We describe the use of smart pointers, containers and other wrappers for that purpose below, but first a few words of caution.
Resources stored in a object are only tied to this object if the constructor executes fully and completes properly.
If an exception is raised in the constructor's body, the object is not created and therefore the destructor will not be called.
-This means that if the object has non-object members holding resources, like raw file descriptors or raw C-style pointers, they need to be explicitly released before raising the exception, otherwise they are lost or leaked.
+This means that if the object has non-object members holding resources, like raw file descriptors or raw C-style pointers, they need to be explicitly released before raising the exception; otherwise, they are lost or leaked.
```C++
class BadFileDescriptorWrapper
### `--run-output`
This argument can be a little unclear. It is only applicable when
-`--test` is also supplied and `--verbose` is *NOT* supplied, otherwise
+`--test` is also supplied and `--verbose` is *NOT* supplied; otherwise,
it is ignored.
Since run output is not a lot when testing releases it can be nice to
- option to test a specific release version and not just the latest
- maybe:
- make error codes we get for building and running containers
- readable if we can find a lib for this, otherwise it requires too
+ readable if we can find a lib for this; otherwise, it requires too
much maintenance
- `errno` http://joeyh.name/code/moreutils/
- parameter to test all the things! (this can currently easily done
--binddn=ADMIN_DN > update.ldif
The parameter "host" and "basedn" are mandatory, "binddn" is optional.
-If "binddn" is given, the script will prompt for a password, otherwise
+If "binddn" is given, the script will prompt for a password; otherwise,
an anonymous bind is executed. The updates in LDIF format are written to
stdout and can be redirected to a file.
- DNSName domain - Domain to get info for
OUTPUT:
- Return false if not supported or found, otherwise expects a table with keys:
+ Return false if not supported or found; otherwise, expects a table with keys:
- string account - Associated account of this domain (default: <empty>)
- string kind - Domain kind (NATIVE,MASTER,SLAVE) (default: NATIVE)
Get domain information for all domains.
OUTPUT:
- Return false if not supported or found, otherwise return a table of string,
+ Return false if not supported or found; otherwise, return a table of string,
domaininfo. See :ref:`dns_get_domaininfo() <backends_lua2_dns_get_domaininfo>`.
NOTES:
- DNSName domain - Domain to get key(s) for
OUTPUT:
- Return false if not found or supported, otherwise expects array of tables with keys:
+ Return false if not found or supported; otherwise, expects array of tables with keys:
- int id - Key ID
- int flags - Key flags
~~~~~~~~
Lists all records for the zonename. If you are running DNSSEC, you
-should take care of setting auth to appropriate value, otherwise things
+should take care of setting auth to appropriate value; otherwise, things
can go wrong.
- Mandatory: no (gives AXFR support)
authorization. The Lua script is to contain at least function called
``updatepolicy`` which accepts one parameter. This parameter is an
object, containing all the information for the request. To permit
-change, return true, otherwise return false. The script is called for
+change, return true; otherwise, return false. The script is called for
each record at a time and you can approve or reject any or all.
The object has following methods available:
cookie *COOKIE*
if *COOKIE* is ``-`` send a random client cookie. Otherwise send the given cookie, which should be a hex string received from a server earlier.
traceid *TraceID*
- include a TraceID and an empty SpanID value into the EDNS data. If TraceID is ``-``, a random TraceID is generated, otherwise it is a hex string.
+ include a TraceID and an empty SpanID value into the EDNS data. If TraceID is ``-``, a random TraceID is generated; otherwise, it is a hex string.
Examples
--------
- Target backend must support same features as source from set of
domains, zones, metadata, DNSSEC and TSIG. See :doc:`Backend
Capabilities <backends/index>`
-- There must be no data in the target backend, otherwise the migration
+- There must be no data in the target backend; otherwise, the migration
will fail. This is checked.
You can perform live upgrade with this tool, provided you follow the
- name: "cookie_hashing"
type: "bool"
default: "false"
- description: "If true, EDNS Cookie values will be hashed, resulting in separate entries for different cookies in the packet cache. This is required if the backend is sending answers with EDNS Cookies, otherwise a client might receive an answer with the wrong cookie"
+ description: "If true, EDNS Cookie values will be hashed, resulting in separate entries for different cookies in the packet cache. This is required if the backend is sending answers with EDNS Cookies; otherwise, a client might receive an answer with the wrong cookie"
- name: "maximum_entry_size"
type: "u32"
default: "4096"
to be able to process all accepted queries.
