2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "common_startup.hh"
27 #include "secpoll-auth.hh"
29 #include <sys/resource.h>
30 #include "dynhandler.hh"
31 #include "dnsseckeeper.hh"
34 #include <systemd/sd-daemon.h>
39 typedef Distributor
<DNSPacket
,DNSPacket
,PacketHandler
> DNSDistributor
;
42 StatBag S
; //!< Statistics are gathered across PDNS via the StatBag class S
43 AuthPacketCache PC
; //!< This is the main PacketCache, shared across all threads
47 CommunicatorClass Communicator
;
48 shared_ptr
<UDPNameserver
> N
;
51 static vector
<DNSDistributor
*> g_distributors
;
52 vector
<std::shared_ptr
<UDPNameserver
> > g_udpReceivers
;
59 void declareArguments()
61 ::arg().set("local-port","The port on which we listen")="53";
62 ::arg().setSwitch("dnsupdate","Enable/Disable DNS update (RFC2136) support. Default is no.")="no";
63 ::arg().setSwitch("write-pid","Write a PID file")="yes";
64 ::arg().set("allow-dnsupdate-from","A global setting to allow DNS updates from these IP ranges.")="127.0.0.0/8,::1";
65 ::arg().set("allow-unsigned-notify","Allow unsigned notifications for TSIG secured domains")="yes"; //FIXME: change to 'no' later
66 ::arg().set("allow-unsigned-supermaster", "Allow supermasters to create zones without TSIG signed NOTIFY")="yes";
67 ::arg().setSwitch("forward-dnsupdate","A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.")="yes";
68 ::arg().setSwitch("log-dns-details","If PDNS should log DNS non-erroneous details")="no";
69 ::arg().setSwitch("log-dns-queries","If PDNS should log all incoming DNS queries")="no";
70 ::arg().set("local-address","Local IP addresses to which we bind")="0.0.0.0";
71 ::arg().setSwitch("local-address-nonexist-fail","Fail to start if one or more of the local-address's do not exist on this server")="yes";
72 ::arg().setSwitch("non-local-bind", "Enable binding to non-local addresses by using FREEBIND / BINDANY socket options")="no";
73 ::arg().set("local-ipv6","Local IP address to which we bind")="::";
74 ::arg().setSwitch("reuseport","Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket")="no";
75 ::arg().setSwitch("local-ipv6-nonexist-fail","Fail to start if one or more of the local-ipv6 addresses do not exist on this server")="yes";
76 ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
77 ::arg().set("query-local-address6","Source IPv6 address for sending queries")="::";
78 ::arg().set("overload-queue-length","Maximum queuelength moving to packetcache only")="0";
79 ::arg().set("max-queue-length","Maximum queuelength before considering situation lost")="5000";
81 ::arg().set("retrieval-threads", "Number of AXFR-retrieval threads for slave operation")="2";
82 ::arg().setSwitch("api", "Enable/disable the REST API (including HTTP listener)")="no";
83 ::arg().set("api-key", "Static pre-shared authentication key for access to the REST API")="";
84 ::arg().set("api-logfile", "Location of the server logfile (used by the REST API)")="/var/log/pdns.log";
85 ::arg().setSwitch("api-readonly", "Disallow data modification through the REST API when set")="no";
86 ::arg().setSwitch("dname-processing", "If we should support DNAME records")="no";
88 ::arg().setCmd("help","Provide a helpful message");
89 ::arg().setCmd("version","Output version and compilation date");
90 ::arg().setCmd("config","Provide configuration file on standard output");
91 ::arg().setCmd("list-modules","Lists all modules available");
92 ::arg().setCmd("no-config","Don't parse configuration file");
94 ::arg().set("version-string","PowerDNS version in packets - full, anonymous, powerdns or custom")="full";
95 ::arg().set("control-console","Debugging switch - don't use")="no"; // but I know you will!
96 ::arg().set("loglevel","Amount of logging. Higher is more. Do not set below 3")="4";
97 ::arg().set("disable-syslog","Disable logging to syslog, useful when running inside a supervisor that logs stdout")="no";
98 ::arg().set("log-timestamp","Print timestamps in log lines")="yes";
99 ::arg().set("default-soa-name","name to insert in the SOA record if none set in the backend")="a.misconfigured.powerdns.server";
100 ::arg().set("default-soa-mail","mail address to insert in the SOA record if none set in the backend")="";
101 ::arg().set("distributor-threads","Default number of Distributor (backend) threads to start")="3";
102 ::arg().set("signing-threads","Default number of signer threads to start")="3";
103 ::arg().set("receiver-threads","Default number of receiver threads to start")="1";
104 ::arg().set("queue-limit","Maximum number of milliseconds to queue a query")="1500";
105 ::arg().set("resolver","Use this resolver for ALIAS and the internal stub resolver")="no";
106 ::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1680";
107 ::arg().set("disable-tcp","Do not listen to TCP queries")="no";
109 ::arg().set("config-name","Name of this virtual configuration - will rename the binary image")="";
111 ::arg().set("load-modules","Load this module - supply absolute or relative path")="";
112 ::arg().set("launch","Which backends to launch and order to query them in")="";
113 ::arg().setSwitch("disable-axfr","Disable zonetransfers but do allow TCP queries")="no";
114 ::arg().set("allow-axfr-ips","Allow zonetransfers only to these subnets")="127.0.0.0/8,::1";
115 ::arg().set("only-notify", "Only send AXFR NOTIFY to these IP addresses or netmasks")="0.0.0.0/0,::/0";
116 ::arg().set("also-notify", "When notifying a domain, also notify these nameservers")="";
117 ::arg().set("allow-notify-from","Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.")="0.0.0.0/0,::/0";
118 ::arg().set("slave-cycle-interval","Schedule slave freshness checks once every .. seconds")="60";
120 ::arg().set("tcp-control-address","If set, PowerDNS can be controlled over TCP on this address")="";
121 ::arg().set("tcp-control-port","If set, PowerDNS can be controlled over TCP on this address")="53000";
122 ::arg().set("tcp-control-secret","If set, PowerDNS can be controlled over TCP after passing this secret")="";
123 ::arg().set("tcp-control-range","If set, remote control of PowerDNS is possible over these networks only")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10";
125 ::arg().setSwitch("slave","Act as a slave")="no";
126 ::arg().setSwitch("master","Act as a master")="no";
127 ::arg().setSwitch("disable-axfr-rectify","Disable the rectify step during an outgoing AXFR. Only required for regression testing.")="no";
128 ::arg().setSwitch("guardian","Run within a guardian process")="no";
129 ::arg().setSwitch("prevent-self-notification","Don't send notifications to what we think is ourself")="yes";
130 ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="yes";
131 ::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no";
133 ::arg().setSwitch("webserver","Start a webserver for monitoring (api=yes also enables the HTTP listener)")="no";
134 ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no";
135 ::arg().set("webserver-address","IP Address of webserver/API to listen on")="127.0.0.1";
136 ::arg().set("webserver-port","Port of webserver/API to listen on")="8081";
137 ::arg().set("webserver-password","Password required for accessing the webserver")="";
138 ::arg().set("webserver-allow-from","Webserver/API access is only allowed from these subnets")="127.0.0.1,::1";
140 ::arg().setSwitch("out-of-zone-additional-processing","Do out of zone additional processing")="yes";
141 ::arg().setSwitch("do-ipv6-additional-processing", "Do AAAA additional processing")="yes";
142 ::arg().setSwitch("query-logging","Hint backends that queries should be logged")="no";
144 ::arg().set("carbon-ourname", "If set, overrides our reported hostname for carbon stats")="";
145 ::arg().set("carbon-server", "If set, send metrics in carbon (graphite) format to this server IP address")="";
146 ::arg().set("carbon-interval", "Number of seconds between carbon (graphite) updates")="30";
148 ::arg().set("cache-ttl","Seconds to store packets in the PacketCache")="20";
149 ::arg().set("negquery-cache-ttl","Seconds to store negative query results in the QueryCache")="60";
150 ::arg().set("query-cache-ttl","Seconds to store query results in the QueryCache")="20";
151 ::arg().set("soa-minimum-ttl","Default SOA minimum ttl")="3600";
152 ::arg().set("server-id", "Returned when queried for 'id.server' TXT or NSID, defaults to hostname - disabled or custom")="";
153 ::arg().set("soa-refresh-default","Default SOA refresh")="10800";
154 ::arg().set("soa-retry-default","Default SOA retry")="3600";
155 ::arg().set("soa-expire-default","Default SOA expire")="604800";
156 ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
157 ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
158 ::arg().set("dnssec-key-cache-ttl","Seconds to cache DNSSEC keys from the database")="30";
159 ::arg().set("domain-metadata-cache-ttl","Seconds to cache domain metadata from the database")="60";
161 ::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")="";
162 ::arg().set("slave-renotify", "If we should send out notifications for slaved updates")="no";
163 ::arg().set("forward-notify", "IP addresses to forward received notifications to regardless of master or slave settings")="";
165 ::arg().set("default-ttl","Seconds a result is valid if not set otherwise")="3600";
166 ::arg().set("max-tcp-connections","Maximum number of TCP connections")="20";
167 ::arg().set("max-tcp-connections-per-client","Maximum number of simultaneous TCP connections per client")="0";
168 ::arg().set("max-tcp-transactions-per-conn")="0";
169 ::arg().set("max-tcp-connection-duration")="0";
170 ::arg().set("tcp-idle-timeout")="5";
172 ::arg().setSwitch("no-shuffle","Set this to prevent random shuffling of answers - for regression testing")="off";
174 ::arg().set("setuid","If set, change user id to this uid for more security")="";
175 ::arg().set("setgid","If set, change group id to this gid for more security")="";
177 ::arg().set("max-cache-entries", "Maximum number of entries in the query cache")="1000000";
178 ::arg().set("max-packet-cache-entries", "Maximum number of entries in the packet cache")="1000000";
179 ::arg().set("max-signature-cache-entries", "Maximum number of signatures cache entries")="";
180 ::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a zone")="100000";
181 ::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom";
183 ::arg().set("lua-prequery-script", "Lua script with prequery handler (DO NOT USE)")="";
184 ::arg().set("lua-dnsupdate-policy-script", "Lua script with DNS update policy handler")="";
186 ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
187 ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
188 ::arg().set("default-ksk-algorithm","Default KSK algorithm")="ecdsa256";
189 ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
190 ::arg().set("default-zsk-algorithm","Default ZSK algorithm")="";
191 ::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0";
192 ::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
194 ::arg().set("include-dir","Include *.conf files from this directory");
195 ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
197 ::arg().setSwitch("expand-alias", "Expand ALIAS records")="no";
198 ::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR")="no";
199 ::arg().setSwitch("8bit-dns", "Allow 8bit dns queries")="no";
200 ::arg().setSwitch("axfr-lower-serial", "Also AXFR a zone from a master with a lower serial")="no";
202 ::arg().set("lua-axfr-script", "Script to be used to edit incoming AXFRs")="";
203 ::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming XFR")="100";
205 ::arg().set("tcp-fast-open", "Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size")="0";
208 static time_t s_start
=time(0);
209 static uint64_t uptimeOfProcess(const std::string
& str
)
211 return time(0) - s_start
;
214 static uint64_t getSysUserTimeMsec(const std::string
& str
)
217 getrusage(RUSAGE_SELF
, &ru
);
219 if(str
=="sys-msec") {
220 return (ru
.ru_stime
.tv_sec
*1000ULL + ru
.ru_stime
.tv_usec
/1000);
223 return (ru
.ru_utime
.tv_sec
*1000ULL + ru
.ru_utime
.tv_usec
/1000);
227 static uint64_t getQCount(const std::string
& str
)
231 for(DNSDistributor
* d
: g_distributors
) {
234 totcount
+= d
->getQueueSize(); // this does locking and other things, so don't get smart
238 catch(std::exception
& e
)
240 L
<<Logger::Error
<<"Had error retrieving queue sizes: "<<e
.what()<<endl
;
243 catch(PDNSException
& e
)
245 L
<<Logger::Error
<<"Had error retrieving queue sizes: "<<e
.reason
<<endl
;
249 static uint64_t getLatency(const std::string
& str
)
254 void declareStats(void)
256 S
.declare("udp-queries","Number of UDP queries received");
257 S
.declare("udp-do-queries","Number of UDP queries received with DO bit");
258 S
.declare("udp-answers","Number of answers sent out over UDP");
259 S
.declare("udp-answers-bytes","Total size of answers sent out over UDP");
260 S
.declare("udp4-answers-bytes","Total size of answers sent out over UDPv4");
261 S
.declare("udp6-answers-bytes","Total size of answers sent out over UDPv6");
