]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto Moerbeek [Mon, 6 Apr 2020 10:29:00 +0000 (12:29 +0200)]
Merge pull request #9000 from krionbsd/warns
Fix warnings with llvm10 and -Wrange-loop-construct
Kirill Ponomarev [Mon, 6 Apr 2020 09:26:45 +0000 (11:26 +0200)]
Update pdns/dnssecinfra.cc
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Kirill Ponomarev [Mon, 6 Apr 2020 09:26:37 +0000 (11:26 +0200)]
Update pdns/dnssecinfra.cc
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Peter van Dijk [Mon, 6 Apr 2020 08:20:39 +0000 (10:20 +0200)]
move github issue template config.yml to right path
Peter van Dijk [Mon, 6 Apr 2020 08:03:54 +0000 (10:03 +0200)]
Merge pull request #9002 from Habbie/issues-new-choose
docs: link to GitHub issue template chooser
Peter van Dijk [Mon, 6 Apr 2020 07:53:28 +0000 (09:53 +0200)]
github: disable blank issues
Peter van Dijk [Mon, 6 Apr 2020 07:51:27 +0000 (09:51 +0200)]
docs: link to GitHub issue template chooser
Peter van Dijk [Mon, 6 Apr 2020 07:55:42 +0000 (09:55 +0200)]
security: update email addresses
Remi Gacogne [Mon, 6 Apr 2020 07:35:32 +0000 (09:35 +0200)]
Merge pull request #8996 from rgacogne/ddist-drop-qr-unset-responses
dnsdist: Drop responses with the QR bit set to 0
krionbsd [Sun, 5 Apr 2020 21:04:53 +0000 (23:04 +0200)]
Fix warnings with llvm10 and -Wrange-loop-construct
Peter van Dijk [Sun, 5 Apr 2020 19:42:18 +0000 (21:42 +0200)]
Merge pull request #8977 from Habbie/ixfr-multiple-deltas
auth: avoid IXFR-in record duplication
Peter van Dijk [Fri, 27 Mar 2020 13:00:43 +0000 (14:00 +0100)]
fix IXFR-in record duplication issue by avoiding the query cache
Remi Gacogne [Fri, 3 Apr 2020 14:52:57 +0000 (16:52 +0200)]
dnsdist: Drop responses with the QR bit set to 0
Otto Moerbeek [Fri, 3 Apr 2020 12:21:36 +0000 (14:21 +0200)]
Merge pull request #8987 from omoerbeek/rec-fix-maxdepth-test
rec: fix referral unit test
Peter van Dijk [Fri, 3 Apr 2020 10:47:18 +0000 (12:47 +0200)]
Merge pull request #8991 from kpfleming/improve-metadata-api-docs
Improve specification for metadata API endpoint
Otto Moerbeek [Fri, 3 Apr 2020 09:26:18 +0000 (11:26 +0200)]
Better test setup and also log if we hit the limit
Kevin P. Fleming [Fri, 3 Apr 2020 00:38:32 +0000 (20:38 -0400)]
deleteMetadata returns 200 OK, not 204 No Content
Signed-off-by: Kevin P. Fleming <kevin@km6g.us>
Remi Gacogne [Thu, 2 Apr 2020 08:37:33 +0000 (10:37 +0200)]
Merge pull request #8985 from neheb/nbm
fix compilation without deprecated OpenSSL APIs
Kevin P. Fleming [Wed, 1 Apr 2020 12:06:18 +0000 (08:06 -0400)]
modifyMetadata returns the created object
Signed-off-by: Kevin P. Fleming <kevin@km6g.us>
Kevin P. Fleming [Wed, 1 Apr 2020 10:45:54 +0000 (06:45 -0400)]
Improve specification for metadata API endpoint
* createMetadata only accepts a single Metadata object, not an array
* getMetadata returns a single Metadata object, not an array
* add descriptions for metadata_kind parameters that were '???'
* note that modifyMetadata removes existing entries of the specified kind
Signed-off-by: Kevin P. Fleming <kevin@km6g.us>
Otto Moerbeek [Tue, 31 Mar 2020 09:16:13 +0000 (11:16 +0200)]
test_referral_depth is actually hitting the limit in doCNAMECacheCheck()
and not the generic depth limit. Use one less of referal to fix
that. Additionally, test and fix the non-limited case.