Setting ``maxInFlight`` to a value greater than zero on :func:`newServer` changes that, and up to ``maxInFlight``
queries can be sent to a backend simultaneously over the same TCP connection. This of course requires the
-backend to actually process incoming queries out-of-order, otherwise the latency will be considerably increased,
+backend to actually process incoming queries out-of-order; otherwise, the latency will be considerably increased,
leading to timeouts and degraded service.
As of 1.6.0, only queries from the same incoming client connection will be sent to a server over a single
* ``staleTTL=60``: int - When the backend servers are not reachable, and global configuration ``setStaleCacheEntriesTTL`` is set appropriately, TTL that will be used when a stale cache entry is returned.
* ``temporaryFailureTTL=60``: int - On a SERVFAIL or REFUSED from the backend, cache for this amount of seconds.
* ``truncatedTTL=0``: int - On a truncated (TC=1, no records) response from the backend, cache for this amount of seconds. 0, the default, means that truncated answers are not cached.
- * ``cookieHashing=false``: bool - If true, EDNS Cookie values will be hashed, resulting in separate entries for different cookies in the packet cache. This is required if the backend is sending answers with EDNS Cookies, otherwise a client might receive an answer with the wrong cookie.
+ * ``cookieHashing=false``: bool - If true, EDNS Cookie values will be hashed, resulting in separate entries for different cookies in the packet cache. This is required if the backend is sending answers with EDNS Cookies; otherwise, a client might receive an answer with the wrong cookie.
* ``skipOptions={}``: Extra list of EDNS option codes to skip when hashing the packet (if ``cookieHashing`` above is false, EDNS cookie option number will be added to this list internally).
* ``maximumEntrySize=4096``: int - The maximum size, in bytes, of a DNS packet that can be inserted into the packet cache. Default is 4096 bytes, which was the fixed size before 1.9.0, and is also a hard limit for UDP responses.
* ``payloadRanks={}``: List of payload size used when hashing the packet. The list will be sorted in ascending order and searched to find a lower bound value for the payload size in the packet. If found then it will be used for packet hashing. Values less than 512 or greater than ``maximumEntrySize`` above will be discarded. This option is to enable cache entry sharing between clients using different payload sizes when needed.
1.5.x to 1.6.0
--------------
-The packet cache no longer hashes EDNS Cookies by default, which means that two queries that are identical except for the content of their cookie will now be served the same answer. This only works if the backend is not returning any answer containing EDNS Cookies, otherwise the wrong cookie might be returned to a client. To prevent this, the ``cookieHashing=true`` parameter might be passed to :func:`newPacketCache` so that cookies are hashed, resulting in separate entries in the packet cache.
+The packet cache no longer hashes EDNS Cookies by default, which means that two queries that are identical except for the content of their cookie will now be served the same answer. This only works if the backend is not returning any answer containing EDNS Cookies; otherwise, the wrong cookie might be returned to a client. To prevent this, the ``cookieHashing=true`` parameter might be passed to :func:`newPacketCache` so that cookies are hashed, resulting in separate entries in the packet cache.
All TCP worker threads are now created at startup, instead of being created on-demand. The existing behaviour was useful for very small setups but did not scale quickly to a large amount of TCP connections.
The new behaviour can cause a noticeable increase of TCP connections between dnsdist and its backends, as the TCP connections are not shared between TCP worker threads.
:pullreq: 6209
:tickets: 6212
- Fix to make ``primeHints`` threadsafe, otherwise there's a small
+ Fix to make ``primeHints`` threadsafe; otherwise, there's a small
chance on startup that the root-server IPs will be incorrect.
.. change::
* ``maxQueuedEntries=100``: int - How many entries will be kept in memory if the server becomes unreachable
* ``reconnectWaitTime=1``: int - How long to wait, in seconds, between two reconnection attempts
* ``taggedOnly=false``: bool - Only entries with a policy or a policy tag set will be sent
- * ``asyncConnect``: bool - When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds, otherwise the connection is done in a separate thread, after the first message has been queued
+ * ``asyncConnect``: bool - When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds; otherwise, the connection is done in a separate thread, after the first message has been queued
* ``logQueries=true``: bool - Whether to export queries
* ``logResponses=true``: bool - Whether to export responses
* ``exportTypes={'A', 'AAAA', 'CNAME'}``: list of strings - The list of record types found in the answer section to export. Record types A, AAAA, CNAME, MX, NS, PTR, SPF, SRV and TXT are supported.
:param int maskV4: network mask to apply to the client IPv4 addresses, for anonymization purposes. The default of 32 means no anonymization.
:param int maskV6: Same as maskV4, but for IPv6. Defaults to 128.
:param bool taggedOnly: Only entries with a policy or a policy tag set will be sent.
- :param bool asyncConnect: When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds, otherwise the connection is done in a separate thread, after the first message has been queued..
+ :param bool asyncConnect: When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds; otherwise, the connection is done in a separate thread, after the first message has been queued..
.. function:: setProtobufMasks(maskv4, maskV6)
* ``timeout=2``: int - Time in seconds to wait when sending a message
* ``maxQueuedEntries=100``: int - How many entries will be kept in memory if the server becomes unreachable
* ``reconnectWaitTime=1``: int - How long to wait, in seconds, between two reconnection attempts
- * ``asyncConnect``: bool - When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds, otherwise the connection is done in a separate thread, after the first message has been queued
+ * ``asyncConnect``: bool - When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds; otherwise, the connection is done in a separate thread, after the first message has been queued
* ``logQueries=true``: bool - Whether to export queries
* ``logResponses=true``: bool - Whether to export responses
* ``exportTypes={'A', 'AAAA', 'CNAME'}``: list of strings or qtypes - The list of record types found in the answer section to export. Record types A, AAAA, CNAME, MX, NS, PTR, SPF, SRV and TXT are supported
:param int timeout: Time in seconds to wait when sending a message
:param int maxQueuedEntries: How many entries will be kept in memory if the server becomes unreachable
:param int reconnectWaitTime: How long to wait, in seconds, between two reconnection attempts
- :param bool asyncConnect: When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds, otherwise the connection is done in a separate thread, after the first message has been queued..
+ :param bool asyncConnect: When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds; otherwise, the connection is done in a separate thread, after the first message has been queued..
Protocol Buffers Definition
---------------------------
At the moment of writing, some Google operated nameservers (both recursive and authoritative) indicate Fast Open support in the TCP handshake, but do not accept the cookie they sent previously and send a new one for each connection.
Google is working to fix this.
-If you operate an anycast pool of machines, make them share the TCP Fast Open Key by setting the ``net.ipv4.tcp_fastopen_key`` sysctl, otherwise you will create a similar issue some Google servers have.
+If you operate an anycast pool of machines, make them share the TCP Fast Open Key by setting the ``net.ipv4.tcp_fastopen_key`` sysctl; otherwise, you will create a similar issue some Google servers have.
To determine a good value for the :ref:`setting-yaml-incoming.tcp_fast_open` setting, watch the ``TCPFastOpenListenOverflow`` metric.
If this value increases often, the value might be too low for your traffic, but note that increasing it will use kernel resources.
.. versionchanged:: 5.3.0 The aliases ``defpol_override_local_data``, ``extended_error_code``, ``extended_error_extra``, ``include_soa``, ``ignore_duplicates``, ``policy_name``, ``overriddes_gettag``, ``zone_size_hint``, ``max_received_bytes``, ``local_address``, ``axfr_timeout``, ``dump_file``, ``seed_file`` have been introduced.
-If ``addresses`` is empty, the ``name`` field specifies the path name of the RPZ, otherwise the ``name`` field defines the name of the RPZ.
+If ``addresses`` is empty, the ``name`` field specifies the path name of the RPZ; otherwise, the ``name`` field defines the name of the RPZ.
Starting with version 5.2.0, names instead of IP addresess can be used for ``addresses`` if
:ref:`setting-yaml-recursor.system_resolver_ttl` is set.
configs/10.0.3.8: up (pid 1138) 13 seconds
configs/recursor-service: up (pid 1140) 13 seconds
-(They all need to be up more than a few seconds, otherwise they might be
+(They all need to be up more than a few seconds; otherwise, they might be
crashing on startup. Check the per-service `logfile` if something is wrong).
Run the tests:
projects / thirdparty / pdns.git / commitdiff
