From: Josh Soref Date: Sun, 23 Feb 2020 11:13:15 +0000 (-0500) Subject: spelling: [API] deserialize X-Git-Tag: dnsdist-1.5.0-rc1~2^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ef2ea4bfc5f80a8e1de0fb1ec4db33656fb83bf6;p=thirdparty%2Fpdns.git spelling: [API] deserialize spelling: across spelling: acted spelling: added spelling: address spelling: advantageous spelling: against spelling: algorithms spelling: answers spelling: authoritative spelling: availability spelling: boundaries spelling: boundary spelling: cannot spelling: canonical spelling: capability spelling: choices spelling: combination spelling: comboring spelling: comparison spelling: constraints spelling: constructor spelling: contain spelling: convenience spelling: current spelling: delegation spelling: dependency spelling: distribution spelling: doesnotexist spelling: dropping spelling: everything spelling: example spelling: existence spelling: explicitly spelling: extremely spelling: from spelling: housekeeping spelling: idonotexist spelling: ipfilter spelling: issuing spelling: logging spelling: message spelling: method spelling: modified spelling: must spelling: name spelling: negative spelling: obtaining spelling: occurred spelling: omitted spelling: overridden spelling: password spelling: policy spelling: positives spelling: possibility spelling: preresolve spelling: probabilistic spelling: prohibitively spelling: protocol spelling: provider spelling: public spelling: repeatedly spelling: repositories spelling: responding spelling: response spelling: several spelling: should spelling: sizing spelling: supplied spelling: support spelling: synthesized spelling: the spelling: transaction spelling: usually spelling: visitor --- diff --git a/build-scripts/changelog-from-pr.py b/build-scripts/changelog-from-pr.py index 981f646bc0..e4cc4095a2 100755 --- a/build-scripts/changelog-from-pr.py +++ b/build-scripts/changelog-from-pr.py @@ -75,7 +75,7 @@ for pr in arguments.pullrequest: except (requests.exceptions.HTTPError, ValueError) as e: print(e) sys.exit(1) - if 'name'in user_info: + if 'name' in user_info: out += ' ({})'.format(user_info['name']) else: out += ' (@{})'.format(user_info['login']) diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.init b/builder-support/debian/recursor/debian-buster/pdns-recursor.init index 61fc03220d..8b0f44ed3e 100644 --- a/builder-support/debian/recursor/debian-buster/pdns-recursor.init +++ b/builder-support/debian/recursor/debian-buster/pdns-recursor.init @@ -61,7 +61,7 @@ stop() { # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped -# other if a failure occured +# other if a failure occurred start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 diff --git a/builder-support/debian/recursor/debian-buster/rules b/builder-support/debian/recursor/debian-buster/rules index 2f0ffd17a1..2956517fe7 100755 --- a/builder-support/debian/recursor/debian-buster/rules +++ b/builder-support/debian/recursor/debian-buster/rules @@ -2,7 +2,7 @@ DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) # Enable hardening features for daemons -# Note: blhc (build log hardening check) will find these false positivies: CPPFLAGS 2 missing, LDFLAGS 1 missing +# Note: blhc (build log hardening check) will find these false positives: CPPFLAGS 2 missing, LDFLAGS 1 missing export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow,+pie DPKG_EXPORT_BUILDFLAGS = 1 # Include buildflags.mk so we can append to the vars it sets. diff --git a/builder-support/debian/recursor/debian-jessie/pdns-recursor.init b/builder-support/debian/recursor/debian-jessie/pdns-recursor.init index 61fc03220d..8b0f44ed3e 100644 --- a/builder-support/debian/recursor/debian-jessie/pdns-recursor.init +++ b/builder-support/debian/recursor/debian-jessie/pdns-recursor.init @@ -61,7 +61,7 @@ stop() { # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped -# other if a failure occured +# other if a failure occurred start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 diff --git a/builder-support/debian/recursor/debian-jessie/rules b/builder-support/debian/recursor/debian-jessie/rules index e6951a3be3..63ce9f2b5f 100755 --- a/builder-support/debian/recursor/debian-jessie/rules +++ b/builder-support/debian/recursor/debian-jessie/rules @@ -2,7 +2,7 @@ DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) # Enable hardening features for daemons -# Note: blhc (build log hardening check) will find these false positivies: CPPFLAGS 2 missing, LDFLAGS 1 missing +# Note: blhc (build log hardening check) will find these false positives: CPPFLAGS 2 missing, LDFLAGS 1 missing export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow,+pie DPKG_EXPORT_BUILDFLAGS = 1 # Include buildflags.mk so we can append to the vars it sets. diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.init b/builder-support/debian/recursor/debian-stretch/pdns-recursor.init index 61fc03220d..8b0f44ed3e 100644 --- a/builder-support/debian/recursor/debian-stretch/pdns-recursor.init +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.init @@ -61,7 +61,7 @@ stop() { # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped -# other if a failure occured +# other if a failure occurred start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 diff --git a/builder-support/debian/recursor/debian-stretch/rules b/builder-support/debian/recursor/debian-stretch/rules index 2f0ffd17a1..2956517fe7 100755 --- a/builder-support/debian/recursor/debian-stretch/rules +++ b/builder-support/debian/recursor/debian-stretch/rules @@ -2,7 +2,7 @@ DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) # Enable hardening features for daemons -# Note: blhc (build log hardening check) will find these false positivies: CPPFLAGS 2 missing, LDFLAGS 1 missing +# Note: blhc (build log hardening check) will find these false positives: CPPFLAGS 2 missing, LDFLAGS 1 missing export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow,+pie DPKG_EXPORT_BUILDFLAGS = 1 # Include buildflags.mk so we can append to the vars it sets. diff --git a/builder-support/dockerfiles/Dockerfile.rpmbuild b/builder-support/dockerfiles/Dockerfile.rpmbuild index 85bb0940cf..f3fd7a0f29 100644 --- a/builder-support/dockerfiles/Dockerfile.rpmbuild +++ b/builder-support/dockerfiles/Dockerfile.rpmbuild @@ -57,7 +57,7 @@ RUN touch /var/lib/rpm/* && if $(grep -q 'release 6' /etc/redhat-release); then fi @ENDIF -# mv accross layers with overlay2 is buggy in some kernel versions (results in empty dirs) +# mv across layers with overlay2 is buggy in some kernel versions (results in empty dirs) # See: https://github.com/moby/moby/issues/33733 #RUN mv /root/rpmbuild/RPMS/* /dist/ RUN cp -R /root/rpmbuild/RPMS/* /dist/ diff --git a/builder-support/dockerfiles/Dockerfile.target.amazon-2 b/builder-support/dockerfiles/Dockerfile.target.amazon-2 index 32b7953b9a..bda6eb1fff 100644 --- a/builder-support/dockerfiles/Dockerfile.target.amazon-2 +++ b/builder-support/dockerfiles/Dockerfile.target.amazon-2 @@ -1,7 +1,7 @@ # First do the source builds @INCLUDE Dockerfile.target.sdist -# This defines the dstribution base layer +# This defines the distribution base layer # Put only the bare minimum of common commands here, without dev tools FROM amazonlinux:2 as dist-base ARG BUILDER_CACHE_BUSTER= diff --git a/builder-support/dockerfiles/Dockerfile.target.centos-6 b/builder-support/dockerfiles/Dockerfile.target.centos-6 index 28e73cf160..fd89ccd9f2 100644 --- a/builder-support/dockerfiles/Dockerfile.target.centos-6 +++ b/builder-support/dockerfiles/Dockerfile.target.centos-6 @@ -1,7 +1,7 @@ # First do the source builds @INCLUDE Dockerfile.target.sdist -# This defines the dstribution base layer +# This defines the distribution base layer # Put only the bare minimum of common commands here, without dev tools FROM centos:6 as dist-base ARG BUILDER_CACHE_BUSTER= diff --git a/builder-support/dockerfiles/Dockerfile.target.centos-7 b/builder-support/dockerfiles/Dockerfile.target.centos-7 index 68acb73001..4e62d693c6 100644 --- a/builder-support/dockerfiles/Dockerfile.target.centos-7 +++ b/builder-support/dockerfiles/Dockerfile.target.centos-7 @@ -1,7 +1,7 @@ # First do the source builds @INCLUDE Dockerfile.target.sdist -# This defines the dstribution base layer +# This defines the distribution base layer # Put only the bare minimum of common commands here, without dev tools FROM centos:7 as dist-base ARG BUILDER_CACHE_BUSTER= diff --git a/builder-support/dockerfiles/Dockerfile.target.centos-8 b/builder-support/dockerfiles/Dockerfile.target.centos-8 index 02316043cb..4134de4b62 100644 --- a/builder-support/dockerfiles/Dockerfile.target.centos-8 +++ b/builder-support/dockerfiles/Dockerfile.target.centos-8 @@ -1,7 +1,7 @@ # First do the source builds @INCLUDE Dockerfile.target.sdist -# This defines the dstribution base layer +# This defines the distribution base layer # Put only the bare minimum of common commands here, without dev tools FROM centos:8 as dist-base ARG BUILDER_CACHE_BUSTER= diff --git a/docs/backends/generic-mysql.rst b/docs/backends/generic-mysql.rst index 5d8b591637..af424212e7 100644 --- a/docs/backends/generic-mysql.rst +++ b/docs/backends/generic-mysql.rst @@ -36,7 +36,7 @@ assumes this layout is in place. For full migration notes, please see for master, slave and superslave operation. When using the InnoDB storage engine, we suggest adding foreign key -contraints to the tables in order to automate deletion of records, key +constraints to the tables in order to automate deletion of records, key material, and other information upon deletion of a domain from the domains table. The following SQL does the job: @@ -130,7 +130,7 @@ Use the InnoDB READ-COMMITTED transaction isolation level. Default: yes. ^^^^^^^^^^^^^^^^^^ .. versionadded:: 4.2.1 -Send the CLIENT_SSL capabily flag to the server. SSL suppport is announced by the server via CLIENT_SSL and is enabled if the client returns the same capability. Default: no. +Send the CLIENT_SSL capability flag to the server. SSL support is announced by the server via CLIENT_SSL and is enabled if the client returns the same capability. Default: no. .. _setting-gmysql-timeout: diff --git a/docs/backends/ldap.rst b/docs/backends/ldap.rst index dfc43d7a5d..ba2e2a938d 100644 --- a/docs/backends/ldap.rst +++ b/docs/backends/ldap.rst @@ -381,7 +381,7 @@ Reverse lookups Currently there are two options: Set ``ldap-method`` to ``strict`` to have the code automatically derive PTR records from A and AAAA records in the tree. Or, in ``simple`` and ``tree`` modes, create additional -objects explictly mapping each address to a PTR record. +objects explicitly mapping each address to a PTR record. For ``strict`` or ``simple`` modes, first create an object with an SOA record for the reverse-lookup zone(s) corresponding to the A and AAAA @@ -429,7 +429,7 @@ Tree mode requires each component to be a dc element of its own: associateddomain:1.0.1.10.in-addr.arpa To use this kind of record, add the dnsdomain2 schema to the -configuration of ther LDAP server. +configuration of the LDAP server. **CAUTION:** ``ldap-method=strict`` can not be used if zone transfers (AXFR) are needed to other name servers. Distributing zones can only be diff --git a/docs/backends/lmdb.rst b/docs/backends/lmdb.rst index 36aa329b57..cc86d8733b 100644 --- a/docs/backends/lmdb.rst +++ b/docs/backends/lmdb.rst @@ -53,7 +53,7 @@ Synchronisation mode: sync, nosync, nometasync, mapasync Default: mapasync * ``sync``: LMDB synchronous mode. Safest option, but also slightly slower. Can also be enabled with ``lmdb-sync-mode=`` -* ``nosync``: don't flush systems buffers to disk when committing a transation. +* ``nosync``: don't flush systems buffers to disk when committing a transaction. This means a system crash can corrupt the database or lose the last transactions if buffers are not yet flushed to disk. * ``nometasync``: flush system buffers to disk only once per transaction, omit the metadata flush. This maintains database integrity, but can potentially lose the last committed transaction if the operating system crashes. * ``mapasync``: (default). Use asynchronous flushes to disk. As with nosync, a system crash can then corrupt the database or lose the last transactions. diff --git a/docs/changelog/4.0.rst b/docs/changelog/4.0.rst index 6915b5d8f9..330f3fb139 100644 --- a/docs/changelog/4.0.rst +++ b/docs/changelog/4.0.rst @@ -122,7 +122,7 @@ Bug fixes integers 16 bits, fixes `#5443 `__ - `#5346 `__: configure.ac: - Corrects syntax error in test statement on existance of + Corrects syntax error in test statement on existence of libcrypto\_ecdsa (shinsterneck) - `#5440 `__: configure.ac: Fix quoting issue fixes diff --git a/docs/changelog/4.1.rst b/docs/changelog/4.1.rst index dc346d6483..262486268e 100644 --- a/docs/changelog/4.1.rst +++ b/docs/changelog/4.1.rst @@ -883,7 +883,7 @@ Changelogs for 4.1.x Existing zone files may now be interpreted differently. Specifically, where we previously used the SOA minimum field for the default - TTL if none was set explictly, or no $TTL was set, we now use the TTL from + TTL if none was set explicitly, or no $TTL was set, we now use the TTL from the previous line. .. change:: diff --git a/docs/changelog/4.2.rst b/docs/changelog/4.2.rst index b02102f4ee..659610fef3 100644 --- a/docs/changelog/4.2.rst +++ b/docs/changelog/4.2.rst @@ -1432,7 +1432,7 @@ Changelogs for 4.2.x :pullreq: 5361 :tickets: 3602 - Make requests always return to sender, for usage in multimaster slave zones. Also - made sure that the master that is questioned for updates will be selected randomly, to prevent repeatidally asking a dead master for updates. + Make requests always return to sender, for usage in multimaster slave zones. Also - made sure that the master that is questioned for updates will be selected randomly, to prevent repeatedly asking a dead master for updates. .. change:: :tags: Improvements, API diff --git a/docs/changelog/pre-4.0.rst b/docs/changelog/pre-4.0.rst index fc7f8a70f7..cfe61afaa3 100644 --- a/docs/changelog/pre-4.0.rst +++ b/docs/changelog/pre-4.0.rst @@ -722,7 +722,7 @@ Changes between RC2 and 3.4.0: - `commit 016d810 `__: improve postgresql detection during ./configure - `commit dce1e90 `__: - DNAME: don't sign the synthesised CNAME + DNAME: don't sign the synthesized CNAME - `commit 25e7af3 `__: send empty SERVFAIL after a backend throws a DBException, instead of including useless content diff --git a/docs/dnssec/profile.rst b/docs/dnssec/profile.rst index 4321d59c5f..dbe94322ec 100644 --- a/docs/dnssec/profile.rst +++ b/docs/dnssec/profile.rst @@ -58,5 +58,5 @@ while not strictly conforming to :rfc:`6979`. .. note:: Actual supported algorithms depend on the crypto-libraries - PowerDNS was compiled against. To check the supported DNSSEC algoritms + PowerDNS was compiled against. To check the supported DNSSEC algorithms in your build of PowerDNS, run ``pdnsutil list-algorithms``. diff --git a/docs/http-api/tsigkey.rst b/docs/http-api/tsigkey.rst index 5509e21d56..dce4448684 100644 --- a/docs/http-api/tsigkey.rst +++ b/docs/http-api/tsigkey.rst @@ -18,7 +18,7 @@ Generating a new TSIG key {"name": "mytsigkey", "algorithm": "hmac-sha256"} -Will yield a response similar to this (several headers ommitted): +Will yield a response similar to this (several headers omitted): .. code-block:: http diff --git a/docs/lua-records/reference/dnsname.rst b/docs/lua-records/reference/dnsname.rst index 2707269e27..95e06e381d 100644 --- a/docs/lua-records/reference/dnsname.rst +++ b/docs/lua-records/reference/dnsname.rst @@ -3,7 +3,7 @@ DNSName objects ^^^^^^^^^^^^^^^ -A :class:`DNSName` object represents a name in the DNS. It has serveral functions that can manipulate it without conversions to strings. +A :class:`DNSName` object represents a name in the DNS. It has several functions that can manipulate it without conversions to strings. Creating a ``DNSName`` is done with the :func:`newDN`:: myname = newDN("www.example.com") @@ -37,7 +37,7 @@ Functions and methods of a ``DNSName`` .. method:: DNSName:canonCompare(name) -> bool - Performs a comparaison of DNS names in canonical order. + Performs a comparison of DNS names in canonical order. Returns true if the DNSName comes before ``name``. See https://tools.ietf.org/html/rfc4034#section-6 @@ -92,7 +92,7 @@ Functions and methods of a ``DNSName`` .. method:: DNSName::equal(name) -> bool - Perform a comparaison of the DNSName to the given ``name``. + Perform a comparison of the DNSName to the given ``name``. You can also compare directly two DNSName objects using the ``==`` operator diff --git a/docs/lua-records/reference/netmask.rst b/docs/lua-records/reference/netmask.rst index 57f311c26b..f50ad8f101 100644 --- a/docs/lua-records/reference/netmask.rst +++ b/docs/lua-records/reference/netmask.rst @@ -118,4 +118,4 @@ Prefixing a mask with ``!`` excludes that mask from matching. Returns true if ``address`` matches any of the masks in the group. - :param ComboAddress address: The IP addres to match the netmasks against. + :param ComboAddress address: The IP address to match the netmasks against. diff --git a/docs/manpages/nsec3dig.1.rst b/docs/manpages/nsec3dig.1.rst index 12c7bb810a..9bf04214ef 100644 --- a/docs/manpages/nsec3dig.1.rst +++ b/docs/manpages/nsec3dig.1.rst @@ -17,4 +17,4 @@ bit in the query. Example ------- -``nsec3dig 8.8.8.8 53 doesntexist.isoc.nl TXT recurse`` +``nsec3dig 8.8.8.8 53 doesnotexist.isoc.nl TXT recurse`` diff --git a/docs/manpages/pdns_server.1.rst b/docs/manpages/pdns_server.1.rst index ceb86f12a6..9ee765ae15 100644 --- a/docs/manpages/pdns_server.1.rst +++ b/docs/manpages/pdns_server.1.rst @@ -29,7 +29,7 @@ See the online documentation for all options --loglevel= Set the logging level. --config Show the currently configuration. There are three optional values: --config=default show the default configuration. - --config=diff show modified options in the curent configuration. + --config=diff show modified options in the current configuration. --config=check parse the current configuration, with error checking. --help To view more options that are available use this program. diff --git a/docs/manpages/pdnsutil.1.rst b/docs/manpages/pdnsutil.1.rst index b8a3baa596..46ad08a2e4 100644 --- a/docs/manpages/pdnsutil.1.rst +++ b/docs/manpages/pdnsutil.1.rst @@ -253,10 +253,10 @@ bench-db [*FILE*] OTHER TOOLS ----------- -ipencrypt *IP-ADDRESS* passsword +ipencrypt *IP-ADDRESS* password Encrypt an IP address according to the 'ipcipher' standard -ipdecrypt *IP-ADDRESS* passsword +ipdecrypt *IP-ADDRESS* password Encrypt an IP address according to the 'ipcipher' standard See also diff --git a/docs/manpages/sdig.1.rst b/docs/manpages/sdig.1.rst index a2a89d0a15..3fc868b96c 100644 --- a/docs/manpages/sdig.1.rst +++ b/docs/manpages/sdig.1.rst @@ -50,5 +50,5 @@ Simple queries to local resolvers sdig ::1 53 example.com A recurse Query to a DNS-over-HTTPS server requesting dnssec and recursion - sdig https://dns.somesample.net/dns-query 443 example.com A dnssec recurse + sdig https://dns.example.net/dns-query 443 example.com A dnssec recurse diff --git a/docs/settings.rst b/docs/settings.rst index 5fbdbcbabc..fc9fccd7eb 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -359,7 +359,7 @@ to enable DNSSEC. Must be one of: .. note:: Actual supported algorithms depend on the crypto-libraries - PowerDNS was compiled against. To check the supported DNSSEC algoritms + PowerDNS was compiled against. To check the supported DNSSEC algorithms in your build of PowerDNS, run ``pdnsutil list-algorithms``. .. _setting-default-ksk-size: @@ -482,7 +482,7 @@ to enable DNSSEC. Must be one of: .. note:: Actual supported algorithms depend on the crypto-libraries - PowerDNS was compiled against. To check the supported DNSSEC algoritms + PowerDNS was compiled against. To check the supported DNSSEC algorithms in your build of PowerDNS, run ``pdnsutil list-algorithms``. .. _setting-default-zsk-size: @@ -665,7 +665,7 @@ Entropy source file to use. .. versionadded:: 4.1.0 -If this is enabled, ALIAS records are expanded (synthesised to their +If this is enabled, ALIAS records are expanded (synthesized to their A/AAAA). If this is disabled (the default), ALIAS records will not be expanded and @@ -1224,7 +1224,7 @@ default has been "yes" since 2005. - Boolean - Default: no -If this is enabled, ALIAS records are expanded (synthesised to their +If this is enabled, ALIAS records are expanded (synthesized to their A/AAAA) during outgoing AXFR. This means slaves will not automatically follow changes in those A/AAAA records unless you AXFR regularly! @@ -1393,7 +1393,7 @@ it is disabled by default. - String - Default: auto -Specify which random number generator to use. Permissible choises are: +Specify which random number generator to use. Permissible choices are: - auto - choose automatically - sodium - Use libsodium ``randombytes_uniform`` @@ -1404,7 +1404,7 @@ Specify which random number generator to use. Permissible choises are: - kiss - Use simple settable deterministic RNG. **FOR TESTING PURPOSES ONLY!** .. note:: - Not all choises are available on all systems. + Not all choices are available on all systems. .. _setting-security-poll-suffix: diff --git a/ext/luawrapper/include/LuaContext.hpp b/ext/luawrapper/include/LuaContext.hpp index b4c9ef15e4..ce0c37441d 100644 --- a/ext/luawrapper/include/LuaContext.hpp +++ b/ext/luawrapper/include/LuaContext.hpp @@ -1427,7 +1427,7 @@ private: if (pcallReturnValue != 0) { PushedObject errorCode{state, 1}; - // an error occured during execution, either an error message or a std::exception_ptr was pushed on the stack + // an error occurred during execution, either an error message or a std::exception_ptr was pushed on the stack if (pcallReturnValue == LUA_ERRMEM) { throw std::bad_alloc{}; diff --git a/modules/ldapbackend/ldapauthenticator.cc b/modules/ldapbackend/ldapauthenticator.cc index e28f3e6bfc..031d5fe097 100644 --- a/modules/ldapbackend/ldapauthenticator.cc +++ b/modules/ldapbackend/ldapauthenticator.cc @@ -118,7 +118,7 @@ bool LdapGssapiAuthenticator::authenticate( LDAP *conn ) return false; } else if ( code == -2 ) { - // Here it may be possible to retry after obtainting a fresh ticket + // Here it may be possible to retry after obtaining a fresh ticket g_log<serialize(domain, false); } -std::shared_ptr unserializeContentZR(uint16_t qtype, const DNSName& qname, const std::string& content) +std::shared_ptr deserializeContentZR(uint16_t qtype, const DNSName& qname, const std::string& content) { if(qtype == QType::A && content.size() == 4) { return std::make_shared(*((uint32_t*)content.c_str())); } - return DNSRecordContent::unserialize(qname, qtype, content); + return DNSRecordContent::deserialize(qname, qtype, content); } @@ -653,7 +653,7 @@ bool LMDBBackend::get(DNSZoneRecord& rr) rr.dr.d_name = compoundOrdername::getQName(key) + d_lookupdomain; rr.domain_id = compoundOrdername::getDomainID(key); rr.dr.d_ttl = drr.ttl; - rr.dr.d_content = unserializeContentZR(rr.dr.d_type, rr.dr.d_name, drr.content); + rr.dr.d_content = deserializeContentZR(rr.dr.d_type, rr.dr.d_name, drr.content); rr.auth = drr.auth; if(d_getcursor->next(keyv, val) || keyv.get().rfind(d_matchkey, 0) != 0) { diff --git a/modules/remotebackend/httpconnector.cc b/modules/remotebackend/httpconnector.cc index 675f1076b1..ce42ca7932 100644 --- a/modules/remotebackend/httpconnector.cc +++ b/modules/remotebackend/httpconnector.cc @@ -399,7 +399,7 @@ int HTTPConnector::recv_message(Json& output) { throw NetworkError(std::string(strerror(rd))); arl.feed(std::string(buffer, rd)); } - // timeout occured. + // timeout occurred. if (arl.ready() == false) throw NetworkError("timeout"); } catch (NetworkError &ne) { diff --git a/pdns/dns.hh b/pdns/dns.hh index 237975cc32..2201f73926 100644 --- a/pdns/dns.hh +++ b/pdns/dns.hh @@ -96,7 +96,7 @@ public: DNSName wildcardname; string content; //!< what this record points to. Example: 10.1.2.3 - // Aligned on 8-byte boundries on systems where time_t is 8 bytes and int + // Aligned on 8-byte boundaries on systems where time_t is 8 bytes and int // is 4 bytes, aka modern linux on x86_64 time_t last_modified; //!< For autocalculating SOA serial numbers - the backend needs to fill this in diff --git a/pdns/dns_random.cc b/pdns/dns_random.cc index 5618e13904..b6c70a46f0 100644 --- a/pdns/dns_random.cc +++ b/pdns/dns_random.cc @@ -64,7 +64,7 @@ static void kiss_init(unsigned int seed) { kiss_seed = seed; - kiss_jsr = 0x5eed5eed; /* simply musn't be 0 */ + kiss_jsr = 0x5eed5eed; /* simply mustn't be 0 */ kiss_z = 1 ^ (kiss_w = kiss_jcong = seed); /* w=z=0 is bad, see Rose */ } diff --git a/pdns/dnscrypt.cc b/pdns/dnscrypt.cc index 71535acdf6..653156a00a 100644 --- a/pdns/dnscrypt.cc +++ b/pdns/dnscrypt.cc @@ -504,7 +504,7 @@ void DNSCryptQuery::getDecrypted(bool tcp, char* packet, uint16_t packetSize, ui unsigned char nonce[DNSCRYPT_NONCE_SIZE]; static_assert(sizeof(nonce) == (2* sizeof(d_header.clientNonce)), "Nonce should be larger than clientNonce (half)"); - static_assert(sizeof(d_header.clientPK) == DNSCRYPT_PUBLIC_KEY_SIZE, "Client Publick key size is not right"); + static_assert(sizeof(d_header.clientPK) == DNSCRYPT_PUBLIC_KEY_SIZE, "Client Public key size is not right"); static_assert(sizeof(d_pair->privateKey.key) == DNSCRYPT_PRIVATE_KEY_SIZE, "Private key size is not right"); memcpy(nonce, &d_header.clientNonce, sizeof(d_header.clientNonce)); diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index b1ec405a10..fcee1ce2cf 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -348,7 +348,7 @@ const std::vector g_consoleKeywords{ { "addDNSCryptBind", true, "\"127.0.0.1:8443\", \"provider name\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", {reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}", "listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of `provider name`, using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter is a table of parameters" }, { "addDOHLocal", true, "addr, certFile, keyFile [, urls [, vars]]", "listen to incoming DNS over HTTPS queries on the specified address using the specified certificate and key. The last two parameters are tables" }, { "addDynBlocks", true, "addresses, message[, seconds[, action]]", "block the set of addresses with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" }, - { "addDynBlockSMT", true, "names, msessage[, seconds [, action]]", "block the set of names with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" }, + { "addDynBlockSMT", true, "names, message[, seconds [, action]]", "block the set of names with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" }, { "addLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}]", "add `addr` to the list of addresses we listen on" }, { "addCacheHitResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\"}]", "add a cache hit response rule" }, { "addResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\"}]", "add a response rule" }, diff --git a/pdns/dnsdistdist/docs/advanced/acl.rst b/pdns/dnsdistdist/docs/advanced/acl.rst index 9bb82b7f36..806243d018 100644 --- a/pdns/dnsdistdist/docs/advanced/acl.rst +++ b/pdns/dnsdistdist/docs/advanced/acl.rst @@ -42,7 +42,7 @@ So feel free to listen on the magic ``0.0.0.0`` or ``::`` addresses, dnsdist doe Modifying the ACL ----------------- -ACLs can be modfied at runtime from the :ref:`Console`. +ACLs can be modified at runtime from the :ref:`Console`. To