![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / unwind
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.33 / (download) - annotate - [select for diffs], Tue Feb 21 07:47:24 2023 UTC (15 months, 2 weeks ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.32: +25 -24 lines
Diff to previous 1.32 (colored)
some nameserver proposal bits: unwind.8: point to resolvd(8) for autoconf sources unwind.conf.5: order preferred list by order of preference resolvd.8: reformat to read better route.8: no need to discuss unwind in the nameserver command umb.4 + sppp.4: note the sending of nameserver proposals the umb/sppp text is from claudio tobhe confirmed iked sending proposals when configured to do so much assistance and ok: florian claudio
Revision 1.32 / (download) - annotate - [select for diffs], Thu Mar 31 17:27:20 2022 UTC (2 years, 2 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.31: +4 -4 lines
Diff to previous 1.31 (colored)
man pages: add missing commas between subordinate and main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
Revision 1.31 / (download) - annotate - [select for diffs], Sun Oct 24 15:57:17 2021 UTC (2 years, 7 months ago) by kn
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
Use braces in config examples We document them as explicitly required, `unwind -dnvf...' spits them out like this and the last `force' example uses them as well.
Revision 1.30 / (download) - annotate - [select for diffs], Tue Aug 31 20:28:45 2021 UTC (2 years, 9 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.29: +3 -3 lines
Diff to previous 1.29 (colored)
Adjust .Bl width
Revision 1.29 / (download) - annotate - [select for diffs], Tue Aug 31 20:18:03 2021 UTC (2 years, 9 months ago) by kn
Branch: MAIN
Changes since 1.28: +6 -6 lines
Diff to previous 1.28 (colored)
Say autoconf not dhcp
Do not abuse "dhcp" to say "DHCP and SLAAC".
unwind.conf(5) does so but unwindctl(8) does not; in fact, the latter
already has `status autoconf' to
Show nameservers learned from dhclient(8), dhcpleased(8) or slaacd(8).
Adjust unwind's config manual and internal code accordingly; still accept
the old keyword but do not document it.
hostname.if(5) already advises for `inet[6] autoconf' instead of `dhcp' and
other related daemons don't abuse the word "dhcp" like unwind does.
Feedback sthen
OK florian
Revision 1.28 / (download) - annotate - [select for diffs], Sat Jul 24 14:15:34 2021 UTC (2 years, 10 months ago) by kn
Branch: MAIN
Changes since 1.27: +5 -5 lines
Diff to previous 1.27 (colored)
Capitalise DNS response code, stub learns from SLAAC, clarify wording OK florian
Revision 1.27 / (download) - annotate - [select for diffs], Sat Feb 20 12:37:59 2021 UTC (3 years, 3 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.26: +2 -4 lines
Diff to previous 1.26 (colored)
zap unneccessary .Pp;
Revision 1.26 / (download) - annotate - [select for diffs], Fri Feb 19 07:56:56 2021 UTC (3 years, 3 months ago) by solene
Branch: MAIN
Changes since 1.25: +26 -2 lines
Diff to previous 1.25 (colored)
Add an EXAMPLES section rewording by jmc@ ok jmc@
Revision 1.25 / (download) - annotate - [select for diffs], Sat Dec 26 19:05:13 2020 UTC (3 years, 5 months ago) by kn
Branch: MAIN
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored)
Update default preference list OK florian
Revision 1.24 / (download) - annotate - [select for diffs], Thu Oct 29 17:28:12 2020 UTC (3 years, 7 months ago) by solene
Branch: MAIN
Changes since 1.23: +3 -2 lines
Diff to previous 1.23 (colored)
Add some documentation about the caching done in unwind. Inputs from jmc@ florian@ ok jmc@ florian@
Revision 1.23 / (download) - annotate - [select for diffs], Sun Dec 8 09:47:50 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.22: +12 -3 lines
Diff to previous 1.22 (colored)
Turn opportunistic DoT into their own strategies. This is beneficial since we prefer strategies according to their performance. Previously name servers were upgraded to opportunistic DoT if it was available even if the round trip times went through the roof and there was no way to got back to plain udp/53 DNS. To make up a bit of space in the unwindctl status output, name servers learned via DHCP or SLAAC are printed in a new subcommand. The status output will be further improved shortly. Input & OK otto
Revision 1.22 / (download) - annotate - [select for diffs], Thu Dec 5 15:07:37 2019 UTC (4 years, 6 months ago) by otto
Branch: MAIN
Changes since 1.21: +4 -3 lines
Diff to previous 1.21 (colored)
Tell a little bit how "preference" works these days; ok florian@
Revision 1.21 / (download) - annotate - [select for diffs], Sun Dec 1 18:19:52 2019 UTC (4 years, 6 months ago) by kn
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
Add missing space between "accept" and "bogus"
Revision 1.20 / (download) - annotate - [select for diffs], Sun Dec 1 14:37:34 2019 UTC (4 years, 6 months ago) by otto
Branch: MAIN
Changes since 1.19: +10 -2 lines
Diff to previous 1.19 (colored)
Allow forcing specific domains to be resolved by specific resolvers; Handles typical split-horzizon setups. ok florian@
Revision 1.19 / (download) - annotate - [select for diffs], Thu Nov 28 14:05:17 2019 UTC (4 years, 6 months ago) by otto
Branch: MAIN
Changes since 1.18: +3 -5 lines
Diff to previous 1.18 (colored)
No more example file; ok florian@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Nov 27 17:09:12 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.17: +2 -41 lines