263 S
.declare("udp4-answers","Number of IPv4 answers sent out over UDP");
264 S
.declare("udp4-queries","Number of IPv4 UDP queries received");
265 S
.declare("udp6-answers","Number of IPv6 answers sent out over UDP");
266 S
.declare("udp6-queries","Number of IPv6 UDP queries received");
267 S
.declare("overload-drops","Queries dropped because backends overloaded");
269 S
.declare("rd-queries", "Number of recursion desired questions");
270 S
.declare("recursion-unanswered", "Number of packets unanswered by configured recursor");
271 S
.declare("recursing-answers","Number of recursive answers sent out");
272 S
.declare("recursing-questions","Number of questions sent to recursor");
273 S
.declare("corrupt-packets","Number of corrupt packets received");
274 S
.declare("signatures", "Number of DNSSEC signatures made");
275 S
.declare("tcp-queries","Number of TCP queries received");
276 S
.declare("tcp-answers","Number of answers sent out over TCP");
277 S
.declare("tcp-answers-bytes","Total size of answers sent out over TCP");
278 S
.declare("tcp4-answers-bytes","Total size of answers sent out over TCPv4");
279 S
.declare("tcp6-answers-bytes","Total size of answers sent out over TCPv6");
281 S
.declare("tcp4-queries","Number of IPv4 TCP queries received");
282 S
.declare("tcp4-answers","Number of IPv4 answers sent out over TCP");
284 S
.declare("tcp6-queries","Number of IPv6 TCP queries received");
285 S
.declare("tcp6-answers","Number of IPv6 answers sent out over TCP");
288 S
.declare("qsize-q","Number of questions waiting for database attention", getQCount
);
290 S
.declare("dnsupdate-queries", "DNS update packets received.");
291 S
.declare("dnsupdate-answers", "DNS update packets successfully answered.");
292 S
.declare("dnsupdate-refused", "DNS update packets that are refused.");
293 S
.declare("dnsupdate-changes", "DNS update changes to records in total.");
295 S
.declare("incoming-notifications", "NOTIFY packets received.");
297 S
.declare("uptime", "Uptime of process in seconds", uptimeOfProcess
);
298 S
.declare("real-memory-usage", "Actual unique use of memory in bytes (approx)", getRealMemoryUsage
);
299 S
.declare("fd-usage", "Number of open filedescriptors", getOpenFileDescriptors
);
301 S
.declare("udp-recvbuf-errors", "UDP 'recvbuf' errors", udpErrorStats
);
302 S
.declare("udp-sndbuf-errors", "UDP 'sndbuf' errors", udpErrorStats
);
303 S
.declare("udp-noport-errors", "UDP 'noport' errors", udpErrorStats
);
304 S
.declare("udp-in-errors", "UDP 'in' errors", udpErrorStats
);
307 S
.declare("sys-msec", "Number of msec spent in system time", getSysUserTimeMsec
);
308 S
.declare("user-msec", "Number of msec spent in user time", getSysUserTimeMsec
);
309 S
.declare("meta-cache-size", "Number of entries in the metadata cache", DNSSECKeeper::dbdnssecCacheSizes
);
310 S
.declare("key-cache-size", "Number of entries in the key cache", DNSSECKeeper::dbdnssecCacheSizes
);
311 S
.declare("signature-cache-size", "Number of entries in the signature cache", signatureCacheSize
);
313 S
.declare("servfail-packets","Number of times a server-failed packet was sent out");
314 S
.declare("latency","Average number of microseconds needed to answer a question", getLatency
);
315 S
.declare("timedout-packets","Number of packets which weren't answered within timeout set");
316 S
.declare("security-status", "Security status based on regular polling");
317 S
.declareRing("queries","UDP Queries Received");
318 S
.declareRing("nxdomain-queries","Queries for non-existent records within existent domains");
319 S
.declareRing("noerror-queries","Queries for existing records, but for type we don't have");
320 S
.declareRing("servfail-queries","Queries that could not be answered due to backend errors");
321 S
.declareRing("unauth-queries","Queries for domains that we are not authoritative for");
322 S
.declareRing("logmessages","Log Messages");
323 S
.declareComboRing("remotes","Remote server IP addresses");
324 S
.declareComboRing("remotes-unauth","Remote hosts querying domains for which we are not auth");
325 S
.declareComboRing("remotes-corrupt","Remote hosts sending corrupt packets");
328 int isGuarded(char **argv
)
330 char *p
=strstr(argv
[0],"-instance");
335 void sendout(DNSPacket
* a
)
342 int diff
=a
->d_dt
.udiff();
343 avg_latency
=(int)(0.999*avg_latency
+0.001*diff
);
347 //! The qthread receives questions over the internet via the Nameserver class, and hands them to the Distributor for further processing
348 void *qthread(void *number
)
352 DNSDistributor
*distributor
= DNSDistributor::Create(::arg().asNum("distributor-threads", 1)); // the big dispatcher!