inspect the currently active :term:`ACL`, run :func:`showACL`. To add a new network range to the existing ACL, use :func:`addACL`: diff --git a/pdns/dnsdistdist/docs/advanced/ecs.rst b/pdns/dnsdistdist/docs/advanced/ecs.rst index 643f467a02..004ebba58f 100644 --- a/pdns/dnsdistdist/docs/advanced/ecs.rst +++ b/pdns/dnsdistdist/docs/advanced/ecs.rst @@ -3,7 +3,7 @@ Using EDNS Client Subnet In order to provide the downstream server with the address of the real client, or at least the one talking to dnsdist, the ``useClientSubnet`` parameter can be used when creating a :func:`new server `. This parameter indicates whether an EDNS Client Subnet option should be added to the request. -If the incoming request already contains an EDNS Client Subnet value, it will not be overriden unless :func:`setECSOverride` is set to ``true``. +If the incoming request already contains an EDNS Client Subnet value, it will not be overridden unless :func:`setECSOverride` is set to ``true``. The default source prefix-length is 24 for IPv4 and 56 for IPv6, meaning that for a query received from 192.0.2.42, the EDNS Client Subnet value sent to the backend will be 192.0.2.0. This can be changed with :func:`setECSSourcePrefixV4` and :func:`setECSSourcePrefixV6`. diff --git a/pdns/dnsdistdist/docs/changelog.rst b/pdns/dnsdistdist/docs/changelog.rst index a013ccf05c..a1ef261172 100644 --- a/pdns/dnsdistdist/docs/changelog.rst +++ b/pdns/dnsdistdist/docs/changelog.rst @@ -2348,7 +2348,7 @@ Changelog :tags: Improvements, Performance :pullreq: 5185 - Add the possiblity to fill a :class:`NetmaskGroup` (using :meth:`NetmaskGroup:addMask`) from `exceeds*` results. + Add the possibility to fill a :class:`NetmaskGroup` (using :meth:`NetmaskGroup:addMask`) from `exceeds*` results. .. change:: :tags: Improvements diff --git a/pdns/dnsdistdist/docs/glossary.rst b/pdns/dnsdistdist/docs/glossary.rst index 367b1fb25d..43f8f1af15 100644 --- a/pdns/dnsdistdist/docs/glossary.rst +++ b/pdns/dnsdistdist/docs/glossary.rst @@ -8,7 +8,7 @@ Glossary Open Resolver A recursive DNS server available for many hosts on the internet. - Ususally without adequate rate-limiting, allowing it to be used in reflection attacks. + Usually without adequate rate-limiting, allowing it to be used in reflection attacks. QPS Queries Per Second diff --git a/pdns/dnsdistdist/docs/guides/dynblocks.rst b/pdns/dnsdistdist/docs/guides/dynblocks.rst index ff0ad6fdc3..8b3ed9186f 100644 --- a/pdns/dnsdistdist/docs/guides/dynblocks.rst +++ b/pdns/dnsdistdist/docs/guides/dynblocks.rst @@ -19,7 +19,7 @@ They return a table whose key is a :class:`ComboAddress` object, representing th All exceed-functions are documented in the :ref:`Configuration Reference `. Dynamic blocks drop matched queries by default, but this behavior can be changed with :func:`setDynBlocksAction`. -For example, to send a REFUSED code instead of droppping the query:: +For example, to send a REFUSED code instead of dropping the query:: setDynBlocksAction(DNSAction.Refused) diff --git a/pdns/dnsdistdist/docs/guides/webserver.rst b/pdns/dnsdistdist/docs/guides/webserver.rst index 5bf40438b3..ad92a584ac 100644 --- a/pdns/dnsdistdist/docs/guides/webserver.rst +++ b/pdns/dnsdistdist/docs/guides/webserver.rst @@ -12,7 +12,7 @@ Now point your browser at http://127.0.0.1:8083 and log in with any username, an Security of the Webserver ------------------------- -The built-in webserver serves its content from inside the binary, this means it will not and connot read from disk. +The built-in webserver serves its content from inside the binary, this means it will not and cannot read from disk. By default, our web server sends some security-related headers:: @@ -38,7 +38,7 @@ To access the API, the `apikey` must be set in the :func:`webserver` function. Use the API, this key will need to be sent to dnsdist in the ``X-API-Key`` request header. An HTTP 401 response is returned when a wrong or no API key is received. A 404 response is generated is the requested endpoint does not exist. -And a 405 response is returned when the HTTP methos is not allowed. +And a 405 response is returned when the HTTP method is not allowed. URL Endpoints ~~~~~~~~~~~~~ diff --git a/pdns/dnsdistdist/docs/install.rst b/pdns/dnsdistdist/docs/install.rst index 5722fd458b..85344c6df6 100644 --- a/pdns/dnsdistdist/docs/install.rst +++ b/pdns/dnsdistdist/docs/install.rst @@ -2,7 +2,7 @@ Installing dnsdist ================== dnsdist only runs on UNIX-like systems and there are several ways to install dnsdist. -The fastest way is using packages, either from your own operating system vendor or suppied by the PowerDNS project. +The fastest way is using packages, either from your own operating system vendor or supplied by the PowerDNS project. Building from source is also supported. @@ -12,7 +12,7 @@ Installing from Packages If dnsdist is available in your operating system's software repositories, install it from there. However, the version of dnsdist in the repositories might be an older version that might not have a feature that was added in a later version. Or you might want to be brave and try a development snapshot from the master branch. -PowerDNS provides software respositories for the most popular distributions. +PowerDNS provides software repositories for the most popular distributions. Visit https://repo.powerdns.com for more information and installation instructions. Debian diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index f010c67fc4..a5db904eca 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -179,7 +179,7 @@ Listen Sockets * ``interface=""``: str - Set the network interface to use. * ``cpus={}``: table - Set the CPU affinity for this listener thread, asking the scheduler to run it on a single CPU id, or a set of CPU ids. This parameter is only available if the OS provides the pthread_setaffinity_np() function. * ``provider``: str - The TLS library to use between GnuTLS and OpenSSL, if they were available and enabled at compilation time. Default is to use OpenSSL when available. - * ``ciphers``: str - The TLS ciphers to use. The exact format depends on the provider used. When the OpenSSL provder is used, ciphers for TLS 1.3 must be specified via ``ciphersTLS13``. + * ``ciphers``: str - The TLS ciphers to use. The exact format depends on the provider used. When the OpenSSL provider is used, ciphers for TLS 1.3 must be specified via ``ciphersTLS13``. * ``ciphersTLS13``: str - The ciphers to use for TLS 1.3, when the OpenSSL provider is used. When the GnuTLS provider is used, ``ciphers`` applies regardless of the TLS protocol and this setting is not used. * ``numberOfTicketsKeys``: int - The maximum number of tickets keys to keep in memory at the same time, if the provider supports it (GnuTLS doesn't, OpenSSL does). Only one key is marked as active and used to encrypt new tickets while the remaining ones can still be used to decrypt existing tickets after a rotation. Default to 5. * ``ticketKeyFile``: str - The path to a file from where TLS tickets keys should be loaded, to support RFC 5077. These keys should be rotated often and never written to persistent storage to preserve forward secrecy. The default is to generate a random key. The OpenSSL provider supports several tickets keys to be able to decrypt existing sessions after the rotation, while the GnuTLS provider only supports one key. @@ -1150,7 +1150,7 @@ faster than the existing rules. :param string reason: The message to show next to the blocks :param int blockingTime: The number of seconds this block to expire :param int action: The action to take when the dynamic block matches, see :ref:`here `. (default to the one set with :func:`setDynBlocksAction`) - :param function vistitor: The Lua function to call. + :param function visitor: The Lua function to call. .. method:: DynBlockRulesGroup:setSuffixMatchRuleFFI(seconds, reason, blockingTime, action , visitor) @@ -1164,7 +1164,7 @@ faster than the existing rules. :param string reason: The message to show next to the blocks :param int blockingTime: The number of seconds this block to expire :param int action: The action to take when the dynamic block matches, see :ref:`here `. (default to the one set with :func:`setDynBlocksAction`) - :param function vistitor: The Lua FFI function to call. + :param function visitor: The Lua FFI function to call. .. method:: DynBlockRulesGroup:apply() @@ -1417,7 +1417,7 @@ record if the received request had one, which is the case by default and can be We must, however, provide a responder's maximum payload size in this record, and we can't easily know the maximum payload size of the actual backend so we need to provide one. The default value is 1500 and can be -overriden using :func:`setPayloadSizeOnSelfGeneratedAnswers`. +overridden using :func:`setPayloadSizeOnSelfGeneratedAnswers`. .. function:: setAddEDNSToSelfGeneratedResponses(add) diff --git a/pdns/dnsdistdist/docs/reference/dnsname.rst b/pdns/dnsdistdist/docs/reference/dnsname.rst index 79e1ed9be7..4070fc61eb 100644 --- a/pdns/dnsdistdist/docs/reference/dnsname.rst +++ b/pdns/dnsdistdist/docs/reference/dnsname.rst @@ -3,7 +3,7 @@ DNSName