the unusual case that a DNS answer is larger than the maximum IMSG size
fragment the message and send multiple IMSGs.
|
|
16k) by splitting them up.
Previously unwind would send meta-data about the finished query from
the resolver process to the frontend process and then silently fail to
send the actual answer because it was too big for imsg.
When receiving the meta-data for the next query the frontend process
would then exit via fatal() because it was still expecting an answer.
This likely fixes rare crashes observed by Leo Unglaub.
Note that even with DNSSEC signatures, answers this big are very rare.
OK tb, benno
|
|
testing by otto & pamela as part of a larger diff
|
|
* to mark opportunistic DoT forwarders; ok florian
|
|
This is beneficial since we prefer strategies according to their
performance.
Previously name servers were upgraded to opportunistic DoT if it was
available even if the round trip times went through the roof and there
was no way to got back to plain udp/53 DNS.
To make up a bit of space in the unwindctl status output, name servers
learned via DHCP or SLAAC are printed in a new subcommand.
The status output will be further improved shortly.
Input & OK otto
|
|
|
|
with this. Currently only available as a command line flag (-vvv).
With this we now have two debug levels available in unwind proper, to
be used shortly.
looks good to otto
|
|
display; remove the why bogus status message; ok florian@
|
|
Handles typical split-horzizon setups. ok florian@
|
|
it in unwindctl status output next to the all time histogram.
|
|
IP address, port and authentication name.
This makes print_config less awkward and fixes a bug were an
alternative port number was not printed.
|
|
reuse in the future.
OK otto
|
|
OK otto
|
|
Avoid an extra parameter and set NULL initialised conffile conditionally.
From Matthew Martin <phy1729 at gmail dot com>, thanks!
|
|
Default /etc/unwind.conf is optional and may be missing, but explicitly
specified files should exist.
OK florian
|
|
The frontend doesn't know.
|
|
daemon and interface. An empty list is automatically a withdrawl.
prodding deraadt@
|
|
prodding deraadt@
|
|
Someone please make this pretty.
Tested by deraadt as part of a larger diff.
|
|
slaacd should be changed as well.
Tested by deraadt as part of a larger diff.
|
|
Tested by deraadt as part of a larger diff.
|
|
captive portal host internaly via the resolver process.
deraadt and me observed weird captive portal checking hangs inside of
unwind if only 127.0.0.1 was listed as a nameserver in resolv.conf
with the old code.
|
|
pass through resolve() and either asr_resolve_done() or
ub_resolve_done().
With that we can pull resolver_ref() and resolver_unref() into those
functions to make the reference counting easier.
Only check_resolver is special since it needs to refcount the to be
checked resolver. But the resolver doing the actual work is
automatically refcounted by resolve() and *_resolve_done().
One last piece of the puzzle is to track the uw_resolver object in
cb_data so that the *_resolve_done() functions have access to it.
This also allowes us to remove the ad-hoc passing of the resolver in
query_imsg. Since the callback functions all need access to the
resolver that did the work we pass it in as first argument.
OK otto
|
|
We are not using that feature so stop tracking the value.
|
|
autoconfiguration daemons. Currently only slaacd is switched over so
we need to keep the lease file parsing.
|
|
future work to be able to easily delete elements while iterating.
OK kn
|
|
start unwind earlier, before /var is mounted.
discussed with deraadt
|
|
More people know what a "stub" resolver is then asr.
Pointed out by & discussed with deraadt
Input & OK otto
|
|
|
|
unwind should now be able to work in networks with crappy middle boxes.
We also need to switch to the ASR resolver, not DHCP when we are behind
a captive portal. Some captive portals let through DNS queries with edns0
options but the "click here to accept the terms of service page" is not
resolvable with edns0.
|
|
libc asynchronous resolver directly with DHCP provided nameservers.
This is a last-ditch effort when we find ourself behind a completely
broken middle-box.
Input & OK otto
OK benno
|
|
OK benno
|
|
OK pamela
|
|
|
|
in the block list it answers with rcode REFUSED.
|
|
Unfortunately the nameserver types enums needed to be renamed
to not collide with yacc tokens.
|
|
While we are behind a captive portal we have to ask the dhcp provided
resolvers. However it is possible that those resolvers do not like
to talk to unwind because of EDNS0.
Unwind handles this case by closing its listening socket and hands
over to asr. Except for the resolving of the captive portal host which
it still tries to resolve via libunbound.
Turns out there is no need for this we can just use getaddrinfo_async
from asr which then either hits unwind which does the right thing or
unwind closed its listening socket and asr moves on to talk directly
to the dhcp resolvers.
|
|
pointless.
Trigger a check
- on startup
- when forwarders change on config reload
- when dhcp provided forwarders change
- on network interface state change
When a check finishes and the checked resolver cannot resolve anything
configure a timer to run another check in the future using an
exponential backoff for the timeout.
|
|
imsg.hdr.len and shorten code.
Input & OK pamela
|
|
changed we need to fix the TTL to the value we would get from the root
for the ksk DNSKEY (currently 2 days). Otherwise we would interpret a
lowerd TTL from a cache as changed trust anchor.
Use the same define everywhere.
(Considering the glacial speed with which the root ksk rotates this should
be fine for the forseable future.)
|
|
|
|
Open trust anchor file for reading and writing on startup and pass it
to the frontend process. The frontend process seeks and truncates the
file apropriately when writing out new trust anchors learned via DNS
but never closes the file. On error the file is truncated to zero
length.
This is in turn handled on startup by switching to the built in trust
anchor when no trustanchor can be read from disk.
This side steps the need for an unveil'ed directory with "c" permission
and also removes the wpath and cpath pledges from the parent process.
deraadt@ pointed out that my previous design didn't make sense and I
had confused myself along the way. (It did work, but was too
complicated for no good reason).
While here validate that we actually read a trust anchor from disk by
trying to parse it and checking that it is a DNSKEY. Unfortunately
ub_ctx_add_ta() accepts just any string as a trust anchor without any
validation.
|
|
Do not use the libunbound's auto trust anchor file feature since it
then the resolver process needs rpath, wpath, and cpath pledges and
permission on the trust anchor file.
Instead configure the trust anchor as resource record strings. The
parent process opens the file, passes a filedescriptor to the frontend
process to parse the file and then passes trust anchors to the
resolver process to (re-) configure the resolver contexts.
The resolver process periodically probes for new trust anchors (DNSKEY
records of the root zone) and passes those to the frontend process.
This in turn requests a file descripter for writing from the parent
process. Once the trust anchors have been written the parent process
renames the tmp file to the final location.
Also provide a built in trust anchor for boot strapping purposes if no
file is found on disk. That way we can get rid of unbound-anchor in
unwind's rc.d script.
|
