From owner-dev-commits-src-main@freebsd.org Tue Aug 17 09:34:05 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 549F9660459; Tue, 17 Aug 2021 09:34:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gpm7d1fcJz4Wds; Tue, 17 Aug 2021 09:34:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 208AE1B26B; Tue, 17 Aug 2021 09:34:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 17H9Y5Ik037008; Tue, 17 Aug 2021 09:34:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 17H9Y4uU037007; Tue, 17 Aug 2021 09:34:04 GMT (envelope-from git) Date: Tue, 17 Aug 2021 09:34:04 GMT Message-Id: <202108170934.17H9Y4uU037007@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Cy Schubert Subject: git: 5469a9953005 - main - unbound: Vendor import 1.13.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5469a9953005a9a4d4aad7be88545d441622e9a0 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Aug 2021 09:34:05 -0000 The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=5469a9953005a9a4d4aad7be88545d441622e9a0 commit 5469a9953005a9a4d4aad7be88545d441622e9a0 Merge: 35cf9fecbd80 625f1c1312fb Author: Cy Schubert AuthorDate: 2021-08-17 09:32:56 +0000 Commit: Cy Schubert CommitDate: 2021-08-17 09:32:56 +0000 unbound: Vendor import 1.13.2 Merge commit '625f1c1312fb7defbd148c8ba121a0cf058707ef' MFC after: 1 month .../unbound/.github/ISSUE_TEMPLATE/bug_report.md | 41 + .../.github/ISSUE_TEMPLATE/feature_request.md | 31 + .../unbound/.github/workflows/analysis_ports.yml | 346 +++++ contrib/unbound/.github/workflows/ci.yml | 21 + contrib/unbound/.travis.yml | 124 +- contrib/unbound/Makefile.in | 509 ++++--- contrib/unbound/README.md | 1 + contrib/unbound/acx_nlnetlabs.m4 | 23 +- contrib/unbound/cachedb/cachedb.c | 8 +- contrib/unbound/compat/ctime_r.c | 2 +- contrib/unbound/config.guess | 1222 +++++++++-------- contrib/unbound/config.h.in | 26 + contrib/unbound/config.sub | 59 +- contrib/unbound/configure | 134 +- contrib/unbound/configure.ac | 72 +- contrib/unbound/contrib/ios/install_tools.sh | 8 +- contrib/unbound/contrib/unbound.service.in | 4 + contrib/unbound/contrib/unbound.spec | 20 +- contrib/unbound/contrib/unbound_munin_ | 71 +- contrib/unbound/daemon/daemon.c | 13 +- contrib/unbound/daemon/remote.c | 111 +- contrib/unbound/daemon/unbound.c | 29 + contrib/unbound/daemon/worker.c | 85 +- contrib/unbound/dnscrypt/dnscrypt.c | 2 + contrib/unbound/dnstap/dnstap.c | 120 +- contrib/unbound/dnstap/dnstap.h | 12 +- contrib/unbound/dnstap/unbound-dnstap-socket.c | 26 +- contrib/unbound/doc/Changelog | 374 ++++++ contrib/unbound/doc/README | 2 +- contrib/unbound/doc/example.conf.in | 30 +- contrib/unbound/doc/libunbound.3.in | 4 +- contrib/unbound/doc/unbound-anchor.8.in | 2 +- contrib/unbound/doc/unbound-checkconf.8.in | 2 +- contrib/unbound/doc/unbound-control.8.in | 7 +- contrib/unbound/doc/unbound-host.1.in | 2 +- contrib/unbound/doc/unbound.8.in | 4 +- contrib/unbound/doc/unbound.conf.5.in | 184 ++- contrib/unbound/doc/unbound.doxygen | 2 +- contrib/unbound/edns-subnet/subnetmod.c | 36 +- contrib/unbound/ipsecmod/ipsecmod.c | 17 + contrib/unbound/iterator/iter_scrub.c | 24 +- contrib/unbound/iterator/iter_utils.c | 34 +- contrib/unbound/iterator/iter_utils.h | 23 +- contrib/unbound/iterator/iterator.c | 79 +- contrib/unbound/iterator/iterator.h | 8 +- contrib/unbound/libunbound/context.c | 4 +- contrib/unbound/libunbound/libworker.c | 69 +- contrib/unbound/libunbound/worker.h | 8 - contrib/unbound/respip/respip.c | 2 +- contrib/unbound/services/authzone.c | 1405 +++++++++++++++++++- contrib/unbound/services/authzone.h | 96 +- contrib/unbound/services/cache/dns.c | 5 +- contrib/unbound/services/cache/dns.h | 4 +- contrib/unbound/services/cache/infra.c | 3 + contrib/unbound/services/listen_dnsport.c | 263 +++- contrib/unbound/services/listen_dnsport.h | 28 +- contrib/unbound/services/localzone.c | 16 +- contrib/unbound/services/localzone.h | 2 +- contrib/unbound/services/mesh.c | 17 +- contrib/unbound/services/modstack.c | 65 +- contrib/unbound/services/outside_network.c | 463 +++++-- contrib/unbound/services/outside_network.h | 45 +- contrib/unbound/services/rpz.c | 26 +- contrib/unbound/sldns/keyraw.c | 333 ++++- contrib/unbound/sldns/keyraw.h | 20 + contrib/unbound/sldns/parse.c | 3 + contrib/unbound/sldns/parse.h | 3 - contrib/unbound/sldns/parseutil.c | 15 + contrib/unbound/sldns/parseutil.h | 1 + contrib/unbound/sldns/rrdef.c | 15 +- contrib/unbound/sldns/rrdef.h | 10 +- contrib/unbound/sldns/sbuffer.h | 2 - contrib/unbound/sldns/str2wire.c | 683 +++++++++- contrib/unbound/sldns/str2wire.h | 31 + contrib/unbound/sldns/wire2str.c | 279 ++++ contrib/unbound/sldns/wire2str.h | 12 + contrib/unbound/smallapp/unbound-checkconf.c | 4 +- contrib/unbound/smallapp/unbound-control.c | 37 +- contrib/unbound/smallapp/unbound-host.c | 2 +- contrib/unbound/smallapp/worker_cb.c | 18 +- contrib/unbound/testcode/readzone.c | 158 +++ contrib/unbound/testcode/unittcpreuse.c | 