| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-01-20 | We can not share a cache between validating and resolving strategies. | Florian Obser | |
| The resolving only strategies mess up the negative cache by claiming DNSSEC related records do not exist which confuses the validating strategies. Found the hard way by kn@ and analysed by otto@ OK kn@ | |||
| 2019-12-23 | Ralph Dolmans from nlnetlabs points out that libunbound uses | Florian Obser | |
| ub_event_pluggable.c instead of ub_event.c. ( https://github.com/NLnetLabs/unbound/issues/99 ) We have been the odd one out, so switch to ub_event_pluggable, too. | |||
| 2019-12-20 | Try to bind to port 53 before opening the control socket. | Florian Obser | |
| The bind might fail if another daemon is running while the control socket opening will succeed. Then we end up with an overwritten control socket, unwind exiting and no control socket to the already running unwind. Found the hard way by deraadt OK deraadt, mestre, kn, pamela | |||
| 2019-12-18 | Workaround unbound github issue #99. | Florian Obser | |
| https://github.com/NLnetLabs/unbound/issues/99 ub_ctx_delete would free the passed in event_base leading to use-after-free since libunbound never allocated the memory and unwind expects to continue using the event_base. | |||
| 2019-12-18 | Update to libunbound 1.9.6 | Florian Obser | |
| Heavy lifting by sthen with updating in-tree unbound(8). | |||
| 2019-12-18 | Implement unwindctl status memory to show chache memory usage. | Florian Obser | |
| testing by otto & pamela as part of a larger diff | |||
| 2019-12-18 | Rework unified cache handling to be able to unify key and neg caches. | Florian Obser | |
| testing by otto & pamela as part of a larger diff | |||
| 2019-12-18 | Use neg and key cache from the passed in environment if initialized so that | Florian Obser | |
| unwind can share caches between strategies. testing by otto & pamela as part of a larger diff | |||
| 2019-12-15 | Make this fit in 80 cols. | Florian Obser | |
| 2019-12-15 | Allow more outgoing ports, the default 16 is pretty tight for the | Otto Moerbeek | |
| recursor. Also change strategy to not fetch addresses of nameservers pro-actively, it does not help a lot in typical unwind setups and consumes resources we would like to spend on actual resolving user queries. ok florian@ | |||
| 2019-12-14 | Be less aggressive pre-allocating memory; ok florian@ | Otto Moerbeek | |
| 2019-12-14 | Simplify resolve_done. | Florian Obser | |
| - check if this is an answer to a still running query up front, if not there is nothing more to do - get rid of the retry case, we can now just inline it - reduce indent by always calculating elapsed time for DOUBT_NXDOMAIN_SEC Triggered by, input and OK otto | |||
| 2019-12-14 | No use to create resolvers we know are going to be dead; ok florian@ | Otto Moerbeek | |
| 2019-12-13 | Don't try dead resolvers; ok florian@ | Otto Moerbeek | |
| 2019-12-13 | print type as type and not as rcode | Otto Moerbeek | |
| 2019-12-13 | Revert two files committed by accident | Otto Moerbeek | |
| 2019-12-13 | Avoid leaks by using the _buf versions of sldns_wire2str_* functions. | Otto Moerbeek | |
| Also add some consistentcy checking to detect logic errors. ok @florian | |||
| 2019-12-12 | Only create (and check) resolvers listed in preferences. | Florian Obser | |
| Unfortunately this required a fair amount of deck chair shuffling. Input & OK otto | |||
| 2019-12-11 | Plug leaks related to running queue maintenance. ok florian@ | Otto Moerbeek | |
| 2019-12-10 | Plug two mem leaks in udp_receive() and zap unneeded allocations; | Otto Moerbeek | |
| ok florian@ | |||
| 2019-12-10 | Similar to doubting NXDOMAIN when we just switched networks we also | Florian Obser | |
| need to doubt validation errors as we might find ourselves behind a captive portal. The hotspot at schiphol airport uses login.hotspotschiphol.nl: - it is NXDOMAIN on the public internet - hotspotschiphol.nl is signed and attests that login does not exist. - resolves to 1.1.1.5(!) when asking the dhcp nameservers - the dhcp nameservers pass DNSSEC records so validation works This resulted in unwind doing validation and answering SERVFAIL since the answer is bogus. Input & OK otto | |||
| 2019-12-08 | Limit advertised UDP payload size to 1232 bytes to prevent PMTU / | Florian Obser | |
| fragmentation issues. OK otto | |||
| 2019-12-08 | More compact two column format for first section of status display; use | Otto Moerbeek | |
