kgess-mirror/freebsd-src
1
0
Fork 0
mirror of https://git.freebsd.org/src.git synced 2026-01-11 19:57:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
freebsd-src/contrib/unbound
History
Exact
Gordon Tetlow 2a3a6a1771
Mitigate YXDOMAIN and nodata non-referral answer poisoning. 
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.

Obtained from:	NLnet Labs
Security:	CVE-2025-11411
2025-11-26 07:57:33 -08:00
..
cachedb unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
compat unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
contrib unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
daemon unbound: Vendor import 1.24.1 2025-10-23 12:03:29 -07:00
dns64 unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
dnscrypt
dnstap unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
doc unbound: Vendor import 1.24.1 2025-10-23 12:03:29 -07:00
dynlibmod
edns-subnet unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
ipsecmod
ipset
iterator Mitigate YXDOMAIN and nodata non-referral answer poisoning. 2025-11-26 07:57:33 -08:00
libunbound unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
pythonmod
respip unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
services unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
sldns unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
smallapp unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
testcode unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
util unbound: Vendor import 1.24.1 2025-10-23 12:03:29 -07:00
validator unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
winrc unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
aclocal.m4 unbound: Vendor import 1.24.1 2025-10-23 12:03:29 -07:00
acx_nlnetlabs.m4
acx_python.m4
ax_build_date_epoch.m4
ax_pkg_swig.m4
ax_pthread.m4
config.guess
config.h.in unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
config.sub
configure unbound: Vendor import 1.24.1 2025-10-23 12:03:29 -07:00
configure.ac unbound: Vendor import 1.24.1 2025-10-23 12:03:29 -07:00
freebsd-configure.sh
freebsd-sources.pl
install-sh unbound: Vendor import 1.24.1 2025-10-23 12:03:29 -07:00
LICENSE
ltmain.sh unbound: Vendor import 1.24.1 2025-10-23 12:03:29 -07:00
Makefile.in unbound: Vendor import 1.24.0 2025-10-07 08:16:21 -07:00
README
README-Travis.md
README.md
SECURITY.md
systemd.m4

README.md

Unbound

Github Build Status Packaging status Fuzzing Status Documentation Status Mastodon Follow

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. If you have any feedback, we would love to hear from you. Dont hesitate to create an issue on Github or post a message on the Unbound mailing list. You can learn more about Unbound by reading our documentation.

Compiling

Make sure you have the C toolchain, OpenSSL and its include files, and libexpat installed. If building from the repository source you also need flex and bison installed. Unbound can be compiled and installed using:

./configure && make && make install

You can use libevent if you want. libevent is useful when using many (10000) outgoing ports. By default max 256 ports are opened at the same time and the builtin alternative is equally capable and a little faster.

Use the --with-libevent configure option to compile Unbound with libevent support.

Unbound configuration

All of Unbound's configuration options are described in the man pages, which will be installed and are available on the Unbound documentation page.

An example configuration file is located in doc/example.conf.