lua-pdns.o lua-recursor.o randomhelper.o recpacketcache.o dns.o \
reczones.o base32.o nsecrecords.o json.o ws-recursor.o ws-api.o \
version.o responsestats.o webserver.o ext/yahttp/yahttp/reqresp.o ext/yahttp/yahttp/router.o \
-rec-carbon.o
+rec-carbon.o secpoll-recursor.o
REC_CONTROL_OBJECTS=rec_channel.o rec_control.o arguments.o misc.o \
unix_utility.o logger.o qtype.o
reczones.cc \
resolver.hh \
responsestats.cc \
+ secpoll-recursor.cc \
+ secpoll-recuersor.hh \
selectmplexer.cc \
sillyrecords.cc \
statbag.cc \
mplexer.hh \
dns_random.hh lua-pdns.hh lua-recursor.hh namespaces.hh \
recpacketcache.hh base32.hh cachecleaner.hh json.hh version.hh \
-ws-recursor.hh ws-api.hh \
+ws-recursor.hh ws-api.hh secpoll-recursor.hh \
responsestats.hh webserver.hh"
CFILES="syncres.cc misc.cc unix_utility.cc qtype.cc \
sillyrecords.cc lua-pdns.cc lua-recursor.cc randomhelper.cc \
devpollmplexer.cc recpacketcache.cc dns.cc reczones.cc base32.cc nsecrecords.cc \
dnslabeltext.cc json.cc ws-recursor.cc ws-api.cc version.cc dns_random.cc \
-responsestats.cc webserver.cc rec-carbon.cc"
+responsestats.cc webserver.cc rec-carbon.cc secpoll-recursor.cc"
cd docs
make pdns_recursor.1 rec_control.1
The data returned is in one of the following forms:
- * NXDOMAIN or resolution failure -> -1
- * "0 Ok" -> 0
- * "1 Upgrade recommended for security reasons, see http://powerdns.com/..." -> 1
- * "2 Upgrade mandatory for security reasons, see http://powerdns.com/..." -> 2
-
-In cases 1 or 2, periodic logging commences. The metric security-status is
-set to 1 or 2 respectively. If at a later date, resolution fails, the
-security-status is not reset to 0. It could be lowered however if we
+ * NXDOMAIN or resolution failure -> 0
+ * "1 Ok" -> 1
+ * "2 Upgrade recommended for security reasons, see http://powerdns.com/..." -> 2
+ * "3 Upgrade mandatory for security reasons, see http://powerdns.com/..." -> 3
+
+In cases 2 or 3, periodic logging commences. The metric security-status is
+set to 2 or 3 respectively. If at a later date, resolution fails, the
+security-status is not reset to 1. It could be lowered however if we
discover the security status is less urgent than we thought.
-If resolution fails, and the previous security-status was 0, the new
-security-status becomes -1 ('no data'). If the security-status was higher
-than 0, it will remain that way, and not get set to -1.
+If resolution fails, and the previous security-status was 1, the new
+security-status becomes 0 ('no data'). If the security-status was higher
+than 1, it will remain that way, and not get set to 0.
-In this way, security-status of -1 really means 'no data', and can not mask
+In this way, security-status of 0 really means 'no data', and can not mask
a known problem.
## Distributions
#include "lua-recursor.hh"
#include "version.hh"
#include "responsestats.hh"
-
+#include "secpoll-recursor.hh"
#ifndef RECURSOR
#include "statbag.hh"
StatBag S;
static void houseKeeping(void *)
try
{
- static __thread time_t last_stat, last_rootupdate, last_prune;
+ static __thread time_t last_stat, last_rootupdate, last_prune, last_secpoll;
static __thread int cleanCounter=0;
struct timeval now;
Utility::gettimeofday(&now, 0);
last_prune=time(0);
}
- if(!t_id) {
- if(now.tv_sec - last_stat >= 1800) {
- doStats();
- last_stat=time(0);
- }
- }
-
if(now.tv_sec - last_rootupdate > 7200) {
SyncRes sr(now);
sr.setDoEDNS0(true);
else
L<<Logger::Error<<"Failed to update . records, RCODE="<<res<<endl;
}
+
+ if(!t_id) {
+ if(now.tv_sec - last_stat >= 1800) {
+ doStats();
+ last_stat=time(0);
+ }
+
+ if(now.tv_sec - last_secpoll >= 1800) {
+ doSecPoll(&last_secpoll);
+ }
+ }
+
+
}
catch(PDNSException& ae)
{
::arg().set("minimum-ttl-override", "Set under adverse conditions, a minimum TTL")="0";
::arg().set("include-dir","Include *.conf files from this directory")="";
+ ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
::arg().setCmd("help","Provide a helpful message");
::arg().setCmd("version","Print version string");
#include "lock.hh"
#include "responsestats.hh"
#include "version_generated.h"
+#include "secpoll-recursor.hh"
#include "namespaces.hh"
pthread_mutex_t g_carbon_config_lock=PTHREAD_MUTEX_INITIALIZER;
addGetStat("failed-host-entries", boost::bind(getFailedHostsSize));
addGetStat("concurrent-queries", boost::bind(getConcurrentQueries));
+ addGetStat("security-status", &g_security_status);
addGetStat("outgoing-timeouts", &SyncRes::s_outgoingtimeouts);
addGetStat("tcp-outqueries", &SyncRes::s_tcpoutqueries);
addGetStat("all-outqueries", &SyncRes::s_outqueries);
projects / thirdparty / pdns.git / commitdiff
