Add setting and metric

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Thu, 8 May 2025 10:25:36 +0000 (12:25 +0200)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Wed, 28 May 2025 14:12:52 +0000 (16:12 +0200)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Thu, 8 May 2025 10:25:36 +0000 (12:25 +0200)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Wed, 28 May 2025 14:12:52 +0000 (16:12 +0200)
diff --git a/pdns/recursordist/RECURSOR-MIB.txt b/pdns/recursordist/RECURSOR-MIB.txt

index f80eab30c0dffcc45ba9be152e47fc77ae6780b3..c41fa681df9c1695f5417f3037f71142f7f148cd 100644 (file)
--- a/pdns/recursordist/RECURSOR-MIB.txt
+++ b/pdns/recursordist/RECURSOR-MIB.txt
@@ -1250,6 +1250,46 @@ udrEvents OBJECT-TYPE
          "Count of UDR events"
      ::= { stats 148 }
  
+maxChainLength OBJECT-TYPE
+    SYNTAX Counter64
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "Maximum chain length"
+    ::= { stats 149 }
+
+maxChainWeight OBJECT-TYPE
+    SYNTAX Counter64
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "Maximum chain weight"
+    ::= { stats 150 }
+
+chainLimits OBJECT-TYPE
+    SYNTAX Counter64
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "Chain limits reached"
+    ::= { stats 151 }
+
+tcpOverflow OBJECT-TYPE
+    SYNTAX Counter64
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "Incoming TCP limits reached"
+    ::= { stats 152 }
+
+ecsMissing OBJECT-TYPE
+    SYNTAX Counter64
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "Number of answers where ECS info was missing"
+    ::= { stats 153 }
+
  ---
  --- Traps / Notifications
  ---
@@ -1445,7 +1485,12 @@ recGroup OBJECT-GROUP
          packetCacheContended,
          packetCacheAcquired,
          nodEvents,
-        udrEvents
+        udrEvents,
+        maxChainLength,
+        maxChainWeight,
+        chainLimits,
+        tcpOverflow,
+        ecsMissing
      }
      STATUS current
      DESCRIPTION "Objects conformance group for PowerDNS Recursor"
diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc

index f9ce5444f2329e743c296481ef96a1dd38cb2e37..11cf2fa90a4f881e957f5986618054e9dc102012 100644 (file)
--- a/pdns/recursordist/lwres.cc
+++ b/pdns/recursordist/lwres.cc
@@ -58,7 +58,7 @@
  thread_local TCPOutConnectionManager t_tcp_manager;
  std::shared_ptr<Logr::Logger> g_slogout;
  bool g_paddingOutgoing;
-bool g_ECSHardening{false};
+bool g_ECSHardening;
  
  void remoteLoggerQueueData(RemoteLoggerInterface& r, const std::string& data)
  {
diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc

index b23214a9b98fcb3731a5c54e90201c37cf85ff3c..bb0f21f5669bffc115f95aa69c4f723396cd5794 100644 (file)
--- a/pdns/recursordist/rec-main.cc
+++ b/pdns/recursordist/rec-main.cc
@@ -2147,6 +2147,7 @@ static int serviceMain(Logr::log_t log)
    }
    g_paddingTag = ::arg().asNum("edns-padding-tag");
    g_paddingOutgoing = ::arg().mustDo("edns-padding-out");
+  g_ECSHardening = ::arg().mustDo("edns-subnet-harden");
  
    RecThreadInfo::setNumDistributorThreads(::arg().asNum("distributor-threads"));
    RecThreadInfo::setNumUDPWorkerThreads(::arg().asNum("threads"));
diff --git a/pdns/recursordist/settings/table.py b/pdns/recursordist/settings/table.py

index 135b90e27969bf9a3e409c2583f11ca0ef6ee10e..a706407a10ef32f96ad797d4246902a7a89116f7 100644 (file)
--- a/pdns/recursordist/settings/table.py
+++ b/pdns/recursordist/settings/table.py
@@ -939,6 +939,18 @@ By default, this option is empty, meaning no EDNS Client Subnet information is s
   ''',
      'versionadded': '4.5.0'
      },
+    {
+        'name' : 'edns_subnet_harden',
+        'section' : 'outgoing',
+        'type' : LType.Bool,
+        'default' : 'false',
+        'help' : 'Do more strict checking or EDNS Client Subnet information returned by authoritative servers',
+        'doc' : '''
+Do more strict checking or EDNS Client Subnet information returned by authoritative servers.
+Answers missing ECS information will be ignored and followed up by an ECS-less query.
+ ''',
+    'versionadded': ['5.2.x', '5.1.x', '5.0.x']
+    },
      {
          'name' : 'entropy_source',
          'section' : 'recursor',
diff --git a/regression-tests.recursor-dnssec/test_SNMP.py b/regression-tests.recursor-dnssec/test_SNMP.py

index 4ad78640cbcc442e8edabbb80d79e3d70c98533b..e0f67ba43577344c057af0af5888a90fc4c876c1 100644 (file)
--- a/regression-tests.recursor-dnssec/test_SNMP.py
+++ b/regression-tests.recursor-dnssec/test_SNMP.py
@@ -21,7 +21,7 @@ class TestSNMP(RecursorTest):
      """
  
      def _checkStatsValues(self, results):
-        count = 148
+        count = 153
          for i in list(range(1, count)):
              oid = self._snmpOID + '.1.' + str(i) + '.0'
              self.assertTrue(oid in results)
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Thu, 8 May 2025 10:25:36 +0000 (12:25 +0200)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Wed, 28 May 2025 14:12:52 +0000 (16:12 +0200)
pdns/recursordist/RECURSOR-MIB.txt		patch \| blob \| blame \| history
pdns/recursordist/lwres.cc		patch \| blob \| blame \| history
pdns/recursordist/rec-main.cc		patch \| blob \| blame \| history
pdns/recursordist/settings/table.py		patch \| blob \| blame \| history
regression-tests.recursor-dnssec/test_SNMP.py		patch \| blob \| blame \| history