353 int num
= (int)(unsigned long)number
;
354 g_distributors
[num
] = distributor
;
355 DNSPacket
question(true);
356 DNSPacket
cached(false);
358 AtomicCounter
&numreceived
=*S
.getPointer("udp-queries");
359 AtomicCounter
&numreceiveddo
=*S
.getPointer("udp-do-queries");
361 AtomicCounter
&numreceived4
=*S
.getPointer("udp4-queries");
363 AtomicCounter
&numreceived6
=*S
.getPointer("udp6-queries");
364 AtomicCounter
&overloadDrops
=*S
.getPointer("overload-drops");
367 bool logDNSQueries
= ::arg().mustDo("log-dns-queries");
368 shared_ptr
<UDPNameserver
> NS
;
370 // If we have SO_REUSEPORT then create a new port for all receiver threads
371 // other than the first one.
372 if( number
!= NULL
&& N
->canReusePort() ) {
373 NS
= g_udpReceivers
[num
];
382 if(!(P
=NS
->receive(&question
))) { // receive a packet inline
383 continue; // packet was broken, try again
388 if(P
->d_remote
.getSocklen()==sizeof(sockaddr_in
))
399 S
.ringAccount("queries", P
->qdomain
.toLogString()+"/"+P
->qtype
.getName());
400 S
.ringAccount("remotes",P
->d_remote
);
403 if(P
->hasEDNSSubnet())
404 remote
= P
->getRemote().toString() + "<-" + P
->getRealRemote().toString();
406 remote
= P
->getRemote().toString();
407 L
<< Logger::Notice
<<"Remote "<< remote
<<" wants '" << P
->qdomain
<<"|"<<P
->qtype
.getName() <<
408 "', do = " <<P
->d_dnssecOk
<<", bufsize = "<< P
->getMaxReplyLen()<<": ";
411 if((P
->d
.opcode
!= Opcode::Notify
&& P
->d
.opcode
!= Opcode::Update
) && P
->couldBeCached()) {
412 bool haveSomething
=PC
.get(P
, &cached
); // does the PacketCache recognize this question?
415 L
<<"packetcache HIT"<<endl
;
416 cached
.setRemote(&P
->d_remote
); // inlined
417 cached
.setSocket(P
->getSocket()); // inlined
418 cached
.d_anyLocal
= P
->d_anyLocal
;
419 cached
.setMaxReplyLen(P
->getMaxReplyLen());
420 cached
.d
.rd
=P
->d
.rd
; // copy in recursion desired bit
422 cached
.commitD(); // commit d to the packet inlined
423 NS
->send(&cached
); // answer it then inlined
424 diff
=P
->d_dt
.udiff();
425 avg_latency
=(int)(0.999*avg_latency
+0.001*diff
); // 'EWMA'
430 if(distributor
->isOverloaded()) {
432 L
<<"Dropped query, backends are overloaded"<<endl
;
438 L
<<"packetcache MISS"<<endl
;
441 distributor
->question(P
, &sendout
); // otherwise, give to the distributor
443 catch(DistributorFatal
& df
) { // when this happens, we have leaked loads of memory. Bailing out time.
