]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/common_startup.cc
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rec: Don't account chained queries more than once
[thirdparty/pdns.git] / pdns / common_startup.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25 #include "common_startup.hh"
26 #include "ws-auth.hh"
27 #include "secpoll-auth.hh"
28 #include <sys/time.h>
29 #include <sys/resource.h>
30 #include "dynhandler.hh"
31 #include "dnsseckeeper.hh"
32
33 #ifdef HAVE_SYSTEMD
34 #include <systemd/sd-daemon.h>
35 #endif
36
37 bool g_anyToTcp;
38 bool g_8bitDNS;
39 typedef Distributor<DNSPacket,DNSPacket,PacketHandler> DNSDistributor;
40
41 ArgvMap theArg;
42 StatBag S; //!< Statistics are gathered across PDNS via the StatBag class S
43 AuthPacketCache PC; //!< This is the main PacketCache, shared across all threads
44 AuthQueryCache QC;
45 DNSProxy *DP;
46 DynListener *dl;
47 CommunicatorClass Communicator;
48 shared_ptr<UDPNameserver> N;
49 int avg_latency;
50 TCPNameserver *TN;
51 static vector<DNSDistributor*> g_distributors;
52 vector<std::shared_ptr<UDPNameserver> > g_udpReceivers;
53
54 ArgvMap &arg()
55 {
56 return theArg;
57 }
58
59 void declareArguments()
60 {
61 ::arg().set("local-port","The port on which we listen")="53";
62 ::arg().setSwitch("dnsupdate","Enable/Disable DNS update (RFC2136) support. Default is no.")="no";
63 ::arg().setSwitch("write-pid","Write a PID file")="yes";
64 ::arg().set("allow-dnsupdate-from","A global setting to allow DNS updates from these IP ranges.")="127.0.0.0/8,::1";
65 ::arg().set("allow-unsigned-notify","Allow unsigned notifications for TSIG secured domains")="yes"; //FIXME: change to 'no' later
66 ::arg().set("allow-unsigned-supermaster", "Allow supermasters to create zones without TSIG signed NOTIFY")="yes";
67 ::arg().setSwitch("forward-dnsupdate","A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.")="yes";
68 ::arg().setSwitch("log-dns-details","If PDNS should log DNS non-erroneous details")="no";
69 ::arg().setSwitch("log-dns-queries","If PDNS should log all incoming DNS queries")="no";
70 ::arg().set("local-address","Local IP addresses to which we bind")="0.0.0.0";
71 ::arg().setSwitch("local-address-nonexist-fail","Fail to start if one or more of the local-address's do not exist on this server")="yes";
72 ::arg().setSwitch("non-local-bind", "Enable binding to non-local addresses by using FREEBIND / BINDANY socket options")="no";
73 ::arg().set("local-ipv6","Local IP address to which we bind")="::";
74 ::arg().setSwitch("reuseport","Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket")="no";
75 ::arg().setSwitch("local-ipv6-nonexist-fail","Fail to start if one or more of the local-ipv6 addresses do not exist on this server")="yes";
76 ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
77 ::arg().set("query-local-address6","Source IPv6 address for sending queries")="::";
78 ::arg().set("overload-queue-length","Maximum queuelength moving to packetcache only")="0";
79 ::arg().set("max-queue-length","Maximum queuelength before considering situation lost")="5000";
80
81 ::arg().set("retrieval-threads", "Number of AXFR-retrieval threads for slave operation")="2";
82 ::arg().setSwitch("api", "Enable/disable the REST API (including HTTP listener)")="no";
83 ::arg().set("api-key", "Static pre-shared authentication key for access to the REST API")="";
84 ::arg().set("api-logfile", "Location of the server logfile (used by the REST API)")="/var/log/pdns.log";
85 ::arg().setSwitch("api-readonly", "Disallow data modification through the REST API when set")="no";
86 ::arg().setSwitch("dname-processing", "If we should support DNAME records")="no";
87
88 ::arg().setCmd("help","Provide a helpful message");
89 ::arg().setCmd("version","Output version and compilation date");
90 ::arg().setCmd("config","Provide configuration file on standard output");
91 ::arg().setCmd("list-modules","Lists all modules available");
92 ::arg().setCmd("no-config","Don't parse configuration file");
93
94 ::arg().set("version-string","PowerDNS version in packets - full, anonymous, powerdns or custom")="full";
95 ::arg().set("control-console","Debugging switch - don't use")="no"; // but I know you will!
96 ::arg().set("loglevel","Amount of logging. Higher is more. Do not set below 3")="4";
97 ::arg().set("disable-syslog","Disable logging to syslog, useful when running inside a supervisor that logs stdout")="no";
98 ::arg().set("log-timestamp","Print timestamps in log lines")="yes";
99 ::arg().set("default-soa-name","name to insert in the SOA record if none set in the backend")="a.misconfigured.powerdns.server";
100 ::arg().set("default-soa-mail","mail address to insert in the SOA record if none set in the backend")="";
101 ::arg().set("distributor-threads","Default number of Distributor (backend) threads to start")="3";
102 ::arg().set("signing-threads","Default number of signer threads to start")="3";
103 ::arg().set("receiver-threads","Default number of receiver threads to start")="1";
104 ::arg().set("queue-limit","Maximum number of milliseconds to queue a query")="1500";
105 ::arg().set("resolver","Use this resolver for ALIAS and the internal stub resolver")="no";
106 ::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1680";
107 ::arg().set("disable-tcp","Do not listen to TCP queries")="no";
108
109 ::arg().set("config-name","Name of this virtual configuration - will rename the binary image")="";
110
111 ::arg().set("load-modules","Load this module - supply absolute or relative path")="";
112 ::arg().set("launch","Which backends to launch and order to query them in")="";
113 ::arg().setSwitch("disable-axfr","Disable zonetransfers but do allow TCP queries")="no";
114 ::arg().set("allow-axfr-ips","Allow zonetransfers only to these subnets")="127.0.0.0/8,::1";
115 ::arg().set("only-notify", "Only send AXFR NOTIFY to these IP addresses or netmasks")="0.0.0.0/0,::/0";
116 ::arg().set("also-notify", "When notifying a domain, also notify these nameservers")="";
117 ::arg().set("allow-notify-from","Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.")="0.0.0.0/0,::/0";
118 ::arg().set("slave-cycle-interval","Schedule slave freshness checks once every .. seconds")="60";
119
120 ::arg().set("tcp-control-address","If set, PowerDNS can be controlled over TCP on this address")="";
121 ::arg().set("tcp-control-port","If set, PowerDNS can be controlled over TCP on this address")="53000";
122 ::arg().set("tcp-control-secret","If set, PowerDNS can be controlled over TCP after passing this secret")="";
123 ::arg().set("tcp-control-range","If set, remote control of PowerDNS is possible over these networks only")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10";
124
125 ::arg().setSwitch("slave","Act as a slave")="no";
126 ::arg().setSwitch("master","Act as a master")="no";
127 ::arg().setSwitch("disable-axfr-rectify","Disable the rectify step during an outgoing AXFR. Only required for regression testing.")="no";
128 ::arg().setSwitch("guardian","Run within a guardian process")="no";
129 ::arg().setSwitch("prevent-self-notification","Don't send notifications to what we think is ourself")="yes";
130 ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="yes";
131 ::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no";
132
133 ::arg().setSwitch("webserver","Start a webserver for monitoring (api=yes also enables the HTTP listener)")="no";
134 ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no";
135 ::arg().set("webserver-address","IP Address of webserver/API to listen on")="127.0.0.1";
136 ::arg().set("webserver-port","Port of webserver/API to listen on")="8081";
137 ::arg().set("webserver-password","Password required for accessing the webserver")="";
138 ::arg().set("webserver-allow-from","Webserver/API access is only allowed from these subnets")="127.0.0.1,::1";
139
140 ::arg().setSwitch("out-of-zone-additional-processing","Do out of zone additional processing")="yes";
