Up to [local] / src / sbin / unwind
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jan 27 08:30:50 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
HEAD
Changes since 1.8: +4 -1 lines
Diff to previous 1.8 (colored)
Determine available address families (and monitor when this changes) to configure libunbound accordingly. This way it no longer tries to talk to IPv6 nameservers when only IPv4 is available and vice versa. input deraadt OK kn
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jan 24 18:29:15 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.7: +7 -1 lines
Diff to previous 1.7 (colored)
Implement DNS64 synthesis. When unwind(8) learns new autoconf resolvers (from dhcp or router advertisements) it checks if a DNS64 is present in this network location and tries to recover the IPv6 prefix used according to RFC7050. The learned autoconf resolvers are then prevented from upgrading to the validating state since DNS64 breaks DNSSEC. unwind(8) can now perform its own synthesis. If a query for a AAAA record results in no answer we re-send the query for A and if that leads to an answer we synthesize an AAAA answer using the learned prefixes. Testing & OK kn
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jan 19 16:52:12 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.6: +1 -3 lines
Diff to previous 1.6 (colored)
Move control_state and ctl_conns to control.c, it's not needed elsewhere and unbreaks -fno-common. Inspired by claudio Problem reported by mortimer
Revision 1.6 / (download) - annotate - [select for diffs], Wed Nov 27 17:09:12 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.5: +1 -3 lines
Diff to previous 1.5 (colored)
Nuke http captive portal detection; something better is coming. OK otto
Revision 1.5 / (download) - annotate - [select for diffs], Tue Nov 19 14:47:46 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
Proposals from dhclient are sometimes replacements. slaacd should be changed as well. Tested by deraadt as part of a larger diff.
Revision 1.4 / (download) - annotate - [select for diffs], Mon Nov 11 05:51:06 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.3: +5 -1 lines
Diff to previous 1.3 (colored)
Implement DNS proposals to learn nameservers from network autoconfiguration daemons. Currently only slaacd is switched over so we need to keep the lease file parsing.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Feb 7 17:20:35 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.2: +13 -1 lines
Diff to previous 1.2 (colored)
Rewrite trust anchor handling. Do not use the libunbound's auto trust anchor file feature since it then the resolver process needs rpath, wpath, and cpath pledges and permission on the trust anchor file. Instead configure the trust anchor as resource record strings. The parent process opens the file, passes a filedescriptor to the frontend process to parse the file and then passes trust anchors to the resolver process to (re-) configure the resolver contexts. The resolver process periodically probes for new trust anchors (DNSKEY records of the root zone) and passes those to the frontend process. This in turn requests a file descripter for writing from the parent process. Once the trust anchors have been written the parent process renames the tmp file to the final location. Also provide a built in trust anchor for boot strapping purposes if no file is found on disk. That way we can get rid of unbound-anchor in unwind's rc.d script.
Revision 1.2 / (download) - annotate - [select for diffs], Sun Feb 3 12:02:30 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.1: +4 -1 lines
Diff to previous 1.1 (colored)
Captive portal detection for unwind(8).
Revision 1.1 / (download) - annotate - [select for diffs], Wed Jan 23 13:11:00 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Import unwind(8). unwind(8) is a hybrid validating stub & recursive resolver. It actively observes the local net to decide how to best resolve names. It can chose to recurse on it's own or talk to dhcp provided forwardes or statically defined forwarders in the config file. The intention is to be able to run it on localhost on every machine. "toss it in man" deraadt@