Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 17 Aug 2021 09:34:04 GMT
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 5469a9953005 - main - unbound: Vendor import 1.13.2
Message-ID:  <202108170934.17H9Y4uU037007@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=5469a9953005a9a4d4aad7be88545d441622e9a0

commit 5469a9953005a9a4d4aad7be88545d441622e9a0
Merge: 35cf9fecbd80 625f1c1312fb
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-08-17 09:32:56 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-08-17 09:32:56 +0000

    unbound: Vendor import 1.13.2
    
    Merge commit '625f1c1312fb7defbd148c8ba121a0cf058707ef'
    
    MFC after:      1 month

 .../unbound/.github/ISSUE_TEMPLATE/bug_report.md   |   41 +
 .../.github/ISSUE_TEMPLATE/feature_request.md      |   31 +
 .../unbound/.github/workflows/analysis_ports.yml   |  346 +++++
 contrib/unbound/.github/workflows/ci.yml           |   21 +
 contrib/unbound/.travis.yml                        |  124 +-
 contrib/unbound/Makefile.in                        |  509 ++++---
 contrib/unbound/README.md                          |    1 +
 contrib/unbound/acx_nlnetlabs.m4                   |   23 +-
 contrib/unbound/cachedb/cachedb.c                  |    8 +-
 contrib/unbound/compat/ctime_r.c                   |    2 +-
 contrib/unbound/config.guess                       | 1222 +++++++++--------
 contrib/unbound/config.h.in                        |   26 +
 contrib/unbound/config.sub                         |   59 +-
 contrib/unbound/configure                          |  134 +-
 contrib/unbound/configure.ac                       |   72 +-
 contrib/unbound/contrib/ios/install_tools.sh       |    8 +-
 contrib/unbound/contrib/unbound.service.in         |    4 +
 contrib/unbound/contrib/unbound.spec               |   20 +-
 contrib/unbound/contrib/unbound_munin_             |   71 +-
 contrib/unbound/daemon/daemon.c                    |   13 +-
 contrib/unbound/daemon/remote.c                    |  111 +-
 contrib/unbound/daemon/unbound.c                   |   29 +
 contrib/unbound/daemon/worker.c                    |   85 +-
 contrib/unbound/dnscrypt/dnscrypt.c                |    2 +
 contrib/unbound/dnstap/dnstap.c                    |  120 +-
 contrib/unbound/dnstap/dnstap.h                    |   12 +-
 contrib/unbound/dnstap/unbound-dnstap-socket.c     |   26 +-
 contrib/unbound/doc/Changelog                      |  374 ++++++
 contrib/unbound/doc/README                         |    2 +-
 contrib/unbound/doc/example.conf.in                |   30 +-
 contrib/unbound/doc/libunbound.3.in                |    4 +-
 contrib/unbound/doc/unbound-anchor.8.in            |    2 +-
 contrib/unbound/doc/unbound-checkconf.8.in         |    2 +-
 contrib/unbound/doc/unbound-control.8.in           |    7 +-
 contrib/unbound/doc/unbound-host.1.in              |    2 +-
 contrib/unbound/doc/unbound.8.in                   |    4 +-
 contrib/unbound/doc/unbound.conf.5.in              |  184 ++-
 contrib/unbound/doc/unbound.doxygen                |    2 +-
 contrib/unbound/edns-subnet/subnetmod.c            |   36 +-
 contrib/unbound/ipsecmod/ipsecmod.c                |   17 +
 contrib/unbound/iterator/iter_scrub.c              |   24 +-
 contrib/unbound/iterator/iter_utils.c              |   34 +-
 contrib/unbound/iterator/iter_utils.h              |   23 +-
 contrib/unbound/iterator/iterator.c                |   79 +-
 contrib/unbound/iterator/iterator.h                |    8 +-
 contrib/unbound/libunbound/context.c               |    4 +-
 contrib/unbound/libunbound/libworker.c             |   69 +-
 contrib/unbound/libunbound/worker.h                |    8 -
 contrib/unbound/respip/respip.c                    |    2 +-
 contrib/unbound/services/authzone.c                | 1405 +++++++++++++++++++-
 contrib/unbound/services/authzone.h                |   96 +-
 contrib/unbound/services/cache/dns.c               |    5 +-
 contrib/unbound/services/cache/dns.h               |    4 +-
 contrib/unbound/services/cache/infra.c             |    3 +
 contrib/unbound/services/listen_dnsport.c          |  263 +++-
 contrib/unbound/services/listen_dnsport.h          |   28 +-
 contrib/unbound/services/localzone.c               |   16 +-
 contrib/unbound/services/localzone.h               |    2 +-
 contrib/unbound/services/mesh.c                    |   17 +-
 contrib/unbound/services/modstack.c                |   65 +-
 contrib/unbound/services/outside_network.c         |  463 +++++--
 contrib/unbound/services/outside_network.h         |   45 +-
 contrib/unbound/services/rpz.c                     |   26 +-
 contrib/unbound/sldns/keyraw.c                     |  333 ++++-
 contrib/unbound/sldns/keyraw.h                     |   20 +
 contrib/unbound/sldns/parse.c                      |    3 +
 contrib/unbound/sldns/parse.h                      |    3 -
 contrib/unbound/sldns/parseutil.c                  |   15 +
 contrib/unbound/sldns/parseutil.h                  |    1 +
 contrib/unbound/sldns/rrdef.c                      |   15 +-
 contrib/unbound/sldns/rrdef.h                      |   10 +-
 contrib/unbound/sldns/sbuffer.h                    |    2 -
 contrib/unbound/sldns/str2wire.c                   |  683 +++++++++-
 contrib/unbound/sldns/str2wire.h                   |   31 +
 contrib/unbound/sldns/wire2str.c                   |  279 ++++
 contrib/unbound/sldns/wire2str.h                   |   12 +
 contrib/unbound/smallapp/unbound-checkconf.c       |    4 +-
 contrib/unbound/smallapp/unbound-control.c         |   37 +-
 contrib/unbound/smallapp/unbound-host.c            |    2 +-
 contrib/unbound/smallapp/worker_cb.c               |   18 +-
 contrib/unbound/testcode/readzone.c                |  158 +++
 contrib/unbound/testcode/unittcpreuse.c            |  236 ++++
 contrib/unbound/testcode/unitzonemd.c              |  537 ++++++++
 contrib/unbound/testdata/auth_zonemd_anchor.rpl    |  234 ++++
 .../unbound/testdata/auth_zonemd_anchor_fail.rpl   |  236 ++++
 contrib/unbound/testdata/auth_zonemd_chain.rpl     |  234 ++++
 .../unbound/testdata/auth_zonemd_chain_fail.rpl    |  236 ++++
 contrib/unbound/testdata/auth_zonemd_file.rpl      |  183 +++
 contrib/unbound/testdata/auth_zonemd_file_fail.rpl |  185 +++
 contrib/unbound/testdata/auth_zonemd_insecure.rpl  |  215 +++
 .../testdata/auth_zonemd_insecure_absent.rpl       |  217 +++
 .../auth_zonemd_insecure_absent_reject.rpl         |  218 +++
 .../unbound/testdata/auth_zonemd_insecure_fail.rpl |  218 +++
 contrib/unbound/testdata/auth_zonemd_nokey.rpl     |  212 +++
 .../testdata/auth_zonemd_permissive_mode.rpl       |  187 +++
 contrib/unbound/testdata/auth_zonemd_xfr.rpl       |  238 ++++
 .../unbound/testdata/auth_zonemd_xfr_anchor.rpl    |  285 ++++
 .../testdata/auth_zonemd_xfr_anchor_fail.rpl       |  266 ++++
 contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl |  310 +++++
 .../testdata/auth_zonemd_xfr_chain_fail.rpl        |  321 +++++
 contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl  |  241 ++++
 .../127.0.0.1/example.com.zone                     |    3 +
 .../http_user_agent.tdir/http_user_agent.conf      |   24 +
 .../http_user_agent.tdir/http_user_agent.dsc       |   16 +
 .../http_user_agent.tdir/http_user_agent.post      |   11 +
 .../http_user_agent.tdir/http_user_agent.pre       |   37 +
 .../http_user_agent.tdir/http_user_agent.test      |  103 ++
 .../testdata/http_user_agent.tdir/petal.key        |   21 +
 .../testdata/http_user_agent.tdir/petal.pem        |   14 +
 .../http_user_agent.tdir/unbound_control.key       |   39 +
 .../http_user_agent.tdir/unbound_control.pem       |   22 +
 .../http_user_agent.tdir/unbound_server.key        |   39 +
 .../http_user_agent.tdir/unbound_server.pem        |   22 +
 contrib/unbound/testdata/rpz_rootwc.rpl            |  162 +++
 .../testdata/svcb.tdir/crypto.cloudflare.com.zone  |    9 +
 contrib/unbound/testdata/svcb.tdir/svcb.dsc        |   16 +
 .../testdata/svcb.tdir/svcb.failure-cases-01       |    9 +
 .../testdata/svcb.tdir/svcb.failure-cases-02       |    8 +
 .../testdata/svcb.tdir/svcb.failure-cases-03       |    8 +
 .../testdata/svcb.tdir/svcb.failure-cases-04       |    8 +
 .../testdata/svcb.tdir/svcb.success-cases.zone     |   47 +
 .../testdata/svcb.tdir/svcb.success-cases.zone.cmp |   10 +
 contrib/unbound/testdata/svcb.tdir/svcb.test       |   97 ++
 .../testdata/svcb.tdir/svcb.test-vectors-pf.zone   |   92 ++
 .../testdata/svcb.tdir/svcb.test-vectors-wf.zone   |  232 ++++
 contrib/unbound/testdata/zonemd.example1.zone      |    4 +
 contrib/unbound/testdata/zonemd.example10.zone     |   35 +
 contrib/unbound/testdata/zonemd.example11.zone     |   33 +
 contrib/unbound/testdata/zonemd.example12.zone     |   35 +
 contrib/unbound/testdata/zonemd.example13.zone     |   33 +
 contrib/unbound/testdata/zonemd.example14.zone     |   35 +
 contrib/unbound/testdata/zonemd.example15.zone     |   35 +
 contrib/unbound/testdata/zonemd.example16.zone     |   11 +
 contrib/unbound/testdata/zonemd.example17.zone     |   11 +
 contrib/unbound/testdata/zonemd.example2.zone      |   15 +
 contrib/unbound/testdata/zonemd.example3.zone      |   34 +
 contrib/unbound/testdata/zonemd.example4.zone      |   36 +
 contrib/unbound/testdata/zonemd.example5.zone      |   34 +
 contrib/unbound/testdata/zonemd.example6.zone      |   36 +
 contrib/unbound/testdata/zonemd.example7.zone      |   31 +
 contrib/unbound/testdata/zonemd.example8.zone      |   34 +
 contrib/unbound/testdata/zonemd.example9.zone      |   35 +
 contrib/unbound/testdata/zonemd.example_a1.zone    |    6 +
 contrib/unbound/testdata/zonemd.example_a2.zone    |   25 +
 contrib/unbound/testdata/zonemd.example_a3.zone    |   30 +
