Number of AXFR slave threads to start.
-## `send-root-referral`
-* Boolean or `lean`
-* Default: no
-
-if set, PowerDNS will send out old-fashioned root-referrals when queried for
-domains for which it is not authoritative. Wastes some bandwidth but may solve
-incoming query floods if domains are delegated to you for which you are not
-authoritative, but which are queried by broken recursors. It is possible to
-specify 'lean' root referrals, which waste less bandwidth.
-
## `setgid`
* String
#!/usr/bin/env bash
../../../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \
---no-shuffle --launch=lua --send-root-referral --loglevel=9 \
+--no-shuffle --launch=lua --loglevel=9 \
--config-dir=./ --cache-ttl=0 --negquery-cache-ttl=0 --query-cache-ttl=0 --recursive-cache-ttl=0
cd ../../regression-tests
../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=../regression-tests/named.conf \
- --query-logging --send-root-referral --loglevel=0 \
+ --query-logging --loglevel=0 \
--cache-ttl=0 --no-config --local-address=127.0.0.1 \
--bind-ignore-broken-records=yes --module-dir=modules &
::arg().setSwitch("master","Act as a master")="no";
::arg().setSwitch("disable-axfr-rectify","Disable the rectify step during an outgoing AXFR. Only required for regression testing.")="no";
::arg().setSwitch("guardian","Run within a guardian process")="no";
- ::arg().setSwitch("send-root-referral","Send out old-fashioned root-referral instead of ServFail in case of no authority")="no";
::arg().setSwitch("prevent-self-notification","Don't send notifications to what we think is ourself")="yes";
::arg().setSwitch("webserver","Start a webserver for monitoring")="no";
::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no";
NetmaskGroup PacketHandler::s_allowNotifyFrom;
extern string s_programname;
-enum root_referral {
- NO_ROOT_REFERRAL,
- LEAN_ROOT_REFERRAL,
- FULL_ROOT_REFERRAL
-};
-
PacketHandler::PacketHandler():B(s_programname), d_dk(&B)
{
++s_count;
d_doRecursion= ::arg().mustDo("recursor");
d_logDNSDetails= ::arg().mustDo("log-dns-details");
d_doIPv6AdditionalProcessing = ::arg().mustDo("do-ipv6-additional-processing");
- d_sendRootReferral = ::arg().mustDo("send-root-referral")
- ? ( pdns_iequals(::arg()["send-root-referral"], "lean") ? LEAN_ROOT_REFERRAL : FULL_ROOT_REFERRAL )
- : NO_ROOT_REFERRAL;
string fname= ::arg()["lua-prequery-script"];
if(fname.empty())
{
DLOG(L<<Logger::Error<<"PacketHandler destructor called - "<<s_count<<" left"<<endl);
}
-void PacketHandler::addRootReferral(DNSPacket* r)
-{
- // nobody reads what we output, but it appears to be the magic that shuts some nameservers up
- static const char*ips[]={"198.41.0.4", "192.228.79.201", "192.33.4.12", "199.7.91.13", "192.203.230.10", "192.5.5.241", "192.112.36.4", "198.97.190.53",
- "192.36.148.17","192.58.128.30", "193.0.14.129", "199.7.83.42", "202.12.27.33"};
- static char templ[40];
- strncpy(templ,"a.root-servers.net", sizeof(templ) - 1);
-
- // add . NS records
- DNSResourceRecord rr;
- rr.qname = DNSName(".");
- rr.qtype=QType::NS;
- rr.ttl=518400;
- rr.d_place=DNSResourceRecord::AUTHORITY;
-
- for(char c='a';c<='m';++c) {
- *templ=c;
- rr.content=templ;
- r->addRecord(rr);
- }
-
- if( d_sendRootReferral == LEAN_ROOT_REFERRAL )
- return;
-
- // add the additional stuff
-
- rr.ttl=3600000;
- rr.qtype=QType::A;
- rr.d_place=DNSResourceRecord::ADDITIONAL;
-
- for(char c='a';c<='m';++c) {
- *templ=c;
- rr.qname=DNSName(templ);
- rr.content=ips[c-'a'];
- r->addRecord(rr);
- }
-}
-
/**
* This adds CDNSKEY records to the answer packet. Returns true if one was added.
