| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-04-01 | if inet6 is not available, warn, but carry on | Ted Unangst | |
| 2018-12-27 | fifo isn't really the right data structure for varying expirations. | Ted Unangst | |
| convert to a simple rbtree ordered by expiration time. ok anton | |||
| 2018-12-20 | zap whitespace | anton | |
| 2018-12-18 | Rework previous: use getopt(3) to parse options passed to the worker process. | anton | |
| ok tedu@ | |||
| 2018-12-18 | Rework how socket fds are passed around internally. This will allow | Ted Unangst | |
| more flexibility in listening sockets (and fixes a bug related to inet6). Everything is in arrays now instead of discrete variables. ok anton | |||
| 2018-12-06 | log more info about errors | Ted Unangst | |
| 2018-12-06 | add very experimental support for dns over https. (RFC 8484) | Ted Unangst | |
| performance may be less than great. ok anton | |||
| 2018-11-20 | move a magic constant into a magic define | Ted Unangst | |
| 2018-10-26 | Unveil should work because this only opens the configuration file, | Theo de Raadt | |
| and re-exec's itself. That locks the pledge 'exec' nicely. | |||
| 2018-09-10 | logmsg(LOG_ERR) -> logerr(); ok tedu@ | anton | |
| 2018-09-08 | Check for malloc() failures. | anton | |
| Initial diff from Clemens Goessnitzer on tech@ Feedback and ok tb@ | |||
| 2018-05-08 | some barebones documentation for the record option. | Ted Unangst | |
| if somebody adds AAAA support, we can explaina a little more. :) | |||
| 2018-05-01 | Remove extraneous new line from error message. | anton | |
| 2018-05-01 | The length field of a DNS packet must be network byte order encoded; ok tedu@ | anton | |
| 2018-04-30 | allow limited setting of permanent A records. like unbound local-data. | Ted Unangst | |
| some code and help from anton | |||
| 2018-02-11 | sysctl.h is no longer needed | Theo Buehler | |
| ok tedu | |||
| 2018-02-10 | Pledge monitoring process; ok tedu@ | anton | |
| 2018-02-07 | Markup SIGHUP. | anton | |
| 2018-02-07 | clarify a bit about config | Ted Unangst | |
| 2018-02-07 | remove the magic dns port hijacking feature. it's complicated and | Ted Unangst | |
| brittle, and never quite made the next step to being useful. | |||
| 2018-02-06 | when we get SIGHUP, close conffd so it's reopened (and rewound). | Ted Unangst | |
| problem and early fix by anton | |||
| 2018-01-12 | Adjust references for sysctl(3) to sysctl(2) | Theo de Raadt | |
| 2017-08-22 | Use waitpid()/EINTR idiom for the specific pid, rather than generic wait(), | Theo de Raadt | |
| in case the parent process was started with a dangling child. This style ensures any potential parent:child interlock isn't disrupted due to the "wrong" child being waited on first. Then the other other childs can safely zombie. ok millert jca brynet | |||
| 2017-08-12 | stop pretending that qnames are always strings. treat everything as a | Ted Unangst | |
| dname always. | |||
| 2017-07-20 | - listening on localhost is now adjustable; ok tedu | Jason McIntyre | |
| - document SIGUSR1, as noted by tedu | |||
| 2017-07-19 | there's no nul byte after a name that ends in a crazy compression pointer. | Ted Unangst | |
| 2017-07-13 | add an option to listen to an address other than localhost, | Ted Unangst | |
| upgrading to a mini recursive resolver for small networks. | |||
| 2017-07-04 | properly adjust the ttl of replies instead of freezing them in time | Ted Unangst | |
| 2017-07-03 | don't bother caching invalid or very short lived responses | Ted Unangst | |
| 2017-07-03 | check that a cachehit hasn't expired before using it. | Ted Unangst | |
| 2017-05-31 | use strerror; from Edgar Pettijohn | Theo de Raadt | |
| 2017-04-27 | clang warns about some of the strlcpy arguments here, which aren't the | Ted Unangst | |
| typical idiom because there's invisible size dependencies. rewrite some of it to use memcpy, which makes clear the lengths are the same. | |||
| 2017-04-13 | moving some code into a switch meant that break no longer stopped the loop. | Ted Unangst | |
| try harder with a goto. diagnosis and original fix by tb. | |||
| 2017-04-06 | replace some long if/else chains with a switch | Ted Unangst | |
| 2016-10-23 | unbreak by fixing obvious pastos | Christian Weisgerber | |
| 2016-10-23 | listen on inet6 sockets as well. we need this because stolen inet6 sockets | Ted Unangst | |
| can't be redirected to inet4 listeners. | |||
| 2016-10-16 | switch to a re-exec model instead of plain forking to reduce sharing. | Ted Unangst | |
| this shuffles about some of the initialization code and consolidates all the worker initialization in one place. the parent process runs the monitor loop and execs workers via -W, which then drop immediately into the worker loop. file descriptors currently inherited across exec, which probably exceeds safe magic levels, but fits the existing model without too many changes. | |||
| 2016-10-15 | refactor the worker and monitor loops a little to make room for re-exec | Ted Unangst | |
| 2016-10-15 | be more cautious about inspecting packets. use integer offsets instead of | Ted Unangst | |
| advancing pointers which may go past the end. | |||
| 2016-10-15 | implement random casing for query names, also known as 0x20 hardening. | Ted Unangst | |
| this *should* work everywhere, and i consider minimum necessary protection for a program like rebound. in the event it doesn't work, rebound can be bypassed by disabling the port stealing sysctl. | |||
| 2016-10-08 | a little more precision about reloading config. only reopen if it changed | Ted Unangst | |
| 2016-10-08 | too many blank lines | Ted Unangst | |
| 2016-10-07 | kern.dnsjacking -> kern.dnsjackport; | Jason McIntyre | |
| 2016-10-07 | the parent mostly never crashes, but the child might. or the config file | Ted Unangst | |
| disappears. in such cases, the parent will exit. make sure to always reset the jackport, not just when receiving sigterm. (doesn't protect against parent crashing, but that shouldn't happen.) | |||
| 2016-10-07 | several big changes, tied together. | Ted Unangst | |
| switch to reading resolv.conf to find upstream name servers. moitor this file and automatically restart if it changes. use the dnsjackport sysctl to steal DNS connections from libc. listen on port 54 to avoid collisions with other DNS servers. | |||
| 2016-09-01 | naming a union 'sockthing' was a bit silly. sockun will do for now. | Ted Unangst | |
| 2016-09-01 | print regular messages to stdout, not err | Ted Unangst | |
| 2016-09-01 | scan responses for minimum ttl, and cache for min(ttl, 300) instead of | Ted Unangst | |
| a fixed amount | |||
| 2016-08-21 | introduce a union of sockaddr types and eliminate a lot of casts. | Ted Unangst | |
| 2016-08-06 | reset timeout to null when relooping | Ted Unangst | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |