]> git.ipfire.org Git - thirdparty/unbound.git/log
thirdparty/unbound.git
9 days ago- auth-load-thread, implement active thread counter for auth load threads. auth-load-thread
W.C.A. Wijngaards [Tue, 7 Jul 2026 15:21:16 +0000 (17:21 +0200)] 
- auth-load-thread, implement active thread counter for auth load threads.

9 days ago- auth-load-thread, use define for constant for number of records before poll.
W.C.A. Wijngaards [Tue, 7 Jul 2026 14:26:42 +0000 (16:26 +0200)] 
- auth-load-thread, use define for constant for number of records before poll.

13 days ago- auth-load-thread, fix memory leak on alloc failure when appending rrset
W.C.A. Wijngaards [Fri, 3 Jul 2026 14:39:28 +0000 (16:39 +0200)] 
- auth-load-thread, fix memory leak on alloc failure when appending rrset
  copy for ixfr main zone data copy.

13 days ago- auth-load-thread, auth-task-threads: num config option that enables and
W.C.A. Wijngaards [Fri, 3 Jul 2026 12:03:15 +0000 (14:03 +0200)] 
- auth-load-thread, auth-task-threads: num config option that enables and
  disables the auth load thread.

2 weeks agoMerge branch 'master' into auth-load-thread
W.C.A. Wijngaards [Thu, 2 Jul 2026 13:28:24 +0000 (15:28 +0200)] 
Merge branch 'master' into auth-load-thread

2 weeks agoAdd changelog note for #1087, remove copyright line as discussed, and
W.C.A. Wijngaards [Thu, 2 Jul 2026 13:04:51 +0000 (15:04 +0200)] 
Add changelog note for #1087, remove copyright line as discussed, and
compile fixes for newer local_zones_lookup, unused variable warnings
fixed, and also manual page description of the feature.
- Merge #1087: Overload `local_data_remove` to support removing
  specific records.

2 weeks agoOverload `local_data_remove` to support removing specific records (#1087)
R. Christian McDonald [Thu, 2 Jul 2026 12:55:54 +0000 (08:55 -0400)] 
Overload `local_data_remove` to support removing specific records (#1087)

Here we overload the `local_data_remove` control command to support
deleting specific records. Curently, this command deletes all records
for a given zone. The modification works by attempting to parse the
command argument first as a complete record and then as just a domain
name, if the first attempt failed.

This preserves the command's behavior, while also supporting removing
specific records from the zone tree.

Signed-off-by: R. Christian McDonald <rcm@rcm.sh>
2 weeks ago- auth-load-thread, basic test and fixes so it works.
W.C.A. Wijngaards [Thu, 2 Jul 2026 09:10:06 +0000 (11:10 +0200)] 
- auth-load-thread, basic test and fixes so it works.

2 weeks ago- auth-load-thread, simplify cleanup in end transfer load process.
W.C.A. Wijngaards [Thu, 2 Jul 2026 06:55:13 +0000 (08:55 +0200)] 
- auth-load-thread, simplify cleanup in end transfer load process.

2 weeks agoMerge branch 'master' into auth-load-thread
W.C.A. Wijngaards [Wed, 1 Jul 2026 14:54:55 +0000 (16:54 +0200)] 
Merge branch 'master' into auth-load-thread

2 weeks ago- auth-load-thread, process end of successful transfer.
W.C.A. Wijngaards [Wed, 1 Jul 2026 14:54:36 +0000 (16:54 +0200)] 
- auth-load-thread, process end of successful transfer.

2 weeks ago- auth-load-thread, check for quit during the processing.
W.C.A. Wijngaards [Wed, 1 Jul 2026 12:41:40 +0000 (14:41 +0200)] 
- auth-load-thread, check for quit during the processing.

2 weeks ago- auth-load-thread, process AXFR, by loading, swap in, delete of old.
W.C.A. Wijngaards [Wed, 1 Jul 2026 12:27:31 +0000 (14:27 +0200)] 
- auth-load-thread, process AXFR, by loading, swap in, delete of old.

2 weeks ago- auth-load-thread, process IXFR, by making a copy, adjust changes, swap in.
W.C.A. Wijngaards [Wed, 1 Jul 2026 11:05:19 +0000 (13:05 +0200)] 
- auth-load-thread, process IXFR, by making a copy, adjust changes, swap in.

2 weeks ago- auth-load-thread, process transfer content and swap result back in.
W.C.A. Wijngaards [Tue, 30 Jun 2026 14:53:27 +0000 (16:53 +0200)] 
- auth-load-thread, process transfer content and swap result back in.

2 weeks ago- iana portlist updated.
W.C.A. Wijngaards [Tue, 30 Jun 2026 10:38:33 +0000 (12:38 +0200)] 
- iana portlist updated.

2 weeks ago- Fix #1469: dohclient: DoH POST missing content-length → :status
W.C.A. Wijngaards [Tue, 30 Jun 2026 10:14:00 +0000 (12:14 +0200)] 
- Fix #1469: dohclient: DoH POST missing content-length → :status
  400 from strict resolvers (Cloudflare, Mullvad).

2 weeks ago- auth-load-thread, poll for quit and process load transfer end.
W.C.A. Wijngaards [Mon, 29 Jun 2026 14:52:20 +0000 (16:52 +0200)] 
- auth-load-thread, poll for quit and process load transfer end.

2 weeks agoMerge branch 'master' into auth-load-thread
W.C.A. Wijngaards [Mon, 29 Jun 2026 14:00:01 +0000 (16:00 +0200)] 
Merge branch 'master' into auth-load-thread

2 weeks ago- auth-load-thread, make and run auth load thread.
W.C.A. Wijngaards [Fri, 26 Jun 2026 15:11:12 +0000 (17:11 +0200)] 
- auth-load-thread, make and run auth load thread.

2 weeks ago- auth-load-thread, put create_socketpair and sock_poll_timeout into
W.C.A. Wijngaards [Fri, 26 Jun 2026 13:22:08 +0000 (15:22 +0200)] 
- auth-load-thread, put create_socketpair and sock_poll_timeout into
  util/net_help.h

2 weeks ago- auth-load-thread, add authload.c to Makefile.in.
W.C.A. Wijngaards [Fri, 26 Jun 2026 12:27:12 +0000 (14:27 +0200)] 
- auth-load-thread, add authload.c to Makefile.in.

2 weeks ago- auth-load-thread, add services/authload.c and services/authload.h
W.C.A. Wijngaards [Fri, 26 Jun 2026 12:00:04 +0000 (14:00 +0200)] 
- auth-load-thread, add services/authload.c and services/authload.h

2 weeks ago- Merge #1467: daemon: fix DEREF_AFTER_NULL.EX.COND on
W.C.A. Wijngaards [Fri, 26 Jun 2026 11:44:27 +0000 (13:44 +0200)] 
- Merge #1467: daemon: fix DEREF_AFTER_NULL.EX.COND on
  worker_init. This fixes error handling if the worker
  stat_timer allocation has an out of memory error. That
  makes the server not crash later, attempting to use it.

2 weeks agodaemon: fix DEREF_AFTER_NULL.EX.COND on worker_init (#1467)
Petr Vaganov [Fri, 26 Jun 2026 11:42:29 +0000 (18:42 +0700)] 
daemon: fix DEREF_AFTER_NULL.EX.COND on worker_init (#1467)

Found by the static analyzer Svace (ISP RAS).

After having been compared to a NULL value at worker.c:2216,
pointer 'worker->stat_timer' is passed in call to function
'worker_restart_timer' at worker.c:2319,where it is
dereferenced at worker.c:2029.

Fix that stat_timer creation failure in worker_init does
not continue with a NULL timer that causes a crash later.

Signed-off-by: Petr Vaganov <petrvaganoff@gmail.com>
3 weeks ago- Merge #1465 from dag-erling: Add libunbound/remote.h. Add
W.C.A. Wijngaards [Thu, 25 Jun 2026 09:16:01 +0000 (11:16 +0200)] 
- Merge #1465 from dag-erling: Add libunbound/remote.h. Add
  a shared header containing prototypes for functions that
  both ends of a remote control connection need to implement.

3 weeks agoAdd libunbound/remote.h (#1465)
Dag-Erling Smørgrav [Thu, 25 Jun 2026 09:14:37 +0000 (11:14 +0200)] 
Add libunbound/remote.h (#1465)

Add a shared header containing prototypes for functions that both ends
of a remote control connection need to implement.

3 weeks ago- Fix warning about file_string_matches in unbound-checkconf.
W.C.A. Wijngaards [Fri, 19 Jun 2026 07:30:46 +0000 (09:30 +0200)] 
- Fix warning about file_string_matches in unbound-checkconf.

3 weeks ago- Fix to update github ci actions/checkout to v7.
W.C.A. Wijngaards [Fri, 19 Jun 2026 07:25:39 +0000 (09:25 +0200)] 
- Fix to update github ci actions/checkout to v7.

3 weeks ago- Fix for #1457: fix thread setname for thread start of
W.C.A. Wijngaards [Fri, 19 Jun 2026 06:37:23 +0000 (08:37 +0200)] 
- Fix for #1457: fix thread setname for thread start of
  dnstap, and fast_reload.

4 weeks ago- Fix memory leak on DNAME 0TTL records.
Yorgos Thessalonikefs [Wed, 17 Jun 2026 15:30:21 +0000 (17:30 +0200)] 
- Fix memory leak on DNAME 0TTL records.

4 weeks ago- Fix that fast_reload does not terminate the server if
W.C.A. Wijngaards [Wed, 17 Jun 2026 14:15:15 +0000 (16:15 +0200)] 
- Fix that fast_reload does not terminate the server if
  random init for DNS cookies fails. The data is only random
  generated if cookies are enabled, and the random data
  is necessary. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

4 weeks ago- Fix that fast_reload does not terminate the server
W.C.A. Wijngaards [Wed, 17 Jun 2026 14:10:48 +0000 (16:10 +0200)] 
- Fix that fast_reload does not terminate the server
  on config read failure after malloc failure. Thanks to
  Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix after malloc failure for stats, then it drains the pipe
W.C.A. Wijngaards [Wed, 17 Jun 2026 14:05:45 +0000 (16:05 +0200)] 
- Fix after malloc failure for stats, then it drains the pipe
  so the internal messaging stays correct. Also it does
  not exit the server if stats pipe communication fails.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that fast_reload does not terminate the server
W.C.A. Wijngaards [Wed, 17 Jun 2026 14:02:21 +0000 (16:02 +0200)] 
- Fix that fast_reload does not terminate the server
  on malloc failure for dnstap, or if gethostname fails.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix to check for malloc failure in rpz response create,
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:59:29 +0000 (15:59 +0200)] 
- Fix to check for malloc failure in rpz response create,
  for nodata and nxdomain, so it does not crash later.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix to check the return value of auth_xfer_create
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:57:30 +0000 (15:57 +0200)] 
- Fix to check the return value of auth_xfer_create
  during fast_reload auth-zone add and change processing.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that malloc failure during edns subnet addrtree
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:55:33 +0000 (15:55 +0200)] 
- Fix that malloc failure during edns subnet addrtree
  insert is checked, so it does not crash later. Thanks to
  Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that malloc failure for rpz_strip_nsdname is
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:53:28 +0000 (15:53 +0200)] 
- Fix that malloc failure for rpz_strip_nsdname is
  checked and handled, so that it does not crash later.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that on malloc failure during accept of TCP, the
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:37:04 +0000 (15:37 +0200)] 
- Fix that on malloc failure during accept of TCP, the
  socket is not left to cause a read event loop. It uses
  slow-accept to delay accepting new connections, if
  that fails it drops the new connections. When the tcp
  connection usage is full, it waits for 50msec, to allow
  existing queries to be resolved. Thanks to Qifan Zhang,
  Palo Alto Networks, for the report.

4 weeks ago- Fix that malloc failure for ngtcp2_conn_server_new
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:33:06 +0000 (15:33 +0200)] 
- Fix that malloc failure for ngtcp2_conn_server_new
  cleans up reference that older ngtcp2 versions can leave.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that malloc failure in doq connection setup, does
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:29:48 +0000 (15:29 +0200)] 
- Fix that malloc failure in doq connection setup, does
  not crash in doq connection delete later. Thanks to Qifan
  Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that malloc failure for new_local_rrset for RPZ qname
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:26:56 +0000 (15:26 +0200)] 
- Fix that malloc failure for new_local_rrset for RPZ qname
  trigger RR insert does not crash. It does not link a
  partial RRset, and logs an error on failure, and cleans
  up the dname allocation. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix that malloc failure in dns64_inform_super does
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:23:25 +0000 (15:23 +0200)] 
- Fix that malloc failure in dns64_inform_super does
  not set up a half-built reply for cache store, that could
  lead to a crash. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

4 weeks ago- Fix that unbound-control auth_zone_reload stops the
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:20:22 +0000 (15:20 +0200)] 
- Fix that unbound-control auth_zone_reload stops the
  server answering from the zone after a failure to read.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that malloc failure in auth-zone insert rr does
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:16:21 +0000 (15:16 +0200)] 
- Fix that malloc failure in auth-zone insert rr does
  not create an empty node and does not cause an infinite
  loop. Thanks to Qifan Zhang, Palo Alto Networks, for
  the report.

4 weeks ago- Fix that unbound-checkconf checks if an auth-zone download
W.C.A. Wijngaards [Wed, 17 Jun 2026 13:11:42 +0000 (15:11 +0200)] 
- Fix that unbound-checkconf checks if an auth-zone download
  can overwrite another file, by filename collision.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix to remove debug from auth_transfer_limit test.
W.C.A. Wijngaards [Wed, 17 Jun 2026 09:38:24 +0000 (11:38 +0200)] 
- Fix to remove debug from auth_transfer_limit test.

4 weeks ago- Fix that after fast_reload the disown of the auth zone
W.C.A. Wijngaards [Wed, 17 Jun 2026 09:37:06 +0000 (11:37 +0200)] 
- Fix that after fast_reload the disown of the auth zone
  transfer task cleans the chunk list. Also fix the
  auth_transfer_limit test to use a forwarder for each type
  of failure, so the one is not blocked by the other waiting.

4 weeks ago- Fix for #1462: Fix that auth primary host name lookup
W.C.A. Wijngaards [Tue, 16 Jun 2026 09:13:47 +0000 (11:13 +0200)] 
- Fix for #1462: Fix that auth primary host name lookup
  allows CNAMEs.

4 weeks ago- Fix after malloc failure the rrset_insert_rr in
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:59:37 +0000 (10:59 +0200)] 
- Fix after malloc failure the rrset_insert_rr in
  localzone processing, during RPZ qname trigger processing,
  the RRset retains its previous data correcly. Thanks to
  Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix incorrect cleanup after an allocation failure for
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:56:36 +0000 (10:56 +0200)] 
- Fix incorrect cleanup after an allocation failure for
  a delegation point in a region. Thanks to Qifan Zhang,
  Palo Alto Networks, for the report.

4 weeks ago- Fix that after shared memory cannot be created, from
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:53:40 +0000 (10:53 +0200)] 
- Fix that after shared memory cannot be created, from
  `shm-enable`, the server does not crash. Thanks to Qifan
  Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that after malloc failure in find_tag_datas, the
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:51:49 +0000 (10:51 +0200)] 
- Fix that after malloc failure in find_tag_datas, the
  local_alias is cleaned up. Thanks to Qifan Zhang, Palo
  Alto Networks, for the report.

4 weeks ago- Fix incorrect cleanup after an allocation failure for
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:49:50 +0000 (10:49 +0200)] 
- Fix incorrect cleanup after an allocation failure for
  a delegation point. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix for neater solution to clear log thread id after
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:48:17 +0000 (10:48 +0200)] 
- Fix for neater solution to clear log thread id after
  worker init failure. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix that libunbound pipe functions fail with error after
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:44:41 +0000 (10:44 +0200)] 
- Fix that libunbound pipe functions fail with error after
  an event base is set. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix locking in libunbound ub_ctx_set_event call.
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:42:39 +0000 (10:42 +0200)] 
- Fix locking in libunbound ub_ctx_set_event call.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that dnscrypt configuration does not crash, due to
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:40:10 +0000 (10:40 +0200)] 
- Fix that dnscrypt configuration does not crash, due to
  inconsistency between secret and public keys. Also
  duplicate files are skipped. Thanks to Qifan Zhang, Palo
  Alto Networks, for the report.

4 weeks ago- Fix that after malloc failure in RPZ load a half built
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:35:41 +0000 (10:35 +0200)] 
- Fix that after malloc failure in RPZ load a half built
  list does not crash later. The newly created RRset is
  linked after creation has succeeded. Thanks to Qifan Zhang,
  Palo Alto Networks, for the report.

4 weeks ago- Fix that for a zonefile only zone, if that file does not
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:26:25 +0000 (10:26 +0200)] 
- Fix that for a zonefile only zone, if that file does not
  exist on server start, the server continues to start with
  a warning log message. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix that after malloc failure a half-built local_alias does
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:12:19 +0000 (10:12 +0200)] 
- Fix that after malloc failure a half-built local_alias does
  not crash the server. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix that a signed wildcard NSEC, is checked before use,
W.C.A. Wijngaards [Tue, 16 Jun 2026 08:09:00 +0000 (10:09 +0200)] 
- Fix that a signed wildcard NSEC, is checked before use,
  so it does not allow insecure DS proofs inappropriately.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that dns64 does not ignore the `forward-no-cache` and
W.C.A. Wijngaards [Tue, 16 Jun 2026 07:52:46 +0000 (09:52 +0200)] 
- Fix that dns64 does not ignore the `forward-no-cache` and
  `stub-no-cache` options. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix that auth-zone, and RPZ zones, do not allow out-of-zone
W.C.A. Wijngaards [Tue, 16 Jun 2026 07:48:10 +0000 (09:48 +0200)] 
- Fix that auth-zone, and RPZ zones, do not allow out-of-zone
  records. These are records that are not under the zone apex.
  The out-of-zone records are dropped from the zone contents.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that a half-written trust anchor file does not crash
W.C.A. Wijngaards [Tue, 16 Jun 2026 07:45:10 +0000 (09:45 +0200)] 
- Fix that a half-written trust anchor file does not crash
  the server at runtime. It unlinks a wrong file from the list.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that when SVCB records cannot be written out, and
W.C.A. Wijngaards [Tue, 16 Jun 2026 07:36:33 +0000 (09:36 +0200)] 
- Fix that when SVCB records cannot be written out, and
  are written in unknown format, that the zone read allows
  such unknown format SVCB records. Thanks to Qifan Zhang,
  Palo Alto Networks, for the report.

4 weeks ago- Fix to disallow $INCLUDE for secondary zones. Start up
W.C.A. Wijngaards [Tue, 16 Jun 2026 07:30:52 +0000 (09:30 +0200)] 
- Fix to disallow $INCLUDE for secondary zones. Start up
  of server continues if a secondary zone fails to load.
  Failed loads clear the zone data, so there is no partial
  zone. Thanks to Qifan Zhang, Palo Alto Networks, for
  the report.

4 weeks ago- Fix that dns64 bypasses rpz-passthru rule during
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:50:42 +0000 (16:50 +0200)] 
- Fix that dns64 bypasses rpz-passthru rule during
  synthesis. This restricted more than necessary. Thanks to
  Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix misconfigured ipsecmod hook causing path name
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:45:53 +0000 (16:45 +0200)] 
- Fix misconfigured ipsecmod hook causing path name
  similarity with other file. The ipsecmod is changed for
  exec of the hook. The ipsecmod hook, if a script, has to
  start now with a line like `#!/bin/sh`. Thanks to Qifan
  Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix DNAME synthesis from cache that keeps use of 0TTL
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:39:34 +0000 (16:39 +0200)] 
- Fix DNAME synthesis from cache that keeps use of 0TTL
  entries in a sliding window. It did not surpass RRSIG
  expiry. Thanks to Qifan Zhang, Palo Alto Networks, for
  the report.

4 weeks ago- Fix log of an aliased qname, to not use freed region
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:34:17 +0000 (16:34 +0200)] 
- Fix log of an aliased qname, to not use freed region
  memory. Thanks to Qifan Zhang, Palo Alto Networks, for
  the report.

4 weeks ago- Fix that fast_reload does not terminate the server for
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:31:37 +0000 (16:31 +0200)] 
- Fix that fast_reload does not terminate the server for
  errors in config, for key files. Thanks to Qifan Zhang,
  Palo Alto Networks, for the report.

4 weeks ago- Fix integer overflow for very high values of
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:28:30 +0000 (16:28 +0200)] 
- Fix integer overflow for very high values of
  `sock-queue-timeout`. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix erroneous DNS error report values after bogus AAAA
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:26:35 +0000 (16:26 +0200)] 
- Fix erroneous DNS error report values after bogus AAAA
  query caused error information that was not cleared by
  a successful A subquery. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

4 weeks ago- Fix integer overflow in infra-cache-max-rtt calculation.
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:22:50 +0000 (16:22 +0200)] 
- Fix integer overflow in infra-cache-max-rtt calculation.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix for fast_reload that removes an auth zone while its
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:18:56 +0000 (16:18 +0200)] 
- Fix for fast_reload that removes an auth zone while its
  lookups are in progress, for a primary name. Also after the
  change, it no longer picks up the old results. Thanks to
  Qifan Zhang, Palo Alto Networks, for the report.

4 weeks ago- Fix that fast_reload when a zonemd verification lookup
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:16:50 +0000 (16:16 +0200)] 
- Fix that fast_reload when a zonemd verification lookup
  it in progress with subnet loaded, deregisters the
  callback. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

4 weeks ago- Fix that misconfigured `iter-scrub-ns: 0` causes request
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:04:24 +0000 (16:04 +0200)] 
- Fix that misconfigured `iter-scrub-ns: 0` causes request
  failures. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

4 weeks ago- Fix buffer overflow when configured with lower than
W.C.A. Wijngaards [Mon, 15 Jun 2026 14:01:51 +0000 (16:01 +0200)] 
- Fix buffer overflow when configured with lower than
  default size and http transfer. Thanks to Qifan Zhang,
  Palo Alto Networks, for the report.

4 weeks ago- Fix assertion failure for long HTTP header that fills
W.C.A. Wijngaards [Mon, 15 Jun 2026 13:54:37 +0000 (15:54 +0200)] 
- Fix assertion failure for long HTTP header that fills
  buffer. Thanks to Qifan Zhang, Palo Alto Networks, for
  the report.

4 weeks agoFix comment.
W.C.A. Wijngaards [Mon, 15 Jun 2026 13:53:00 +0000 (15:53 +0200)] 
Fix comment.

4 weeks ago- Fix perform a full transfer every number of incremental
W.C.A. Wijngaards [Mon, 15 Jun 2026 13:51:03 +0000 (15:51 +0200)] 
- Fix perform a full transfer every number of incremental
  transfers, to stop increasing memory usage, for auth-zone
  and rpz zones. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

4 weeks ago- Fix to add `max-transfer-size` and `max-transfer-time` that
W.C.A. Wijngaards [Mon, 15 Jun 2026 13:45:03 +0000 (15:45 +0200)] 
- Fix to add `max-transfer-size` and `max-transfer-time` that
  limit auth-zone and rpz transfer amount and time taken.
  Default is disabled. This hardens against unbounded
  transfers. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

4 weeks ago- Fix that for auth-zone and rpz zones the allow-notify
W.C.A. Wijngaards [Fri, 12 Jun 2026 09:48:14 +0000 (11:48 +0200)] 
- Fix that for auth-zone and rpz zones the allow-notify
  addresses and netblocks are available from start, and
  fix the probe step skip.

5 weeks ago- Fix compile for OpenSSL 1.0.2 and before in server cleanup.
W.C.A. Wijngaards [Thu, 11 Jun 2026 15:31:19 +0000 (17:31 +0200)] 
- Fix compile for OpenSSL 1.0.2 and before in server cleanup.

5 weeks ago- Fix #1437: Fix compile with OpenSSL 4.0.1.
W.C.A. Wijngaards [Thu, 11 Jun 2026 15:31:01 +0000 (17:31 +0200)] 
- Fix #1437: Fix compile with OpenSSL 4.0.1.

5 weeks ago- Fix for #1306: configure checks if the ngtcp2_crypto_ossl
W.C.A. Wijngaards [Thu, 11 Jun 2026 09:43:46 +0000 (11:43 +0200)] 
- Fix for #1306: configure checks if the ngtcp2_crypto_ossl
  header file is available, and prints an error otherwise.

5 weeks ago- Fix for #1306: configure detects specifically the call to
W.C.A. Wijngaards [Thu, 11 Jun 2026 09:04:50 +0000 (11:04 +0200)] 
- Fix for #1306: configure detects specifically the call to
  SSL_set_quic_tls_early_data_enabled and
  SSL_set_quic_early_data_enabled, so the correct one is used.

5 weeks ago- Fix warnings with gcc in compat/inet_pton.c.
W.C.A. Wijngaards [Wed, 10 Jun 2026 14:43:41 +0000 (16:43 +0200)] 
- Fix warnings with gcc in compat/inet_pton.c.

5 weeks ago- Fix pythonmod script read for numeric overflow.
W.C.A. Wijngaards [Wed, 10 Jun 2026 09:24:02 +0000 (11:24 +0200)] 
- Fix pythonmod script read for numeric overflow.

5 weeks ago- Fix unit test for ecs to check for malloc success.
W.C.A. Wijngaards [Tue, 9 Jun 2026 14:41:37 +0000 (16:41 +0200)] 
- Fix unit test for ecs to check for malloc success.

5 weeks agochange mailing list to forum
Alex Band [Mon, 8 Jun 2026 19:48:04 +0000 (21:48 +0200)] 
change mailing list to forum

6 weeks ago- Fix that dns64 cleans up the allocated message if the adjust
W.C.A. Wijngaards [Wed, 3 Jun 2026 12:56:20 +0000 (14:56 +0200)] 
- Fix that dns64 cleans up the allocated message if the adjust
  routines fail, and checks if there is a reply before cache
  store, also unbound checks if A and AAAA are malformed
  for auth-zones. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

6 weeks ago- Fix that dump_cache has a larger buffer for records,
W.C.A. Wijngaards [Wed, 3 Jun 2026 12:51:16 +0000 (14:51 +0200)] 
- Fix that dump_cache has a larger buffer for records,
  and it checks that an owner name does not collide with BADRR
  on the input, and changes verbosity on the log of failure in
  rrset to string.  Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

6 weeks ago- Fix that validation canonicalization of domain names
W.C.A. Wijngaards [Wed, 3 Jun 2026 12:48:06 +0000 (14:48 +0200)] 
- Fix that validation canonicalization of domain names
  in rdata checks for buffer bounds. Thanks to Qifan Zhang,
  Palo Alto Networks, for the report.

6 weeks ago- Fix fast_reload for when a ZONEMD lookup is in progress.
W.C.A. Wijngaards [Wed, 3 Jun 2026 12:42:47 +0000 (14:42 +0200)] 
- Fix fast_reload for when a ZONEMD lookup is in progress.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

6 weeks ago- Fix negative cache NSEC3 nodata proof, to use the correct
W.C.A. Wijngaards [Wed, 3 Jun 2026 12:40:17 +0000 (14:40 +0200)] 
- Fix negative cache NSEC3 nodata proof, to use the correct
  message size. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.

6 weeks ago- Fix PROXYv2 header read and consume, it checks the header
W.C.A. Wijngaards [Wed, 3 Jun 2026 12:37:37 +0000 (14:37 +0200)] 
- Fix PROXYv2 header read and consume, it checks the header
  size. Thanks to Qifan Zhang, Palo Alto Networks for
  the report.

6 weeks ago- Fix ipset module to use larger domain name buffers, and
W.C.A. Wijngaards [Wed, 3 Jun 2026 12:35:06 +0000 (14:35 +0200)] 
- Fix ipset module to use larger domain name buffers, and
  check buffer lengths. Thanks to Qifan Zhang, Palo Alto
  Networks for the report.