-
-
Notifications
You must be signed in to change notification settings - Fork 346
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unbound assumes index.html exists on RPZ host #552
Comments
The commit fixes the issue by assuming the name '/' when no name is passed, instead of index.html. The issue you have with timeouts is solved in 1.13.2, if those problems persist upgrade to get the fix. The fix makes the sample URL work for me, and download without timeouts. Thanks for the report! |
jedisct1
added a commit
to jedisct1/unbound
that referenced
this issue
Nov 18, 2021
* nlnet/master: (23 commits) Document PR NLnetLabs#563 to changelog Clarify KEEPALIVE EDNS0 option operation Make explicit whether edns options are parsed from queries or responses add missing return code Remove wrongly added EDE comments Update util/data/msgparse.c add potential EDE spots complete renaming of the modules edns list Apply suggestions from code review Changelog note for NLnetLabs#565 - Merge NLnetLabs#565: unbound.service.in: Disable ProtectKernelTunables again. - Fix to remove unused code from rpz resolve client and action function. - Fix analyzer review failure in rpz action override code to not crash on unlocking the local zone lock. - Fix for NLnetLabs#558: clear the UB_EV_TIMEOUT bit before adding an event. - Fix for NLnetLabs#558: fix loop in comm_point->tcp_free when a comm_point is reclaimed more than once during callbacks. - Fix that forward-zone name is documented as the full name of the zone. It is not relative but a fully qualified domain name. Disable ProtectKernelTunables again - Fix NLnetLabs#552: Unbound assumes index.html exists on RPZ host. Fix keepalive logic Move option handling to parse-time split edns_data.opt_list in opt_list_in and opt_list_out ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Unbound uses index.html as a default filename there isn't one in the RPZ URL:
unbound/services/authzone.c
Lines 7162 to 7163 in 74f1f0a
If index.html does not exist and the host returns 404, downloading the zone file from the host fails.
To reproduce
Steps to reproduce the behavior:
url
in arpz
block to a host without a filename (e.g. https://rpz.oisd.nl).unbound -dd -vvvvv
.Expected behavior
Unbound should successfully download the zone file.
System:
unbound -V
output:Additional information
Appending
/./
to the URL seems to function as a workaround (e.g. https://rpz.oisd.nl/./). But there are various timeouts while downloading chunks: https://gist.github.com/al3xtjames/ed483bad8b91b0bbbdee39bd5557250eThe text was updated successfully, but these errors were encountered: