Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix ipset wrong behavior #955

Merged
merged 1 commit into from
Oct 18, 2023
Merged

fix ipset wrong behavior #955

merged 1 commit into from
Oct 18, 2023

Conversation

buevsan
Copy link

@buevsan buevsan commented Oct 17, 2023

Issue description:

If local zone directive is assigned as following:

  "local-zone domain.com ipset"

then any answers for query with names such as
"anytext1domain.com" or "example2domain.com"
will be added to ipset.

This commit fixes this issue.

fix ipset wrong behavior
23ae0a9 
  Issue description:

    If local zone directive is assigned as following:

      "local-zone domain.com ipset"

    then any answers for query with names such as
    "anytext1domain.com" or "example2domain.com"
    will be added to ipset.

  This commit fixes this issue.
@gthess gthess self-assigned this Oct 18, 2023
gthess
gthess approved these changes Oct 18, 2023
View reviewed changes
Copy link
Member

@gthess gthess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks!

@gthess gthess merged commit 167772f into NLnetLabs:master Oct 18, 2023
1 check passed
gthess added a commit that referenced this pull request Oct 18, 2023
@gthess
- Changelog entry for:
44c3d4d 
  Merge #955 from buevsan: fix ipset wrong behavior.
- Update testdata/ipset.tdir test for ipset fix.
jedisct1 added a commit to jedisct1/unbound that referenced this pull request Oct 24, 2023
@jedisct1
Merge remote-tracking branch 'nlnet/master'
d0d5711 
* nlnet/master: (64 commits)
  Changelog entry for NLnetLabs#951. - Merge NLnetLabs#951: Cachedb no store. The cachedb-no-store: yes option is   used to stop cachedb from writing messages to the backend storage.   It reads messages when data is available from the backend. The   default is no.
  - Fix to print detailed errors when an SSL IO routine fails via   SSL_get_error.
  - Changelog entry for:   Merge NLnetLabs#955 from buevsan: fix ipset wrong behavior. - Update testdata/ipset.tdir test for ipset fix.
  - Update the dns64_lookup.rpl test for the DNS64 fallback patch.
  - Changelog entry for DNS64 patches from Daniel Gröber.
  Fixes for dns64 fallback to plain AAAA when no A records: - Cleanup if condition. - Rename variable for readability.
  dns64: Fall back to plain AAAA query with synthall but no A records
  Fixes for dns64 readability refactoring: - Move declarations to the top for C90 compliance. - Save cycles by not calling (yet) unneeded functions. - Possible use of uninitialised value. - Consistent formatting.
  dns64: Fix misleading indentation
  dns64: Refactor handle_event checks for readability
  fix ipset wrong behavior
  - Fix NLnetLabs#954: Inconsistent RPZ handling for A record returned along with   CNAME.
  - Update pymod tests for the new Python script variable.
  - For multi Python module setups, clean previously parsed module   functions in __main__'s dictionary, if any, so that only current   module functions are registered.
  - Expose the configured listening and outgoing interfaces, if any, as   a list of strings in the Python 'config_file' class instead of the   current Swig object proxy; fixes NLnetLabs#79.
  - Expose the script filename in the Python module environment 'mod_env'   instead of the config_file structure which includes the linked list   of scripts in a multi Python module setup; fixes NLnetLabs#79.
  - Better fix for infinite loop when reading multiple lines of input on   a broken remote control socket, by treating a zero byte line the   same as transmission end. Addesses NLnetLabs#947 and NLnetLabs#948.
  Apply suggestions from code review
  - cachedb-no-store, example conf and man page documentation.
  Changelog note for NLnetLabs#944. - Merge NLnetLabs#944: Disable EDNS DO.   Disable the EDNS DO flag in upstream requests. This can be helpful   for devices that cannot handle DNSSEC information. But it should not   be enabled otherwise, because that would stop DNSSEC validation. The   DNSSEC validation would not work for Unbound itself, and also not   for downstream users. Default is no. The option   is disable-edns-do: no
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gthess gthess gthess approved these changes

Assignees

@gthess gthess

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@buevsan @gthess