| * to mark opportunistic DoT forwarders; ok florian | |||
| 2019-12-08 | Turn opportunistic DoT into their own strategies. | Florian Obser | |
| This is beneficial since we prefer strategies according to their performance. Previously name servers were upgraded to opportunistic DoT if it was available even if the round trip times went through the roof and there was no way to got back to plain udp/53 DNS. To make up a bit of space in the unwindctl status output, name servers learned via DHCP or SLAAC are printed in a new subcommand. The status output will be further improved shortly. Input & OK otto | |||
| 2019-12-06 | Log why an answer is bogus. | Florian Obser | |
| OK otto | |||
| 2019-12-06 | Use the middle of the histogram bar in the median computations | Otto Moerbeek | |
| instead of the right-hand side; ok florian@ | |||
| 2019-12-06 | Stop fiddling with openlog / closelog in libunbound. unwind handles | Florian Obser | |
| this. We need to find a way to properly upstream this. OK otto | |||
| 2019-12-05 | be less verbose in debug logging; ok florian@ | Otto Moerbeek | |
| 2019-12-05 | Tell a little bit how "preference" works these days; ok florian@ | Otto Moerbeek | |
| 2019-12-04 | When we detect that a resolver strategy is not validating because the | Florian Obser | |
| time is wrong enable a timer to check it again later. ntpd might have corrected the time. input & OK otto | |||
| 2019-12-04 | Use NI_MAXHOST like everywhere else instead of a wrong number. | Florian Obser | |
| 2019-12-04 | If we see a validated result, we can (must!) assume the resolver is | Otto Moerbeek | |
| validating; ok florian@ | |||
| 2019-12-03 | Cleanup query logging. | Florian Obser | |
| Debug log level 1 gives us basic query progress, level 2 writes out packages. looks good to otto | |||
| 2019-12-03 | Cleanup check_resolver_done() debug logging. | Florian Obser | |
| Log answer packet only at debug level 2. looks good to otto | |||
| 2019-12-03 | Add one more debug level and enable very detailed libunbound logging | Florian Obser | |
| with this. Currently only available as a command line flag (-vvv). With this we now have two debug levels available in unwind proper, to be used shortly. looks good to otto | |||
| 2019-12-03 | No need to store "why_bogus" with the resolver, we are no longer | Florian Obser | |
| showing it in unwindctl. But log it with level warn for check_resolver so that one can find out what's wrong with a resolver strategy. looks good to otto | |||
| 2019-12-03 | Remove useless log_debug() calls. | Florian Obser | |
| Looks good to otto | |||
| 2019-12-03 | No more status subcommands; ok florian@ | Otto Moerbeek | |
| 2019-12-02 | Save the computed median to avoid having it to compute it all the time; | Otto Moerbeek | |
| ok florian@ | |||
| 2019-12-02 | Use a unified cache in all libunbound based resolvers. | Florian Obser | |
| OK otto | |||
| 2019-12-02 | increment refcount before doing the call to resolve(); ok florian@ | Otto Moerbeek | |
| 2019-12-02 | Add an "all" mode for status and a much more compact and readable histogram | Otto Moerbeek | |
| display; remove the why bogus status message; ok florian@ | |||
| 2019-12-01 | Add missing space between "accept" and "bogus" | kn | |
| 2019-12-01 | Allow forcing specific domains to be resolved by specific resolvers; | Otto Moerbeek | |
| Handles typical split-horzizon setups. ok florian@ | |||
| 2019-11-30 | make sure we only pass normalized timevals for the next resolver interval; | Otto Moerbeek | |
| ok florian@ | |||
| 2019-11-30 | Not being able to create a resolver is not a fatal condition in unwind, | Florian Obser | |
| there might be others still working. Make sure check_resolver() handles this correctly. | |||
| 2019-11-29 | Don't hand-roll TAILQ_CONCAT in a slow way. | Florian Obser | |
| Pointed out by & OK otto | |||
| 2019-11-29 | While we learn how the "decaying" histogram works it's helpful to show | Florian Obser | |
| it in unwindctl status output next to the all time histogram. | |||
| 2019-11-28 | The happy eyeballs code computes a median to assess how well a | Otto Moerbeek | |
| resolver is doing. But circumstances can change, so decay the histogram data over time to slowly forget about that past. Uses fixed point arithmetic to avoid floating point. ok florian@ | |||
| 2019-11-28 | No more example file; ok florian@ | Otto Moerbeek | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |