]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Fri, 20 Jan 2023 15:07:48 +0000 (16:07 +0100)]
Merge pull request #12421 from rgacogne/ddist-skip-invalid-ocsp
dnsdist: Skip invalid OCSP files after issuing a warning
Otto Moerbeek [Fri, 20 Jan 2023 12:04:59 +0000 (13:04 +0100)]
Merge pull request #12431 from fredmorcos/gh-actions-docs
Migration of CircleCI documentation generation and upload to Github Actions
Otto Moerbeek [Fri, 20 Jan 2023 11:52:07 +0000 (12:52 +0100)]
Merge pull request #12443 from omoerbeek/rec-prep-4.8.1
rec: Prep for rec-4.8.1
Otto Moerbeek [Wed, 18 Jan 2023 08:55:43 +0000 (09:55 +0100)]
Prep for rec-4.8.1
Remi Gacogne [Fri, 20 Jan 2023 11:36:08 +0000 (12:36 +0100)]
Merge pull request #12439 from rgacogne/fix-dnsreplay-man
dnsreplay: Fix formatting in the man page
Remi Gacogne [Fri, 20 Jan 2023 11:00:10 +0000 (12:00 +0100)]
libssl: Use decltype(&SSL_CTX_free) as suggested by Fred
Remi Gacogne [Mon, 16 Jan 2023 14:28:02 +0000 (15:28 +0100)]
dnsdist: Skip invalid OCSP files after issuing a warning
Contrary to certificates and keys, OCSP files are never required to
provide a working DoT or DoH service, so it's better to start even
if would not load all, or any, OCSP files.
Remi Gacogne [Fri, 20 Jan 2023 10:54:05 +0000 (11:54 +0100)]
Merge pull request #12435 from rgacogne/ddist-failure-server-ctx
dnsdist: Gracefully handle a failure to create a TLS server context
Remi Gacogne [Fri, 20 Jan 2023 10:51:08 +0000 (11:51 +0100)]
dnsreplay: Fix formatting in the man page
Fred Morcos [Wed, 18 Jan 2023 15:38:42 +0000 (16:38 +0100)]
Remove unused CircleCI documentation generator and upload workflows
Fred Morcos [Tue, 17 Jan 2023 23:03:56 +0000 (00:03 +0100)]
Github Actions workflow to generate and upload documentation
Fred Morcos [Thu, 19 Jan 2023 08:50:35 +0000 (09:50 +0100)]
Fix heading of Documentation section under Compiling the Recursor
Fred Morcos [Tue, 17 Jan 2023 23:01:54 +0000 (00:01 +0100)]
docs/Makefiles: Whitespace cleanup
Fred Morcos [Tue, 17 Jan 2023 14:25:22 +0000 (15:25 +0100)]
tasks.py: Missing commas
Fred Morcos [Thu, 19 Jan 2023 08:43:22 +0000 (09:43 +0100)]
Gitignore: Add .venv
Remi Gacogne [Wed, 18 Jan 2023 15:43:25 +0000 (16:43 +0100)]
dnsdist: Use pdns::OpenSSL::error and decltype()
As suggested by Fred (thanks!).
Remi Gacogne [Wed, 18 Jan 2023 13:58:55 +0000 (14:58 +0100)]
dnsdist: Gracefully handle a failure to create a TLS server context
Otto Moerbeek [Wed, 18 Jan 2023 08:44:38 +0000 (09:44 +0100)]
Merge pull request #12425 from omoerbeek/rec-forward-nord
rec: Change the way RD=0 forwarded queries are handled.
Remi Gacogne [Wed, 18 Jan 2023 08:43:49 +0000 (09:43 +0100)]
Merge pull request #12428 from rgacogne/moved-credentials
credentials: Explicitly clear credentials once they have been moved
Remi Gacogne [Tue, 17 Jan 2023 16:52:09 +0000 (17:52 +0100)]
credentials: Explicitly clear credentials once they have been moved
Remi Gacogne [Tue, 17 Jan 2023 11:31:33 +0000 (12:31 +0100)]
Merge pull request #12415 from rgacogne/ddist-improv
dnsdist: Small improvements
Otto Moerbeek [Tue, 17 Jan 2023 09:00:30 +0000 (10:00 +0100)]
Change the way RD=0 forwarded queries are handled.
Since forever, there has been special case code for forwarded queries
in the RD=0 case. This special case code does a hardcoded RD=0
query to the specified forwarder. This code has two consequences:
1. Even if the forwarder is marked recursive it gets a RD=0 query
2. The cache is not consulted at all
The corresponding unit tests actually test this behaviour, but after
historic digging with help from @rgacogne it turns out the the unit
test do not reflect the desired functionality, but the current state
of affairs to help with a refactoring PR. That is good, since
refactoring should not change functionality.
But now the time has come to change the code to do the desired thing:
1. If an RD=0 query is received, do a cache only-lookup in all cases.
2. Never send a RD=0 query to a recursive forwarder
I already did a similar thing when I wrote the QName Minimization
code, introducing a conditional that only gets set for that case,
to avoid changing unrelated (to QM) functionality.
Remi Gacogne [Tue, 17 Jan 2023 08:53:53 +0000 (09:53 +0100)]
Merge pull request #12381 from rgacogne/fortify-3
Enable FORTIFY_SOURCE=3 when supported by the compiler
Otto Moerbeek [Tue, 17 Jan 2023 08:11:16 +0000 (09:11 +0100)]
Merge pull request #12420 from omoerbeek/rec-README
rec: README tweaks, .md does not know :program:`...`
Otto Moerbeek [Mon, 16 Jan 2023 15:15:09 +0000 (16:15 +0100)]
Merge pull request #12407 from omoerbeek/rec-ecs-chaining
rec: do not chain ecs enabled queries
Otto Moerbeek [Mon, 16 Jan 2023 15:06:15 +0000 (16:06 +0100)]
Merge pull request #12419 from omoerbeek/rec-close-fd-on-fdopen-fail
rec: negcache dump code: close fd on fdopen fail
Otto Moerbeek [Mon, 16 Jan 2023 14:24:15 +0000 (15:24 +0100)]
rec: README tweaks, .md does not know :program:`...`
Otto Moerbeek [Mon, 16 Jan 2023 14:15:30 +0000 (15:15 +0100)]
Merge pull request #12364 from rgacogne/rec-doc-compiling
rec: In compiling docs, warn about the GH tarballs, add deps from README
Otto Moerbeek [Mon, 16 Jan 2023 14:10:22 +0000 (15:10 +0100)]
Merge pull request #12396 from omoerbeek/stringerror-thread-safe
Introduce a thread-safe version of stringerror()
Otto Moerbeek [Mon, 16 Jan 2023 13:25:11 +0000 (14:25 +0100)]
Close fd on fdopen fail.
Originally suggested by @rgacogne, but not included in the merge of #12374
somehow.
Remi Gacogne [Mon, 16 Jan 2023 08:52:52 +0000 (09:52 +0100)]
Merge pull request #12412 from fredmorcos/openssl3-tls-mac
OpenSSL 3.0: TLS MAC handling
Remi Gacogne [Mon, 16 Jan 2023 08:51:28 +0000 (09:51 +0100)]
Merge pull request #12416 from Habbie/variable-mirror
build-and-test-all: add functionality to quickly switch ubuntu mirrors
Peter van Dijk [Fri, 13 Jan 2023 10:06:14 +0000 (11:06 +0100)]
build-and-test-all: add functionality to quickly switch ubuntu mirrors
Remi Gacogne [Fri, 13 Jan 2023 15:51:01 +0000 (16:51 +0100)]
Merge pull request #12405 from rgacogne/ddist-frontend-responses
dnsdist: Proper accounting of response and cache hits
Remi Gacogne [Fri, 13 Jan 2023 15:50:24 +0000 (16:50 +0100)]
Merge pull request #12386 from rgacogne/single-doh-acceptor
dnsdist: Merge the 'main' and 'client' DoH threads in single acceptor mode
Remi Gacogne [Fri, 13 Jan 2023 14:40:17 +0000 (15:40 +0100)]
Merge pull request #12384 from rgacogne/ddist-cap-ttl
dnsdist: Add the ability to cap the TTL of records after insertion into the cache
Remi Gacogne [Fri, 13 Jan 2023 13:02:09 +0000 (14:02 +0100)]
dnsdist: Add more unit tests for the packet overlay
Remi Gacogne [Fri, 13 Jan 2023 09:25:41 +0000 (10:25 +0100)]
m4: Fix interleaved output during `FORTIFY_SOURCE` detection
Remi Gacogne [Fri, 13 Jan 2023 08:32:12 +0000 (09:32 +0100)]
Merge pull request #12411 from fredmorcos/openssl3-ipcipher-ca6-crypto
Support OpenSSL 3.0 for ipcipher CA6 encryption/decryption
Fred Morcos [Mon, 9 Jan 2023 12:56:37 +0000 (13:56 +0100)]
OpenSSL 3.0: TLS MAC handling
Fred Morcos [Mon, 9 Jan 2023 11:33:34 +0000 (12:33 +0100)]
libssl: Cleanup TLS-related code
Fred Morcos [Mon, 9 Jan 2023 11:31:21 +0000 (12:31 +0100)]
libssl: Formatting TLS-related code
Remi Gacogne [Thu, 12 Jan 2023 15:01:50 +0000 (16:01 +0100)]
dnsdist: Appease the formatting gods
Remi Gacogne [Thu, 12 Jan 2023 14:56:58 +0000 (15:56 +0100)]