Peter van Dijk [Tue, 31 Mar 2020 08:11:43 +0000 (10:11 +0200)]
Merge pull request #8957 from Habbie/lua-test-resolve
auth LUA: add test for resolve() function
Rosen Penev [Mon, 30 Mar 2020 20:40:44 +0000 (13:40 -0700)]
fix compilation without deprecated OpenSSL APIs
This header is normally included with ssl.h.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Peter van Dijk [Mon, 30 Mar 2020 15:32:37 +0000 (17:32 +0200)]
Merge pull request #8975 from mind04/pdns-4.3.0-schema
auth: improve sql schema updates
Remi Gacogne [Fri, 27 Mar 2020 14:59:57 +0000 (15:59 +0100)]
Merge pull request #8976 from rgacogne/ddist-larger-incoming-buffer-dnscrypt
dnsdist: Accept UDP datagrams larger than 1500 bytes for DNSCrypt
Kees Monshouwer [Thu, 26 Mar 2020 21:16:30 +0000 (22:16 +0100)]
auth: remove beta2 schema files
Kees Monshouwer [Sat, 21 Mar 2020 20:41:17 +0000 (21:41 +0100)]
auth: improve sql schema updates
Remi Gacogne [Thu, 26 Mar 2020 17:50:43 +0000 (18:50 +0100)]
dnsdist: Accept UDP datagrams larger than 1500 bytes for DNSCrypt
Remi Gacogne [Thu, 26 Mar 2020 13:44:05 +0000 (14:44 +0100)]
Merge pull request #8974 from rgacogne/ddist-pmtu-dnscrypt
dnsdist: Keep accepting fragmented UDP datagrams on DNSCrypt binds
Remi Gacogne [Thu, 26 Mar 2020 10:47:54 +0000 (11:47 +0100)]
dnsdist: Keep accepting fragmented UDP datagrams on DNSCrypt binds
DNSCrypt pads its queries for privacy purposes, and thus requires
larger queries than plain DNS ones. Discarding fragmented datagrams
doesn't make sense in that case, and actually leads to a very
degraded service.
Pieter Lexis [Thu, 26 Mar 2020 10:35:08 +0000 (11:35 +0100)]
Merge pull request #8972 from Habbie/ubuntu-focal
builder: add ubuntu focal target
Remi Gacogne [Thu, 26 Mar 2020 09:20:41 +0000 (10:20 +0100)]
Merge pull request #8968 from rgacogne/ddist-doc-proxy-v2
rec/dnsdist: Document that we only support the version 2 of the Proxy Protocol
Peter van Dijk [Wed, 25 Mar 2020 11:06:08 +0000 (12:06 +0100)]
Merge pull request #8939 from RobinGeuze/fixNSEC3ForUnpublishedDNSKEYsProperly
Fix NSECx for unpublished DNSKEYs properly
Peter van Dijk [Wed, 25 Mar 2020 10:41:15 +0000 (11:41 +0100)]
builder: add ubuntu focal target
Pieter Lexis [Wed, 25 Mar 2020 08:26:29 +0000 (09:26 +0100)]
Merge pull request #8917 from Habbie/bind-packages-docs
auth docs: clarify absence/presence of pdns-backend-bind
Remi Gacogne [Wed, 25 Mar 2020 08:12:13 +0000 (09:12 +0100)]
Merge pull request #8971 from yantarou/layout_fix
Fix layout in the dnsdist Caching Responses guide
Jan Hilberath [Wed, 25 Mar 2020 05:55:37 +0000 (14:55 +0900)]
Fix layout in the dnsdist Caching Responses guide
Remi Gacogne [Tue, 24 Mar 2020 09:19:50 +0000 (10:19 +0100)]
Merge pull request #8962 from rgacogne/lmdb-safe-move-rvo
Remove a std::move() preventing Return-Value Optimization in lmdb-safe.cc
Remi Gacogne [Mon, 23 Mar 2020 15:56:50 +0000 (16:56 +0100)]
rec: Document that we only support the version 2 of the Proxy Protocol
Remi Gacogne [Mon, 23 Mar 2020 15:55:50 +0000 (16:55 +0100)]
dnsdist: Document that we only support the version 2 of the Proxy Protocol
Remi Gacogne [Mon, 23 Mar 2020 09:20:48 +0000 (10:20 +0100)]
Remove a std::move() preventing Return-Value Optimization in lmdb-safe.cc
Remi Gacogne [Mon, 23 Mar 2020 08:55:40 +0000 (09:55 +0100)]
Merge pull request #8955 from omoerbeek/dnsdist-string-view-amb
On OpenBSD string_view is both in boost and std
Remi Gacogne [Mon, 23 Mar 2020 08:33:22 +0000 (09:33 +0100)]
Merge pull request #8956 from pieterlexis/dnsdist-smt-remove
dnsdist: expose SuffixMatchNode::remove in Lua
Otto Moerbeek [Mon, 23 Mar 2020 07:12:33 +0000 (08:12 +0100)]
Proper include guard for OpenBSD and FreeBSD: std::string_ref is available there.