141 ::arg().setSwitch("do-ipv6-additional-processing", "Do AAAA additional processing")="yes";
142 ::arg().setSwitch("query-logging","Hint backends that queries should be logged")="no";
143
144 ::arg().set("carbon-ourname", "If set, overrides our reported hostname for carbon stats")="";
145 ::arg().set("carbon-server", "If set, send metrics in carbon (graphite) format to this server IP address")="";
146 ::arg().set("carbon-interval", "Number of seconds between carbon (graphite) updates")="30";
147
148 ::arg().set("cache-ttl","Seconds to store packets in the PacketCache")="20";
149 ::arg().set("negquery-cache-ttl","Seconds to store negative query results in the QueryCache")="60";
150 ::arg().set("query-cache-ttl","Seconds to store query results in the QueryCache")="20";
151 ::arg().set("soa-minimum-ttl","Default SOA minimum ttl")="3600";
152 ::arg().set("server-id", "Returned when queried for 'id.server' TXT or NSID, defaults to hostname - disabled or custom")="";
153 ::arg().set("soa-refresh-default","Default SOA refresh")="10800";
154 ::arg().set("soa-retry-default","Default SOA retry")="3600";
155 ::arg().set("soa-expire-default","Default SOA expire")="604800";
156 ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
157 ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
158 ::arg().set("dnssec-key-cache-ttl","Seconds to cache DNSSEC keys from the database")="30";
159 ::arg().set("domain-metadata-cache-ttl","Seconds to cache domain metadata from the database")="60";
160
161 ::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")="";
162 ::arg().set("slave-renotify", "If we should send out notifications for slaved updates")="no";
163 ::arg().set("forward-notify", "IP addresses to forward received notifications to regardless of master or slave settings")="";
164
165 ::arg().set("default-ttl","Seconds a result is valid if not set otherwise")="3600";
166 ::arg().set("max-tcp-connections","Maximum number of TCP connections")="20";
167 ::arg().set("max-tcp-connections-per-client","Maximum number of simultaneous TCP connections per client")="0";
168 ::arg().set("max-tcp-transactions-per-conn")="0";
169 ::arg().set("max-tcp-connection-duration")="0";
170 ::arg().set("tcp-idle-timeout")="5";
171
172 ::arg().setSwitch("no-shuffle","Set this to prevent random shuffling of answers - for regression testing")="off";
173
174 ::arg().set("setuid","If set, change user id to this uid for more security")="";
175 ::arg().set("setgid","If set, change group id to this gid for more security")="";
176
177 ::arg().set("max-cache-entries", "Maximum number of entries in the query cache")="1000000";
178 ::arg().set("max-packet-cache-entries", "Maximum number of entries in the packet cache")="1000000";
179 ::arg().set("max-signature-cache-entries", "Maximum number of signatures cache entries")="";
180 ::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a zone")="100000";
181 ::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom";
182
183 ::arg().set("lua-prequery-script", "Lua script with prequery handler (DO NOT USE)")="";
184 ::arg().set("lua-dnsupdate-policy-script", "Lua script with DNS update policy handler")="";
185
186 ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
187 ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
188 ::arg().set("default-ksk-algorithm","Default KSK algorithm")="ecdsa256";
189 ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
190 ::arg().set("default-zsk-algorithm","Default ZSK algorithm")="";
191 ::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0";
192 ::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
193
194 ::arg().set("include-dir","Include *.conf files from this directory");
195 ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
196
197 ::arg().setSwitch("expand-alias", "Expand ALIAS records")="no";
198 ::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR")="no";
199 ::arg().setSwitch("8bit-dns", "Allow 8bit dns queries")="no";
200 ::arg().setSwitch("axfr-lower-serial", "Also AXFR a zone from a master with a lower serial")="no";
201
202 ::arg().set("lua-axfr-script", "Script to be used to edit incoming AXFRs")="";
203 ::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming XFR")="100";
204
205 ::arg().set("tcp-fast-open", "Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size")="0";
206 }
207
208 static time_t s_start=time(0);
209 static uint64_t uptimeOfProcess(const std::string& str)
210 {
211 return time(0) - s_start;
212 }
213
214 static uint64_t getSysUserTimeMsec(const std::string& str)
215 {
216 struct rusage ru;
217 getrusage(RUSAGE_SELF, &ru);
218
219 if(str=="sys-msec") {
220 return (ru.ru_stime.tv_sec*1000ULL + ru.ru_stime.tv_usec/1000);
221 }
222 else
223 return (ru.ru_utime.tv_sec*1000ULL + ru.ru_utime.tv_usec/1000);
224
225 }
226
227 static uint64_t getQCount(const std::string& str)
228 try
229 {
230 int totcount=0;
231 for(DNSDistributor* d : g_distributors) {
232 if(!d)
233 continue;
234 totcount += d->getQueueSize(); // this does locking and other things, so don't get smart
235 }
236 return totcount;
237 }
238 catch(std::exception& e)
239 {
240 L<<Logger::Error<<"Had error retrieving queue sizes: "<<e.what()<<endl;
241 return 0;
242 }
243 catch(PDNSException& e)
244 {
245 L<<Logger::Error<<"Had error retrieving queue sizes: "<<e.reason<<endl;
246 return 0;
247 }
248
249 static uint64_t getLatency(const std::string& str)
250 {
251 return avg_latency;
252 }
253
254 void declareStats(void)
255 {
256 S.declare("udp-queries","Number of UDP queries received");
257 S.declare("udp-do-queries","Number of UDP queries received with DO bit");
258 S.declare("udp-answers","Number of answers sent out over UDP");
259 S.declare("udp-answers-bytes","Total size of answers sent out over UDP");
260 S.declare("udp4-answers-bytes","Total size of answers sent out over UDPv4");
261 S.declare("udp6-answers-bytes","Total size of answers sent out over UDPv6");
262
263 S.declare("udp4-answers","Number of IPv4 answers sent out over UDP");
264 S.declare("udp4-queries","Number of IPv4 UDP queries received");
265 S.declare("udp6-answers","Number of IPv6 answers sent out over UDP");
266 S.declare("udp6-queries","Number of IPv6 UDP queries received");
267 S.declare("overload-drops","Queries dropped because backends overloaded");
268
269 S.declare("rd-queries", "Number of recursion desired questions");
270 S.declare("recursion-unanswered", "Number of packets unanswered by configured recursor");
271 S.declare("recursing-answers","Number of recursive answers sent out");
272 S.declare("recursing-questions","Number of questions sent to recursor");
273 S.declare("corrupt-packets","Number of corrupt packets received");
274 S.declare("signatures", "Number of DNSSEC signatures made");
275 S.declare("tcp-queries","Number of TCP queries received");
276 S.declare("tcp-answers","Number of answers sent out over TCP");
277 S.declare("tcp-answers-bytes","Total size of answers sent out over TCP");
278 S.declare("tcp4-answers-bytes","Total size of answers sent out over TCPv4");
279 S.declare("tcp6-answers-bytes","Total size of answers sent out over TCPv6");
280
281 S.declare("tcp4-queries","Number of IPv4 TCP queries received");
282 S.declare("tcp4-answers","Number of IPv4 answers sent out over TCP");
283
284 S.declare("tcp6-queries","Number of IPv6 TCP queries received");
285 S.declare("tcp6-answers","Number of IPv6 answers sent out over TCP");
286
287
288 S.declare("qsize-q","Number of questions waiting for database attention", getQCount);
289
290 S.declare("dnsupdate-queries", "DNS update packets received.");