Merge pull request #12403 from rgacogne/spell-allow-eaca
spell-checker: Allow EACA (from the PGP public keys in the docs)
Remi Gacogne [Thu, 12 Jan 2023 14:55:32 +0000 (15:55 +0100)]
dnsdist: Use smaller event buffers in our socket multiplexers
Remi Gacogne [Thu, 12 Jan 2023 14:50:40 +0000 (15:50 +0100)]
dnsdist: Silence a warning about an unused variable in discovery.cc
Remi Gacogne [Thu, 12 Jan 2023 14:49:56 +0000 (15:49 +0100)]
dnsdist: Remove a duplicated ';' in dnsdist-lua-actions.cc
Remi Gacogne [Thu, 12 Jan 2023 14:49:03 +0000 (15:49 +0100)]
credentials: Add more unit tests
Fred Morcos [Thu, 3 Nov 2022 09:21:03 +0000 (10:21 +0100)]
OpenSSL 3.0: decryptCA6
Fred Morcos [Thu, 3 Nov 2022 08:03:52 +0000 (09:03 +0100)]
OpenSSL 3.0: encryptCA6
Remi Gacogne [Mon, 9 Jan 2023 16:26:53 +0000 (17:26 +0100)]
spell-checker: Allow prometheus values
Remi Gacogne [Mon, 9 Jan 2023 16:26:34 +0000 (17:26 +0100)]
dnsdist: Fix a typo in the prometheus type
Remi Gacogne [Mon, 9 Jan 2023 16:19:46 +0000 (17:19 +0100)]
dnsdist: Update the prometheus sample in the documentation
It was very old and not up-to-date.
Remi Gacogne [Mon, 9 Jan 2023 16:17:21 +0000 (17:17 +0100)]
dnsdist: Only record one hit or miss per query in the cache metrics
The scope-zero feature and the DoH paths can actually do more than
one lookup per query, and until now this led to an increase of the
per-cache metric for every lookup, while the global `cache-hits`
and `cache-misses` metrics were only updated once per query.
This has led to several questions and misunderstandings, so we now
only update the per-cache metrics once per query as well.
Remi Gacogne [Mon, 9 Jan 2023 16:15:03 +0000 (17:15 +0100)]
dnsdist: Properly record cache-hits as responses
For a very long time we have not been adding cache-hits to the
responses counter, which is wrong. Let's fix it now.
Fred Morcos [Wed, 11 Jan 2023 14:59:19 +0000 (15:59 +0100)]
Cleanup ipcipher.hh
Remi Gacogne [Sat, 2 Jul 2022 14:09:56 +0000 (16:09 +0200)]
dnsdist: Merge the 'main' and 'client' DoH threads
When we are in "single acceptor thread" mode, merge the 'main' and
'client' DoH threads into a single one. We use separate threads to
reduce the separate the handling of the HTTP/2 traffic from the DNS
handling, to reduce latency, but that does not really make sense on
small devices with a single, limited CPU core. On these we prefer
using as few threads as possible to reduce the context switches and
the memory usage.
Remi Gacogne [Fri, 2 Dec 2022 14:29:45 +0000 (15:29 +0100)]
dnsdist: Remove ttlCapTypes from the internal state
Remi Gacogne [Fri, 24 Jun 2022 13:50:10 +0000 (15:50 +0200)]
dnsdist: Use unordered sets to speed things up a bit
Remi Gacogne [Fri, 11 Feb 2022 14:34:26 +0000 (15:34 +0100)]
dnsdist: Implement the ability to cap TTLs for some record types only
Remi Gacogne [Wed, 12 Jan 2022 13:58:34 +0000 (14:58 +0100)]
dnsdist: Add MaxReturnedTTLResponseAction to cap the TTL after packet cache
Remi Gacogne [Wed, 11 Jan 2023 13:14:11 +0000 (14:14 +0100)]
Merge pull request #12383 from rgacogne/ddist-stronger-udp-path
dnsdist: Stronger guarantees against data race in the UDP path
Remi Gacogne [Wed, 11 Jan 2023 13:13:28 +0000 (14:13 +0100)]
Merge pull request #12401 from fredmorcos/openssl-3-prep
Openssl 3 prep work
Remi Gacogne [Wed, 11 Jan 2023 11:31:59 +0000 (12:31 +0100)]
dnsdist: Really fix the formatting this time
Remi Gacogne [Wed, 11 Jan 2023 11:30:29 +0000 (12:30 +0100)]
dnsdist: Fix formatting
Remi Gacogne [Wed, 11 Jan 2023 11:27:23 +0000 (12:27 +0100)]
dnsdist: Apply suggestions from Otto's code review (thanks!)