 contrib/unbound/testdata/zonemd.example_a4.zone    |  127 ++
 contrib/unbound/testdata/zonemd.example_a5.zone    |   48 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.conf |   23 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.dsc  |   16 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.post |   14 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.pre  |   35 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.test |   74 ++
 .../zonemd_reload.tdir/zonemd_reload.testns        |   27 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.zone |    8 +
 contrib/unbound/util/config_file.c                 |   84 +-
 contrib/unbound/util/config_file.h                 |   39 +
 contrib/unbound/util/configlexer.lex               |    9 +
 contrib/unbound/util/configparser.y                |  138 +-
 contrib/unbound/util/data/dname.h                  |    4 +-
 contrib/unbound/util/data/msgreply.c               |   22 +-
 contrib/unbound/util/fptr_wlist.c                  |    5 +-
 contrib/unbound/util/iana_ports.inc                |    5 +-
 contrib/unbound/util/net_help.c                    |    3 +-
 contrib/unbound/util/net_help.h                    |    6 +-
 contrib/unbound/util/netevent.c                    |  126 +-
 contrib/unbound/util/netevent.h                    |   12 +-
 contrib/unbound/util/shm_side/shm_main.c           |    6 +
 contrib/unbound/util/storage/lookup3.c             |  102 +-
 contrib/unbound/util/ub_event_pluggable.c          |    3 +-
 contrib/unbound/validator/autotrust.c              |   31 +-
 contrib/unbound/validator/val_anchor.c             |    7 +-
 contrib/unbound/validator/val_nsec.c               |    1 +
 contrib/unbound/validator/val_secalgo.c            |  247 +++-
 contrib/unbound/validator/val_secalgo.h            |   43 +
 contrib/unbound/validator/val_sigcrypt.c           |   98 +-
 contrib/unbound/validator/val_sigcrypt.h           |   29 +
 contrib/unbound/validator/val_utils.c              |   39 +-
 contrib/unbound/validator/validator.c              |   18 +-
 contrib/unbound/validator/validator.h              |    6 +-
 179 files changed, 14359 insertions(+), 1803 deletions(-)

diff --cc contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md
index 000000000000,35d7ee94f9da..35d7ee94f9da
mode 000000,100644..100644
--- a/contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md
diff --cc contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md
index 000000000000,e9ca08b7ab65..e9ca08b7ab65
mode 000000,100644..100644
--- a/contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md
diff --cc contrib/unbound/.github/workflows/analysis_ports.yml
index 000000000000,fbbdd80185a9..fbbdd80185a9
mode 000000,100644..100644
--- a/contrib/unbound/.github/workflows/analysis_ports.yml
+++ b/contrib/unbound/.github/workflows/analysis_ports.yml
diff --cc contrib/unbound/.github/workflows/ci.yml
index 000000000000,73d68fbf35c9..73d68fbf35c9
mode 000000,100644..100644
--- a/contrib/unbound/.github/workflows/ci.yml
+++ b/contrib/unbound/.github/workflows/ci.yml
diff --cc contrib/unbound/README.md
index 3e11ce58ce0d,000000000000..c8877d1e9df5
mode 100644,000000..100644
--- a/contrib/unbound/README.md
+++ b/contrib/unbound/README.md
@@@ -1,38 -1,0 +1,39 @@@
 +# Unbound
 +
 +[![Travis Build Status](https://travis-ci.org/NLnetLabs/unbound.svg?branch=master)](https://travis-ci.org/NLnetLabs/unbound)
 +[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions)
 +[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound)
++[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest)
 +
 +Unbound is a validating, recursive, caching DNS resolver. It is designed to be
 +fast and lean and incorporates modern features based on open standards. If you
 +have any feedback, we would love to hear from you. Don’t hesitate to
 +[create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new)
 +or post a message on the [Unbound mailing list](https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users).
 +You can learn more about Unbound by reading our
 +[documentation](https://nlnetlabs.nl/documentation/unbound/).
 +
 +## Compiling
 +
 +Make sure you have the C toolchain, OpenSSL and its include files, and libexpat
 +installed. Unbound can be compiled and installed using:
 +
 +```
 +./configure && make && make install
 +```
 +
 +You can use libevent if you want. libevent is useful when using many (10000)
 +outgoing ports. By default max 256 ports are opened at the same time and the
 +builtin alternative is equally capable and a little faster.
 +
 +Use the `--with-libevent=dir` configure option to compile Unbound with libevent
 +support.
 +
 +## Unbound configuration
 +
 +All of Unbound's configuration options are described in the man pages, which
 +will be installed and are available on the Unbound
 +[documentation page](https://nlnetlabs.nl/documentation/unbound/).
 +
 +An example configuration file is located in
 +[doc/example.conf](https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in).
diff --cc contrib/unbound/testcode/readzone.c
index 000000000000,94511e5771f4..94511e5771f4
mode 000000,100644..100644
--- a/contrib/unbound/testcode/readzone.c
+++ b/contrib/unbound/testcode/readzone.c
diff --cc contrib/unbound/testcode/unittcpreuse.c
index 000000000000,087c6c1b9d50..087c6c1b9d50
mode 000000,100644..100644
--- a/contrib/unbound/testcode/unittcpreuse.c
+++ b/contrib/unbound/testcode/unittcpreuse.c
diff --cc contrib/unbound/testcode/unitzonemd.c
index 000000000000,5caa68a102c3..5caa68a102c3
mode 000000,100644..100644
--- a/contrib/unbound/testcode/unitzonemd.c
+++ b/contrib/unbound/testcode/unitzonemd.c
diff --cc contrib/unbound/testdata/auth_zonemd_anchor.rpl
index 000000000000,c443f7d43f10..c443f7d43f10
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_anchor.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_anchor.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl
index 000000000000,d055174dcbe7..d055174dcbe7
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_chain.rpl
index 000000000000,74479274fa97..74479274fa97
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_chain.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_chain.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_chain_fail.rpl
index 000000000000,393b1c028fa9..393b1c028fa9
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_file.rpl
index 000000000000,bdf0ccbae74f..bdf0ccbae74f
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_file.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_file.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_file_fail.rpl
index 000000000000,69487cf6512c..69487cf6512c
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_file_fail.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_file_fail.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_insecure.rpl
index 000000000000,18a4117d86ac..18a4117d86ac
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_insecure.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_insecure.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl
index 000000000000,1c3f488080ee..1c3f488080ee
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl
index 000000000000,beb9f5b9ac89..beb9f5b9ac89
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl
index 000000000000,f7aad071e3b9..f7aad071e3b9
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_nokey.rpl
index 000000000000,a89414bf631c..a89414bf631c
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_nokey.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_nokey.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl
index 000000000000,4149daa927f4..4149daa927f4
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_xfr.rpl
index 000000000000,89e22cea1472..89e22cea1472
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_xfr.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_xfr.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl
index 000000000000,667de2eae0da..667de2eae0da
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl
index 000000000000,237ed9498e39..237ed9498e39
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl
index 000000000000,4deb99bcbd8a..4deb99bcbd8a
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl
index 000000000000,3e09c9e8e40b..3e09c9e8e40b
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl
diff --cc contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl
index 000000000000,f54ca7e086f0..f54ca7e086f0
mode 000000,100644..100644
--- a/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl
+++ b/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl
diff --cc contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone
index 000000000000,695eb1c32bd4..695eb1c32bd4
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone
+++ b/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone
diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf
index 000000000000,c563416aefbe..c563416aefbe
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf
+++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf
diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc
index 000000000000,6b24c43fc7ab..6b24c43fc7ab
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc
+++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc
diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post
index 000000000000,797ff57c8bbc..797ff57c8bbc
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post
+++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post
diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre
index 000000000000,e94bd536edb4..e94bd536edb4
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre
+++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre
diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test
index 000000000000,afc0fbbe6f4b..afc0fbbe6f4b
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test
+++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test
diff --cc contrib/unbound/testdata/http_user_agent.tdir/petal.key
index 000000000000,6614e498fcd2..6614e498fcd2
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/petal.key
+++ b/contrib/unbound/testdata/http_user_agent.tdir/petal.key
diff --cc contrib/unbound/testdata/http_user_agent.tdir/petal.pem
index 000000000000,19c8b895ba86..19c8b895ba86
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/petal.pem
+++ b/contrib/unbound/testdata/http_user_agent.tdir/petal.pem
diff --cc contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key
index 000000000000,753a4ef6162e..753a4ef6162e
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key
+++ b/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key
diff --cc contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem
index 000000000000,a1edf7017f1d..a1edf7017f1d
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem
+++ b/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem
diff --cc contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key
index 000000000000,370a7bbb2f22..370a7bbb2f22
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key
+++ b/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key
diff --cc contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem
index 000000000000,986807310f2b..986807310f2b
mode 000000,100644..100644
--- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem
+++ b/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem
diff --cc contrib/unbound/testdata/rpz_rootwc.rpl
index 000000000000,1fb94a1439fa..1fb94a1439fa
mode 000000,100644..100644
--- a/contrib/unbound/testdata/rpz_rootwc.rpl
+++ b/contrib/unbound/testdata/rpz_rootwc.rpl
diff --cc contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone
index 000000000000,53c89c735ba1..53c89c735ba1
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone
+++ b/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.dsc
index 000000000000,6eae7638e9b0..6eae7638e9b0
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.dsc
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.dsc
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01
index 000000000000,c60151692ee8..c60151692ee8
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02
index 000000000000,9d6f0186d535..9d6f0186d535
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03
index 000000000000,bb819daae316..bb819daae316
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04
index 000000000000,ae02ac417b1b..ae02ac417b1b
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone
index 000000000000,5d6339542f67..5d6339542f67
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp
index 000000000000,e504e7b18ad5..e504e7b18ad5
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.test
index 000000000000,707287d5cf89..707287d5cf89
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.test
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.test
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone
index 000000000000,d2cb5087bf9a..d2cb5087bf9a
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone
diff --cc contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone
index 000000000000,bf47ab75c594..bf47ab75c594
mode 000000,100644..100644
--- a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone
+++ b/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone
diff --cc contrib/unbound/testdata/zonemd.example1.zone
index 000000000000,b1a44895f05c..b1a44895f05c
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example1.zone
+++ b/contrib/unbound/testdata/zonemd.example1.zone
diff --cc contrib/unbound/testdata/zonemd.example10.zone
index 000000000000,33ca2828e019..33ca2828e019
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example10.zone
+++ b/contrib/unbound/testdata/zonemd.example10.zone
diff --cc contrib/unbound/testdata/zonemd.example11.zone
index 000000000000,7562f79729b7..7562f79729b7
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example11.zone
+++ b/contrib/unbound/testdata/zonemd.example11.zone
diff --cc contrib/unbound/testdata/zonemd.example12.zone
index 000000000000,4fc04bf88eb2..4fc04bf88eb2
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example12.zone
+++ b/contrib/unbound/testdata/zonemd.example12.zone
diff --cc contrib/unbound/testdata/zonemd.example13.zone
index 000000000000,9f311c91291e..9f311c91291e
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example13.zone
+++ b/contrib/unbound/testdata/zonemd.example13.zone
diff --cc contrib/unbound/testdata/zonemd.example14.zone
index 000000000000,bc4cdacdbbf5..bc4cdacdbbf5
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example14.zone
+++ b/contrib/unbound/testdata/zonemd.example14.zone
diff --cc contrib/unbound/testdata/zonemd.example15.zone
index 000000000000,8a10689101d7..8a10689101d7
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example15.zone
+++ b/contrib/unbound/testdata/zonemd.example15.zone
diff --cc contrib/unbound/testdata/zonemd.example16.zone
index 000000000000,7520744d3180..7520744d3180
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example16.zone
+++ b/contrib/unbound/testdata/zonemd.example16.zone
diff --cc contrib/unbound/testdata/zonemd.example17.zone
index 000000000000,4315f9054af4..4315f9054af4
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example17.zone
+++ b/contrib/unbound/testdata/zonemd.example17.zone
diff --cc contrib/unbound/testdata/zonemd.example2.zone
index 000000000000,14b7ea689ffa..14b7ea689ffa
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example2.zone
+++ b/contrib/unbound/testdata/zonemd.example2.zone
diff --cc contrib/unbound/testdata/zonemd.example3.zone
index 000000000000,12389f3d5181..12389f3d5181
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example3.zone
+++ b/contrib/unbound/testdata/zonemd.example3.zone
diff --cc contrib/unbound/testdata/zonemd.example4.zone
index 000000000000,dae0f17c708c..dae0f17c708c
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example4.zone
+++ b/contrib/unbound/testdata/zonemd.example4.zone
diff --cc contrib/unbound/testdata/zonemd.example5.zone
index 000000000000,d88380ade09f..d88380ade09f
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example5.zone
+++ b/contrib/unbound/testdata/zonemd.example5.zone
diff --cc contrib/unbound/testdata/zonemd.example6.zone
index 000000000000,0a7b05a8dcea..0a7b05a8dcea
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example6.zone
+++ b/contrib/unbound/testdata/zonemd.example6.zone
diff --cc contrib/unbound/testdata/zonemd.example7.zone
index 000000000000,4339bd570c56..4339bd570c56
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example7.zone
+++ b/contrib/unbound/testdata/zonemd.example7.zone
diff --cc contrib/unbound/testdata/zonemd.example8.zone
index 000000000000,2900753c0483..2900753c0483
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example8.zone
+++ b/contrib/unbound/testdata/zonemd.example8.zone
diff --cc contrib/unbound/testdata/zonemd.example9.zone
index 000000000000,9c035aa1310d..9c035aa1310d
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example9.zone
+++ b/contrib/unbound/testdata/zonemd.example9.zone
diff --cc contrib/unbound/testdata/zonemd.example_a1.zone
index 000000000000,331b45a153d6..331b45a153d6
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example_a1.zone
+++ b/contrib/unbound/testdata/zonemd.example_a1.zone
diff --cc contrib/unbound/testdata/zonemd.example_a2.zone
index 000000000000,56d06ae066bf..56d06ae066bf
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example_a2.zone
+++ b/contrib/unbound/testdata/zonemd.example_a2.zone
diff --cc contrib/unbound/testdata/zonemd.example_a3.zone
index 000000000000,45c47ad0508e..45c47ad0508e
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example_a3.zone
+++ b/contrib/unbound/testdata/zonemd.example_a3.zone
diff --cc contrib/unbound/testdata/zonemd.example_a4.zone
index 000000000000,74b913c89e2b..74b913c89e2b
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example_a4.zone
+++ b/contrib/unbound/testdata/zonemd.example_a4.zone
diff --cc contrib/unbound/testdata/zonemd.example_a5.zone
index 000000000000,246f5e2376db..246f5e2376db
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd.example_a5.zone
+++ b/contrib/unbound/testdata/zonemd.example_a5.zone
diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf
index 000000000000,9afd6e2b1e23..9afd6e2b1e23
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf
+++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf
diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc
index 000000000000,016c3d6c7ff0..016c3d6c7ff0
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc
+++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc
diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post
index 000000000000,5e315088a097..5e315088a097
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post
+++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post
diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre
index 000000000000,fa5e4ca29bbf..fa5e4ca29bbf
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre
+++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre
diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test
index 000000000000,fbdf07511306..fbdf07511306
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test
+++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test
diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns
index 000000000000,f1678a1ccc30..f1678a1ccc30
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns
+++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns
diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone
index 000000000000,01e57a738e37..01e57a738e37
mode 000000,100644..100644
--- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone
+++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone
diff --cc contrib/unbound/util/config_file.c
index f3b7536d07eb,000000000000..083654ebad4c
mode 100644,000000..100644
--- a/contrib/unbound/util/config_file.c
+++ b/contrib/unbound/util/config_file.c
@@@ -1,2607 -1,0 +1,2685 @@@
 +/*
 + * util/config_file.c - reads and stores the config file for unbound.
 + *
 + * Copyright (c) 2007, NLnet Labs. All rights reserved.
 + *
 + * This software is open source.
 + * 
 + * Redistribution and use in source and binary forms, with or without
 + * modification, are permitted provided that the following conditions
 + * are met:
 + * 
 + * Redistributions of source code must retain the above copyright notice,
 + * this list of conditions and the following disclaimer.
 + * 
 + * Redistributions in binary form must reproduce the above copyright notice,
 + * this list of conditions and the following disclaimer in the documentation
 + * and/or other materials provided with the distribution.
 + * 
 + * Neither the name of the NLNET LABS nor the names of its contributors may
 + * be used to endorse or promote products derived from this software without
 + * specific prior written permission.
 + * 
 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 + */
 +
 +/**
 + * \file
 + *
 + * This file contains functions for the config file.
 + */
 +
 +#include "config.h"
 +#include <ctype.h>
 +#include <stdarg.h>
 +#ifdef HAVE_TIME_H
 +#include <time.h>
 +#endif
 +#include "util/log.h"
 +#include "util/configyyrename.h"
 +#include "util/config_file.h"
 +#include "configparser.h"
 +#include "util/net_help.h"
 +#include "util/data/msgparse.h"
 +#include "util/module.h"
 +#include "util/regional.h"
 +#include "util/fptr_wlist.h"
 +#include "util/data/dname.h"
 +#include "util/rtt.h"
 +#include "services/cache/infra.h"
 +#include "sldns/wire2str.h"
 +#include "sldns/parseutil.h"
 +#include "iterator/iterator.h"
 +#ifdef HAVE_GLOB_H
 +# include <glob.h>
 +#endif
 +#ifdef CLIENT_SUBNET
 +#include "edns-subnet/edns-subnet.h"
 +#endif
 +#ifdef HAVE_PWD_H
 +#include <pwd.h>
 +#endif
 +
 +/** from cfg username, after daemonize setup performed */
 +uid_t cfg_uid = (uid_t)-1;
 +/** from cfg username, after daemonize setup performed */
 +gid_t cfg_gid = (gid_t)-1;
 +/** for debug allow small timeout values for fast rollovers */
 +int autr_permit_small_holddown = 0;
 +/** size (in bytes) of stream wait buffers max */
 +size_t stream_wait_max = 4 * 1024 * 1024;
 +size_t http2_query_buffer_max = 4 * 1024 * 1024;
 +size_t http2_response_buffer_max = 4 * 1024 * 1024;
 +
 +/** global config during parsing */
 +struct config_parser_state* cfg_parser = 0;
 +
 +/** init ports possible for use */
 +static void init_outgoing_availports(int* array, int num);
 +
 +struct config_file* 
 +config_create(void)
 +{
 +	struct config_file* cfg;
 +	cfg = (struct config_file*)calloc(1, sizeof(struct config_file));
 +	if(!cfg)
 +		return NULL;
 +	/* the defaults if no config is present */
 +	cfg->verbosity = 1;
 +	cfg->stat_interval = 0;
 +	cfg->stat_cumulative = 0;
 +	cfg->stat_extended = 0;
 +	cfg->num_threads = 1;
 +	cfg->port = UNBOUND_DNS_PORT;
 +	cfg->do_ip4 = 1;
 +	cfg->do_ip6 = 1;
 +	cfg->do_udp = 1;
 +	cfg->do_tcp = 1;
++	cfg->tcp_reuse_timeout = 60 * 1000; /* 60s in milisecs */
++	cfg->max_reuse_tcp_queries = 200;
 +	cfg->tcp_upstream = 0;
 +	cfg->udp_upstream_without_downstream = 0;
 +	cfg->tcp_mss = 0;
 +	cfg->outgoing_tcp_mss = 0;
 +	cfg->tcp_idle_timeout = 30 * 1000; /* 30s in millisecs */
++	cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */
 +	cfg->do_tcp_keepalive = 0;
 +	cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */
 +	cfg->ssl_service_key = NULL;
 +	cfg->ssl_service_pem = NULL;
 +	cfg->ssl_port = UNBOUND_DNS_OVER_TLS_PORT;
 +	cfg->ssl_upstream = 0;
 +	cfg->tls_cert_bundle = NULL;
 +	cfg->tls_win_cert = 0;
 +	cfg->tls_use_sni = 1;
 +	cfg->https_port = UNBOUND_DNS_OVER_HTTPS_PORT;
 +	if(!(cfg->http_endpoint = strdup("/dns-query"))) goto error_exit;
 +	cfg->http_max_streams = 100;
 +	cfg->http_query_buffer_size = 4*1024*1024;
 +	cfg->http_response_buffer_size = 4*1024*1024;
 +	cfg->http_nodelay = 1;
 +	cfg->use_syslog = 1;
 +	cfg->log_identity = NULL; /* changed later with argv[0] */
 +	cfg->log_time_ascii = 0;
 +	cfg->log_queries = 0;
 +	cfg->log_replies = 0;
 +	cfg->log_tag_queryreply = 0;
 +	cfg->log_local_actions = 0;
 +	cfg->log_servfail = 0;
 +#ifndef USE_WINSOCK
 +#  ifdef USE_MINI_EVENT
 +	/* select max 1024 sockets */
 +	cfg->outgoing_num_ports = 960;
 +	cfg->num_queries_per_thread = 512;
 +#  else
 +	/* libevent can use many sockets */
 +	cfg->outgoing_num_ports = 4096;
 +	cfg->num_queries_per_thread = 1024;
 +#  endif
 +	cfg->outgoing_num_tcp = 10;
 +	cfg->incoming_num_tcp = 10;
 +#else
 +	cfg->outgoing_num_ports = 48; /* windows is limited in num fds */
 +	cfg->num_queries_per_thread = 24;
 +	cfg->outgoing_num_tcp = 2; /* leaves 64-52=12 for: 4if,1stop,thread4 */
 +	cfg->incoming_num_tcp = 2; 
 +#endif
 +	cfg->stream_wait_size = 4 * 1024 * 1024;
 +	cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */
 +	cfg->msg_buffer_size = 65552; /* 64 k + a small margin */
 +	cfg->msg_cache_size = 4 * 1024 * 1024;
 +	cfg->msg_cache_slabs = 4;
 +	cfg->jostle_time = 200;
 +	cfg->rrset_cache_size = 4 * 1024 * 1024;
 +	cfg->rrset_cache_slabs = 4;
 +	cfg->host_ttl = 900;
 +	cfg->bogus_ttl = 60;
 +	cfg->min_ttl = 0;
 +	cfg->max_ttl = 3600 * 24;
 +	cfg->max_negative_ttl = 3600;
 +	cfg->prefetch = 0;
 +	cfg->prefetch_key = 0;
 +	cfg->deny_any = 0;
 +	cfg->infra_cache_slabs = 4;
 +	cfg->infra_cache_numhosts = 10000;
 +	cfg->infra_cache_min_rtt = 50;
 +	cfg->infra_keep_probing = 0;
 +	cfg->delay_close = 0;
 +	cfg->udp_connect = 1;
 +	if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
 +		goto error_exit;
 +	init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
 +	if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit;
 +#ifdef HAVE_CHROOT
 +	if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit;
 +#endif
 +	if(!(cfg->directory = strdup(RUN_DIR))) goto error_exit;
 +	if(!(cfg->logfile = strdup(""))) goto error_exit;
 +	if(!(cfg->pidfile = strdup(PIDFILE))) goto error_exit;
 +	if(!(cfg->target_fetch_policy = strdup("3 2 1 0 0"))) goto error_exit;
 +	cfg->fast_server_permil = 0;
 +	cfg->fast_server_num = 3;
 +	cfg->donotqueryaddrs = NULL;
 +	cfg->donotquery_localhost = 1;
 +	cfg->root_hints = NULL;
 +	cfg->use_systemd = 0;
 +	cfg->do_daemonize = 1;
 +	cfg->if_automatic = 0;
 +	cfg->so_rcvbuf = 0;
 +	cfg->so_sndbuf = 0;
 +	cfg->so_reuseport = REUSEPORT_DEFAULT;
 +	cfg->ip_transparent = 0;
 +	cfg->ip_freebind = 0;
 +	cfg->ip_dscp = 0;
 +	cfg->num_ifs = 0;
 +	cfg->ifs = NULL;
 +	cfg->num_out_ifs = 0;
 +	cfg->out_ifs = NULL;
 +	cfg->stubs = NULL;
 +	cfg->forwards = NULL;
 +	cfg->auths = NULL;
 +#ifdef CLIENT_SUBNET
 +	cfg->client_subnet = NULL;
 +	cfg->client_subnet_zone = NULL;
 +	cfg->client_subnet_opcode = LDNS_EDNS_CLIENT_SUBNET;
 +	cfg->client_subnet_always_forward = 0;
 +	cfg->max_client_subnet_ipv4 = 24;
 +	cfg->max_client_subnet_ipv6 = 56;
 +	cfg->min_client_subnet_ipv4 = 0;
 +	cfg->min_client_subnet_ipv6 = 0;
 +	cfg->max_ecs_tree_size_ipv4 = 100;
 +	cfg->max_ecs_tree_size_ipv6 = 100;
 +#endif
 +	cfg->views = NULL;
 +	cfg->acls = NULL;
 +	cfg->tcp_connection_limits = NULL;
 +	cfg->harden_short_bufsize = 1;
 +	cfg->harden_large_queries = 0;
 +	cfg->harden_glue = 1;
 +	cfg->harden_dnssec_stripped = 1;
 +	cfg->harden_below_nxdomain = 1;
 +	cfg->harden_referral_path = 0;
 +	cfg->harden_algo_downgrade = 0;
 +	cfg->use_caps_bits_for_id = 0;
 +	cfg->caps_whitelist = NULL;
 +	cfg->private_address = NULL;
 +	cfg->private_domain = NULL;
 +	cfg->unwanted_threshold = 0;
 +	cfg->hide_identity = 0;
 +	cfg->hide_version = 0;
 +	cfg->hide_trustanchor = 0;
++	cfg->hide_http_user_agent = 0;
 +	cfg->identity = NULL;
 +	cfg->version = NULL;
++	cfg->http_user_agent = NULL;