291 S.declare("dnsupdate-answers", "DNS update packets successfully answered.");
292 S.declare("dnsupdate-refused", "DNS update packets that are refused.");
293 S.declare("dnsupdate-changes", "DNS update changes to records in total.");
294
295 S.declare("incoming-notifications", "NOTIFY packets received.");
296
297 S.declare("uptime", "Uptime of process in seconds", uptimeOfProcess);
298 S.declare("real-memory-usage", "Actual unique use of memory in bytes (approx)", getRealMemoryUsage);
299 S.declare("fd-usage", "Number of open filedescriptors", getOpenFileDescriptors);
300 #ifdef __linux__
301 S.declare("udp-recvbuf-errors", "UDP 'recvbuf' errors", udpErrorStats);
302 S.declare("udp-sndbuf-errors", "UDP 'sndbuf' errors", udpErrorStats);
303 S.declare("udp-noport-errors", "UDP 'noport' errors", udpErrorStats);
304 S.declare("udp-in-errors", "UDP 'in' errors", udpErrorStats);
305 #endif
306
307 S.declare("sys-msec", "Number of msec spent in system time", getSysUserTimeMsec);
308 S.declare("user-msec", "Number of msec spent in user time", getSysUserTimeMsec);
309 S.declare("meta-cache-size", "Number of entries in the metadata cache", DNSSECKeeper::dbdnssecCacheSizes);
310 S.declare("key-cache-size", "Number of entries in the key cache", DNSSECKeeper::dbdnssecCacheSizes);
311 S.declare("signature-cache-size", "Number of entries in the signature cache", signatureCacheSize);
312
313 S.declare("servfail-packets","Number of times a server-failed packet was sent out");
314 S.declare("latency","Average number of microseconds needed to answer a question", getLatency);
315 S.declare("timedout-packets","Number of packets which weren't answered within timeout set");
316 S.declare("security-status", "Security status based on regular polling");
317 S.declareRing("queries","UDP Queries Received");
318 S.declareRing("nxdomain-queries","Queries for non-existent records within existent domains");
319 S.declareRing("noerror-queries","Queries for existing records, but for type we don't have");
320 S.declareRing("servfail-queries","Queries that could not be answered due to backend errors");
321 S.declareRing("unauth-queries","Queries for domains that we are not authoritative for");
322 S.declareRing("logmessages","Log Messages");
323 S.declareComboRing("remotes","Remote server IP addresses");
324 S.declareComboRing("remotes-unauth","Remote hosts querying domains for which we are not auth");
325 S.declareComboRing("remotes-corrupt","Remote hosts sending corrupt packets");
326 }
327
328 int isGuarded(char **argv)
329 {
330 char *p=strstr(argv[0],"-instance");
331
332 return !!p;
333 }
334
335 void sendout(DNSPacket* a)
336 {
337 if(!a)
338 return;
339
340 N->send(a);
341
342 int diff=a->d_dt.udiff();
343 avg_latency=(int)(0.999*avg_latency+0.001*diff);
344 delete a;
345 }
346
347 //! The qthread receives questions over the internet via the Nameserver class, and hands them to the Distributor for further processing
348 void *qthread(void *number)
349 try
350 {
351 DNSPacket *P;
352 DNSDistributor *distributor = DNSDistributor::Create(::arg().asNum("distributor-threads", 1)); // the big dispatcher!
353 int num = (int)(unsigned long)number;
354 g_distributors[num] = distributor;
355 DNSPacket question(true);
356 DNSPacket cached(false);
357
358 AtomicCounter &numreceived=*S.getPointer("udp-queries");
359 AtomicCounter &numreceiveddo=*S.getPointer("udp-do-queries");
360
361 AtomicCounter &numreceived4=*S.getPointer("udp4-queries");
362
363 AtomicCounter &numreceived6=*S.getPointer("udp6-queries");
364 AtomicCounter &overloadDrops=*S.getPointer("overload-drops");
365
366 int diff;
367 bool logDNSQueries = ::arg().mustDo("log-dns-queries");
368 shared_ptr<UDPNameserver> NS;
369
370 // If we have SO_REUSEPORT then create a new port for all receiver threads
371 // other than the first one.
