]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/common_startup.cc
projects / thirdparty / pdns.git / blob
? search:


bd57fc54235208771682b01da17d0c3a1d5e146d
[thirdparty/pdns.git] / pdns / common_startup.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25 #include "common_startup.hh"
26 #include "ws-auth.hh"
27 #include "secpoll-auth.hh"
28 #include <sys/time.h>
29 #include <sys/resource.h>
30 #include "dynhandler.hh"
31 #include "dnsseckeeper.hh"
32 #include "threadname.hh"
33
34 #ifdef HAVE_SYSTEMD
35 #include <systemd/sd-daemon.h>
36 #endif
37
38 bool g_anyToTcp;
39 bool g_8bitDNS;
40 #ifdef HAVE_LUA_RECORDS
41 bool g_doLuaRecord;
42 int g_luaRecordExecLimit;
43 #endif
44 typedef Distributor<DNSPacket,DNSPacket,PacketHandler> DNSDistributor;
45
46 ArgvMap theArg;
47 StatBag S; //!< Statistics are gathered across PDNS via the StatBag class S
48 AuthPacketCache PC; //!< This is the main PacketCache, shared across all threads
49 AuthQueryCache QC;
50 DNSProxy *DP;
51 DynListener *dl;
52 CommunicatorClass Communicator;
53 shared_ptr<UDPNameserver> N;
54 int avg_latency;
55 TCPNameserver *TN;
56 static vector<DNSDistributor*> g_distributors;
57 vector<std::shared_ptr<UDPNameserver> > g_udpReceivers;
58
59 ArgvMap &arg()
60 {
61 return theArg;
62 }
63
64 void declareArguments()
65 {
66 ::arg().set("config-dir","Location of configuration directory (pdns.conf)")=SYSCONFDIR;
67 ::arg().set("config-name","Name of this virtual configuration - will rename the binary image")="";
68 ::arg().set("socket-dir",string("Where the controlsocket will live, ")+LOCALSTATEDIR+" when unset and not chrooted" )="";
69 ::arg().set("module-dir","Default directory for modules")=PKGLIBDIR;
70 ::arg().set("chroot","If set, chroot to this directory for more security")="";
71 ::arg().set("logging-facility","Log under a specific facility")="";
72 ::arg().set("daemon","Operate as a daemon")="no";
73
74 ::arg().set("local-port","The port on which we listen")="53";
75 ::arg().setSwitch("dnsupdate","Enable/Disable DNS update (RFC2136) support. Default is no.")="no";
76 ::arg().setSwitch("write-pid","Write a PID file")="yes";
77 ::arg().set("allow-dnsupdate-from","A global setting to allow DNS updates from these IP ranges.")="127.0.0.0/8,::1";
78 ::arg().setSwitch("send-signed-notify","Send TSIG secured NOTIFY if TSIG key is configured for a domain")="yes";
79 ::arg().set("allow-unsigned-notify","Allow unsigned notifications for TSIG secured domains")="yes"; //FIXME: change to 'no' later
80 ::arg().set("allow-unsigned-supermaster", "Allow supermasters to create zones without TSIG signed NOTIFY")="yes";
81 ::arg().setSwitch("forward-dnsupdate","A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.")="yes";
82 ::arg().setSwitch("log-dns-details","If PDNS should log DNS non-erroneous details")="no";
83 ::arg().setSwitch("log-dns-queries","If PDNS should log all incoming DNS queries")="no";
84 ::arg().set("local-address","Local IP addresses to which we bind")="0.0.0.0";
85 ::arg().setSwitch("local-address-nonexist-fail","Fail to start if one or more of the local-address's do not exist on this server")="yes";
86 ::arg().setSwitch("non-local-bind", "Enable binding to non-local addresses by using FREEBIND / BINDANY socket options")="no";
87 ::arg().set("local-ipv6","Local IP address to which we bind")="::";
88 ::arg().setSwitch("reuseport","Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket")="no";
89 ::arg().setSwitch("local-ipv6-nonexist-fail","Fail to start if one or more of the local-ipv6 addresses do not exist on this server")="yes";
90 ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
91 ::arg().set("query-local-address6","Source IPv6 address for sending queries")="::";
92 ::arg().set("overload-queue-length","Maximum queuelength moving to packetcache only")="0";