Peter van Dijk [Sat, 21 Mar 2020 20:19:18 +0000 (21:19 +0100)]
Merge pull request #8960 from kpfleming/fix-swagger-typo
Correct typo in Swagger specification
Kevin P. Fleming [Sat, 21 Mar 2020 20:10:23 +0000 (16:10 -0400)]
Correct typo in Swagger specification
Found when loading the spec into a validating parser :-)
Signed-off-by: Kevin P. Fleming <kevin@km6g.us>
Peter van Dijk [Fri, 20 Mar 2020 23:25:41 +0000 (00:25 +0100)]
Merge pull request #8916 from Habbie/lmdb-namespaces-fbsd
auth lmdb: avoid blanket std import; fixes #8872
Otto Moerbeek [Fri, 20 Mar 2020 16:18:22 +0000 (17:18 +0100)]
Include FreeBSD in conditional
Peter van Dijk [Mon, 9 Mar 2020 19:13:58 +0000 (20:13 +0100)]
auth docs: clarify absence/presence of pdns-backend-bind
Peter van Dijk [Fri, 20 Mar 2020 14:25:27 +0000 (15:25 +0100)]
auth LUA: add test for resolve() function
Otto Moerbeek [Fri, 20 Mar 2020 11:58:05 +0000 (12:58 +0100)]
On OpenBSD string_view is both in boost and std
Remi Gacogne [Fri, 20 Mar 2020 12:52:29 +0000 (13:52 +0100)]
Merge pull request #8953 from rgacogne/ddist-150a1
dnsdist: Update ChangeLog and secpoll for 1.5.0-alpha1
Pieter Lexis [Fri, 20 Mar 2020 12:44:40 +0000 (13:44 +0100)]
dnsdist: expose SuffixMatchNode::remove in Lua
Remi Gacogne [Fri, 20 Mar 2020 08:09:52 +0000 (09:09 +0100)]
Merge pull request #8952 from rgacogne/ddist-document-xpf-proxy
dnsdist: Add more documentation about XPF and the Proxy Protocol
Remi Gacogne [Fri, 20 Mar 2020 08:08:49 +0000 (09:08 +0100)]
Merge pull request #8954 from rgacogne/ddist-string-ref
dnsdist: Fix compilation issues with older boost::string_ref and string_view
Remi Gacogne [Thu, 19 Mar 2020 16:35:06 +0000 (17:35 +0100)]
dnsdist: Fix compilation issues with older boost::string_ref and string_view
Remi Gacogne [Thu, 19 Mar 2020 16:34:29 +0000 (17:34 +0100)]
dnsdist: Add missing changelog tags to the documentation
Remi Gacogne [Thu, 19 Mar 2020 16:12:02 +0000 (17:12 +0100)]
Update secpoll for dnsdist 1.5.0-alpha1
Remi Gacogne [Thu, 19 Mar 2020 16:11:33 +0000 (17:11 +0100)]
dnsdist: Update ChangeLog for 1.5.0-alpha1
Remi Gacogne [Thu, 19 Mar 2020 14:42:45 +0000 (15:42 +0100)]
dnsdist: Fix a broken reference in the documentation
Remi Gacogne [Thu, 19 Mar 2020 14:42:09 +0000 (15:42 +0100)]
dnsdist: Add more documentation about XPF and the Proxy Protocol
Remi Gacogne [Thu, 19 Mar 2020 12:46:31 +0000 (13:46 +0100)]
Merge pull request #8950 from rgacogne/ddist-warn-low-weight
dnsdist: Warn on startup about low weight values with chashed
Remi Gacogne [Thu, 19 Mar 2020 10:45:10 +0000 (11:45 +0100)]
Merge pull request #8945 from rgacogne/ddist-x-forwarded-for
dnsdist: Add support for the processing of X-Forwarded-For headers
Remi Gacogne [Thu, 19 Mar 2020 10:37:07 +0000 (11:37 +0100)]
