From: Remi Gacogne Date: Wed, 20 Jan 2021 09:45:15 +0000 (+0100) Subject: dnsdist: Replace offensive terms in our code and documentation X-Git-Tag: dnsdist-1.6.0-alpha1~21^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9993%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Replace offensive terms in our code and documentation --- diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index 5183140487..bd072a417d 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -608,7 +608,7 @@ const std::vector g_consoleKeywords{ { "SkipCacheAction", true, "", "Don’t lookup the cache for this query, don’t store the answer" }, { "SkipCacheResponseAction", true, "", "Don’t store this response into the cache" }, { "SNIRule", true, "name", "Create a rule which matches on the incoming TLS SNI value, if any (DoT or DoH)" }, - { "snmpAgent", true, "enableTraps [, masterSocket]", "enable `SNMP` support. `enableTraps` is a boolean indicating whether traps should be sent and `masterSocket` an optional string specifying how to connect to the master agent"}, + { "snmpAgent", true, "enableTraps [, daemonSocket]", "enable `SNMP` support. `enableTraps` is a boolean indicating whether traps should be sent and `daemonSocket` an optional string specifying how to connect to the daemon agent"}, { "SNMPTrapAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the query description"}, { "SNMPTrapResponseAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the response description"}, { "SpoofAction", true, "ip|list of ips [, options]", "forge a response with the specified IPv4 (for an A query) or IPv6 (for an AAAA). If you specify multiple addresses, all that match the query type (A, AAAA or ANY) will get spoofed in" }, diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 3ae46a3521..f59912ec5a 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1805,7 +1805,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) g_useTCPSinglePipe = flag; }); - luaCtx.writeFunction("snmpAgent", [client,configCheck](bool enableTraps, boost::optional masterSocket) { + luaCtx.writeFunction("snmpAgent", [client,configCheck](bool enableTraps, boost::optional daemonSocket) { if(client || configCheck) return; #ifdef HAVE_NET_SNMP @@ -1823,7 +1823,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) g_snmpEnabled = true; g_snmpTrapsEnabled = enableTraps; - g_snmpAgent = new DNSDistSNMPAgent("dnsdist", masterSocket ? *masterSocket : std::string()); + g_snmpAgent = new DNSDistSNMPAgent("dnsdist", daemonSocket ? *daemonSocket : std::string()); #else errlog("NET SNMP support is required to use snmpAgent()"); g_outputBuffer="NET SNMP support is required to use snmpAgent()\n"; diff --git a/pdns/dnsdist-snmp.cc b/pdns/dnsdist-snmp.cc index 3d79859fe1..fdfba56668 100644 --- a/pdns/dnsdist-snmp.cc +++ b/pdns/dnsdist-snmp.cc @@ -546,7 +546,7 @@ bool DNSDistSNMPAgent::sendDNSTrap(const DNSQuestion& dq, const std::string& rea #endif /* HAVE_NET_SNMP */ } -DNSDistSNMPAgent::DNSDistSNMPAgent(const std::string& name, const std::string& masterSocket): SNMPAgent(name, masterSocket) +DNSDistSNMPAgent::DNSDistSNMPAgent(const std::string& name, const std::string& daemonSocket): SNMPAgent(name, daemonSocket) { #ifdef HAVE_NET_SNMP diff --git a/pdns/dnsdist-snmp.hh b/pdns/dnsdist-snmp.hh index d98870ff59..3ccde7802b 100644 --- a/pdns/dnsdist-snmp.hh +++ b/pdns/dnsdist-snmp.hh @@ -30,7 +30,7 @@ class DNSDistSNMPAgent; class DNSDistSNMPAgent: public SNMPAgent { public: - DNSDistSNMPAgent(const std::string& name, const std::string& masterSocket); + DNSDistSNMPAgent(const std::string& name, const std::string& daemonSocket); bool sendBackendStatusChangeTrap(const std::shared_ptr&); bool sendCustomTrap(const std::string& reason); bool sendDNSTrap(const DNSQuestion&, const std::string& reason=""); diff --git a/pdns/dnsdistdist/docs/advanced/axfr.rst b/pdns/dnsdistdist/docs/advanced/axfr.rst index 4d9372a81a..b74fff93f4 100644 --- a/pdns/dnsdistdist/docs/advanced/axfr.rst +++ b/pdns/dnsdistdist/docs/advanced/axfr.rst @@ -1,19 +1,19 @@ AXFR, IXFR and NOTIFY ===================== -When :program:`dnsdist` is deployed in front of a master authoritative server, it might receive -AXFR or IXFR queries destined to this master. There are two issues