 +	cfg->nsid_cfg_str = NULL;
 +	cfg->nsid = NULL;
 +	cfg->nsid_len = 0;
 +	cfg->auto_trust_anchor_file_list = NULL;
 +	cfg->trust_anchor_file_list = NULL;
 +	cfg->trust_anchor_list = NULL;
 +	cfg->trusted_keys_file_list = NULL;
 +	cfg->trust_anchor_signaling = 1;
 +	cfg->root_key_sentinel = 1;
 +	cfg->domain_insecure = NULL;
 +	cfg->val_date_override = 0;
 +	cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */
 +	cfg->val_sig_skew_max = 86400; /* at most timezone settings trouble */
++	cfg->val_max_restart = 5;
 +	cfg->val_clean_additional = 1;
 +	cfg->val_log_level = 0;
 +	cfg->val_log_squelch = 0;
 +	cfg->val_permissive_mode = 0;
 +	cfg->aggressive_nsec = 0;
 +	cfg->ignore_cd = 0;
 +	cfg->serve_expired = 0;
 +	cfg->serve_expired_ttl = 0;
 +	cfg->serve_expired_ttl_reset = 0;
 +	cfg->serve_expired_reply_ttl = 30;
 +	cfg->serve_expired_client_timeout = 0;
 +	cfg->serve_original_ttl = 0;
++	cfg->zonemd_permissive_mode = 0;
 +	cfg->add_holddown = 30*24*3600;
 +	cfg->del_holddown = 30*24*3600;
 +	cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */
 +	cfg->permit_small_holddown = 0;
 +	cfg->key_cache_size = 4 * 1024 * 1024;
 +	cfg->key_cache_slabs = 4;
 +	cfg->neg_cache_size = 1 * 1024 * 1024;
 +	cfg->local_zones = NULL;
 +	cfg->local_zones_nodefault = NULL;
 +#ifdef USE_IPSET
 +	cfg->local_zones_ipset = NULL;
 +#endif
 +	cfg->local_zones_disable_default = 0;
 +	cfg->local_data = NULL;
 +	cfg->local_zone_overrides = NULL;
 +	cfg->unblock_lan_zones = 0;
 +	cfg->insecure_lan_zones = 0;
 +	cfg->python_script = NULL;
 +	cfg->dynlib_file = NULL;
 +	cfg->remote_control_enable = 0;
 +	cfg->control_ifs.first = NULL;
 +	cfg->control_ifs.last = NULL;
 +	cfg->control_port = UNBOUND_CONTROL_PORT;
 +	cfg->control_use_cert = 1;
 +	cfg->minimal_responses = 1;
 +	cfg->rrset_roundrobin = 1;
 +	cfg->unknown_server_time_limit = 376;
 +	cfg->max_udp_size = 4096;
 +	if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) 
 +		goto error_exit;
 +	if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) 
 +		goto error_exit;
 +	if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) 
 +		goto error_exit;
 +	if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) 
 +		goto error_exit;
 +
 +#ifdef CLIENT_SUBNET
 +	if(!(cfg->module_conf = strdup("subnetcache validator iterator"))) goto error_exit;
 +#else
 +	if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
 +#endif
 +	if(!(cfg->val_nsec3_key_iterations = 
- 		strdup("1024 150 2048 500 4096 2500"))) goto error_exit;
++		strdup("1024 150 2048 150 4096 150"))) goto error_exit;
 +#if defined(DNSTAP_SOCKET_PATH)
 +	if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH)))
 +		goto error_exit;
 +#endif
 +	cfg->dnstap_bidirectional = 1;
 +	cfg->dnstap_tls = 1;
 +	cfg->disable_dnssec_lame_check = 0;
 +	cfg->ip_ratelimit = 0;
 +	cfg->ratelimit = 0;
 +	cfg->ip_ratelimit_slabs = 4;
 +	cfg->ratelimit_slabs = 4;
 +	cfg->ip_ratelimit_size = 4*1024*1024;
 +	cfg->ratelimit_size = 4*1024*1024;
 +	cfg->ratelimit_for_domain = NULL;
 +	cfg->ratelimit_below_domain = NULL;
 +	cfg->ip_ratelimit_factor = 10;
 +	cfg->ratelimit_factor = 10;
 +	cfg->qname_minimisation = 1;
 +	cfg->qname_minimisation_strict = 0;
 +	cfg->shm_enable = 0;
 +	cfg->shm_key = 11777;
 +	cfg->edns_client_strings = NULL;
 +	cfg->edns_client_string_opcode = 65001;
 +	cfg->dnscrypt = 0;
 +	cfg->dnscrypt_port = 0;
 +	cfg->dnscrypt_provider = NULL;
 +	cfg->dnscrypt_provider_cert = NULL;
 +	cfg->dnscrypt_provider_cert_rotated = NULL;
 +	cfg->dnscrypt_secret_key = NULL;
 +	cfg->dnscrypt_shared_secret_cache_size = 4*1024*1024;
 +	cfg->dnscrypt_shared_secret_cache_slabs = 4;
 +	cfg->dnscrypt_nonce_cache_size = 4*1024*1024;
*** 2340 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108170934.17H9Y4uU037007>