objects =============== -A :class:`DNSName` object represents a name in the DNS. It has serveral functions that can manipulate it without conversions to strings. +A :class:`DNSName` object represents a name in the DNS. It has several functions that can manipulate it without conversions to strings. Creating a ``DNSName`` is done with the :func:`newDNSName`:: myname = newDNSName("www.example.com") diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst index 82a304f8c3..b1ff0bbf27 100644 --- a/pdns/dnsdistdist/docs/rules-actions.rst +++ b/pdns/dnsdistdist/docs/rules-actions.rst @@ -255,7 +255,7 @@ Rule Generators .. deprecated:: 1.2.0 Send at most ``limit`` queries/s for this pool, letting the subsequent rules apply otherwise. - This function has been deprecated as of 1.2.0 and removed in 1.3.0, as it is only a convience function for the following syntax:: + This function has been deprecated as of 1.2.0 and removed in 1.3.0, as it is only a convenience function for the following syntax:: addAction("192.0.2.0/24", QPSPoolAction(15, "myPool") @@ -413,7 +413,7 @@ For Rules related to responses: Move the last response rule to the first position. -Functions for manipulating Cache Hit Respone Rules: +Functions for manipulating Cache Hit Response Rules: .. function:: addCacheHitResponseAction(DNSRule, action [, options]) @@ -1370,7 +1370,7 @@ The following actions exist. Send copy of query to ``remote``, keep stats on responses. If ``addECS`` is set to true, EDNS Client Subnet information will be added to the query. - :param string remote: An IP:PORT conbination to send the copied queries to + :param string remote: An IP:PORT combination to send the copied queries to :param bool addECS: Whether or not to add ECS information. Default false .. function:: TempFailureCacheTTLAction(ttl) diff --git a/pdns/dnsdistdist/docs/running.rst b/pdns/dnsdistdist/docs/running.rst index daf58e2a99..ada3d95d6f 100644 --- a/pdns/dnsdistdist/docs/running.rst +++ b/pdns/dnsdistdist/docs/running.rst @@ -11,7 +11,7 @@ Most likely this path is ``/etc/dnsdist``, ``/etc`` or ``/usr/local/etc/``, dns dnsdist is designed to (re)start almost instantly. But to prevent downtime when changing configuration, the console (see :ref:`Console`) can be used for live configuration. -Issueing :func:`delta` on the console will print the changes to the configuration that have been made since startup:: +Issuing :func:`delta` on the console will print the changes to the configuration that have been made since startup:: > delta() -- Wed Feb 22 2017 11:31:44 CET diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc index f4b5e816f4..c7f9f5d4d4 100644 --- a/pdns/dnsparser.cc +++ b/pdns/dnsparser.cc @@ -83,7 +83,7 @@ private: vector d_record; }; -shared_ptr DNSRecordContent::unserialize(const DNSName& qname, uint16_t qtype, const string& serialized) +shared_ptr DNSRecordContent::deserialize(const DNSName& qname, uint16_t qtype, const string& serialized) { dnsheader dnsheader; memset(&dnsheader, 0, sizeof(dnsheader)); diff --git a/pdns/dnsparser.hh b/pdns/dnsparser.hh index e118026164..34ab2bc13f 100644 --- a/pdns/dnsparser.hh +++ b/pdns/dnsparser.hh @@ -181,7 +181,7 @@ private: uint16_t d_pos; uint16_t d_startrecordpos; // needed for getBlob later on uint16_t d_recordlen; // ditto - uint16_t not_used; // Aligns the whole class on 8-byte boundries + uint16_t not_used; // Aligns the whole class on 8-byte boundaries const std::string& d_content; }; @@ -220,7 +220,7 @@ public: return typeid(*this)==typeid(rhs) && this->getZoneRepresentation() == rhs.getZoneRepresentation(); } - static shared_ptr unserialize(const DNSName& qname, uint16_t qtype, const string& serialized); + static shared_ptr deserialize(const DNSName& qname, uint16_t qtype, const string& serialized); void doRecordCheck(const struct DNSRecord&){} diff --git a/pdns/dnstap.proto b/pdns/dnstap.proto index b2e9257cd1..26a0979994 100644 --- a/pdns/dnstap.proto +++ b/pdns/dnstap.proto @@ -106,7 +106,7 @@ message Message { enum Type { // AUTH_QUERY is a DNS query message received from a resolver by an - // authoritative name server, from the perspective of the authorative + // authoritative name server, from the perspective of the authoritative // name server. AUTH_QUERY = 1; diff --git a/pdns/dnswriter.hh b/pdns/dnswriter.hh index 58b1bf2a4d..2eed85c296 100644 --- a/pdns/dnswriter.hh +++ b/pdns/dnswriter.hh @@ -156,7 +156,7 @@ public: private: uint16_t lookupName(const DNSName& name, uint16_t* matchlen); vector d_namepositions; - // We declare 1 uint_16 in the public section, these 3 align on a 8-byte boundry + // We declare 1 uint_16 in the public section, these 3 align on a 8-byte boundary uint16_t d_sor; uint16_t d_rollbackmarker; // start of last complete packet, for rollback diff --git a/pdns/lua-record.cc b/pdns/lua-record.cc index f7f3ef0009..ddcb3f7da0 100644 --- a/pdns/lua-record.cc +++ b/pdns/lua-record.cc @@ -701,7 +701,7 @@ void setupLuaRecords() * Simplistic test to see if an IP address listens on a certain port * Will return a single IP address from the set of available IP addresses. If * no IP address is available, will return a random element of the set of - * addresses suppplied for testing. + * addresses supplied for testing. * * @example ifportup(443, { '1.2.3.4', '5.4.3.2' })" */ diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc index 61c28155dc..60a5815cc7 100644 --- a/pdns/lua-recursor4.cc +++ b/pdns/lua-recursor4.cc @@ -392,7 +392,7 @@ void RecursorLua4::postLoad() { void RecursorLua4::getFeatures(Features & features) { // Add key-values pairs below. - // Make sure you add string values explicity converted to string. + // Make sure you add string values explicitly converted to string. // e.g. features.push_back(make_pair("somekey", string("stringvalue")); // Both int and double end up as a lua number type. features.push_back(make_pair("PR8001_devicename", true)); diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index dbbc0db1b1..7fd616d966 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -1446,7 +1446,7 @@ std::unique_ptr PacketHandler::doQuestion(DNSPacket& p) bool doReferral = true; if(d_dk.doesDNSSEC()) { for(auto& loopRR: rrset) { - // In a dnssec capable backend auth=true means, there is no delagation at + // In a dnssec capable backend auth=true means, there is no delegation at // or above this qname in this zone (for DS queries). Without a delegation, // at or above this level, it is pointless to search for refferals. if(loopRR.auth) { diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 8f159ec2d5..9d3d21dcc0 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -1069,7 +1069,7 @@ static bool nodCheckNewDomain(const DNSName& dname) bool ret = false; // First check the (sub)domain isn't whitelisted for NOD purposes if (!g_nodDomainWL.check(dname)) { - // Now check the NODDB (note this is probablistic so can have FNs/FPs) + // Now check the NODDB (note this is probabilistic so can have FNs/FPs) if (t_nodDBp && t_nodDBp->isNewDomain(dname)) { if (g_nodLog) { // This should probably log to a dedicated log file @@ -4461,7 +4461,7 @@ static int serviceMain(int argc, char*argv[]) For years, this was a safe assumption, but containers change that: in most (all?) container implementations, the application itself is running as pid 1. This means that sending signals to those applications, will not - be handled by default. Results might be "your container not responsing + be handled by default. Results might be "your container not responding when asking it to stop", or "ctrl-c not working even when the app is running in the foreground inside a container". diff --git a/pdns/recursordist/contrib/kv-example-script.lua b/pdns/recursordist/contrib/kv-example-script.lua index 18b4df547d..18c402f5b4 100644 --- a/pdns/recursordist/contrib/kv-example-script.lua +++ b/pdns/recursordist/contrib/kv-example-script.lua @@ -13,7 +13,7 @@ To test, use the 'kvresp' example program provided. --]] function preresolve (dq) - print ("prereesolve handler called for: "..dq.remoteaddr:toString().. ", local: ".. dq.localaddr:toString()..", ".. dq.qname:toString()..", ".. dq.qtype) + print ("preresolve handler called for: "..dq.remoteaddr:toString().. ", local: ".. dq.localaddr:toString()..", ".. dq.qname:toString()..", ".. dq.qtype) dq.followupFunction="udpQueryResponse" dq.udpCallback="gotdomaindetails" dq.udpQueryDest=newCA("127.0.0.1:5555") diff --git a/pdns/recursordist/docs/appendices/compiling.rst b/pdns/recursordist/docs/appendices/compiling.rst index b33ebaf6a0..8c1eade07c 100644 --- a/pdns/recursordist/docs/appendices/compiling.rst +++ b/pdns/recursordist/docs/appendices/compiling.rst @@ -65,13 +65,13 @@ Protobuf to emit DNS logs The PowerDNS Recursor can log DNS query information over :doc:`Protocol Buffers <../lua-config/protobuf>`. To enable this functionality, install the `protobuf `_ library and compiler. -The configure script will automatically detect this and bump the Boost version depencency to 1.42. +The configure script will automatically detect this and bump the Boost version dependency to 1.42. To disable building this functionality, use ``--without-protobuf``. systemd notify support ^^^^^^^^^^^^^^^^^^^^^^ -During configure, ``configure`` will attempt to detect the availibility of `systemd or systemd-daemon `_ headers. +During configure, ``configure`` will attempt to detect the availability of `systemd or systemd-daemon `_ headers. To force the use of systemd (and failing configure if the headers do not exist), use ``--enable-systemd``. To set the directory where the unit files should be installed, use ``--with-systemd=/path/to/unit/dir``. diff --git a/pdns/recursordist/docs/changelog/4.1.rst b/pdns/recursordist/docs/changelog/4.1.rst index 430452b776..46812a9671 100644 --- a/pdns/recursordist/docs/changelog/4.1.rst +++ b/pdns/recursordist/docs/changelog/4.1.rst @@ -751,7 +751,7 @@ Changelogs for 4.1.x :pullreq: 5912 Fix going Insecure on NSEC3 hashes with too many iterations, since - we could have gone Bogus on a positive answer synthetized from a + we could have gone Bogus on a positive answer synthesized from a wildcard if the corresponding NSEC3 had more iterations that we were willing to accept, while the correct result is Insecure. @@ -1091,7 +1091,7 @@ Changelogs for 4.1.x :tags: Improvements :pullreq: 5699 - Implement dynamic cache sizeing. + Implement dynamic cache sizing. .. change:: :tags: Bug Fixes, DNSSEC diff --git a/pdns/recursordist/docs/changelog/4.3.rst b/pdns/recursordist/docs/changelog/4.3.rst index 2a8e46bfbd..dd189c8f6f 100644 --- a/pdns/recursordist/docs/changelog/4.3.rst +++ b/pdns/recursordist/docs/changelog/4.3.rst @@ -71,7 +71,7 @@ Changelogs for 4.3.x :tags: Improvements :pullreq: 8726 - Give an explicit messsage if something is wrong with socket-dir. + Give an explicit message if something is wrong with socket-dir. .. changelog:: :version: 4.3.0-beta2 diff --git a/pdns/recursordist/docs/changelog/pre-4.0.rst b/pdns/recursordist/docs/changelog/pre-4.0.rst index f3695de408..c4d08d84d4 100644 --- a/pdns/recursordist/docs/changelog/pre-4.0.rst +++ b/pdns/recursordist/docs/changelog/pre-4.0.rst @@ -141,7 +141,7 @@ Improvements: messages from being logged f48d7b657ec32517f8bfcada3bfe6353ca313314 - Webserver now implements CORS for the API ea89a97e864c43c1cb03f2959ad04c4ebe7580ad, fixing ticket #1984 -- Houskeeping thread would sometimes run multiple times simultaneously, +- Housekeeping thread would sometimes run multiple times simultaneously, which worked, but was odd cc59bce675e62e2b9657b42614ce8be3312cae82 New features: diff --git a/pdns/recursordist/docs/http-api/zone.rst b/pdns/recursordist/docs/http-api/zone.rst index 3de3f069c8..bece530b28 100644 --- a/pdns/recursordist/docs/http-api/zone.rst +++ b/pdns/recursordist/docs/http-api/zone.rst @@ -28,7 +28,7 @@ be true: * ``forward-zones``, ``forward-zones-recurse`` and/or ``auth-zones`` settings must be set (possibly to the empty string) in a - configuration file. These settings must not be overriden on the + configuration file. These settings must not be overridden on the command line. Setting these options on the command line will override what has been set in the dynamically generated configuration files. diff --git a/pdns/recursordist/docs/lua-config/protobuf.rst b/pdns/recursordist/docs/lua-config/protobuf.rst index 11c49a2c4a..c2c44dd7fe 100644 --- a/pdns/recursordist/docs/lua-config/protobuf.rst +++ b/pdns/recursordist/docs/lua-config/protobuf.rst @@ -89,7 +89,7 @@ While :func:`protobufServer` only exports the queries sent to the recursor from :param int reconnectWaitTime: How long to wait, in seconds, between two reconnection attempts :param bool asyncConnect: When set to false (default) the first connection to the server during startup will block up to ``timeout`` seconds, otherwise the connection is done in a separate thread, after the first message has been queued.. -Protobol Buffers Definition +Protocol Buffers Definition --------------------------- The protocol buffers message types can be found in the `dnsmessage.proto `_ file and is included here: diff --git a/pdns/recursordist/docs/lua-scripting/dnsname.rst b/pdns/recursordist/docs/lua-scripting/dnsname.rst index 9e63861efc..c91671a730 100644 --- a/pdns/recursordist/docs/lua-scripting/dnsname.rst +++ b/pdns/recursordist/docs/lua-scripting/dnsname.rst @@ -8,7 +8,7 @@ The DNSName object ------------------ The PowerDNS Recursor's Lua engine has the notion of a :class:`DNSName`, an object that represents a name in the DNS. It is returned by several functions and has several functions to programmatically interact with it. -:class:`DNSNames ` can be compared agains each other using the :meth:`:equal ` function or the ``==`` operator. +:class:`DNSNames ` can be compared against each other using the :meth:`:equal ` function or the ``==`` operator. As names in the DNS are case-insensitive, ``www.powerdns.com`` is equal to ``Www.PowerDNS.cOM``. Creating a :class:`DNSName` is done with :func:`newDN()`. diff --git a/pdns/recursordist/docs/lua-scripting/hooks.rst b/pdns/recursordist/docs/lua-scripting/hooks.rst index 08f48bb99f..bdb15ee562 100644 --- a/pdns/recursordist/docs/lua-scripting/hooks.rst +++ b/pdns/recursordist/docs/lua-scripting/hooks.rst @@ -77,7 +77,7 @@ Interception Functions .. versionadded:: 4.3.0 - Along the ``deviceId`` value that can be returned, it was addded a ``deviceName`` field to fill the :attr:`DNSQuestion.deviceName` field. + Along the ``deviceId`` value that can be returned, it was added a ``deviceName`` field to fill the :attr:`DNSQuestion.deviceName` field. The tagged packetcache can e.g. be used to answer queries from cache that have e.g. been filtered for certain IPs (this logic should be implemented in :func:`gettag`). This ensure that queries are answered quickly compared to setting :attr:`dq.variable ` to true. diff --git a/pdns/recursordist/docs/lua-scripting/netmask.rst b/pdns/recursordist/docs/lua-scripting/netmask.rst index 57f311c26b..f50ad8f101 100644 --- a/pdns/recursordist/docs/lua-scripting/netmask.rst +++ b/pdns/recursordist/docs/lua-scripting/netmask.rst @@ -118,4 +118,4 @@ Prefixing a mask with ``!`` excludes that mask from matching. Returns true if ``address`` matches any of the masks in the group. - :param ComboAddress address: The IP addres to match the netmasks against. + :param ComboAddress address: The IP address to match the netmasks against. diff --git a/pdns/recursordist/docs/metrics.rst b/pdns/recursordist/docs/metrics.rst index 705d13b6a7..8ee47de8f8 100644 --- a/pdns/recursordist/docs/metrics.rst +++ b/pdns/recursordist/docs/metrics.rst @@ -384,7 +384,7 @@ packets dropped because of (Lua) policy decision policy-result-noaction ^^^^^^^^^^^^^^^^^^^^^^ -packets that were not actioned upon by the RPZ/filter engine +packets that were not acted upon by the RPZ/filter engine policy-result-drop ^^^^^^^^^^^^^^^^^^ diff --git a/pdns/recursordist/docs/nod_udr.rst b/pdns/recursordist/docs/nod_udr.rst index 88abc49a41..bdcf4c7c59 100644 --- a/pdns/recursordist/docs/nod_udr.rst +++ b/pdns/recursordist/docs/nod_udr.rst @@ -3,13 +3,13 @@ Newly Observed Domain Tracking A common security technique for detecting domains that may be suspicious or be associated with bad actors such as hosting malware, phishing or botnet command and control, is to investigate domains that haven't been seen before, i.e. are newly observed. -Deciding whether a domain is truly a new domain would involve deterministic methods, such as maintaining a database of all domains ever seen, and comparing all domain lookups against that database. Such a mechanism would not be scalable in a recursor, and so is best suited to offline analysis. However, determining candidate domains for such an offline service is a problem that can be solved in the recursor, given that sending all domain lookups to such an offline service would still be prohibitely costly, and given that the true number of newly observed domains is likely to be relatively small in a given time period. +Deciding whether a domain is truly a new domain would involve deterministic methods, such as maintaining a database of all domains ever seen, and comparing all domain lookups against that database. Such a mechanism would not be scalable in a recursor, and so is best suited to offline analysis. However, determining candidate domains for such an offline service is a problem that can be solved in the recursor, given that sending all domain lookups to such an offline service would still be prohibitively costly, and given that the true number of newly observed domains is likely to be relatively small in a given time period. A simple method to determine a candidate domain would simply be to check if the domain was not in the recursor cache; indeed this is a method used by many security researchers. However, while that does produce a smaller list of candidate domains, cache misses are still relatively common, particularly in deployments where techniques such as EDNS client-subnet are used. -Therefore, a feature has been developed for the recursor which uses probablistic data structures (specifically a Stable Bloom Filter (SBF): [http://webdocs.cs.ualberta.ca/~drafiei/papers/DupDet06Sigmod.pdf]). This recursor feature is named "Newly Observed Domain" or "NOD" for short. +Therefore, a feature has been developed for the recursor which uses probabilistic data structures (specifically a Stable Bloom Filter (SBF): [http://webdocs.cs.ualberta.ca/~drafiei/papers/DupDet06Sigmod.pdf]). This recursor feature is named "Newly Observed Domain" or "NOD" for short. -The use of a probablistic data structure means that the memory and CPU usage for the NOD feature is minimal, however it does mean that there can be false positives (a domain flagged as new when it is not), and false negatives (a domain that is new is not detected). The size of the SBF data structure can be tuned to reduce the FP/FN rate, although it is created with a default size (67108864 cells) that should provide a reasonably low FP/FN rate. To configure a different size use the ``new-domain-db-size`` setting to specify a higher or lower cell count. Each cell consumes 1-bit of RAM (per recursor thread) and 1-byte of disk space. +The use of a probabilistic data structure means that the memory and CPU usage for the NOD feature is minimal, however it does mean that there can be false positives (a domain flagged as new when it is not), and false negatives (a domain that is new is not detected). The size of the SBF data structure can be tuned to reduce the FP/FN rate, although it is created with a default size (67108864 cells) that should provide a reasonably low FP/FN rate. To configure a different size use the ``new-domain-db-size`` setting to specify a higher or lower cell count. Each cell consumes 1-bit of RAM (per recursor thread) and 1-byte of disk space. NOD is disabled by default, and must be enabled through the use of the following setting in recursor.conf: @@ -39,7 +39,7 @@ If both NOD and protobuf logging are enabled, then the ``newlyObservedDomain`` f Unique Domain Response ~~~~~~~~~~~~~~~~~~~~~~ -A similar feature to NOD is Unique Domain Response (UDR). This feature uses the same probablistic data structures as NOD to store information about unique responses for a given lookup domain. Determining if a particular response is unique for a given lookup domain is extremly useful for determining potential security issues such as: +A similar feature to NOD is Unique Domain Response (UDR). This feature uses the same probabilistic data structures as NOD to store information about unique responses for a given lookup domain. Determining if a particular response is unique for a given lookup domain is extremely useful for determining potential security issues such as: * Fast-Flux Domain Names * Cache-Poisoning Attacks diff --git a/pdns/recursordist/docs/running.rst b/pdns/recursordist/docs/running.rst index 775347a8b3..9324b5a33e 100644 --- a/pdns/recursordist/docs/running.rst +++ b/pdns/recursordist/docs/running.rst @@ -71,7 +71,7 @@ Whole subtrees can we wiped as well, to wipe all cache entries for 'example.com' When wiping cache entries, matching entries in *all* caches (packet cache, recursor cache, negative cache) are removed. -When debugging resolving issues, it can be advantagious to have a dump of all the cache entries. +When debugging resolving issues, it can be advantageous to have a dump of all the cache entries. :doc:`rec_control ` can write the caches of all threads to a file:: rec_control dump-cache /tmp/cache diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst index b894729ab1..1ecce73e96 100644 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@ -1037,7 +1037,7 @@ Can be set at runtime using ``rec_control set-minimum-ttl 3600``. - Default: no (disabled) Whether to track newly observed domains, i.e. never seen before. This -is a probablistic algorithm, using a stable bloom filter to store +is a probabilistic algorithm, using a stable bloom filter to store records of previously seen domains. When enabled for the first time, all domains will appear to be newly observed, so the feature is best left enabled for e.g. a week or longer before using the results. Note @@ -1337,7 +1337,7 @@ Since 4.1.0, when ``pdns-distributes-queries`` is set to false and ``reuseport`` - String - Default: auto -Specify which random number generator to use. Permissible choises are +Specify which random number generator to use. Permissible choices are - auto - choose automatically - sodium - Use libsodium ``randombytes_uniform`` - openssl - Use libcrypto ``RAND_bytes`` @@ -1347,7 +1347,7 @@ Specify which random number generator to use. Permissible choises are - kiss - Use simple settable deterministic RNG. **FOR TESTING PURPOSES ONLY!** .. note:: - Not all choises are available on all systems. + Not all choices are available on all systems. .. _setting-root-nx-trust: diff --git a/pdns/recursordist/negcache.hh b/pdns/recursordist/negcache.hh index 2dbabb0f4b..55200ff4a2 100644 --- a/pdns/recursordist/negcache.hh +++ b/pdns/recursordist/negcache.hh @@ -30,7 +30,7 @@ using namespace ::boost::multi_index; -/* FIXME should become part of the normal cache (I think) and shoudl become more like +/* FIXME should become part of the normal cache (I think) and should become more like * struct { * vector records; * vector signatures; diff --git a/pdns/recursordist/rec_metrics.hh b/pdns/recursordist/rec_metrics.hh index 413b758c0f..4cc6b4a125 100644 --- a/pdns/recursordist/rec_metrics.hh +++ b/pdns/recursordist/rec_metrics.hh @@ -299,7 +299,7 @@ private: "Number of packets dropped because of (Lua) policy decision")}, {"policy-result-noaction", MetricDefinition(PrometheusMetricType::counter, - "Number of packets that were not actioned upon by the RPZ/filter engine")}, + "Number of packets that were not acted upon by the RPZ/filter engine")}, {"policy-result-drop", MetricDefinition(PrometheusMetricType::counter, "Number of packets that were dropped by the RPZ/filter engine")}, diff --git a/pdns/recursordist/test-syncres_cc1.cc b/pdns/recursordist/test-syncres_cc1.cc index e39176ac91..3bb11de100 100644 --- a/pdns/recursordist/test-syncres_cc1.cc +++ b/pdns/recursordist/test-syncres_cc1.cc @@ -1308,7 +1308,7 @@ BOOST_AUTO_TEST_CASE(test_dname_processing) BOOST_CHECK(ret[2].d_type == QType::A); BOOST_CHECK_EQUAL(ret[2].d_name, cnameTarget); - // Check if we correctly return a synthesizd CNAME, should send out just 1 more query + // Check if we correctly return a synthesized CNAME, should send out just 1 more query ret.clear(); res = sr->beginResolve(uncachedTarget, QType(QType::A), QClass::IN, ret); diff --git a/pdns/recursordist/test-syncres_cc2.cc b/pdns/recursordist/test-syncres_cc2.cc index 3bc3d59e54..2b60aaad07 100644 --- a/pdns/recursordist/test-syncres_cc2.cc +++ b/pdns/recursordist/test-syncres_cc2.cc @@ -1288,7 +1288,7 @@ BOOST_AUTO_TEST_CASE(test_cache_hit) return 0; }); - /* we populate the cache with eveything we need */ + /* we populate the cache with everything we need */ time_t now = sr->getNow().tv_sec; std::vector records; std::vector> sigs; diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc index 71173d0159..50999d9c3d 100644 --- a/pdns/rfc2136handler.cc +++ b/pdns/rfc2136handler.cc @@ -646,7 +646,7 @@ int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, co closesocket(sock); } catch(const PDNSException& e) { - g_log<trySuperMasterSynchronous(dp, tsigkeyname); // FIXME could use some error loging + P->trySuperMasterSynchronous(dp, tsigkeyname); // FIXME could use some error logging } if(rdomains.empty()) { // if we have priority domains, check them first B->getUnfreshSlaveInfos(&rdomains); diff --git a/pdns/statbag.cc b/pdns/statbag.cc index 6aad23b1d2..9d89d15b77 100644 --- a/pdns/statbag.cc +++ b/pdns/statbag.cc @@ -250,8 +250,8 @@ void StatBag::declareRing(const string &name, const string &help, unsigned int s void StatBag::declareComboRing(const string &name, const string &help, unsigned int size) { - d_comborings.emplace(name, size); - d_comborings[name].setHelp(help); + d_comboRings.emplace(name, size); + d_comboRings[name].setHelp(help); registerRingStats(name); } @@ -269,9 +269,9 @@ vector > StatBag::getRing(const string &name) } vector > ret; - if (d_comborings.count(name)) { + if (d_comboRings.count(name)) { typedef pair stor_t; - vector raw =d_comborings[name].get(); + vector raw =d_comboRings[name].get(); for(const stor_t& stor : raw) { ret.push_back(make_pair(stor.first.ca.toString(), stor.second)); } @@ -295,8 +295,8 @@ void StatBag::resetRing(const string &name) { if(d_rings.count(name)) d_rings[name].reset(); - if(d_comborings.count(name)) - d_comborings[name].reset(); + if(d_comboRings.count(name)) + d_comboRings[name].reset(); if(d_dnsnameqtyperings.count(name)) d_dnsnameqtyperings[name].reset(); } @@ -305,8 +305,8 @@ void StatBag::resizeRing(const string &name, unsigned int newsize) { if(d_rings.count(name)) d_rings[name].resize(newsize); - if(d_comborings.count(name)) - d_comborings[name].resize(newsize); + if(d_comboRings.count(name)) + d_comboRings[name].resize(newsize); if(d_dnsnameqtyperings.count(name)) return d_dnsnameqtyperings[name].resize(newsize); } @@ -316,8 +316,8 @@ uint64_t StatBag::getRingSize(const string &name) { if(d_rings.count(name)) return d_rings[name].getSize(); - if(d_comborings.count(name)) - return d_comborings[name].getSize(); + if(d_comboRings.count(name)) + return d_comboRings[name].getSize(); if(d_dnsnameqtyperings.count(name)) return d_dnsnameqtyperings[name].getSize(); return 0; @@ -327,8 +327,8 @@ uint64_t StatBag::getRingEntriesCount(const string &name) { if(d_rings.count(name)) return d_rings[name].getEntriesCount(); - if(d_comborings.count(name)) - return d_comborings[name].getEntriesCount(); + if(d_comboRings.count(name)) + return d_comboRings[name].getEntriesCount(); if(d_dnsnameqtyperings.count(name)) return d_dnsnameqtyperings[name].getEntriesCount(); return 0; @@ -338,8 +338,8 @@ string StatBag::getRingTitle(const string &name) { if(d_rings.count(name)) return d_rings[name].getHelp(); - if(d_comborings.count(name)) - return d_comborings[name].getHelp(); + if(d_comboRings.count(name)) + return d_comboRings[name].getHelp(); if(d_dnsnameqtyperings.count(name)) return d_dnsnameqtyperings[name].getHelp(); return ""; @@ -350,7 +350,7 @@ vectorStatBag::listRings() vector ret; for(auto i=d_rings.begin();i!