93 ::arg().set("max-queue-length","Maximum queuelength before considering situation lost")="5000";
94
95 ::arg().set("retrieval-threads", "Number of AXFR-retrieval threads for slave operation")="2";
96 ::arg().setSwitch("api", "Enable/disable the REST API (including HTTP listener)")="no";
97 ::arg().set("api-key", "Static pre-shared authentication key for access to the REST API")="";
98 ::arg().setSwitch("default-api-rectify","Default API-RECTIFY value for zones")="yes";
99 ::arg().setSwitch("dname-processing", "If we should support DNAME records")="no";
100
101 ::arg().setCmd("help","Provide a helpful message");
102 ::arg().setCmd("version","Output version and compilation date");
103 ::arg().setCmd("config","Provide configuration file on standard output");
104 ::arg().setCmd("list-modules","Lists all modules available");
105 ::arg().setCmd("no-config","Don't parse configuration file");
106
107 ::arg().set("version-string","PowerDNS version in packets - full, anonymous, powerdns or custom")="full";
108 ::arg().set("control-console","Debugging switch - don't use")="no"; // but I know you will!
109 ::arg().set("loglevel","Amount of logging. Higher is more. Do not set below 3")="4";
110 ::arg().set("disable-syslog","Disable logging to syslog, useful when running inside a supervisor that logs stdout")="no";
111 ::arg().set("log-timestamp","Print timestamps in log lines")="yes";
112 ::arg().set("default-soa-name","name to insert in the SOA record if none set in the backend")="a.misconfigured.powerdns.server";
113 ::arg().set("default-soa-mail","mail address to insert in the SOA record if none set in the backend")="";
114 ::arg().set("distributor-threads","Default number of Distributor (backend) threads to start")="3";
115 ::arg().set("signing-threads","Default number of signer threads to start")="3";
116 ::arg().set("receiver-threads","Default number of receiver threads to start")="1";
117 ::arg().set("queue-limit","Maximum number of milliseconds to queue a query")="1500";
118 ::arg().set("resolver","Use this resolver for ALIAS and the internal stub resolver")="no";
119 ::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1232";
120 ::arg().set("disable-tcp","Do not listen to TCP queries")="no";
121
122 ::arg().set("config-name","Name of this virtual configuration - will rename the binary image")="";
123
124 ::arg().set("load-modules","Load this module - supply absolute or relative path")="";
125 ::arg().set("launch","Which backends to launch and order to query them in")="";
126 ::arg().setSwitch("disable-axfr","Disable zonetransfers but do allow TCP queries")="no";
127 ::arg().set("allow-axfr-ips","Allow zonetransfers only to these subnets")="127.0.0.0/8,::1";
128 ::arg().set("only-notify", "Only send AXFR NOTIFY to these IP addresses or netmasks")="0.0.0.0/0,::/0";
129 ::arg().set("also-notify", "When notifying a domain, also notify these nameservers")="";
130 ::arg().set("allow-notify-from","Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.")="0.0.0.0/0,::/0";
131 ::arg().set("slave-cycle-interval","Schedule slave freshness checks once every .. seconds")="60";
132
133 ::arg().set("tcp-control-address","If set, PowerDNS can be controlled over TCP on this address")="";
134 ::arg().set("tcp-control-port","If set, PowerDNS can be controlled over TCP on this address")="53000";
135 ::arg().set("tcp-control-secret","If set, PowerDNS can be controlled over TCP after passing this secret")="";
136 ::arg().set("tcp-control-range","If set, remote control of PowerDNS is possible over these networks only")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10";
137
138 ::arg().setSwitch("slave","Act as a slave")="no";
139 ::arg().setSwitch("master","Act as a master")="no";
140 ::arg().setSwitch("superslave", "Act as a superslave")="no";
141 ::arg().setSwitch("disable-axfr-rectify","Disable the rectify step during an outgoing AXFR. Only required for regression testing.")="no";
142 ::arg().setSwitch("guardian","Run within a guardian process")="no";
143 ::arg().setSwitch("prevent-self-notification","Don't send notifications to what we think is ourself")="yes";
144 ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="yes";
145 ::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no";
146
147 ::arg().setSwitch("webserver","Start a webserver for monitoring (api=yes also enables the HTTP listener)")="no";
148 ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no";
149 ::arg().set("webserver-address","IP Address of webserver/API to listen on")="127.0.0.1";
150 ::arg().set("webserver-port","Port of webserver/API to listen on")="8081";
151 ::arg().set("webserver-password","Password required for accessing the webserver")="";
152 ::arg().set("webserver-allow-from","Webserver/API access is only allowed from these subnets")="127.0.0.1,::1";
153 ::arg().set("webserver-loglevel", "Amount of logging in the webserver (none, normal, detailed)") = "normal";
154
155 ::arg().setSwitch("do-ipv6-additional-processing", "Do AAAA additional processing")="yes";
156 ::arg().setSwitch("query-logging","Hint backends that queries should be logged")="no";
157
158 ::arg().set("carbon-namespace", "If set overwrites the first part of the carbon string")="pdns";
159 ::arg().set("carbon-ourname", "If set, overrides our reported hostname for carbon stats")="";
160 ::arg().set("carbon-instance", "If set overwrites the the instance name default")="auth";
161 ::arg().set("carbon-server", "If set, send metrics in carbon (graphite) format to this server IP address")="";
162 ::arg().set("carbon-interval", "Number of seconds between carbon (graphite) updates")="30";
163
164 ::arg().set("cache-ttl","Seconds to store packets in the PacketCache")="20";
165 ::arg().set("negquery-cache-ttl","Seconds to store negative query results in the QueryCache")="60";
166 ::arg().set("query-cache-ttl","Seconds to store query results in the QueryCache")="20";
167 ::arg().set("soa-minimum-ttl","Default SOA minimum ttl")="3600";
168 ::arg().set("server-id", "Returned when queried for 'id.server' TXT or NSID, defaults to hostname - disabled or custom")="";
169 ::arg().set("soa-refresh-default","Default SOA refresh")="10800";
170 ::arg().set("soa-retry-default","Default SOA retry")="3600";
171 ::arg().set("soa-expire-default","Default SOA expire")="604800";
172 ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
173 ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
174 ::arg().set("dnssec-key-cache-ttl","Seconds to cache DNSSEC keys from the database")="30";
175 ::arg().set("domain-metadata-cache-ttl","Seconds to cache domain metadata from the database")="60";
176
177 ::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")="";
178 ::arg().set("slave-renotify", "If we should send out notifications for slaved updates")="no";
179 ::arg().set("forward-notify", "IP addresses to forward received notifications to regardless of master or slave settings")="";
180
181 ::arg().set("default-ttl","Seconds a result is valid if not set otherwise")="3600";
182 ::arg().set("max-tcp-connections","Maximum number of TCP connections")="20";
183 ::arg().set("max-tcp-connections-per-client","Maximum number of simultaneous TCP connections per client")="0";
184 ::arg().set("max-tcp-transactions-per-conn","Maximum number of subsequent queries per TCP connection")="0";
185 ::arg().set("max-tcp-connection-duration","Maximum time in seconds that a TCP DNS connection is allowed to stay open.")="0";
186 ::arg().set("tcp-idle-timeout","Maximum time in seconds that a TCP DNS connection is allowed to stay open while being idle")="5";
187
188 ::arg().setSwitch("no-shuffle","Set this to prevent random shuffling of answers - for regression testing")="off";
189
190 ::arg().set("setuid","If set, change user id to this uid for more security")="";
191 ::arg().set("setgid","If set, change group id to this gid for more security")="";
192
193 ::arg().set("max-cache-entries", "Maximum number of entries in the query cache")="1000000";
194 ::arg().set("max-packet-cache-entries", "Maximum number of entries in the packet cache")="1000000";
195 ::arg().set("max-signature-cache-entries", "Maximum number of signatures cache entries")="";
196 ::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a zone")="100000";
197 ::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom";
198
199 ::arg().set("lua-prequery-script", "Lua script with prequery handler (DO NOT USE)")="";
200 ::arg().set("lua-dnsupdate-policy-script", "Lua script with DNS update policy handler")="";
201
202 ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
203 ::arg().setSwitch("direct-dnskey","Fetch DNSKEY, CDS and CDNSKEY RRs from backend during DNSKEY or CDS/CDNSKEY synthesis")="no";
204 ::arg().set("default-ksk-algorithm","Default KSK algorithm")="ecdsa256";
205 ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
206 ::arg().set("default-zsk-algorithm","Default ZSK algorithm")="";
207 ::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0";
208 ::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
209
210 ::arg().set("include-dir","Include *.conf files from this directory");
211 ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
212
213 ::arg().setSwitch("expand-alias", "Expand ALIAS records")="no";
214 ::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR")="no";
215 ::arg().setSwitch("8bit-dns", "Allow 8bit dns queries")="no";
216 #ifdef HAVE_LUA_RECORDS
217 ::arg().setSwitch("enable-lua-records", "Process LUA records for all zones (metadata overrides this)")="no";
218 ::arg().set("lua-records-exec-limit", "LUA records scripts execution limit (instructions count). Values <= 0 mean no limit")="1000";
219 #endif
220 ::arg().setSwitch("axfr-lower-serial", "Also AXFR a zone from a master with a lower serial")="no";
221
222 ::arg().set("lua-axfr-script", "Script to be used to edit incoming AXFRs")="";
223 ::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming XFR")="100";
224
225 ::arg().set("tcp-fast-open", "Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size")="0";
226
227 ::arg().set("rng", "Specify the random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.")="auto";
228 }
229
230 static time_t s_start=time(0);
231 static uint64_t uptimeOfProcess(const std::string& str)
232 {
233 return time(0) - s_start;
234 }
235
236 static uint64_t getSysUserTimeMsec(const std::string& str)
237 {
238 struct rusage ru;
239 getrusage(RUSAGE_SELF, &ru);
240
241 if(str=="sys-msec") {
242 return (ru.ru_stime.tv_sec*1000ULL + ru.ru_stime.tv_usec/1000);
243 }
244 else
245 return (ru.ru_utime.tv_sec*1000ULL + ru.ru_utime.tv_usec/1000);
246
247 }
248
249 static uint64_t getQCount(const std::string& str)
250 try
251 {
252 int totcount=0;
253 for(DNSDistributor* d : g_distributors) {
254 if(!d)
255 continue;
256 totcount += d->getQueueSize(); // this does locking and other things, so don't get smart
257 }
258 return totcount;
259 }
260 catch(std::exception& e)
261 {
262 g_log<<Logger::Error<<"Had error retrieving queue sizes: "<<e.what()<<endl;
263 return 0;
264 }
265 catch(PDNSException& e)
266 {
267 g_log<<Logger::Error<<"Had error retrieving queue sizes: "<<e.reason<<endl;
268 return 0;
269 }
270
271 static uint64_t getLatency(const std::string& str)
272 {
273 return avg_latency;
274 }
275
276 void declareStats(void)
277 {
278 S.declare("udp-queries","Number of UDP queries received");
279 S.declare("udp-do-queries","Number of UDP queries received with DO bit");
280 S.declare("udp-answers","Number of answers sent out over UDP");
281 S.declare("udp-answers-bytes","Total size of answers sent out over UDP");
282 S.declare("udp4-answers-bytes","Total size of answers sent out over UDPv4");
283 S.declare("udp6-answers-bytes","Total size of answers sent out over UDPv6");
284
285 S.declare("udp4-answers","Number of IPv4 answers sent out over UDP");
286 S.declare("udp4-queries","Number of IPv4 UDP queries received");
287 S.declare("udp6-answers","Number of IPv6 answers sent out over UDP");
288 S.declare("udp6-queries","Number of IPv6 UDP queries received");
289 S.declare("overload-drops","Queries dropped because backends overloaded");
290
291 S.declare("rd-queries", "Number of recursion desired questions");
292 S.declare("recursion-unanswered", "Number of packets unanswered by configured recursor");
293 S.declare("recursing-answers","Number of recursive answers sent out");
294 S.declare("recursing-questions","Number of questions sent to recursor");
295 S.declare("corrupt-packets","Number of corrupt packets received");
296 S.declare("signatures", "Number of DNSSEC signatures made");
297 S.declare("tcp-queries","Number of TCP queries received");
298 S.declare("tcp-answers","Number of answers sent out over TCP");
299 S.declare("tcp-answers-bytes","Total size of answers sent out over TCP");
300 S.declare("tcp4-answers-bytes","Total size of answers sent out over TCPv4");
301 S.declare("tcp6-answers-bytes","Total size of answers sent out over TCPv6");
302
303 S.declare("tcp4-queries","Number of IPv4 TCP queries received");
304 S.declare("tcp4-answers","Number of IPv4 answers sent out over TCP");
305
306 S.declare("tcp6-queries","Number of IPv6 TCP queries received");
307 S.declare("tcp6-answers","Number of IPv6 answers sent out over TCP");
308
309
310 S.declare("qsize-q","Number of questions waiting for database attention", getQCount);
311
312 S.declare("dnsupdate-queries", "DNS update packets received.");
313 S.declare("dnsupdate-answers", "DNS update packets successfully answered.");
314 S.declare("dnsupdate-refused", "DNS update packets that are refused.");
315 S.declare("dnsupdate-changes", "DNS update changes to records in total.");
316
317 S.declare("incoming-notifications", "NOTIFY packets received.");
318
319 S.declare("uptime", "Uptime of process in seconds", uptimeOfProcess);
320 S.declare("real-memory-usage", "Actual unique use of memory in bytes (approx)", getRealMemoryUsage);
321 S.declare("special-memory-usage", "Actual unique use of memory in bytes (approx)", getSpecialMemoryUsage);
322 S.declare("fd-usage", "Number of open filedescriptors", getOpenFileDescriptors);
323 #ifdef __linux__
324 S.declare("udp-recvbuf-errors", "UDP 'recvbuf' errors", udpErrorStats);
325 S.declare("udp-sndbuf-errors", "UDP 'sndbuf' errors", udpErrorStats);
326 S.declare("udp-noport-errors", "UDP 'noport' errors", udpErrorStats);
327 S.declare("udp-in-errors", "UDP 'in' errors", udpErrorStats);
328 #endif
329
330 S.declare("sys-msec", "Number of msec spent in system time", getSysUserTimeMsec);
331 S.declare("user-msec", "Number of msec spent in user time", getSysUserTimeMsec);
332 S.declare("meta-cache-size", "Number of entries in the metadata cache", DNSSECKeeper::dbdnssecCacheSizes);
333 S.declare("key-cache-size", "Number of entries in the key cache", DNSSECKeeper::dbdnssecCacheSizes);
334 S.declare("signature-cache-size", "Number of entries in the signature cache", signatureCacheSize);
335
336 S.declare("servfail-packets","Number of times a server-failed packet was sent out");
337 S.declare("latency","Average number of microseconds needed to answer a question", getLatency);
338 S.declare("timedout-packets","Number of packets which weren't answered within timeout set");
339 S.declare("security-status", "Security status based on regular polling");
340 S.declareDNSNameQTypeRing("queries","UDP Queries Received");
341 S.declareDNSNameQTypeRing("nxdomain-queries","Queries for non-existent records within existent domains");
342 S.declareDNSNameQTypeRing("noerror-queries","Queries for existing records, but for type we don't have");
343 S.declareDNSNameQTypeRing("servfail-queries","Queries that could not be answered due to backend errors");
344 S.declareDNSNameQTypeRing("unauth-queries","Queries for domains that we are not authoritative for");
345 S.declareRing("logmessages","Log Messages");
346 S.declareComboRing("remotes","Remote server IP addresses");
347 S.declareComboRing("remotes-unauth","Remote hosts querying domains for which we are not auth");
348 S.declareComboRing("remotes-corrupt","Remote hosts sending corrupt packets");
349 }
350
351 int isGuarded(char **argv)
352 {
353 char *p=strstr(argv[0],"-instance");
354
355 return !!p;
356 }
357
358 void sendout(DNSPacket* a)
359 {
360 if(!a)
361 return;
362
363 N->send(a);
364
365 int diff=a->d_dt.udiff();
366 avg_latency=(int)(0.999*avg_latency+0.001*diff);
367 delete a;
368 }
369
370 //! The qthread receives questions over the internet via the Nameserver class, and hands them to the Distributor for further processing
371 void *qthread(void *number)
372 try
373 {
374 setThreadName("pdns/receiver");
375
376 DNSPacket *P;
377 DNSDistributor *distributor = DNSDistributor::Create(::arg().asNum("distributor-threads", 1)); // the big dispatcher!
378 int num = (int)(unsigned long)number;
379 g_distributors[num] = distributor;
380 DNSPacket question(true);
381 DNSPacket cached(false);
382
383 AtomicCounter &numreceived=*S.getPointer("udp-queries");
384 AtomicCounter &numreceiveddo=*S.getPointer("udp-do-queries");
385
386 AtomicCounter &numreceived4=*S.getPointer("udp4-queries");
387
388 AtomicCounter &numreceived6=*S.getPointer("udp6-queries");
389 AtomicCounter &overloadDrops=*S.getPointer("overload-drops");
390
391 int diff;
392 bool logDNSQueries = ::arg().mustDo("log-dns-queries");
393 shared_ptr<UDPNameserver> NS;
394 std::string buffer;
395 buffer.resize(DNSPacket::s_udpTruncationThreshold);
396
397 // If we have SO_REUSEPORT then create a new port for all receiver threads
398 // other than the first one.
399 if( number != NULL && N->canReusePort() ) {
400 NS = g_udpReceivers[num];
401 if (NS == nullptr) {
402 NS = N;
403 }
404 } else {
405 NS = N;
406 }
407
408 for(;;) {
409 if(!(P=NS->receive(&question, buffer))) { // receive a packet inline
410 continue; // packet was broken, try again
411 }
412
413 numreceived++;
414
415 if(P->d_remote.getSocklen()==sizeof(sockaddr_in))
416 numreceived4++;
417 else
418 numreceived6++;
419
420 if(P->d_dnssecOk)
421 numreceiveddo++;
422
423 if(P->d.qr)
424 continue;
425
426 S.ringAccount("queries", P->qdomain, P->qtype);
427 S.ringAccount("remotes",P->d_remote);
428 if(logDNSQueries) {
429 string remote;
430 if(P->hasEDNSSubnet())
431 remote = P->getRemote().toString() + "<-" + P->getRealRemote().toString();
432 else
433 remote = P->getRemote().toString();
434 g_log << Logger::Notice<<"Remote "<< remote <<" wants '" << P->qdomain<<"|"<<P->qtype.getName() <<
435 "', do = " <<P->d_dnssecOk <<", bufsize = "<< P->getMaxReplyLen();
436 if(P->d_ednsRawPacketSizeLimit > 0 && P->getMaxReplyLen() != (unsigned int)P->d_ednsRawPacketSizeLimit)
437 g_log<<" ("<<P->d_ednsRawPacketSizeLimit<<")";
438 g_log<<": ";
439 }
440
441 if((P->d.opcode != Opcode::Notify && P->d.opcode != Opcode::Update) && P->couldBeCached()) {
442 bool haveSomething=PC.get(P, &cached); // does the PacketCache recognize this question?