Diff to previous 1.17 (colored)
Nuke http captive portal detection; something better is coming. OK otto
Revision 1.17 / (download) - annotate - [select for diffs], Wed Nov 6 14:19:59 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.16: +5 -5 lines
Diff to previous 1.16 (colored)
Rename "asr" to "stub" in user visible parts. More people know what a "stub" resolver is then asr. Pointed out by & discussed with deraadt Input & OK otto
Revision 1.16 / (download) - annotate - [select for diffs], Thu Oct 31 12:51:43 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.15: +9 -3 lines
Diff to previous 1.15 (colored)
Add asr resolver type which completely bypasses libunbound and uses the libc asynchronous resolver directly with DHCP provided nameservers. This is a last-ditch effort when we find ourself behind a completely broken middle-box. Input & OK otto OK benno
Revision 1.15 / (download) - annotate - [select for diffs], Mon Oct 21 07:16:09 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.14: +6 -3 lines
Diff to previous 1.14 (colored)
Optionally log blocked queries when using the block list. OK benno
Revision 1.14 / (download) - annotate - [select for diffs], Fri May 10 14:10:38 2019 UTC (5 years, 1 month ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.13: +8 -2 lines
Diff to previous 1.13 (colored)
Implement DNS block lists. If unwind is queried for a domain
in the block list it answers with rcode REFUSED.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Apr 3 03:48:45 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.12: +6 -1 lines
Diff to previous 1.12 (colored)
Default to port 853 if DoT is used; pointed out by tedu
Revision 1.12 / (download) - annotate - [select for diffs], Tue Apr 2 19:37:04 2019 UTC (5 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
be consistent with "DoT"; from raf czlonka
Revision 1.11 / (download) - annotate - [select for diffs], Tue Apr 2 09:20:52 2019 UTC (5 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.10: +43 -48 lines
Diff to previous 1.10 (colored)
move the captive portal text into the actual block; add an entry for /etc/example/unwind.conf; sort; ok florian
Revision 1.10 / (download) - annotate - [select for diffs], Tue Apr 2 08:52:26 2019 UTC (5 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.9: +7 -6 lines
Diff to previous 1.9 (colored)
use a compact list for previous, and tweak a little; ok florian
Revision 1.9 / (download) - annotate - [select for diffs], Tue Apr 2 07:47:23 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.8: +23 -2 lines
Diff to previous 1.8 (colored)
Add a config option to specify the preference of name servers. Unfortunately the nameserver types enums needed to be renamed to not collide with yacc tokens.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Apr 1 03:31:56 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.7: +4 -2 lines
Diff to previous 1.7 (colored)
Implement "Authentication Domain Names" configuration as per RFC 8310 section 7.1 for DoT servers. We are setting the CA cert bundle path (/etc/ssl/cert.pem) directly in libunbound so we need to losen pledge(2) a bit and allow rpath. At the same time we unveil only /etc/ssl/cert.pem. We can drop the chroot(2) since pledge(2) and unveil(2) give us more fine grained isolation. prodding by tb@. p.s. for portable it might be necessary to pass in a file descriptor from the parent, slurp in the file and then use X509_STORE_load_mem() (pointed out by sthen) in the guts of libunbound.
Revision 1.7 / (download) - annotate - [select for diffs], Tue Feb 5 19:39:19 2019 UTC (5 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
Cm yes | Cm no -> Cm yes | no
Revision 1.6 / (download) - annotate - [select for diffs], Tue Feb 5 19:26:49 2019 UTC (5 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
missing full stop;
Revision 1.5 / (download) - annotate - [select for diffs], Mon Feb 4 07:36:30 2019 UTC (5 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.4: +20 -23 lines
Diff to previous 1.4 (colored)
various minor tweaks, plus an adjustment from florian; ok florian
Revision 1.4 / (download) - annotate - [select for diffs], Sun Feb 3 12:02:30 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.3: +52 -3 lines
Diff to previous 1.3 (colored)
Captive portal detection for unwind(8).
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jan 29 19:30:41 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.2: +14 -3 lines
Diff to previous 1.2 (colored)
Bring macro section in line with other config file man pages. otto@ pointed out that we lost a description on HOW to use macros.
Revision 1.2 / (download) - annotate - [select for diffs], Sun Jan 27 12:40:54 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.1: +8 -3 lines
Diff to previous 1.1 (colored)
Implement DNS over TLS (DoT).
Revision 1.1 / (download) - annotate - [select for diffs], Wed Jan 23 13:11:00 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Import unwind(8). unwind(8) is a hybrid validating stub & recursive resolver. It actively observes the local net to decide how to best resolve names. It can chose to recurse on it's own or talk to dhcp provided forwardes or statically defined forwarders in the config file. The intention is to be able to run it on localhost on every machine. "toss it in man" deraadt@