236 ++++ contrib/unbound/testcode/unitzonemd.c | 537 ++++++++ contrib/unbound/testdata/auth_zonemd_anchor.rpl | 234 ++++ .../unbound/testdata/auth_zonemd_anchor_fail.rpl | 236 ++++ contrib/unbound/testdata/auth_zonemd_chain.rpl | 234 ++++ .../unbound/testdata/auth_zonemd_chain_fail.rpl | 236 ++++ contrib/unbound/testdata/auth_zonemd_file.rpl | 183 +++ contrib/unbound/testdata/auth_zonemd_file_fail.rpl | 185 +++ contrib/unbound/testdata/auth_zonemd_insecure.rpl | 215 +++ .../testdata/auth_zonemd_insecure_absent.rpl | 217 +++ .../auth_zonemd_insecure_absent_reject.rpl | 218 +++ .../unbound/testdata/auth_zonemd_insecure_fail.rpl | 218 +++ contrib/unbound/testdata/auth_zonemd_nokey.rpl | 212 +++ .../testdata/auth_zonemd_permissive_mode.rpl | 187 +++ contrib/unbound/testdata/auth_zonemd_xfr.rpl | 238 ++++ .../unbound/testdata/auth_zonemd_xfr_anchor.rpl | 285 ++++ .../testdata/auth_zonemd_xfr_anchor_fail.rpl | 266 ++++ contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl | 310 +++++ .../testdata/auth_zonemd_xfr_chain_fail.rpl | 321 +++++ contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl | 241 ++++ .../127.0.0.1/example.com.zone | 3 + .../http_user_agent.tdir/http_user_agent.conf | 24 + .../http_user_agent.tdir/http_user_agent.dsc | 16 + .../http_user_agent.tdir/http_user_agent.post | 11 + .../http_user_agent.tdir/http_user_agent.pre | 37 + .../http_user_agent.tdir/http_user_agent.test | 103 ++ .../testdata/http_user_agent.tdir/petal.key | 21 + .../testdata/http_user_agent.tdir/petal.pem | 14 + .../http_user_agent.tdir/unbound_control.key | 39 + .../http_user_agent.tdir/unbound_control.pem | 22 + .../http_user_agent.tdir/unbound_server.key | 39 + .../http_user_agent.tdir/unbound_server.pem | 22 + contrib/unbound/testdata/rpz_rootwc.rpl | 162 +++ .../testdata/svcb.tdir/crypto.cloudflare.com.zone | 9 + contrib/unbound/testdata/svcb.tdir/svcb.dsc | 16 + .../testdata/svcb.tdir/svcb.failure-cases-01 | 9 + .../testdata/svcb.tdir/svcb.failure-cases-02 | 8 + .../testdata/svcb.tdir/svcb.failure-cases-03 | 8 + .../testdata/svcb.tdir/svcb.failure-cases-04 | 8 + .../testdata/svcb.tdir/svcb.success-cases.zone | 47 + .../testdata/svcb.tdir/svcb.success-cases.zone.cmp | 10 + contrib/unbound/testdata/svcb.tdir/svcb.test | 97 ++ .../testdata/svcb.tdir/svcb.test-vectors-pf.zone | 92 ++ .../testdata/svcb.tdir/svcb.test-vectors-wf.zone | 232 ++++ contrib/unbound/testdata/zonemd.example1.zone | 4 + contrib/unbound/testdata/zonemd.example10.zone | 35 + contrib/unbound/testdata/zonemd.example11.zone | 33 + contrib/unbound/testdata/zonemd.example12.zone | 35 + contrib/unbound/testdata/zonemd.example13.zone | 33 + contrib/unbound/testdata/zonemd.example14.zone | 35 + contrib/unbound/testdata/zonemd.example15.zone | 35 + contrib/unbound/testdata/zonemd.example16.zone | 11 + contrib/unbound/testdata/zonemd.example17.zone | 11 + contrib/unbound/testdata/zonemd.example2.zone | 15 + contrib/unbound/testdata/zonemd.example3.zone | 34 + contrib/unbound/testdata/zonemd.example4.zone | 36 + contrib/unbound/testdata/zonemd.example5.zone | 34 + contrib/unbound/testdata/zonemd.example6.zone | 36 + contrib/unbound/testdata/zonemd.example7.zone | 31 + contrib/unbound/testdata/zonemd.example8.zone | 34 + contrib/unbound/testdata/zonemd.example9.zone | 35 + contrib/unbound/testdata/zonemd.example_a1.zone | 6 + contrib/unbound/testdata/zonemd.example_a2.zone | 25 + contrib/unbound/testdata/zonemd.example_a3.zone | 30 + contrib/unbound/testdata/zonemd.example_a4.zone | 127 ++ contrib/unbound/testdata/zonemd.example_a5.zone | 48 + .../testdata/zonemd_reload.tdir/zonemd_reload.conf | 23 + .../testdata/zonemd_reload.tdir/zonemd_reload.dsc | 16 + .../testdata/zonemd_reload.tdir/zonemd_reload.post | 14 + .../testdata/zonemd_reload.tdir/zonemd_reload.pre | 35 + .../testdata/zonemd_reload.tdir/zonemd_reload.test | 74 ++ .../zonemd_reload.tdir/zonemd_reload.testns | 27 + .../testdata/zonemd_reload.tdir/zonemd_reload.zone | 8 + contrib/unbound/util/config_file.c | 84 +- contrib/unbound/util/config_file.h | 39 + contrib/unbound/util/configlexer.lex | 9 + contrib/unbound/util/configparser.y | 138 +- contrib/unbound/util/data/dname.h | 4 +- contrib/unbound/util/data/msgreply.c | 22 +- contrib/unbound/util/fptr_wlist.c | 5 +- contrib/unbound/util/iana_ports.inc | 5 +- contrib/unbound/util/net_help.c | 3 +- contrib/unbound/util/net_help.h | 6 +- contrib/unbound/util/netevent.c | 126 +- contrib/unbound/util/netevent.h | 12 +- contrib/unbound/util/shm_side/shm_main.c | 6 + contrib/unbound/util/storage/lookup3.c | 102 +- contrib/unbound/util/ub_event_pluggable.c | 3 +- contrib/unbound/validator/autotrust.c | 31 +- contrib/unbound/validator/val_anchor.c | 7 +- contrib/unbound/validator/val_nsec.c | 1 + contrib/unbound/validator/val_secalgo.c | 247 +++- contrib/unbound/validator/val_secalgo.h | 43 + contrib/unbound/validator/val_sigcrypt.c | 98 +- contrib/unbound/validator/val_sigcrypt.h | 29 + contrib/unbound/validator/val_utils.c | 39 +- contrib/unbound/validator/validator.c | 18 +- contrib/unbound/validator/validator.h | 6 +- 179 files changed, 14359 insertions(+), 1803 deletions(-) diff --cc contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md index 000000000000,35d7ee94f9da..35d7ee94f9da mode 000000,100644..100644 --- a/contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md +++ b/contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md diff --cc contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md index 000000000000,e9ca08b7ab65..e9ca08b7ab65 mode 000000,100644..100644 --- a/contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md +++ b/contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md diff --cc contrib/unbound/.github/workflows/analysis_ports.yml index 000000000000,fbbdd80185a9..fbbdd80185a9 mode 000000,100644..100644 --- a/contrib/unbound/.github/workflows/analysis_ports.yml +++ b/contrib/unbound/.github/workflows/analysis_ports.yml diff --cc contrib/unbound/.github/workflows/ci.yml index 000000000000,73d68fbf35c9..73d68fbf35c9 mode 000000,100644..100644 --- a/contrib/unbound/.github/workflows/ci.yml +++ b/contrib/unbound/.github/workflows/ci.yml diff --cc contrib/unbound/README.md index 3e11ce58ce0d,000000000000..c8877d1e9df5 mode 100644,000000..100644 --- a/contrib/unbound/README.md +++ b/contrib/unbound/README.md @@@ -1,38 -1,0 +1,39 @@@ +# Unbound + +[![Travis Build Status](https://travis-ci.org/NLnetLabs/unbound.svg?branch=master)](https://travis-ci.org/NLnetLabs/unbound) +[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions) +[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound) ++[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest) + +Unbound is a validating, recursive, caching DNS resolver. It is designed to be +fast and lean and incorporates modern features based on open standards. If you +have any feedback, we would love to hear from you. Don’t hesitate to +[create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new) +or post a message on the [Unbound mailing list](https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users). +You can learn more about Unbound by reading our +[documentation](https://nlnetlabs.nl/documentation/unbound/). + +## Compiling + +Make sure you have the C toolchain, OpenSSL and its include files, and libexpat +installed. Unbound can be compiled and installed using: + +``` +./configure && make && make install +``` + +You can use libevent if you want. libevent is useful when using many (10000) +outgoing ports. By default max 256 ports are opened at the same time and the +builtin alternative is equally capable and a little faster. + +Use the `--with-libevent=dir` configure option to compile Unbound with libevent +support. + +## Unbound configuration + +All of Unbound's configuration options are described in the man pages, which +will be installed and are available on the Unbound +[documentation page](https://nlnetlabs.nl/documentation/unbound/). + +An example configuration file is located in +[doc/example.conf](https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in). diff --cc contrib/unbound/testcode/readzone.c index 000000000000,94511e5771f4..94511e5771f4 mode 000000,100644..100644 --- a/contrib/unbound/testcode/readzone.c +++ b/contrib/unbound/testcode/readzone.c diff --cc contrib/unbound/testcode/unittcpreuse.c index 000000000000,087c6c1b9d50..087c6c1b9d50 mode 000000,100644..100644 --- a/contrib/unbound/testcode/unittcpreuse.c +++ b/contrib/unbound/testcode/unittcpreuse.c diff --cc contrib/unbound/testcode/unitzonemd.c index 000000000000,5caa68a102c3..5caa68a102c3 mode 000000,100644..100644 --- a/contrib/unbound/testcode/unitzonemd.c +++ b/contrib/unbound/testcode/unitzonemd.c diff --cc contrib/unbound/testdata/auth_zonemd_anchor.rpl index 000000000000,c443f7d43f10..c443f7d43f10 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_anchor.rpl +++ b/contrib/unbound/testdata/auth_zonemd_anchor.rpl diff --cc contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl index 000000000000,d055174dcbe7..d055174dcbe7 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl +++ b/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl diff --cc contrib/unbound/testdata/auth_zonemd_chain.rpl index 000000000000,74479274fa97..74479274fa97 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_chain.rpl +++ b/contrib/unbound/testdata/auth_zonemd_chain.rpl diff --cc contrib/unbound/testdata/auth_zonemd_chain_fail.rpl index 000000000000,393b1c028fa9..393b1c028fa9 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl +++ b/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl diff --cc contrib/unbound/testdata/auth_zonemd_file.rpl index 000000000000,bdf0ccbae74f..bdf0ccbae74f mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_file.rpl +++ b/contrib/unbound/testdata/auth_zonemd_file.rpl diff --cc contrib/unbound/testdata/auth_zonemd_file_fail.rpl index 