372 if( number != NULL && N->canReusePort() ) {
373 NS = g_udpReceivers[num];
374 if (NS == nullptr) {
375 NS = N;
376 }
377 } else {
378 NS = N;
379 }
380
381 for(;;) {
382 if(!(P=NS->receive(&question))) { // receive a packet inline
383 continue; // packet was broken, try again
384 }
385
386 numreceived++;
387
388 if(P->d_remote.getSocklen()==sizeof(sockaddr_in))
389 numreceived4++;
390 else
391 numreceived6++;
392
393 if(P->d_dnssecOk)
394 numreceiveddo++;
395
396 if(P->d.qr)
397 continue;
398
399 S.ringAccount("queries", P->qdomain.toLogString()+"/"+P->qtype.getName());
400 S.ringAccount("remotes",P->d_remote);
401 if(logDNSQueries) {
402 string remote;
403 if(P->hasEDNSSubnet())
404 remote = P->getRemote().toString() + "<-" + P->getRealRemote().toString();
405 else
406 remote = P->getRemote().toString();
407 L << Logger::Notice<<"Remote "<< remote <<" wants '" << P->qdomain<<"|"<<P->qtype.getName() <<
408 "', do = " <<P->d_dnssecOk <<", bufsize = "<< P->getMaxReplyLen()<<": ";
409 }
410
411 if((P->d.opcode != Opcode::Notify && P->d.opcode != Opcode::Update) && P->couldBeCached()) {
412 bool haveSomething=PC.get(P, &cached); // does the PacketCache recognize this question?
413 if (haveSomething) {
414 if(logDNSQueries)
415 L<<"packetcache HIT"<<endl;
416 cached.setRemote(&P->d_remote); // inlined
417 cached.setSocket(P->getSocket()); // inlined
418 cached.d_anyLocal = P->d_anyLocal;
419 cached.setMaxReplyLen(P->getMaxReplyLen());
420 cached.d.rd=P->d.rd; // copy in recursion desired bit
421 cached.d.id=P->d.id;
422 cached.commitD(); // commit d to the packet inlined
423 NS->send(&cached); // answer it then inlined
424 diff=P->d_dt.udiff();
425 avg_latency=(int)(0.999*avg_latency+0.001*diff); // 'EWMA'
426 continue;
427 }
428 }
429
430 if(distributor->isOverloaded()) {
431 if(logDNSQueries)
432 L<<"Dropped query, backends are overloaded"<<endl;
433 overloadDrops++;
434 continue;
435 }
436
437 if(logDNSQueries)
438 L<<"packetcache MISS"<<endl;
439
440 try {
441 distributor->question(P, &sendout); // otherwise, give to the distributor
442 }
443 catch(DistributorFatal& df) { // when this happens, we have leaked loads of memory. Bailing out time.
444 _exit(1);
445 }
446 }
447 return 0;
448 }
449 catch(PDNSException& pe)
450 {
451 L<<Logger::Error<<"Fatal error in question thread: "<<pe.reason<<endl;
452 _exit(1);
453 }
454
455 static void* dummyThread(void *)
456 {
457 void* ignore=0;
458 pthread_exit(ignore);
459 }
460
461 static void triggerLoadOfLibraries()
462 {
463 pthread_t tid;
464 pthread_create(&tid, 0, dummyThread, 0);
465 void* res;
466 pthread_join(tid, &res);
467 }
468
469 void mainthread()
470 {
471 Utility::srandom(time(0) ^ getpid());
472
473 int newgid=0;
474 if(!::arg()["setgid"].empty())
475 newgid=Utility::makeGidNumeric(::arg()["setgid"]);
476 int newuid=0;
477 if(!::arg()["setuid"].empty())
478 newuid=Utility::makeUidNumeric(::arg()["setuid"]);
479
480 g_anyToTcp = ::arg().mustDo("any-to-tcp");
481 g_8bitDNS = ::arg().mustDo("8bit-dns");
482
483 DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold"));
484 DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
485
486 PC.setTTL(::arg().asNum("cache-ttl"));
487 PC.setMaxEntries(::arg().asNum("max-packet-cache-entries"));
488 QC.setMaxEntries(::arg().asNum("max-cache-entries"));
489
490 stubParseResolveConf();
491
492 if(!::arg()["chroot"].empty()) {
493 #ifdef HAVE_SYSTEMD
494 char *ns;
495 ns = getenv("NOTIFY_SOCKET");
496 if (ns != nullptr) {
497 L<<Logger::Error<<"Unable to chroot when running from systemd. Please disable chroot= or set the 'Type' for this service to 'simple'"<<endl;
498 exit(1);
499 }
500 #endif
501 triggerLoadOfLibraries();
502 if(::arg().mustDo("master") || ::arg().mustDo("slave"))
503 gethostbyname("a.root-servers.net"); // this forces all lookup libraries to be loaded
504 Utility::dropGroupPrivs(newuid, newgid);
505 if(chroot(::arg()["chroot"].c_str())<0 || chdir("/")<0) {
506 L<<Logger::Error<<"Unable to chroot to '"+::arg()["chroot"]+"': "<<strerror(errno)<<", exiting"<<endl;
507 exit(1);
508 }
509 else
510 L<<Logger::Error<<"Chrooted to '"<<::arg()["chroot"]<<"'"<<endl;
511 } else {
512 Utility::dropGroupPrivs(newuid, newgid);
513 }
514
515 AuthWebServer webserver;
516 Utility::dropUserPrivs(newuid);
517
518 // We need to start the Recursor Proxy before doing secpoll, see issue #2453
519 if(::arg().mustDo("resolver")){
520 DP=new DNSProxy(::arg()["resolver"]);
521 DP->go();
522 }
523
524 try {
525 doSecPoll(true);
526 }
527 catch(...) {}
528
529 // Some sanity checking on default key settings
530 for (const string& algotype : {"ksk", "zsk"}) {
531 int algo, size;
532 if (::arg()["default-"+algotype+"-algorithm"].empty())
533 continue;
534 algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-"+algotype+"-algorithm"]);
535 size = ::arg().asNum("default-"+algotype+"-size");
536 if (algo == -1)
537 L<<Logger::Warning<<"Warning: default-"<<algotype<<"-algorithm set to unknown algorithm: "<<::arg()["default-"+algotype+"-algorithm"]<<endl;
538 else if (algo <= 10 && size == 0)
539 L<<Logger::Warning<<"Warning: default-"<<algotype<<"-algorithm is set to an algorithm ("<<::arg()["default-"+algotype+"-algorithm"]<<") that requires a non-zero default-"<<algotype<<"-size!"<<endl;
540 }
541
542 // NOW SAFE TO CREATE THREADS!
543 dl->go();
544
545 pthread_t qtid;
546
547 if(::arg().mustDo("webserver") || ::arg().mustDo("api"))
548 webserver.go();
549
550 if(::arg().mustDo("slave") || ::arg().mustDo("master") || !::arg()["forward-notify"].empty())
551 Communicator.go();
552
553 if(TN)
554 TN->go(); // tcp nameserver launch
555
556 // fork(); (this worked :-))
557 unsigned int max_rthreads= ::arg().asNum("receiver-threads", 1);
558 g_distributors.resize(max_rthreads);
559 for(unsigned int n=0; n < max_rthreads; ++n)
560 pthread_create(&qtid,0,qthread, reinterpret_cast<void *>(n)); // receives packets
561
562 pthread_create(&qtid,0,carbonDumpThread, 0); // runs even w/o carbon, might change @ runtime
563
564 #ifdef HAVE_SYSTEMD
565 /* If we are here, notify systemd that we are ay-ok! This might have some
566 * timing issues with the backend-threads. e.g. if the initial MySQL connection
567 * is slow and times out (leading to process termination through the backend)
568 * We probably have told systemd already that we have started correctly.
569 */
570 sd_notify(0, "READY=1");
571 #endif
572
573 for(;;) {
574 sleep(1800);
575 try {
576 doSecPoll(false);
577 }
578 catch(...){}
579 }
580
581 L<<Logger::Error<<"Mainthread exiting - should never happen"<<endl;
582 }
Unnamed repository; edit this file 'description' to name the repository.