From: Pieter Lexis Date: Thu, 17 Mar 2016 09:21:10 +0000 (+0100) Subject: Remove the send-root-referral option X-Git-Tag: dnsdist-1.0.0-beta1~89^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3586%2Fhead;p=thirdparty%2Fpdns.git Remove the send-root-referral option This was already disabled and is wrong and bad: https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful --- diff --git a/docs/markdown/authoritative/settings.md b/docs/markdown/authoritative/settings.md index 2cdd7e5386..8d61d92548 100644 --- a/docs/markdown/authoritative/settings.md +++ b/docs/markdown/authoritative/settings.md @@ -647,16 +647,6 @@ If set, recursive queries will be handed to the recursor specified here. See Number of AXFR slave threads to start. -## `send-root-referral` -* Boolean or `lean` -* Default: no - -if set, PowerDNS will send out old-fashioned root-referrals when queried for -domains for which it is not authoritative. Wastes some bandwidth but may solve -incoming query floods if domains are delegated to you for which you are not -authoritative, but which are queried by broken recursors. It is possible to -specify 'lean' root referrals, which waste less bandwidth. - ## `setgid` * String diff --git a/modules/luabackend/test/pdns b/modules/luabackend/test/pdns index 44fa78b70f..981414816d 100755 --- a/modules/luabackend/test/pdns +++ b/modules/luabackend/test/pdns @@ -1,5 +1,5 @@ #!/usr/bin/env bash ../../../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \ ---no-shuffle --launch=lua --send-root-referral --loglevel=9 \ +--no-shuffle --launch=lua --loglevel=9 \ --config-dir=./ --cache-ttl=0 --negquery-cache-ttl=0 --query-cache-ttl=0 --recursive-cache-ttl=0 diff --git a/modules/tinydnsbackend/generate-data.sh b/modules/tinydnsbackend/generate-data.sh index 99f441022f..ea1925fa20 100755 --- a/modules/tinydnsbackend/generate-data.sh +++ b/modules/tinydnsbackend/generate-data.sh @@ -20,7 +20,7 @@ done cd ../../regression-tests ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=../regression-tests/named.conf \ - --query-logging --send-root-referral --loglevel=0 \ + --query-logging --loglevel=0 \ --cache-ttl=0 --no-config --local-address=127.0.0.1 \ --bind-ignore-broken-records=yes --module-dir=modules & diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index fb4195418b..295eaf004f 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -119,7 +119,6 @@ void declareArguments() ::arg().setSwitch("master","Act as a master")="no"; ::arg().setSwitch("disable-axfr-rectify","Disable the rectify step during an outgoing AXFR. Only required for regression testing.")="no"; ::arg().setSwitch("guardian","Run within a guardian process")="no"; - ::arg().setSwitch("send-root-referral","Send out old-fashioned root-referral instead of ServFail in case of no authority")="no"; ::arg().setSwitch("prevent-self-notification","Don't send notifications to what we think is ourself")="yes"; ::arg().setSwitch("webserver","Start a webserver for monitoring")="no"; ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no"; diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index caedb33778..44405d77d3 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -55,12 +55,6 @@ AtomicCounter PacketHandler::s_count; NetmaskGroup PacketHandler::s_allowNotifyFrom; extern string s_programname; -enum root_referral { - NO_ROOT_REFERRAL, - LEAN_ROOT_REFERRAL, - FULL_ROOT_REFERRAL -}; - PacketHandler::PacketHandler():B(s_programname), d_dk(&B) { ++s_count; @@ -68,9 +62,6 @@ PacketHandler::PacketHandler():B(s_programname), d_dk(&B) d_doRecursion= ::arg().mustDo("recursor"); d_logDNSDetails= ::arg().mustDo("log-dns-details"); d_doIPv6AdditionalProcessing = ::arg().mustDo("do-ipv6-additional-processing"); - d_sendRootReferral = ::arg().mustDo("send-root-referral") - ? ( pdns_iequals(::arg()["send-root-referral"], "lean") ? LEAN_ROOT_REFERRAL : FULL_ROOT_REFERRAL ) - : NO_ROOT_REFERRAL; string fname= ::arg()["lua-prequery-script"]; if(fname.empty()) { @@ -94,44 +85,6 @@ PacketHandler::~PacketHandler() DLOG(L<addRecord(rr); - } - - if( d_sendRootReferral == LEAN_ROOT_REFERRAL ) - return; - - // add the additional stuff - - rr.ttl=3600000; - rr.qtype=QType::A; - rr.d_place=DNSResourceRecord::ADDITIONAL; - - for(char c='a';c<='m';++c) { - *templ=c; - rr.qname=DNSName(templ); - rr.content=ips[c-'a']; - r->addRecord(rr); - } -} - /** * This adds CDNSKEY records to the answer packet. Returns true if one was added. * @@ -1314,15 +1267,9 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse) return 0; } - if(!retargetcount) + if(!retargetcount) { r->setA(false); // drop AA if we never had a SOA in the first place - if( d_sendRootReferral != NO_ROOT_REFERRAL ) { - DLOG(L<setRcode(RCode::Refused); // send REFUSED - but only on empty 'no idea' + r->setRcode(RCode::Refused); // send REFUSED - but only on empty 'no idea' } goto sendit; } diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist index 5d6528ffd9..558c194205 100644 --- a/pdns/pdns.conf-dist +++ b/pdns/pdns.conf-dist @@ -409,11 +409,6 @@ # # security-poll-suffix=secpoll.powerdns.com. -################################# -# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority -# -# send-root-referral=no - ################################# # server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom # diff --git a/pdns/speedtest.cc b/pdns/speedtest.cc index c6634e5c3a..03939b9adc 100644 --- a/pdns/speedtest.cc +++ b/pdns/speedtest.cc @@ -350,39 +350,6 @@ vector makeEmptyQuery() return packet; } - -vector makeRootReferral() -{ - vector packet; - DNSPacketWriter pw(packet, DNSName("outpost.ds9a.nl"), QType::SOA); - - // nobody reads what we output, but it appears to be the magic that shuts some nameservers up - static const char*ips[]={"198.41.0.4", "192.228.79.201", "192.33.4.12", "199.7.91.13", "192.203.230.10", "192.5.5.241", "192.112.36.4", "198.97.190.53", - "192.36.148.17","192.58.128.30", "193.0.14.129", "199.7.83.42", "202.12.27.33"}; - static char templ[40]; - strncpy(templ,"a.root-servers.net", sizeof(templ) - 1); - - - for(char c='a';c<='m';++c) { - *templ=c; - pw.startRecord(DNSName(), QType::NS, 3600, 1, DNSResourceRecord::AUTHORITY); - DNSRecordContent* drc = DNSRecordContent::mastermake(QType::NS, 1, templ); - drc->toPacket(pw); - delete drc; - } - - for(char c='a';c<='m';++c) { - *templ=c; - pw.startRecord(DNSName(), QType::A, 3600, 1, DNSResourceRecord::ADDITIONAL); - DNSRecordContent* drc = DNSRecordContent::mastermake(QType::A, 1, ips[c-'a']); - drc->toPacket(pw); - delete drc; - } - pw.commit(); - return packet; - -} - vector makeTypicalReferral() { vector packet; @@ -413,22 +380,6 @@ vector makeTypicalReferral() return packet; } - - -struct RootRefTest -{ - string getName() const - { - return "write rootreferral"; - } - - void operator()() const - { - vector packet=makeRootReferral(); - } - -}; - struct StackMallocTest { string getName() const @@ -733,12 +684,6 @@ try doRun(StackMallocTest()); - vector packet = makeRootReferral(); - doRun(ParsePacketBareTest(packet, "root-referral")); - doRun(ParsePacketTest(packet, "root-referral")); - - doRun(RootRefTest()); - doRun(EmptyQueryTest()); doRun(TypicalRefTest()); diff --git a/regression-tests.api/runtests.py b/regression-tests.api/runtests.py index 30848d37fc..ee6c32447d 100755 --- a/regression-tests.api/runtests.py +++ b/regression-tests.api/runtests.py @@ -98,7 +98,7 @@ if daemon == 'authoritative': named_conf.write(AUTH_CONF_TPL) subprocess.check_call(["../pdns/pdnsutil", "--config-dir=.", "secure-zone", "powerdnssec.org"]) - pdnscmd = ("../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ --no-shuffle --send-root-referral --dnsupdate=yes --cache-ttl=0 --config-dir=. --api=yes --webserver=yes --webserver-port="+WEBPORT+" --webserver-address=127.0.0.1 --webserver-password=something --api-key="+APIKEY).split() + pdnscmd = ("../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ --no-shuffle --dnsupdate=yes --cache-ttl=0 --config-dir=. --api=yes --webserver=yes --webserver-port="+WEBPORT+" --webserver-address=127.0.0.1 --webserver-password=something --api-key="+APIKEY).split() else: conf_dir = 'rec-conf.d' diff --git a/regression-tests.nobackend/edns-packet-cache/command b/regression-tests.nobackend/edns-packet-cache/command index 1c2d5a5732..09720a0861 100755 --- a/regression-tests.nobackend/edns-packet-cache/command +++ b/regression-tests.nobackend/edns-packet-cache/command @@ -28,7 +28,7 @@ rm -f pdns*.pid $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=edns-packet-cache/named.conf \ - --send-root-referral --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & + --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & bindwait # prime cache without EDNS diff --git a/regression-tests.nobackend/edns1/command b/regression-tests.nobackend/edns1/command index dcec1692b7..c49ffe118b 100755 --- a/regression-tests.nobackend/edns1/command +++ b/regression-tests.nobackend/edns1/command @@ -26,7 +26,7 @@ bindwait () $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=edns-packet-cache/named.conf \ - --send-root-referral --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & + --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & bindwait timeout 5 ./edns1/test-edns.py diff --git a/regression-tests.nobackend/lua-policy/command b/regression-tests.nobackend/lua-policy/command index 927aea2f09..595de06154 100755 --- a/regression-tests.nobackend/lua-policy/command +++ b/regression-tests.nobackend/lua-policy/command @@ -29,7 +29,7 @@ rm -f pdns*.pid $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=lua-policy/named.conf \ --experimental-lua-policy-script=lua-policy/policy.lua \ - --send-root-referral --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & + --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & bindwait # plain SOA query diff --git a/regression-tests.nobackend/negcache-tests-dotted-cname/command b/regression-tests.nobackend/negcache-tests-dotted-cname/command index 9f1e91b5b9..4ff317e169 100755 --- a/regression-tests.nobackend/negcache-tests-dotted-cname/command +++ b/regression-tests.nobackend/negcache-tests-dotted-cname/command @@ -10,7 +10,7 @@ rm -f pdns*.pid $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind,pipe --bind-config=negcache-tests-dotted-cname/named.conf \ --pipe-command=negcache-tests-dotted-cname/pipe.py \ - --send-root-referral --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & + --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & sleep 3 diff --git a/regression-tests.nobackend/soa-edit/pdns.conf b/regression-tests.nobackend/soa-edit/pdns.conf index 9b53ddd7d1..ab206c786d 100644 --- a/regression-tests.nobackend/soa-edit/pdns.conf +++ b/regression-tests.nobackend/soa-edit/pdns.conf @@ -2,7 +2,6 @@ daemon=no local-port=5502 socket-dir=./ no-shuffle -send-root-referral cache-ttl=0 query-cache-ttl=0 module-dir=../regression-tests/modules diff --git a/regression-tests.nobackend/supermaster-signed/command b/regression-tests.nobackend/supermaster-signed/command index b8c23bb1ca..5c88e5a2df 100755 --- a/regression-tests.nobackend/supermaster-signed/command +++ b/regression-tests.nobackend/supermaster-signed/command @@ -84,7 +84,7 @@ start_master() { $RUNWRAPPER $PDNS --daemon=no --local-port=$port --config-dir=. --module-dir=../regression-tests/modules \ --config-name=gsqlite3-master --socket-dir=./ --no-shuffle \ - --send-root-referral --master=yes --local-address=127.0.0.1 --local-ipv6='' \ + --master=yes --local-address=127.0.0.1 --local-ipv6='' \ --query-local-address=127.0.0.1 --cache-ttl=$cachettl --dname-processing --allow-axfr-ips= & } @@ -94,7 +94,7 @@ start_slave() $RUNWRAPPER $PDNS2 --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \ --config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 --local-ipv6='' \ - --send-root-referral --slave --retrieval-threads=4 --slave=yes --query-local-address=127.0.0.2 \ + --slave --retrieval-threads=4 --slave=yes --query-local-address=127.0.0.2 \ --slave-cycle-interval=300 --allow-unsigned-notify=no --allow-unsigned-supermaster=no & } diff --git a/regression-tests.nobackend/supermaster-unsigned/command b/regression-tests.nobackend/supermaster-unsigned/command index ed4551e660..1e9f0c7faa 100755 --- a/regression-tests.nobackend/supermaster-unsigned/command +++ b/regression-tests.nobackend/supermaster-unsigned/command @@ -75,7 +75,7 @@ start_master() { $RUNWRAPPER $PDNS --daemon=no --local-port=$port --config-dir=. --module-dir=../regression-tests/modules \ --config-name=gsqlite3-master --socket-dir=./ --no-shuffle \ - --send-root-referral --master=yes --local-address=127.0.0.1 --local-ipv6= \ + --master=yes --local-address=127.0.0.1 --local-ipv6= \ --query-local-address=127.0.0.1 --cache-ttl=$cachettl --dname-processing --allow-axfr-ips= & } @@ -85,7 +85,7 @@ start_slave() $RUNWRAPPER $PDNS2 --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \ --config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 --local-ipv6= \ - --send-root-referral --slave --retrieval-threads=4 --slave=yes --query-local-address=127.0.0.2 \ + --slave --retrieval-threads=4 --slave=yes --query-local-address=127.0.0.2 \ --slave-cycle-interval=300 --dname-processing & } diff --git a/regression-tests/README.md b/regression-tests/README.md index a9d1fcc5be..d02e0372de 100644 --- a/regression-tests/README.md +++ b/regression-tests/README.md @@ -81,7 +81,7 @@ Run PowerDNS as (to test gmysql): ``` $ ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \ --no-shuffle --launch=gmysql --gmysql-dbname=pdnstest --gmysql-user=root \ ---fancy-records --query-logging --send-root-referral --loglevel=9 \ +--fancy-records --query-logging --loglevel=9 \ --cache-ttl=0 --no-config ``` @@ -89,7 +89,7 @@ or (to test bind, without DNSSEC): ``` $ ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=./named.conf \ ---fancy-records --query-logging --send-root-referral --loglevel=9 \ +--fancy-records --query-logging --loglevel=9 \ --cache-ttl=0 --no-config ``` @@ -99,7 +99,7 @@ or (to test bind with DNSSEC): $ ./bind-dnssec-setup $ ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=./named.conf \ ---query-logging --send-root-referral --loglevel=9 \ +--query-logging --loglevel=9 \ --cache-ttl=0 --no-config ``` @@ -115,7 +115,7 @@ echo 'analyze;' | sqlite3 powerdns.sqlite3 $ ../pdns/pdns_server --daemon=no --local-port=5300 --socket-dir=./ \ --no-shuffle --launch=gsqlite3 \ --gsqlite3-database=./powerdns.sqlite3 --gsqlite3-dnssec \ ---query-logging --send-root-referral --loglevel=9 \ +--query-logging --loglevel=9 \ --cache-ttl=0 --no-config ``` diff --git a/regression-tests/tests/bind-add-zone/stress/run.sh b/regression-tests/tests/bind-add-zone/stress/run.sh index 5a370a7294..b6fe8c7770 100755 --- a/regression-tests/tests/bind-add-zone/stress/run.sh +++ b/regression-tests/tests/bind-add-zone/stress/run.sh @@ -90,8 +90,7 @@ grep '^host' example.com | grep -e 'IN\s*A' | \ $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=./named.conf \ - --fancy-records --send-root-referral \ - --cache-ttl=0 --no-config & + --fancy-records --cache-ttl=0 --no-config & bindwait DNSPERF=$DNSPERF port=$port ./add-zone/stress/dnsperf.sh &