Conversation
…secret, activate_cookie_secret and print_cookie_secrets.
staging cookies get a fresh cookie and spelling in error message.
gthess
requested changes
Aug 1, 2024
Member
gthess
left a comment
gthess
left a comment
There was a problem hiding this comment.
Looks good!
Just a question about writing to file.
Some changes for the test and some documentation edits will follow in a PR; that's why the "request changes" status.
Member
|
If the attached PR (#1116) is merged here, then a squash and merge of this back to master should do it. |
Update cookie_file.tdir
wcawijngaards
added a commit
that referenced
this pull request
Aug 2, 2024
- Merge #1090: Cookie secret file. Adds `cookie-secret-file: "unbound_cookiesecrets.txt"` option to store cookie secrets for EDNS COOKIE secret rollover. The remote control add_cookie_secret, activate_cookie_secret and drop_cookie_secret commands can be used for rollover, the command print_cookie_secrets shows the values in use.
Member
Author
|
Thank you for the review! Added the changes and squashed and merged it into the repo. |
3 tasks
jedisct1
added a commit
to jedisct1/unbound
that referenced
this pull request
Aug 17, 2024
* nlnet/master: (66 commits) - Tag for release 1.21.0, the repository continues with 1.21.1 in development. - Fix spelling for the cache-min-negative-ttl entry in the example.conf. - Fix that for windows the module startup is called and sets up the module-config. - Set version number to 1.21.0 for release. - Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek, Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv University and Reichman University). - Fix CAMP issues with global quota. Thanks to Huayi Duan, Marco Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich. - Fix that alloc stats for forwards and hints are printed, and when alloc stats is enabled, the unit test for unbound control waits for reloads to complete. Changelog note for NLnetLabs#1090 - Merge NLnetLabs#1090: Cookie secret file. Adds `cookie-secret-file: "unbound_cookiesecrets.txt"` option to store cookie secrets for EDNS COOKIE secret rollover. The remote control add_cookie_secret, activate_cookie_secret and drop_cookie_secret commands can be used for rollover, the command print_cookie_secrets shows the values in use. Cookie secret file (NLnetLabs#1090) Update changelog. - Fix testbound for alloc stats strdup in util/alloc.c. - Fix testbound for alloc stats strdup in util/alloc.c. - Fix that alloc stats has strdup checks, it stops debuggers from complaining about mismatch at free time. - Fix that the worker mem report with alloc stats does not attempt to print memory use of forwards and hints if they have been deleted already. - Fix dnstap test program, cleans up to have clean memory on exit, for tap_data_free, does not delete NULL items. Also it does not try to free the tail, specifically in the free of the list since that picked up the next item in the list for its loop causing invalid free. Added internal unit test to unbound-dnstap-socket for that. - Fix for NLnetLabs#1114: Fix that cache fill for forward-host names is performed, so that with nonzero target-fetch-policy it fetches forwarder addresses and uses them from cache. Also updated that delegation point cache fill routines use CDflag for AAAA message lookups, so that its negative lookup stops a recursion since the cache uses the bit for disambiguation for dns64 but the recursion uses CDflag for the AAAA target lookups, so the check correctly stops a useless recursion by its cache lookup. - Fix to document parameters of auth_zone_verify_zonemd_with_key. - Add root key 38696 from 2024 for DNSSEC validation. It is added to the default root keys in unbound-anchor. The content can be inspected with `unbound-anchor -l`. - For NLnetLabs#935 and NLnetLabs#1104, clarify RPZ order and semantics. - Cleanup ede.tdir test. - Fix link of unbound-dnstap-socket without openssl. ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This creates a new option to store the cookies in a file and manage them with remote control.
The
cookie-secret-file: "unbound_cookiesecrets.txt"option can be used with the unbound-controladd_cookie_secret,drop_cookie_secret,activate_cookie_secretandprint_cookie_secretscommands. Code has been used from the NSD implementation of it.This fixes #1088 .