Up to [local] / src / sbin / unwind
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.16 / (download) - annotate - [select for diffs], Sun Dec 1 14:37:34 2019 UTC (4 years, 6 months ago) by otto
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
HEAD
Changes since 1.15: +42 -1 lines
Diff to previous 1.15 (colored)
Allow forcing specific domains to be resolved by specific resolvers; Handles typical split-horzizon setups. ok florian@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Nov 28 10:02:44 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.14: +10 -39 lines
Diff to previous 1.14 (colored)
Track all elements of a forwarder configuration individually: IP address, port and authentication name. This makes print_config less awkward and fixes a bug were an alternative port number was not printed.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Nov 27 17:11:00 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.13: +5 -4 lines
Diff to previous 1.13 (colored)
Move resolver preference storage to a struct which makes it easier to reuse in the future. OK otto
Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 27 17:09:12 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.12: +1 -14 lines
Diff to previous 1.12 (colored)
Nuke http captive portal detection; something better is coming. OK otto
Revision 1.12 / (download) - annotate - [select for diffs], Sat Nov 9 16:28:10 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)
Mechanically change the forwarder SIMPLEQ to a TAILQ. Needed for future work to be able to easily delete elements while iterating. OK kn
Revision 1.11 / (download) - annotate - [select for diffs], Mon Oct 21 07:16:09 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.10: +3 -2 lines
Diff to previous 1.10 (colored)
Optionally log blocked queries when using the block list. OK benno
Revision 1.10 / (download) - annotate - [select for diffs], Mon May 13 23:13:24 2019 UTC (5 years ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.9: +1 -5 lines
Diff to previous 1.9 (colored)
Remove strict mode for now, it is in the way.
Revision 1.9 / (download) - annotate - [select for diffs], Fri May 10 14:10:38 2019 UTC (5 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.8: +4 -1 lines
Diff to previous 1.8 (colored)
Implement DNS block lists. If unwind is queried for a domain in the block list it answers with rcode REFUSED.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Apr 2 07:47:22 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.7: +10 -1 lines
Diff to previous 1.7 (colored)
Add a config option to specify the preference of name servers. Unfortunately the nameserver types enums needed to be renamed to not collide with yacc tokens.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Apr 1 03:31:55 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.6: +19 -8 lines
Diff to previous 1.6 (colored)
Implement "Authentication Domain Names" configuration as per RFC 8310 section 7.1 for DoT servers. We are setting the CA cert bundle path (/etc/ssl/cert.pem) directly in libunbound so we need to losen pledge(2) a bit and allow rpath. At the same time we unveil only /etc/ssl/cert.pem. We can drop the chroot(2) since pledge(2) and unveil(2) give us more fine grained isolation. prodding by tb@. p.s. for portable it might be necessary to pass in a file descriptor from the parent, slurp in the file and then use X509_STORE_load_mem() (pointed out by sthen) in the guts of libunbound.
Revision 1.6 / (download) - annotate - [select for diffs], Sun Feb 17 14:49:15 2019 UTC (5 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.5: +13 -14 lines
Diff to previous 1.5 (colored)
s/unwind_/uw_/ to save screen real estate; fix style(9) issues while here
Revision 1.5 / (download) - annotate - [select for diffs], Sun Feb 3 12:02:30 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.4: +14 -1 lines
Diff to previous 1.4 (colored)
Captive portal detection for unwind(8).
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jan 29 19:32:36 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.3: +3 -1 lines
Diff to previous 1.3 (colored)
notyet
Revision 1.3 / (download) - annotate - [select for diffs], Sun Jan 27 12:40:54 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.2: +32 -4 lines
Diff to previous 1.2 (colored)
Implement DNS over TLS (DoT).
Revision 1.2 / (download) - annotate - [select for diffs], Sun Jan 27 07:46:49 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.1: +1 -9 lines
Diff to previous 1.1 (colored)
unwind(8) traces its ancestry to rad(8) and inherited all of its include directives, some of them no longer necessary. Cleanup by Caspar Schutijser, thank you very much!
Revision 1.1 / (download) - annotate - [select for diffs], Wed Jan 23 13:11:00 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Import unwind(8). unwind(8) is a hybrid validating stub & recursive resolver. It actively observes the local net to decide how to best resolve names. It can chose to recurse on it's own or talk to dhcp provided forwardes or statically defined forwarders in the config file. The intention is to be able to run it on localhost on every machine. "toss it in man" deraadt@