449 catch(PDNSException
& pe
)
451 L
<<Logger::Error
<<"Fatal error in question thread: "<<pe
.reason
<<endl
;
455 static void* dummyThread(void *)
458 pthread_exit(ignore
);
461 static void triggerLoadOfLibraries()
464 pthread_create(&tid
, 0, dummyThread
, 0);
466 pthread_join(tid
, &res
);
471 Utility::srandom(time(0) ^ getpid());
474 if(!::arg()["setgid"].empty())
475 newgid
=Utility::makeGidNumeric(::arg()["setgid"]);
477 if(!::arg()["setuid"].empty())
478 newuid
=Utility::makeUidNumeric(::arg()["setuid"]);
480 g_anyToTcp
= ::arg().mustDo("any-to-tcp");
481 g_8bitDNS
= ::arg().mustDo("8bit-dns");
483 DNSPacket::s_udpTruncationThreshold
= std::max(512, ::arg().asNum("udp-truncation-threshold"));
484 DNSPacket::s_doEDNSSubnetProcessing
= ::arg().mustDo("edns-subnet-processing");
486 PC
.setTTL(::arg().asNum("cache-ttl"));
487 PC
.setMaxEntries(::arg().asNum("max-packet-cache-entries"));
488 QC
.setMaxEntries(::arg().asNum("max-cache-entries"));
490 stubParseResolveConf();
492 if(!::arg()["chroot"].empty()) {
495 ns
= getenv("NOTIFY_SOCKET");
497 L
<<Logger::Error
<<"Unable to chroot when running from systemd. Please disable chroot= or set the 'Type' for this service to 'simple'"<<endl
;
501 triggerLoadOfLibraries();
502 if(::arg().mustDo("master") || ::arg().mustDo("slave"))
503 gethostbyname("a.root-servers.net"); // this forces all lookup libraries to be loaded
504 Utility::dropGroupPrivs(newuid
, newgid
);
505 if(chroot(::arg()["chroot"].c_str())<0 || chdir("/")<0) {
506 L
<<Logger::Error
<<"Unable to chroot to '"+::arg()["chroot"]+"': "<<strerror(errno
)<<", exiting"<<endl
;
510 L
<<Logger::Error
<<"Chrooted to '"<<::arg()["chroot"]<<"'"<<endl
;
512 Utility::dropGroupPrivs(newuid
, newgid
);
515 AuthWebServer webserver
;
516 Utility::dropUserPrivs(newuid
);
518 // We need to start the Recursor Proxy before doing secpoll, see issue #2453
519 if(::arg().mustDo("resolver")){
520 DP
=new DNSProxy(::arg()["resolver"]);
529 // Some sanity checking on default key settings
530 for (const string
& algotype
: {"ksk", "zsk"}) {
532 if (::arg()["default-"+algotype
+"-algorithm"].empty())
534 algo
= DNSSECKeeper::shorthand2algorithm(::arg()["default-"+algotype
+"-algorithm"]);
535 size
= ::arg().asNum("default-"+algotype
+"-size");
537 L
<<Logger::Warning
<<"Warning: default-"<<algotype
<<"-algorithm set to unknown algorithm: "<<::arg()["default-"+algotype
+"-algorithm"]<<endl
;
538 else if (algo
<= 10 && size
== 0)
539 L
<<Logger::Warning
<<"Warning: default-"<<algotype
<<"-algorithm is set to an algorithm ("<<::arg()["default-"+algotype
+"-algorithm"]<<") that requires a non-zero default-"<<algotype
<<"-size!"<<endl
;
542 // NOW SAFE TO CREATE THREADS!
547 if(::arg().mustDo("webserver") || ::arg().mustDo("api"))
550 if(::arg().mustDo("slave") || ::arg().mustDo("master") || !::arg()["forward-notify"].empty())
554 TN
->go(); // tcp nameserver launch
556 // fork(); (this worked :-))
557 unsigned int max_rthreads
= ::arg().asNum("receiver-threads", 1);
558 g_distributors
.resize(max_rthreads
);
559 for(unsigned int n
=0; n
< max_rthreads
; ++n
)
560 pthread_create(&qtid
,0,qthread
, reinterpret_cast<void *>(n
)); // receives packets
562 pthread_create(&qtid
,0,carbonDumpThread
, 0); // runs even w/o carbon, might change @ runtime
565 /* If we are here, notify systemd that we are ay-ok! This might have some
566 * timing issues with the backend-threads. e.g. if the initial MySQL connection
567 * is slow and times out (leading to process termination through the backend)
568 * We probably have told systemd already that we have started correctly.
570 sd_notify(0, "READY=1");
581 L
<<Logger::Error
<<"Mainthread exiting - should never happen"<<endl
;