*
return 0;
}
- if(!retargetcount)
+ if(!retargetcount) {
r->setA(false); // drop AA if we never had a SOA in the first place
- if( d_sendRootReferral != NO_ROOT_REFERRAL ) {
- DLOG(L<<Logger::Warning<<"Adding root-referral"<<endl);
- addRootReferral(r);
- }
- else {
- if (!retargetcount)
- r->setRcode(RCode::Refused); // send REFUSED - but only on empty 'no idea'
+ r->setRcode(RCode::Refused); // send REFUSED - but only on empty 'no idea'
}
goto sendit;
}
#
# security-poll-suffix=secpoll.powerdns.com.
-#################################
-# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority
-#
-# send-root-referral=no
-
#################################
# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
#
return packet;
}
-
-vector<uint8_t> makeRootReferral()
-{
- vector<uint8_t> packet;
- DNSPacketWriter pw(packet, DNSName("outpost.ds9a.nl"), QType::SOA);
-
- // nobody reads what we output, but it appears to be the magic that shuts some nameservers up
- static const char*ips[]={"198.41.0.4", "192.228.79.201", "192.33.4.12", "199.7.91.13", "192.203.230.10", "192.5.5.241", "192.112.36.4", "198.97.190.53",
- "192.36.148.17","192.58.128.30", "193.0.14.129", "199.7.83.42", "202.12.27.33"};
- static char templ[40];
- strncpy(templ,"a.root-servers.net", sizeof(templ) - 1);
-
-
- for(char c='a';c<='m';++c) {
- *templ=c;
- pw.startRecord(DNSName(), QType::NS, 3600, 1, DNSResourceRecord::AUTHORITY);
- DNSRecordContent* drc = DNSRecordContent::mastermake(QType::NS, 1, templ);
- drc->toPacket(pw);
- delete drc;
- }
-
- for(char c='a';c<='m';++c) {
- *templ=c;
- pw.startRecord(DNSName(), QType::A, 3600, 1, DNSResourceRecord::ADDITIONAL);
- DNSRecordContent* drc = DNSRecordContent::mastermake(QType::A, 1, ips[c-'a']);
- drc->toPacket(pw);
- delete drc;
- }
- pw.commit();
- return packet;
-
-}
-
vector<uint8_t> makeTypicalReferral()
{
vector<uint8_t> packet;
return packet;
}
-
-
-struct RootRefTest
-{
- string getName() const
- {
- return "write rootreferral";
- }
-
- void operator()() const
- {
- vector<uint8_t> packet=makeRootReferral();
- }
-
-};
-
struct StackMallocTest
{
string getName() const
doRun(StackMallocTest());
- vector<uint8_t> packet = makeRootReferral();
- doRun(ParsePacketBareTest(packet, "root-referral"));
- doRun(ParsePacketTest(packet, "root-referral"));
-
- doRun(RootRefTest());
-
doRun(EmptyQueryTest());
doRun(TypicalRefTest());
named_conf.write(AUTH_CONF_TPL)
subprocess.check_call(["../pdns/pdnsutil", "--config-dir=.", "secure-zone", "powerdnssec.org"])
- pdnscmd = ("../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ --no-shuffle --send-root-referral --dnsupdate=yes --cache-ttl=0 --config-dir=. --api=yes --webserver=yes --webserver-port="+WEBPORT+" --webserver-address=127.0.0.1 --webserver-password=something --api-key="+APIKEY).split()
+ pdnscmd = ("../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ --no-shuffle --dnsupdate=yes --cache-ttl=0 --config-dir=. --api=yes --webserver=yes --webserver-port="+WEBPORT+" --webserver-address=127.0.0.1 --webserver-password=something --api-key="+APIKEY).split()
else:
conf_dir = 'rec-conf.d'
$PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=edns-packet-cache/named.conf \
- --send-root-referral --cache-ttl=60 --no-config --module-dir=../regression-tests/modules &
+ --cache-ttl=60 --no-config --module-dir=../regression-tests/modules &
bindwait
# prime cache without EDNS
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=edns-packet-cache/named.conf \
- --send-root-referral --cache-ttl=60 --no-config --module-dir=../regression-tests/modules &
+ --cache-ttl=60 --no-config --module-dir=../regression-tests/modules &
bindwait
timeout 5 ./edns1/test-edns.py
$PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=lua-policy/named.conf \
--experimental-lua-policy-script=lua-policy/policy.lua \
- --send-root-referral --cache-ttl=60 --no-config --module-dir=../regression-tests/modules &
+ --cache-ttl=60 --no-config --module-dir=../regression-tests/modules &
bindwait
# plain SOA query
$PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=bind,pipe --bind-config=negcache-tests-dotted-cname/named.conf \
--pipe-command=negcache-tests-dotted-cname/pipe.py \
- --send-root-referral --cache-ttl=60 --no-config --module-dir=../regression-tests/modules &
+ --cache-ttl=60 --no-config --module-dir=../regression-tests/modules &
sleep 3
local-port=5502
socket-dir=./
no-shuffle
-send-root-referral
cache-ttl=0
query-cache-ttl=0
module-dir=../regression-tests/modules
{
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --config-dir=. --module-dir=../regression-tests/modules \
--config-name=gsqlite3-master --socket-dir=./ --no-shuffle \
- --send-root-referral --master=yes --local-address=127.0.0.1 --local-ipv6='' \
+ --master=yes --local-address=127.0.0.1 --local-ipv6='' \
--query-local-address=127.0.0.1 --cache-ttl=$cachettl --dname-processing --allow-axfr-ips= &
}
$RUNWRAPPER $PDNS2 --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \
--config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 --local-ipv6='' \
- --send-root-referral --slave --retrieval-threads=4 --slave=yes --query-local-address=127.0.0.2 \
+ --slave --retrieval-threads=4 --slave=yes --query-local-address=127.0.0.2 \
--slave-cycle-interval=300 --allow-unsigned-notify=no --allow-unsigned-supermaster=no &
}
{
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --config-dir=. --module-dir=../regression-tests/modules \
--config-name=gsqlite3-master --socket-dir=./ --no-shuffle \
- --send-root-referral --master=yes --local-address=127.0.0.1 --local-ipv6= \
+ --master=yes --local-address=127.0.0.1 --local-ipv6= \
--query-local-address=127.0.0.1 --cache-ttl=$cachettl --dname-processing --allow-axfr-ips= &
}
$RUNWRAPPER $PDNS2 --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \
--config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 --local-ipv6= \
- --send-root-referral --slave --retrieval-threads=4 --slave=yes --query-local-address=127.0.0.2 \
+ --slave --retrieval-threads=4 --slave=yes --query-local-address=127.0.0.2 \
--slave-cycle-interval=300 --dname-processing &
}
```
$ ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \
--no-shuffle --launch=gmysql --gmysql-dbname=pdnstest --gmysql-user=root \
---fancy-records --query-logging --send-root-referral --loglevel=9 \
+--fancy-records --query-logging --loglevel=9 \
--cache-ttl=0 --no-config
```
```
$ ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=./named.conf \
---fancy-records --query-logging --send-root-referral --loglevel=9 \
+--fancy-records --query-logging --loglevel=9 \
--cache-ttl=0 --no-config
```
$ ./bind-dnssec-setup
$ ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=./named.conf \
---query-logging --send-root-referral --loglevel=9 \
+--query-logging --loglevel=9 \
--cache-ttl=0 --no-config
```
$ ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \
--no-shuffle --launch=gsqlite3 \
--gsqlite3-database=./powerdns.sqlite3 --gsqlite3-dnssec \
---query-logging --send-root-referral --loglevel=9 \
+--query-logging --loglevel=9 \
--cache-ttl=0 --no-config
```
$PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=./named.conf \
- --fancy-records --send-root-referral \
- --cache-ttl=0 --no-config &
+ --fancy-records --cache-ttl=0 --no-config &
bindwait
DNSPERF=$DNSPERF port=$port ./add-zone/stress/dnsperf.sh &
projects / thirdparty / pdns.git / commitdiff