that can arise in this kind of setup: +When :program:`dnsdist` is deployed in front of a primary authoritative server, it might receive +AXFR or IXFR queries destined to this primary. There are two issues that can arise in this kind of setup: -- If the master is part of a pool of servers, the first `SOA` query can be directed +- If the primary is part of a pool of servers, the first `SOA` query can be directed by :program:`dnsdist` to a different server than the following AXFR/IXFR one, which might fail if the servers are not perfectly synchronised. -- If the master only allows AXFR/IXFR based on the source address of the requestor, +- If the primary only allows AXFR/IXFR based on the source address of the requestor, it might be confused by the fact that the source address will be the one from the :program:`dnsdist` server. -The first issue can be solved by routing SOA, AXFR and IXFR requests explicitly to the master:: +The first issue can be solved by routing SOA, AXFR and IXFR requests explicitly to the primary:: - newServer({address="192.168.1.2", name="master", pool={"master", "otherpool"}}) - addAction(OrRule({QTypeRule(DNSQType.SOA), QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), PoolAction("master")) + newServer({address="192.168.1.2", name="primary", pool={"primary", "otherpool"}}) + addAction(OrRule({QTypeRule(DNSQType.SOA), QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), PoolAction("primary")) The second one might require allowing AXFR/IXFR from the :program:`dnsdist` source address and moving the source address check to :program:`dnsdist`'s side:: @@ -24,10 +24,10 @@ and moving the source address check to :program:`dnsdist`'s side:: Before 1.4.0, the QTypes were in the ``dnsdist`` namespace. Use ``dnsdist.AXFR`` and ``dnsdist.IXFR`` in these versions. Before 1.4.0, the RCodes were in the ``dnsdist`` namespace. Use ``dnsdist.REFUSED`` in these versions. -When :program:`dnsdist` is deployed in front of slaves, however, an issue might arise with NOTIFY -queries, because the slave will receive a notification coming from the :program:`dnsdist` address, -and not the master's one. One way to fix this issue is to allow NOTIFY from the :program:`dnsdist` -address on the slave side (for example with PowerDNS's `trusted-notification-proxy`) and move the address +When :program:`dnsdist` is deployed in front of secondaries, however, an issue might arise with NOTIFY +queries, because the secondary will receive a notification coming from the :program:`dnsdist` address, +and not the primary's one. One way to fix this issue is to allow NOTIFY from the :program:`dnsdist` +address on the secondary side (for example with PowerDNS's `trusted-notification-proxy`) and move the address check to :program:`dnsdist`'s side:: addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("192.168.1.0/24"))}), RCodeAction(DNSRCode.REFUSED)) diff --git a/pdns/dnsdistdist/docs/changelog.rst b/pdns/dnsdistdist/docs/changelog.rst index 6c341b206a..cfccab1bc6 100644 --- a/pdns/dnsdistdist/docs/changelog.rst +++ b/pdns/dnsdistdist/docs/changelog.rst @@ -2045,7 +2045,7 @@ Changelog :pullreq: 5328 :tickets: 5327 - Handle SNMP alarms so we can reconnect to the master. + Handle SNMP alarms so we can reconnect to the daemon. .. change:: :tags: New Features diff --git a/pdns/dnsdistdist/docs/reference/snmp.rst b/pdns/dnsdistdist/docs/reference/snmp.rst index 3f9247f660..ee411c9164 100644 --- a/pdns/dnsdistdist/docs/reference/snmp.rst +++ b/pdns/dnsdistdist/docs/reference/snmp.rst @@ -4,12 +4,12 @@ SNMP reporting .. versionadded:: 1.2.0 -.. function:: snmpAgent(enableTraps [, masterSocket]) +.. function:: snmpAgent(enableTraps [, daemonSocket]) Enable SNMP support. :param bool enableTraps: Indicates whether traps should be sent - :param string masterSocket: A string specifying how to connect to the master agent. This is a file path to a unix socket, but e.g. ``tcp:localhost:705`` can be used as well. By default, SNMP agent's default socket is used. + :param string daemonSocket: A string specifying how to connect to the daemon agent. This is a file path to a unix socket, but e.g. ``tcp:localhost:705`` can be used as well. By default, SNMP agent's default socket is