dnsdist: Warn on startup about low weight values with chashed
Remi Gacogne [Thu, 19 Mar 2020 09:41:41 +0000 (10:41 +0100)]
Merge pull request #8923 from atoomic/daemon-reload
Reload systemctl service on updates
Remi Gacogne [Thu, 19 Mar 2020 08:58:36 +0000 (09:58 +0100)]
Merge pull request #8947 from rgacogne/ddist-doc-delay
dnsdist: Clarify how DelayResponseAction differs from DelayAction
Remi Gacogne [Thu, 19 Mar 2020 08:58:10 +0000 (09:58 +0100)]
Merge pull request #8948 from rgacogne/ddist-doc-set-smt-rule
dnsdist: Document DynBlockRulesGroup:setSuffixMatchRule
Remi Gacogne [Thu, 19 Mar 2020 08:56:32 +0000 (09:56 +0100)]
Merge pull request #8949 from rgacogne/ddist-doh-rotation-delay
dnsdist: Set the DoH ticket rotation delay before loading tickets
Remi Gacogne [Wed, 18 Mar 2020 16:47:49 +0000 (17:47 +0100)]
dnsdist: Set the DoH ticket rotation delay before loading tickets
Before that change, we could have loaded DoH STEK from a file without
properly setting the next rotation, causing a ticket rotation to
happen during the first TLS session establishment.
This can be prevented by setting `ticketsKeysRotationDelay=0`.
Remi Gacogne [Wed, 18 Mar 2020 15:35:52 +0000 (16:35 +0100)]
dnsdist: Document DynBlockRulesGroup:setSuffixMatchRule
Remi Gacogne [Wed, 18 Mar 2020 14:42:27 +0000 (15:42 +0100)]
dnsdist: Clarify how DelayResponseAction differs from DelayAction
Remi Gacogne [Wed, 18 Mar 2020 14:34:12 +0000 (15:34 +0100)]
Merge pull request #8927 from rgacogne/rec-rpz-tags
rec: Add custom tags to RPZ hits
Otto Moerbeek [Wed, 18 Mar 2020 14:33:33 +0000 (15:33 +0100)]
Merge pull request #8946 from omoerbeek/rec-buildbot-test
rec: test now uses rec_control, so supply location of the executable
Otto Moerbeek [Wed, 18 Mar 2020 14:22:49 +0000 (15:22 +0100)]
Test now uses rec_control, so supply location of the executable
Remi Gacogne [Wed, 18 Mar 2020 13:07:57 +0000 (14:07 +0100)]
dnsdist: Add support for the processing of X-Forwarded-For headers
aerique [Wed, 18 Mar 2020 11:54:02 +0000 (12:54 +0100)]
Merge pull request #8938 from Habbie/auth-4.3.0-rc2-docs
auth: secpoll&changelog for 4.3.0-rc2
Remi Gacogne [Tue, 17 Mar 2020 13:08:30 +0000 (14:08 +0100)]
rec: Only account RPZ truncation actions over UDP
Since they will be ignored over TCP anyway.
Remi Gacogne [Tue, 17 Mar 2020 10:12:52 +0000 (11:12 +0100)]
rec: Fix const-ness in DNSFilterEngine
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Tue, 17 Mar 2020 10:12:35 +0000 (11:12 +0100)]
rec: Fix const-ness in DNSFilterEngine
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Fri, 13 Mar 2020 14:33:47 +0000 (15:33 +0100)]
rec: Add custom tags to RPZ hits
This commit adds the possibility to set custom tags to a RPZ zone,
adding these tags to the policy ones (that can be set with Lua)
when a policy matches.
