Changelog entry for #902:
- Merge #902: DNS Error Reporting (RFC 9567). Introduces new
configuration option 'dns-error-reporting' and new statistics for
'num.dns_error_reports'.
- Fix that ub_event has the facility to deal with callbacks for
fast reload, doq, windows-stop and dnstap.
- Fix fast reload test to check if pid exists before acting on it.
- Fix unbound-control test so it counts the new flush_negative output,
also answers the _ta probe from testns and prints command output
and skip a thread specific test when no threads are available.
fix build with gcc-15 -Wbuiltin-declaration-mismatch error
See more details: http://errors.yoctoproject.org/Errors/Details/850313
../git/compat/malloc.c:9:7: warning: conflicting types for built-in function 'malloc'; expected 'void *(long unsigned int)' [-Wbuiltin-declaration-mismatch]
9 | void *malloc ();
| ^~~~~~
../git/compat/malloc.c:5:1: note: 'malloc' is declared in header '<stdlib.h>'
4 | #include "config.h"
+++ |+#include <stdlib.h>
5 | #undef malloc
../git/compat/malloc.c: In function 'rpl_malloc_unbound':
../git/compat/malloc.c:23:10: error: too many arguments to function 'malloc'; expected 0, have 1
23 | return malloc (n);
| ^~~~~~ ~
../git/compat/malloc.c:9:7: note: declared here
9 | void *malloc ();
| ^~~~~~
* Seeing that there is '#undef malloc', it appears they don't want to
use the malloc from stdlib.h.
Therefore, we need to correctly define the parameters for malloc.
* - fast-reload, make a thread to service the unbound-control command.
* - fast-reload, communication sockets for information transfer.
* - fast-reload, fix compile for unbound-dnstap-socket.
* - fast-reload, set nonblocking communication to keep the server thread
responding to DNS requests.
* - fast-reload, poll routine to test for readiness, timeout fails connection.
* - fast-reload, detect loop in sock_poll_timeout routine.
* - fast-reload, send done and exited notification.
* - fast-reload, defines for constants in ipc.
* - fast-reload, ipc socket recv and send resists partial reads and writes and
can continue byte by byte. Also it can continue after an interrupt.
* - fast-reload, send exit command to thread when done.
* - fast-reload, output strings for client on string list.
* - fast-reload, add newline to terminal output.
* - fast-reload, send client string to remote client.
* - fast-reload, better debug output.
* - fast-reload, print queue structure, for output to the remote client.
* - fast-reload, move print items to print queue from fast_reload_thread struct.
* - fast-reload, keep list of pending print queue items in daemon struct.
* - fast-reload, comment explains in_list for printq to print remainder.
* - fast-reload, unit test testdata/fast_reload_thread.tdir that tests the
thread output.
* - fast-reload, fix test link for fast_reload_printq_list_delete function.
* - fast-reload, reread config file from disk.
* - fast-reload, unshare forwards, making the structure locked, with an rwlock.
* - fast-reload, for nonthreaded, the unbound-control commands forward,
forward_add and forward_delete should be distributed to other processes,
but when threaded, they should not be distributed to other threads because
the structure is not thread specific any more.
* - fast-reload, unshared stub hints, making the structure locked, with an rwlock.
* - fast-reload, helpful comments for hints lookup function return value.
* - fast-reload, fix bug in fast reload printout, the strlist appendlist routine,
and printout time statistics after the reload is done.
* - fast-reload, keep track of reloadtime and deletestime and print them.
* - fast-reload, keep track of constructtime and print it.
* - fast-reload, construct new items.
* - fast-reload, better comment.
* - fast-reload, reload the config and swap trees for forwards and stub hints.
* - fast-reload, in forwards_swap_tree set protection of trees with locks.
* - fast-reload, in hints_swap_tree also swap the node count of the trees.
* - fast-reload, reload ipc to stop and start threads.
* - fast-reload, fix to poll every thread with nopause to make certain that
resources are not held by the threads and can be deleted.
* - fast-reload, fix to use atomic store for config variables with nopause.
* - fast-reload, reload views.
* - fast-reload, when tag defines are different, it drops the queries.
* - fast-reload, fix tag define check.
* - fast-reload, document that tag change causes drop of queries.
* - fast-reload, fix space in documentation man page.
* - fast-reload, copy respip client information to query state, put views tree
in module env for lookup.
* - fast-reload, nicer respip view comparison.
* - fast-reload, respip global set is in module env.
* - fast-reload, document that respip_client_info acl info is copied.
* - fast-reload, reload the respip_set.
* - fast-reload, document no pause and pick up of use_response_ip boolean.
* - fast-reload, fix test compile.
* - fast-reload, reload local zones.
* Update locking management for iter_fwd and iter_hints methods. (#1054)
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.
* - fast-reload, the fast-reload command is experimental.
* - fast-reload, fix compile of doqclient for fast reload functions.
* Changelog comment for #1042
- Merge #1042: Fast Reload. The unbound-control fast_reload is added.
It reads changed config in a thread, then only briefly pauses the
service threads, that keep running. DNS service is only interrupted
briefly, less than a second.
Changelog nore for #1238 and add `--help` description.
- Merge #1238: Prefer SOURCE_DATE_EPOCH over actual time.
Add --help output description for the SOURCE_DATE_EPOCH variable.
- Fix hash calculation for cachedb to ignore case. Previously, cached
records there were only relevant for same case queries (if not
already in Unbound's internal cache).
- The maximum value of a probe rto was not aligned with the
(configurable) infra-cache-max-rtt value. That could result in
infra-keep-probing not working if an infra-cache-max-rtt value was chosen
that was below 12000 ms. This fix still uses a default value of 12000
ms for the probe but caps it to the infra-cache-max-rtt if that is
lower.
- Make the default value of module-config "validator iterator"
regardless of compilation options. --enable-subnet would implicitly
change the value to enable the subnetcache module by default in the
past.
Petr Menšík [Tue, 14 Jan 2025 12:55:10 +0000 (13:55 +0100)]
Add unbound members group access to control key
Recent openssl genrsa does not use umask for generated keys. There is no
strong reason why every member of unbound group should be able read
server key. But control key would be quite useful to be group readable
and to allow control access to whole group. Allowing access to control
by group membership, not via sudo.
Changelog entry for #1174:
- Merge #1174: Serve expired cache update fixes. Fixes a regression bug
with serve-expired that appeared in 1.22.0 and would not allow the
iterator to update the cache with not-yet-validated entries resulting
in increased outgoing traffic.
- Fixes a regression bug with serve-expired that appeared in 1.22.0
and would not allow the iterator to update the cache with
not-yet-validated entries resulting in increased outgoing traffic.
- Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records.
- Try to use expired answers instead of SERVFAIL if serve-expired is
enabled even without serve-expired-client-timeout.
- Add suggestion to refresh the cached norec_ttl and expired_ttl when a
response cannot update the usable expired entry.
projects / thirdparty / unbound.git / log