443 if (haveSomething) {
444 if(logDNSQueries)
445 g_log<<"packetcache HIT"<<endl;
446 cached.setRemote(&P->d_remote); // inlined
447 cached.setSocket(P->getSocket()); // inlined
448 cached.d_anyLocal = P->d_anyLocal;
449 cached.setMaxReplyLen(P->getMaxReplyLen());
450 cached.d.rd=P->d.rd; // copy in recursion desired bit
451 cached.d.id=P->d.id;
452 cached.commitD(); // commit d to the packet inlined
453 NS->send(&cached); // answer it then inlined
454 diff=P->d_dt.udiff();
455 avg_latency=(int)(0.999*avg_latency+0.001*diff); // 'EWMA'
456 continue;
457 }
458 }
459
460 if(distributor->isOverloaded()) {
461 if(logDNSQueries)
462 g_log<<"Dropped query, backends are overloaded"<<endl;
463 overloadDrops++;
464 continue;
465 }
466
467 if(logDNSQueries)
468 g_log<<"packetcache MISS"<<endl;
469
470 try {
471 distributor->question(P, &sendout); // otherwise, give to the distributor
472 }
473 catch(DistributorFatal& df) { // when this happens, we have leaked loads of memory. Bailing out time.
474 _exit(1);
475 }
476 }
477 return 0;
478 }
479 catch(PDNSException& pe)
480 {
481 g_log<<Logger::Error<<"Fatal error in question thread: "<<pe.reason<<endl;
482 _exit(1);
483 }
484
485 static void* dummyThread(void *)
486 {
487 void* ignore=0;
488 pthread_exit(ignore);
489 }
490
491 static void triggerLoadOfLibraries()
492 {
493 pthread_t tid;
494 pthread_create(&tid, 0, dummyThread, 0);
495 void* res;
496 pthread_join(tid, &res);
497 }
498
499 void mainthread()
500 {
501 Utility::srandom();
502
503 int newgid=0;
504 if(!::arg()["setgid"].empty())
505 newgid=Utility::makeGidNumeric(::arg()["setgid"]);
506 int newuid=0;
507 if(!::arg()["setuid"].empty())
508 newuid=Utility::makeUidNumeric(::arg()["setuid"]);
509
510 g_anyToTcp = ::arg().mustDo("any-to-tcp");
511 g_8bitDNS = ::arg().mustDo("8bit-dns");
512 #ifdef HAVE_LUA_RECORDS
513 g_doLuaRecord = ::arg().mustDo("enable-lua-records");
514 g_luaRecordExecLimit = ::arg().asNum("lua-records-exec-limit");
515 #endif
516
517 DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold"));
518 DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
519
520 PC.setTTL(::arg().asNum("cache-ttl"));
521 PC.setMaxEntries(::arg().asNum("max-packet-cache-entries"));
522 QC.setMaxEntries(::arg().asNum("max-cache-entries"));
523
524 stubParseResolveConf();
525
526 if(!::arg()["chroot"].empty()) {
527 #ifdef HAVE_SYSTEMD
528 char *ns;
529 ns = getenv("NOTIFY_SOCKET");
530 if (ns != nullptr) {
531 g_log<<Logger::Error<<"Unable to chroot when running from systemd. Please disable chroot= or set the 'Type' for this service to 'simple'"<<endl;
532 exit(1);
533 }
534 #endif
535 triggerLoadOfLibraries();
536 if(::arg().mustDo("master") || ::arg().mustDo("slave"))
537 gethostbyname("a.root-servers.net"); // this forces all lookup libraries to be loaded
538 Utility::dropGroupPrivs(newuid, newgid);
539 if(chroot(::arg()["chroot"].c_str())<0 || chdir("/")<0) {
540 g_log<<Logger::Error<<"Unable to chroot to '"+::arg()["chroot"]+"': "<<strerror(errno)<<", exiting"<<endl;
541 exit(1);
542 }
543 else
544 g_log<<Logger::Error<<"Chrooted to '"<<::arg()["chroot"]<<"'"<<endl;