used. .. function:: sendCustomTrap(message) diff --git a/pdns/snmp-agent.cc b/pdns/snmp-agent.cc index 0ac33ed8bb..4b2bc6b027 100644 --- a/pdns/snmp-agent.cc +++ b/pdns/snmp-agent.cc @@ -161,15 +161,15 @@ void SNMPAgent::worker() #endif /* HAVE_NET_SNMP */ } -SNMPAgent::SNMPAgent(const std::string& name, const std::string& masterSocket) +SNMPAgent::SNMPAgent(const std::string& name, const std::string& daemonSocket) { #ifdef HAVE_NET_SNMP netsnmp_enable_subagent(); snmp_disable_log(); - if (!masterSocket.empty()) { + if (!daemonSocket.empty()) { netsnmp_ds_set_string(NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_X_SOCKET, - masterSocket.c_str()); + daemonSocket.c_str()); } /* no need to load any MIBS, and it causes import errors if some modules are not present */ @@ -179,7 +179,7 @@ SNMPAgent::SNMPAgent(const std::string& name, const std::string& masterSocket) /* we use select() so don't use SIGALARM to handle alarms. Note that we need to handle alarms for automatic reconnection - to the master to work. + to the daemon to work. */ netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_ALARM_DONT_USE_SIG, diff --git a/pdns/snmp-agent.hh b/pdns/snmp-agent.hh index db8d44559f..e4ba13420d 100644 --- a/pdns/snmp-agent.hh +++ b/pdns/snmp-agent.hh @@ -20,7 +20,7 @@ class SNMPAgent { public: - SNMPAgent(const std::string& name, const std::string& masterSocket); + SNMPAgent(const std::string& name, const std::string& daemonSocket); virtual ~SNMPAgent() { #ifdef HAVE_NET_SNMP diff --git a/regression-tests.dnsdist/snmpd.conf b/regression-tests.dnsdist/snmpd.conf index de490f6bc3..f2037bc872 100644 --- a/regression-tests.dnsdist/snmpd.conf +++ b/regression-tests.dnsdist/snmpd.conf @@ -1,8 +1,8 @@ -# act as an Agent X master so that dnsdist can export SNMP statistics +# act as an Agent X daemon so that dnsdist can export SNMP statistics master agentx -# allow dnsdist to connect to the Agent X master socket +# allow dnsdist to connect to the Agent X daemon socket agentxperms 0700 0755 dnsdist # SNMPv2c community diff --git a/regression-tests.dnsdist/test_DynBlocks.py b/regression-tests.dnsdist/test_DynBlocks.py index 5b174e703c..c7abead05a 100644 --- a/regression-tests.dnsdist/test_DynBlocks.py +++ b/regression-tests.dnsdist/test_DynBlocks.py @@ -822,19 +822,19 @@ class TestDynBlockServFails(DynBlocksTest): name = 'servfailrate.dynblocks.tests.powerdns.com.' self.doTestRCodeRate(name, dns.rcode.SERVFAIL) -class TestDynBlockWhitelist(DynBlocksTest): +class TestDynBlockAllowlist(DynBlocksTest): _dynBlockQPS = 10 _dynBlockPeriod = 2 _dynBlockDuration = 5 _config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_testServerPort'] _config_template = """ - whitelisted = false + allowlisted = false function maintenance() toBlock = exceedQRate(%d, %d) for addr, count in pairs(toBlock) do if addr:toString() == "127.0.0.1" then - whitelisted = true + allowlisted = true toBlock[addr] = nil end end @@ -842,23 +842,23 @@ class TestDynBlockWhitelist(DynBlocksTest): end function spoofrule(dq) - if (whitelisted) + if (allowlisted) then return DNSAction.Spoof, "192.0.2.42" else return DNSAction.None, "" end end - addAction("whitelisted-test.dynblocks.tests.powerdns.com.", LuaAction(spoofrule)) + addAction("allowlisted-test.dynblocks.tests.powerdns.com.", LuaAction(spoofrule)) newServer{address="127.0.0.1:%s"} """ - def testWhitelisted(self): + def testAllowlisted(self): """ - Dyn Blocks: Whitelisted from the dynamic blocks + Dyn Blocks: Allowlisted from the dynamic blocks """ - name = 'whitelisted.dynblocks.tests.powerdns.com.' + name = 'allowlisted.dynblocks.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN') response = dns.message.make_response(query) rrset = dns.rrset.from_text(name, @@ -895,8 +895,8 @@ class TestDynBlockWhitelist(DynBlocksTest): self.assertEquals(query, receivedQuery) self.assertEquals(receivedResponse, receivedResponse) - # check that we would have been blocked without the whitelisting - name = 'whitelisted-test.dynblocks.tests.powerdns.com.' + # check that we would have been blocked without the allowlisting + name = 'allowlisted-test.dynblocks.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN') # dnsdist set RA = RD for spoofed responses query.flags &= ~dns.flags.RD