=d_rings.end();++i) ret.push_back(i->first); - for(auto i=d_comborings.begin();i!=d_comborings.end();++i) + for(auto i=d_comboRings.begin();i!=d_comboRings.end();++i) ret.push_back(i->first); for(const auto &i : d_dnsnameqtyperings) ret.push_back(i.first); @@ -360,7 +360,7 @@ vectorStatBag::listRings() bool StatBag::ringExists(const string &name) { - return d_rings.count(name) || d_comborings.count(name) || d_dnsnameqtyperings.count(name); + return d_rings.count(name) || d_comboRings.count(name) || d_dnsnameqtyperings.count(name); } void StatBag::blacklist(const string& str) { diff --git a/pdns/statbag.hh b/pdns/statbag.hh index 0ee875917c..982f739dfb 100644 --- a/pdns/statbag.hh +++ b/pdns/statbag.hh @@ -37,7 +37,7 @@ class StatRing { public: StatRing(unsigned int size=10000); - // Some older C++ libs have trouble emplacing without a copy-contructor, so provide one + // Some older C++ libs have trouble emplacing without a copy-constructor, so provide one StatRing(const StatRing &); StatRing & operator=(const StatRing &) = delete; @@ -69,7 +69,7 @@ class StatBag map> d_stats; map d_keyDescrips; map >d_rings; - map >d_comborings; + map >d_comboRings; map > >d_dnsnameqtyperings; typedef boost::function func_t; typedef map funcstats_t; @@ -102,9 +102,9 @@ public: void ringAccount(const char* name, const ComboAddress &item) { if(d_doRings) { - if(!d_comborings.count(name)) - throw runtime_error("Attempting to account to non-existent comboring '"+std::string(name)+"'"); - d_comborings[name].account(item); + if(!d_comboRings.count(name)) + throw runtime_error("Attempting to account to non-existent comboRing '"+std::string(name)+"'"); + d_comboRings[name].account(item); } } void ringAccount(const char* name, const DNSName &dnsname, const QType &qtype) diff --git a/pdns/syncres.cc b/pdns/syncres.cc index 93f97d3821..125f337f1b 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -1369,11 +1369,11 @@ static void reapRecordsFromNegCacheEntryForValidation(tcache_t& tcache, const ve } /*! - * Convience function to push the records from records into ret with a new TTL + * Convenience function to push the records from records into ret with a new TTL * * \param records DNSRecords that need to go into ret * \param ttl The new TTL for these records - * \param ret The vector of DNSRecords that should contian the records with the modified TTL + * \param ret The vector of DNSRecords that should contain the records with the modified TTL */ static void addTTLModifiedRecords(const vector& records, const uint32_t ttl, vector& ret) { for (const auto& rec : records) { @@ -1449,7 +1449,7 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w prefix.append(depth, ' '); } - // sqname and sqtype are used contain 'higher' names if we have them (e.g. powerdns.com|SOA when we find a negative entry for doesnotexists.powerdns.com|A) + // sqname and sqtype are used contain 'higher' names if we have them (e.g. powerdns.com|SOA when we find a negative entry for doesnotexist.powerdns.com|A) DNSName sqname(qname); QType sqt(qtype); uint32_t sttl=0; @@ -2553,7 +2553,7 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr isCNAMEAnswer = false; } - /* if we have a positive answer synthetized from a wildcard, + /* if we have a positive answer synthesized from a wildcard, we need to store the corresponding NSEC/NSEC3 records proving that the exact name did not exist in the negative cache */ if(gatherWildcardProof) { @@ -2572,7 +2572,7 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr if (rrsig) { /* As illustrated in rfc4035's Appendix B.6, the RRSIG label count can be lower than the name's label count if it was - synthetized from the wildcard. Note that the difference might + synthesized from the wildcard. Note that the difference might be > 1. */ if (rec.d_name == qname && isWildcardExpanded(labelCount, rrsig)) { gatherWildcardProof = true; @@ -2582,11 +2582,11 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr We still want to gather the corresponding NSEC/NSEC3 records to pass them to our client in case it wants to validate by itself. */ - LOG(prefix<d_labels; } @@ -2993,7 +2993,7 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co } } } - /* if we have a positive answer synthetized from a wildcard, we need to + /* if we have a positive answer synthesized from a wildcard, we need to return the corresponding NSEC/NSEC3 records from the AUTHORITY section proving that the exact name did not exist */ else if(gatherWildcardProof && (rec.d_type==QType::RRSIG || rec.d_type==QType::NSEC || rec.d_type==QType::NSEC3) && rec.d_place==DNSResourceRecord::AUTHORITY) { @@ -3011,7 +3011,7 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co done=true; if (state == Secure && needWildcardProof) { - /* We have a positive answer synthetized from a wildcard, we need to check that we have + /* We have a positive answer synthesized from a wildcard, we need to check that we have proof that the exact name doesn't exist so the wildcard can be used, as described in section 5.3.4 of RFC 4035 and 5.3 of RFC 7129. */ diff --git a/pdns/test-dnsrecords_cc.cc b/pdns/test-dnsrecords_cc.cc index 4688c90b4c..b1a60c94e1 100644 --- a/pdns/test-dnsrecords_cc.cc +++ b/pdns/test-dnsrecords_cc.cc @@ -26,7 +26,7 @@ namespace { // CASE_L can be used where this is not the case. See LOC below for a good example why this might happen /* (CASE_S(QType::NAME, "zone format", "line format")) */ -/* (CASE_L(QType::NAME, "zone format", "canonic zone format", "line format")) */ +/* (CASE_L(QType::NAME, "zone format", "canonical zone format", "line format")) */ #define _CASE_L(type, inval, zoneval, lineval, broken) case_t(type, BINARY(inval), BINARY(zoneval), BINARY(lineval), broken) #define CASE_L(type, inval, zoneval, lineval) _CASE_L(type, inval, zoneval, lineval, broken_marker::WORKING) @@ -233,8 +233,8 @@ BOOST_AUTO_TEST_CASE(test_record_types) { } recData = rec->serialize(DNSName("rec.test")); - std::shared_ptr rec2 = DNSRecordContent::unserialize(DNSName("rec.test"),q.getCode(),recData); - BOOST_CHECK_MESSAGE(rec2 != NULL, "unserialize(rec.test, " << q.getCode() << ", recData) should not return NULL"); + std::shared_ptr rec2 = DNSRecordContent::deserialize(DNSName("rec.test"),q.getCode(),recData); + BOOST_CHECK_MESSAGE(rec2 != NULL, "deserialize(rec.test, " << q.getCode() << ", recData) should not return NULL"); if (rec2 == NULL) continue; // now verify the zone representation (here it can be different!) REC_CHECK_EQUAL(rec2->getZoneRepresentation(), zoneval); diff --git a/pdns/validate.cc b/pdns/validate.cc index 8016651689..58aa671327 100644 --- a/pdns/validate.cc +++ b/pdns/validate.cc @@ -339,14 +339,14 @@ static bool provesNSEC3NoWildCard(DNSName wildcard, uint16_t const qtype, const - If `wantsNoDataProof` is set but a NSEC proves that the whole name does not exist, the function will return NXQTYPE is the name is proven to be ENT and NXDOMAIN otherwise. - If `needWildcardProof` is false, the proof that a wildcard covering this qname|qtype is not checked. It is - useful when we have a positive answer synthetized from a wildcard and we only need to prove that the exact + useful when we have a positive answer synthesized from a wildcard and we only need to prove that the exact name does not exist. */ dState getDenial(const cspmap_t &validrrsets, const DNSName& qname, const uint16_t qtype, bool referralToUnsigned, bool wantsNoDataProof, bool needWildcardProof, unsigned int wildcardLabelsCount) { bool nsec3Seen = false; if (!needWildcardProof && wildcardLabelsCount == 0) { - throw PDNSException("Invalid wildcard labels count for the validation of a positive answer synthetized from a wildcard"); + throw PDNSException("Invalid wildcard labels count for the validation of a positive answer synthesized from a wildcard"); } for(const auto& v : validrrsets) { diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 8a8c4336e9..512b0bf0bf 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -1348,7 +1348,7 @@ static void gatherRecordsFromZone(const std::string& zonestring, vector recursor-service3/rpz4.zone < recursor-service3/rpz5.zone < recursor-service3/rpz6.zone < recursor-service3/rpz7.zone <