545 } else {
546 Utility::dropGroupPrivs(newuid, newgid);
547 }
548
549 AuthWebServer webserver;
550 Utility::dropUserPrivs(newuid);
551
552 if(::arg().mustDo("resolver")){
553 DP=new DNSProxy(::arg()["resolver"]);
554 DP->go();
555 }
556
557 try {
558 doSecPoll(true);
559 }
560 catch(...) {}
561
562 {
563 // Some sanity checking on default key settings
564 bool hadKeyError = false;
565 int kskAlgo{0}, zskAlgo{0};
566 for (const string& algotype : {"ksk", "zsk"}) {
567 int algo, size;
568 if (::arg()["default-"+algotype+"-algorithm"].empty())
569 continue;
570 algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-"+algotype+"-algorithm"]);
571 size = ::arg().asNum("default-"+algotype+"-size");
572 if (algo == -1) {
573 g_log<<Logger::Error<<"Error: default-"<<algotype<<"-algorithm set to unknown algorithm: "<<::arg()["default-"+algotype+"-algorithm"]<<endl;
574 hadKeyError = true;
575 }
576 else if (algo <= 10 && size == 0) {
577 g_log<<Logger::Error<<"Error: default-"<<algotype<<"-algorithm is set to an algorithm ("<<::arg()["default-"+algotype+"-algorithm"]<<") that requires a non-zero default-"<<algotype<<"-size!"<<endl;
578 hadKeyError = true;
579 }
580 if (algotype == "ksk") {
581 kskAlgo = algo;
582 } else {
583 zskAlgo = algo;
584 }
585 }
586 if (hadKeyError) {
587 exit(1);
588 }
589 if (kskAlgo == 0 && zskAlgo != 0) {
590 g_log<<Logger::Error<<"Error: default-zsk-algorithm is set, but default-ksk-algorithm is not set."<<endl;
591 exit(1);
592 }
593 if (zskAlgo != 0 && zskAlgo != kskAlgo) {
594 g_log<<Logger::Error<<"Error: default-zsk-algorithm ("<<::arg()["default-zsk-algorithm"]<<"), when set, can not be different from default-ksk-algorithm ("<<::arg()["default-ksk-algorithm"]<<")."<<endl;
595 exit(1);
596 }
597 }
598
599 // NOW SAFE TO CREATE THREADS!
600 dl->go();
601
602 pthread_t qtid;
603
604 if(::arg().mustDo("webserver") || ::arg().mustDo("api"))
605 webserver.go();
606
607 if(::arg().mustDo("slave") || ::arg().mustDo("master") || !::arg()["forward-notify"].empty())
608 Communicator.go();
609
610 if(TN)
611 TN->go(); // tcp nameserver launch
612
613 // fork(); (this worked :-))
614 unsigned int max_rthreads= ::arg().asNum("receiver-threads", 1);
615 g_distributors.resize(max_rthreads);
616 for(unsigned int n=0; n < max_rthreads; ++n)
617 pthread_create(&qtid,0,qthread, reinterpret_cast<void *>(n)); // receives packets
618
619 pthread_create(&qtid,0,carbonDumpThread, 0); // runs even w/o carbon, might change @ runtime
620
621 #ifdef HAVE_SYSTEMD
622 /* If we are here, notify systemd that we are ay-ok! This might have some
623 * timing issues with the backend-threads. e.g. if the initial MySQL connection
624 * is slow and times out (leading to process termination through the backend)
625 * We probably have told systemd already that we have started correctly.
626 */
627 sd_notify(0, "READY=1");
628 #endif
629
630 for(;;) {
631 sleep(1800);
632 try {
633 doSecPoll(false);
634 }
635 catch(...){}
636 }
637
638 g_log<<Logger::Error<<"Mainthread exiting - should never happen"<<endl;
639 }
Unnamed repository; edit this file 'description' to name the repository.