000000000000,69487cf6512c..69487cf6512c mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_file_fail.rpl +++ b/contrib/unbound/testdata/auth_zonemd_file_fail.rpl diff --cc contrib/unbound/testdata/auth_zonemd_insecure.rpl index 000000000000,18a4117d86ac..18a4117d86ac mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_insecure.rpl +++ b/contrib/unbound/testdata/auth_zonemd_insecure.rpl diff --cc contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl index 000000000000,1c3f488080ee..1c3f488080ee mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl +++ b/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl diff --cc contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl index 000000000000,beb9f5b9ac89..beb9f5b9ac89 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl +++ b/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl diff --cc contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl index 000000000000,f7aad071e3b9..f7aad071e3b9 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl +++ b/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl diff --cc contrib/unbound/testdata/auth_zonemd_nokey.rpl index 000000000000,a89414bf631c..a89414bf631c mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_nokey.rpl +++ b/contrib/unbound/testdata/auth_zonemd_nokey.rpl diff --cc contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl index 000000000000,4149daa927f4..4149daa927f4 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl +++ b/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl diff --cc contrib/unbound/testdata/auth_zonemd_xfr.rpl index 000000000000,89e22cea1472..89e22cea1472 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_xfr.rpl +++ b/contrib/unbound/testdata/auth_zonemd_xfr.rpl diff --cc contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl index 000000000000,667de2eae0da..667de2eae0da mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl +++ b/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl diff --cc contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl index 000000000000,237ed9498e39..237ed9498e39 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl +++ b/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl diff --cc contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl index 000000000000,4deb99bcbd8a..4deb99bcbd8a mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl +++ b/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl diff --cc contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl index 000000000000,3e09c9e8e40b..3e09c9e8e40b mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl +++ b/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl diff --cc contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl index 000000000000,f54ca7e086f0..f54ca7e086f0 mode 000000,100644..100644 --- a/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl +++ b/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl diff --cc contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone index 000000000000,695eb1c32bd4..695eb1c32bd4 mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone +++ b/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf index 000000000000,c563416aefbe..c563416aefbe mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf +++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc index 000000000000,6b24c43fc7ab..6b24c43fc7ab mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc +++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post index 000000000000,797ff57c8bbc..797ff57c8bbc mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post +++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre index 000000000000,e94bd536edb4..e94bd536edb4 mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre +++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre diff --cc contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test index 000000000000,afc0fbbe6f4b..afc0fbbe6f4b mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test +++ b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test diff --cc contrib/unbound/testdata/http_user_agent.tdir/petal.key index 000000000000,6614e498fcd2..6614e498fcd2 mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/petal.key +++ b/contrib/unbound/testdata/http_user_agent.tdir/petal.key diff --cc contrib/unbound/testdata/http_user_agent.tdir/petal.pem index 000000000000,19c8b895ba86..19c8b895ba86 mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/petal.pem +++ b/contrib/unbound/testdata/http_user_agent.tdir/petal.pem diff --cc contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key index 000000000000,753a4ef6162e..753a4ef6162e mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key +++ b/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key diff --cc contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem index 000000000000,a1edf7017f1d..a1edf7017f1d mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem +++ b/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem diff --cc contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key index 000000000000,370a7bbb2f22..370a7bbb2f22 mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key +++ b/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key diff --cc contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem index 000000000000,986807310f2b..986807310f2b mode 000000,100644..100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem +++ b/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem diff --cc contrib/unbound/testdata/rpz_rootwc.rpl index 000000000000,1fb94a1439fa..1fb94a1439fa mode 000000,100644..100644 --- a/contrib/unbound/testdata/rpz_rootwc.rpl +++ b/contrib/unbound/testdata/rpz_rootwc.rpl diff --cc contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone index 000000000000,53c89c735ba1..53c89c735ba1 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone +++ b/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone diff --cc contrib/unbound/testdata/svcb.tdir/svcb.dsc index 000000000000,6eae7638e9b0..6eae7638e9b0 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.dsc +++ b/contrib/unbound/testdata/svcb.tdir/svcb.dsc diff --cc contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 index 000000000000,c60151692ee8..c60151692ee8 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 +++ b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 diff --cc contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 index 000000000000,9d6f0186d535..9d6f0186d535 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 +++ b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 diff --cc contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 index 000000000000,bb819daae316..bb819daae316 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 +++ b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 diff --cc contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 index 000000000000,ae02ac417b1b..ae02ac417b1b mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 +++ b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 diff --cc contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone index 000000000000,5d6339542f67..5d6339542f67 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone +++ b/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone diff --cc contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp index 000000000000,e504e7b18ad5..e504e7b18ad5 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp +++ b/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp diff --cc contrib/unbound/testdata/svcb.tdir/svcb.test index 000000000000,707287d5cf89..707287d5cf89 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test +++ b/contrib/unbound/testdata/svcb.tdir/svcb.test diff --cc contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone index 000000000000,d2cb5087bf9a..d2cb5087bf9a mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone +++ b/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone diff --cc contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone index 000000000000,bf47ab75c594..bf47ab75c594 mode 000000,100644..100644 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone +++ b/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone diff --cc contrib/unbound/testdata/zonemd.example1.zone index 000000000000,b1a44895f05c..b1a44895f05c mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example1.zone +++ b/contrib/unbound/testdata/zonemd.example1.zone diff --cc contrib/unbound/testdata/zonemd.example10.zone index 000000000000,33ca2828e019..33ca2828e019 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example10.zone +++ b/contrib/unbound/testdata/zonemd.example10.zone diff --cc contrib/unbound/testdata/zonemd.example11.zone index 000000000000,7562f79729b7..7562f79729b7 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example11.zone +++ b/contrib/unbound/testdata/zonemd.example11.zone diff --cc contrib/unbound/testdata/zonemd.example12.zone index 000000000000,4fc04bf88eb2..4fc04bf88eb2 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example12.zone +++ b/contrib/unbound/testdata/zonemd.example12.zone diff --cc contrib/unbound/testdata/zonemd.example13.zone index 000000000000,9f311c91291e..9f311c91291e mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example13.zone +++ b/contrib/unbound/testdata/zonemd.example13.zone diff --cc contrib/unbound/testdata/zonemd.example14.zone index 000000000000,bc4cdacdbbf5..bc4cdacdbbf5 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example14.zone +++ b/contrib/unbound/testdata/zonemd.example14.zone diff --cc contrib/unbound/testdata/zonemd.example15.zone index 000000000000,8a10689101d7..8a10689101d7 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example15.zone +++ b/contrib/unbound/testdata/zonemd.example15.zone diff --cc contrib/unbound/testdata/zonemd.example16.zone index 