It does so by creating a new PolicyZoneData object that is shared
between the zone and all the policies that it holds, in order to
- avoid duplicating the name, priority and tags for each policy ;
- prevent a circular dependency between shared pointers for the zone
and its policies.
It also refactors the handling of RPZ policy hits in `startDoResolve()`
to remove some code duplication.
Remi Gacogne [Wed, 18 Mar 2020 08:43:14 +0000 (09:43 +0100)]
Merge pull request #8944 from Leo-Neat/master
Turning dry_run off for CIFuzz
Leo Neat [Tue, 17 Mar 2020 23:14:00 +0000 (16:14 -0700)]
Turning dry_run off for CIFuzz
Remi Gacogne [Tue, 17 Mar 2020 15:55:22 +0000 (16:55 +0100)]
Merge pull request #8874 from rgacogne/ddist-proxy-protocol
Add support for Proxy Protocol between dnsdist and the recursor
Nicolas R [Thu, 12 Mar 2020 16:48:39 +0000 (10:48 -0600)]
Reload systemctl service on install and updates
Fix GH #8922
Make sure systemd is reloading the updated definition
of a service on updates and first installation.
Robin Geuze [Tue, 17 Mar 2020 15:33:43 +0000 (16:33 +0100)]
Retab backends/bind-master and backends/gsql-common to prevent annoying indenting issues
Robin Geuze [Tue, 17 Mar 2020 08:59:26 +0000 (09:59 +0100)]
Proper fix for NSECx typemaps in the case of only unpublished DNSKEY's
Remi Gacogne [Mon, 16 Mar 2020 10:31:59 +0000 (11:31 +0100)]
rec: Clarify the behavior of the Proxy Protocol feature
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Mon, 16 Mar 2020 10:31:18 +0000 (11:31 +0100)]
rec: Fix a typo in the `proxy-protocol-from` documentation
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Mon, 16 Mar 2020 10:29:33 +0000 (11:29 +0100)]
Add fuzz_target_proxyprotocol to the git ignore list
Remi Gacogne [Fri, 13 Mar 2020 18:07:02 +0000 (19:07 +0100)]
Add a fuzzing target for the Proxy Protocol v2 parser
Remi Gacogne [Fri, 13 Mar 2020 15:58:29 +0000 (16:58 +0100)]
sdig: Document Proxy Protocol options
Remi Gacogne [Fri, 13 Mar 2020 15:52:37 +0000 (16:52 +0100)]
rec: Clarify interactions between 'allow-from' and the proxy protocol
Remi Gacogne [Fri, 13 Mar 2020 15:51:58 +0000 (16:51 +0100)]
rec: Apply Otto's suggestions made during code review
Remi Gacogne [Fri, 13 Mar 2020 15:39:21 +0000 (16:39 +0100)]
rec: Fix the version when for proxy protocol values were added to gettag
Remi Gacogne [Fri, 13 Mar 2020 15:38:24 +0000 (16:38 +0100)]
Fix Lua proxy protocol values syntax in the documentation
Remi Gacogne [Fri, 13 Mar 2020 15:34:48 +0000 (16:34 +0100)]
rec: Remove duplicate DNSQuestion:getPolicyTags() entry in the doc
Remi Gacogne [Fri, 13 Mar 2020 15:32:40 +0000 (16:32 +0100)]
Prevent an overflow of the proxy protocol header size
Remi Gacogne [Wed, 4 Mar 2020 13:03:32 +0000 (14:03 +0100)]
dnsdist: Only reuse an existing TCP connection if the same server was selected
Remi Gacogne [Tue, 3 Mar 2020 15:45:39 +0000 (16:45 +0100)]
dnsdist: Keep the TCP connection to a backend when there is no TLV
Remi Gacogne [Mon, 2 Mar 2020 16:17:46 +0000 (17:17 +0100)]
rec: Keep Proxy Protocol values between queries on the same connection