000000000000,7520744d3180..7520744d3180 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example16.zone +++ b/contrib/unbound/testdata/zonemd.example16.zone diff --cc contrib/unbound/testdata/zonemd.example17.zone index 000000000000,4315f9054af4..4315f9054af4 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example17.zone +++ b/contrib/unbound/testdata/zonemd.example17.zone diff --cc contrib/unbound/testdata/zonemd.example2.zone index 000000000000,14b7ea689ffa..14b7ea689ffa mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example2.zone +++ b/contrib/unbound/testdata/zonemd.example2.zone diff --cc contrib/unbound/testdata/zonemd.example3.zone index 000000000000,12389f3d5181..12389f3d5181 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example3.zone +++ b/contrib/unbound/testdata/zonemd.example3.zone diff --cc contrib/unbound/testdata/zonemd.example4.zone index 000000000000,dae0f17c708c..dae0f17c708c mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example4.zone +++ b/contrib/unbound/testdata/zonemd.example4.zone diff --cc contrib/unbound/testdata/zonemd.example5.zone index 000000000000,d88380ade09f..d88380ade09f mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example5.zone +++ b/contrib/unbound/testdata/zonemd.example5.zone diff --cc contrib/unbound/testdata/zonemd.example6.zone index 000000000000,0a7b05a8dcea..0a7b05a8dcea mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example6.zone +++ b/contrib/unbound/testdata/zonemd.example6.zone diff --cc contrib/unbound/testdata/zonemd.example7.zone index 000000000000,4339bd570c56..4339bd570c56 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example7.zone +++ b/contrib/unbound/testdata/zonemd.example7.zone diff --cc contrib/unbound/testdata/zonemd.example8.zone index 000000000000,2900753c0483..2900753c0483 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example8.zone +++ b/contrib/unbound/testdata/zonemd.example8.zone diff --cc contrib/unbound/testdata/zonemd.example9.zone index 000000000000,9c035aa1310d..9c035aa1310d mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example9.zone +++ b/contrib/unbound/testdata/zonemd.example9.zone diff --cc contrib/unbound/testdata/zonemd.example_a1.zone index 000000000000,331b45a153d6..331b45a153d6 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example_a1.zone +++ b/contrib/unbound/testdata/zonemd.example_a1.zone diff --cc contrib/unbound/testdata/zonemd.example_a2.zone index 000000000000,56d06ae066bf..56d06ae066bf mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example_a2.zone +++ b/contrib/unbound/testdata/zonemd.example_a2.zone diff --cc contrib/unbound/testdata/zonemd.example_a3.zone index 000000000000,45c47ad0508e..45c47ad0508e mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example_a3.zone +++ b/contrib/unbound/testdata/zonemd.example_a3.zone diff --cc contrib/unbound/testdata/zonemd.example_a4.zone index 000000000000,74b913c89e2b..74b913c89e2b mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example_a4.zone +++ b/contrib/unbound/testdata/zonemd.example_a4.zone diff --cc contrib/unbound/testdata/zonemd.example_a5.zone index 000000000000,246f5e2376db..246f5e2376db mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd.example_a5.zone +++ b/contrib/unbound/testdata/zonemd.example_a5.zone diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf index 000000000000,9afd6e2b1e23..9afd6e2b1e23 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf +++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc index 000000000000,016c3d6c7ff0..016c3d6c7ff0 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc +++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post index 000000000000,5e315088a097..5e315088a097 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post +++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre index 000000000000,fa5e4ca29bbf..fa5e4ca29bbf mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre +++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test index 000000000000,fbdf07511306..fbdf07511306 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test +++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns index 000000000000,f1678a1ccc30..f1678a1ccc30 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns +++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns diff --cc contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone index 000000000000,01e57a738e37..01e57a738e37 mode 000000,100644..100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone +++ b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone diff --cc contrib/unbound/util/config_file.c index f3b7536d07eb,000000000000..083654ebad4c mode 100644,000000..100644 --- a/contrib/unbound/util/config_file.c +++ b/contrib/unbound/util/config_file.c @@@ -1,2607 -1,0 +1,2685 @@@ +/* + * util/config_file.c - reads and stores the config file for unbound. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions for the config file. + */ + +#include "config.h" +#include +#include +#ifdef HAVE_TIME_H +#include +#endif +#include "util/log.h" +#include "util/configyyrename.h" +#include "util/config_file.h" +#include "configparser.h" +#include "util/net_help.h" +#include "util/data/msgparse.h" +#include "util/module.h" +#include "util/regional.h" +#include "util/fptr_wlist.h" +#include "util/data/dname.h" +#include "util/rtt.h" +#include "services/cache/infra.h" +#include "sldns/wire2str.h" +#include "sldns/parseutil.h" +#include "iterator/iterator.h" +#ifdef HAVE_GLOB_H +# include +#endif +#ifdef CLIENT_SUBNET +#include "edns-subnet/edns-subnet.h" +#endif +#ifdef HAVE_PWD_H +#include +#endif + +/** from cfg username, after daemonize setup performed */ +uid_t cfg_uid = (uid_t)-1; +/** from cfg username, after daemonize setup performed */ +gid_t cfg_gid = (gid_t)-1; +/** for debug allow small timeout values for fast rollovers */ +int autr_permit_small_holddown = 0; +/** size (in bytes) of stream wait buffers max */ +size_t stream_wait_max = 4 * 1024 * 1024; +size_t http2_query_buffer_max = 4 * 1024 * 1024; +size_t http2_response_buffer_max = 4 * 1024 * 1024; + +/** global config during parsing */ +struct config_parser_state* cfg_parser = 0; + +/** init ports possible for use */ +static void init_outgoing_availports(int* array, int num); + +struct config_file* +config_create(void) +{ + struct config_file* cfg; + cfg = (struct config_file*)calloc(1, sizeof(struct config_file)); + if(!cfg) + return NULL; + /* the defaults if no config is present */ + cfg->verbosity = 1; + cfg->stat_interval = 0; + cfg->stat_cumulative = 0; + cfg->stat_extended = 0; + cfg->num_threads = 1; + cfg->port = UNBOUND_DNS_PORT; + cfg->do_ip4 = 1; + cfg->do_ip6 = 1; + cfg->do_udp = 1; + cfg->do_tcp = 1; ++ cfg->tcp_reuse_timeout = 60 * 1000; /* 60s in milisecs */ ++ cfg->max_reuse_tcp_queries = 200; + cfg->tcp_upstream = 0; + cfg->udp_upstream_without_downstream = 0; + cfg->tcp_mss = 0; + cfg->outgoing_tcp_mss = 0; + cfg->tcp_idle_timeout = 30 * 1000; /* 30s in millisecs */ ++ cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */ + cfg->do_tcp_keepalive = 0; + cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */ + cfg->ssl_service_key = NULL; + cfg->ssl_service_pem = NULL; + cfg->ssl_port = UNBOUND_DNS_OVER_TLS_PORT; + cfg->ssl_upstream = 0; + cfg->tls_cert_bundle = NULL; + cfg->tls_win_cert = 0; + cfg->tls_use_sni = 1; + cfg->https_port = UNBOUND_DNS_OVER_HTTPS_PORT; + if(!(cfg->http_endpoint = strdup("/dns-query"))) goto error_exit; + cfg->http_max_streams = 100; + cfg->http_query_buffer_size = 4*1024*1024; + cfg->http_response_buffer_size = 4*1024*1024; + cfg->http_nodelay = 1; + cfg->use_syslog = 1; + cfg->log_identity = NULL; /* changed later with argv[0] */ + cfg->log_time_ascii = 0; + cfg->log_queries = 0; + cfg->log_replies = 0; + cfg->log_tag_queryreply = 0; + cfg->log_local_actions = 0; + cfg->log_servfail = 0; +#ifndef USE_WINSOCK +# ifdef USE_MINI_EVENT + /* select max 1024 sockets */ + cfg->outgoing_num_ports = 960; + cfg->num_queries_per_thread = 512; +# else + /* libevent can use many sockets */ + cfg->outgoing_num_ports = 4096; + cfg->num_queries_per_thread = 1024; +# endif + cfg->outgoing_num_tcp = 10; + cfg->incoming_num_tcp = 10; +#else + cfg->outgoing_num_ports = 48; /* windows is limited in num fds */ + cfg->num_queries_per_thread = 24; + cfg->outgoing_num_tcp = 2; /* leaves 64-52=12 for: 4if,1stop,thread4 */ + cfg->incoming_num_tcp = 2; +#endif + cfg->stream_wait_size = 4 * 1024 * 1024; + cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */ + cfg->msg_buffer_size = 65552; /* 64 k + a small margin */ + cfg->msg_cache_size = 4 * 1024 * 1024; + cfg->msg_cache_slabs = 4; + cfg->jostle_time = 200; + cfg->rrset_cache_size = 4 * 1024 * 1024; + cfg->rrset_cache_slabs = 4; + cfg->host_ttl = 900; + cfg->bogus_ttl = 60; + cfg->min_ttl = 0; + cfg->max_ttl = 3600 * 24; + cfg->max_negative_ttl = 3600; + cfg->prefetch = 0; + cfg->prefetch_key = 0; + cfg->deny_any = 0; + cfg->infra_cache_slabs = 4; + cfg->infra_cache_numhosts = 10000; + cfg->infra_cache_min_rtt = 50; + cfg->infra_keep_probing = 0; + cfg->delay_close = 0; + cfg->udp_connect = 1; + if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int)))) + goto error_exit; + init_outgoing_availports(cfg->outgoing_avail_ports, 65536); + if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit; +#ifdef HAVE_CHROOT + if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit; +#endif + if(!(cfg->directory = strdup(RUN_DIR))) goto error_exit; + if(!(cfg->logfile = strdup(""))) goto error_exit; + if(!(cfg->pidfile = strdup(PIDFILE))) goto error_exit; + if(!(cfg->target_fetch_policy = strdup("3 2 1 0 0"))) goto error_exit; + cfg->fast_server_permil = 0; + cfg->fast_server_num = 3; + cfg->donotqueryaddrs = NULL; + cfg->donotquery_localhost = 1; + cfg->root_hints = NULL; + cfg->use_systemd = 0; + cfg->do_daemonize = 1; + cfg->if_automatic = 0; + cfg->so_rcvbuf = 0; + cfg->so_sndbuf = 0; + cfg->so_reuseport = REUSEPORT_DEFAULT; + cfg->ip_transparent = 0; + cfg->ip_freebind = 0; + cfg->ip_dscp = 0; + cfg->num_ifs = 0; + cfg->ifs = NULL; + cfg->num_out_ifs = 0; + cfg->out_ifs = NULL; + cfg->stubs = NULL; + cfg->forwards = NULL; + cfg->auths = NULL; +#ifdef CLIENT_SUBNET + cfg->client_subnet = NULL; + cfg->client_subnet_zone = NULL; + cfg->client_subnet_opcode = LDNS_EDNS_CLIENT_SUBNET; + cfg->client_subnet_always_forward = 0; + cfg->max_client_subnet_ipv4 = 24; + cfg->max_client_subnet_ipv6 = 56; + cfg->min_client_subnet_ipv4 = 0; + cfg->min_client_subnet_ipv6 = 0; + cfg->max_ecs_tree_size_ipv4 = 100; + cfg->max_ecs_tree_size_ipv6 = 100; +#endif + cfg->views = NULL; + cfg->acls = NULL; + cfg->tcp_connection_limits = NULL; + cfg->harden_short_bufsize = 1; + cfg->harden_large_queries = 0; + cfg->harden_glue = 1; + cfg->harden_dnssec_stripped = 1; + cfg->harden_below_nxdomain = 1; + cfg->harden_referral_path = 0; + cfg->harden_algo_downgrade = 0; + cfg->use_caps_bits_for_id = 0; + cfg->caps_whitelist = NULL; + cfg->private_address = NULL; + cfg->private_domain = NULL; + cfg->unwanted_threshold = 0; + cfg->hide_identity = 0; + cfg->hide_version = 0; + cfg->hide_trustanchor = 0; ++ cfg->hide_http_user_agent = 0; + cfg->identity = NULL; + cfg->version = NULL; ++ cfg->http_user_agent = NULL; + cfg->nsid_cfg_str = NULL; + cfg->nsid = NULL; + cfg->nsid_len = 0; + cfg->auto_trust_anchor_file_list = NULL; + cfg->trust_anchor_file_list = NULL; + cfg->trust_anchor_list = NULL; + cfg->trusted_keys_file_list = NULL; + cfg->trust_anchor_signaling = 1; + cfg->root_key_sentinel = 1; + cfg->domain_insecure = NULL; + cfg->val_date_override = 0; + cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */ + cfg->val_sig_skew_max = 86400; /* at most timezone settings trouble */ ++ cfg->val_max_restart = 5; + cfg->val_clean_additional = 1; + cfg->val_log_level = 0; + cfg->val_log_squelch = 0; + cfg->val_permissive_mode = 0; + cfg->aggressive_nsec = 0; + cfg->ignore_cd = 0; + cfg->serve_expired = 0; + cfg->serve_expired_ttl = 0; + cfg->serve_expired_ttl_reset = 0; + cfg->serve_expired_reply_ttl = 30; + cfg->serve_expired_client_timeout = 0; + cfg->serve_original_ttl = 0; ++ cfg->zonemd_permissive_mode = 0; + cfg->add_holddown = 30*24*3600; + cfg->del_holddown = 30*24*3600; + cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */ + cfg->permit_small_holddown = 0; + cfg->key_cache_size = 4 * 1024 * 1024; + cfg->key_cache_slabs = 4; + cfg->neg_cache_size = 1 * 1024 * 1024; + cfg->local_zones = NULL; + cfg->local_zones_nodefault = NULL; +#ifdef USE_IPSET + cfg->local_zones_ipset = NULL; +#endif + cfg->local_zones_disable_default = 0; + cfg->local_data = NULL; + cfg->local_zone_overrides = NULL; + cfg->unblock_lan_zones = 0; + cfg->insecure_lan_zones = 0; + cfg->python_script = NULL; + cfg->dynlib_file = NULL; + cfg->remote_control_enable = 0; + cfg->control_ifs.first = NULL; + cfg->control_ifs.last = NULL; + cfg->control_port = UNBOUND_CONTROL_PORT; + cfg->control_use_cert = 1; + cfg->minimal_responses = 1; + cfg->rrset_roundrobin = 1; + cfg->unknown_server_time_limit = 376; + cfg->max_udp_size = 4096; + if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) + goto error_exit; + if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) + goto error_exit; + if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) + goto error_exit; + if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) + goto error_exit; + +#ifdef CLIENT_SUBNET + if(!(cfg->module_conf = strdup("subnetcache validator iterator"))) goto error_exit; +#else + if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; +#endif + if(!(cfg->val_nsec3_key_iterations = - strdup("1024 150 2048 500 4096 2500"))) goto error_exit; ++ strdup("1024 150 2048 150 4096 150"))) goto error_exit; +#if defined(DNSTAP_SOCKET_PATH) + if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) + goto error_exit; +#endif + cfg->dnstap_bidirectional = 1; + cfg->dnstap_tls = 1; + cfg->disable_dnssec_lame_check = 0; + cfg->ip_ratelimit = 0; + cfg->ratelimit = 0; + cfg->ip_ratelimit_slabs = 4; + cfg->ratelimit_slabs = 4; + cfg->ip_ratelimit_size = 4*1024*1024; + cfg->ratelimit_size = 4*1024*1024; + cfg->ratelimit_for_domain = NULL; + cfg->ratelimit_below_domain = NULL; + cfg->ip_ratelimit_factor = 10; + cfg->ratelimit_factor = 10; + cfg->qname_minimisation = 1; + cfg->qname_minimisation_strict = 0; + cfg->shm_enable = 0; + cfg->shm_key = 11777; + cfg->edns_client_strings = NULL; + cfg->edns_client_string_opcode = 65001; + cfg->dnscrypt = 0; + cfg->dnscrypt_port = 0; + cfg->dnscrypt_provider = NULL; + cfg->dnscrypt_provider_cert = NULL; + cfg->dnscrypt_provider_cert_rotated = NULL; + cfg->dnscrypt_secret_key = NULL; + cfg->dnscrypt_shared_secret_cache_size = 4*1024*1024; + cfg->dnscrypt_shared_secret_cache_slabs = 4; + cfg->dnscrypt_nonce_cache_size = 4*1024*1024; *** 2340 LINES SKIPPED ***