Remi Gacogne [Fri, 6 Jan 2023 10:56:34 +0000 (11:56 +0100)]
dnsdist: Set a proper HTTP error code on Proxy Protocol failure
Remi Gacogne [Wed, 28 Sep 2022 15:21:16 +0000 (17:21 +0200)]
dnsdist: Stronger guarantees against data race in the UDP path
Remi Gacogne [Wed, 11 Jan 2023 10:20:36 +0000 (11:20 +0100)]
Merge pull request #12410 from rgacogne/unbreak-ci
CI: Work-around the "503 Service Unavailable" erros on azure.archive.ubuntu.com
Remi Gacogne [Wed, 11 Jan 2023 08:54:39 +0000 (09:54 +0100)]
Merge pull request #12402 from rgacogne/ddist-dq-time
dnsdist: Add bindings for the current and query times in DQ/DR
Remi Gacogne [Tue, 10 Jan 2023 08:37:23 +0000 (09:37 +0100)]
CI: Work-around the "503 Service Unavailable" erros on azure.archive.ubuntu.com
Remi Gacogne [Tue, 10 Jan 2023 16:21:48 +0000 (17:21 +0100)]
Merge pull request #12400 from rgacogne/ddist-reduce-ttl
dnsdist: Add SetReducedTTLResponseAction
Remi Gacogne [Mon, 9 Jan 2023 14:14:28 +0000 (15:14 +0100)]
dnsdist: Add Lua bindings for the current time and query time
Fred Morcos [Mon, 9 Jan 2023 14:49:09 +0000 (15:49 +0100)]
Print compiler version at the end of configure
Remi Gacogne [Tue, 10 Jan 2023 15:26:23 +0000 (16:26 +0100)]
dnsdist: Better description of SetReducedTTLResponseAction
Co-authored-by: Charles-Henri Bruyand <charleshenri.bruyand+github@gmail.com>
Fred Morcos [Tue, 3 Jan 2023 15:02:54 +0000 (16:02 +0100)]
Include failure message when creating DSRCs
Fred Morcos [Mon, 5 Dec 2022 14:32:26 +0000 (15:32 +0100)]
Lint cleanups of test-signers.cc
Fred Morcos [Wed, 9 Nov 2022 16:45:58 +0000 (17:45 +0100)]
OpenSSL signers test for getPubKeyHash()
Fred Morcos [Tue, 22 Nov 2022 15:55:07 +0000 (16:55 +0100)]
Cleanup DNSCryptoKeyEngine
Fred Morcos [Tue, 22 Nov 2022 09:55:14 +0000 (10:55 +0100)]
Print checkKey() error messages in signer tests
Fred Morcos [Tue, 22 Nov 2022 09:56:39 +0000 (10:56 +0100)]
Cleanup test_generic_signers in test-signers.cc
Fred Morcos [Tue, 11 Oct 2022 11:32:29 +0000 (13:32 +0200)]
Cleanup of ipcipher.cc
Fred Morcos [Fri, 30 Dec 2022 15:21:45 +0000 (16:21 +0100)]
Cleanup includes in misc.cc
Fred Morcos [Tue, 22 Nov 2022 11:18:47 +0000 (12:18 +0100)]
Add OpenSSL error handler
Remi Gacogne [Tue, 10 Jan 2023 14:40:24 +0000 (15:40 +0100)]
Merge pull request #12385 from rgacogne/ddist-ffi-metrics
dnsdist: Add a Lua FFI interface for metrics
Otto Moerbeek [Tue, 10 Jan 2023 14:05:43 +0000 (15:05 +0100)]
Reformat
Otto Moerbeek [Tue, 10 Jan 2023 13:42:41 +0000 (14:42 +0100)]
Better wording of reason to not chain ECS enabled queries
Co-authored-by: Remi Gacogne <github@coredump.fr>
Otto Moerbeek [Tue, 10 Jan 2023 13:41:46 +0000 (14:41 +0100)]
Typo in comment
Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Otto Moerbeek [Tue, 10 Jan 2023 13:27:27 +0000 (14:27 +0100)]
rec: do not chain ecs enabled queries.
asyncresolve() assumes the recieved ecs info corresponds to the one sent out.
Remi Gacogne [Tue, 10 Jan 2023 09:08:40 +0000 (10:08 +0100)]
Merge pull request #12387 from rgacogne/ddist-oom-udp
dnsdist: Handle out-of-memory exceptions in the UDP receiver thread
Otto Moerbeek [Mon, 9 Jan 2023 18:56:57 +0000 (19:56 +0100)]
Merge pull request #12399 from omoerbeek/rec-threadnames
rec: Name recursor threads consistently with a "rec/" prefix.
Otto Moerbeek [Mon, 9 Jan 2023 18:56:33 +0000 (19:56 +0100)]
Merge pull request #12392 from omoerbeek/bind-errno-cleanup
Be more careful saving errno in makeClientSocket() and closesocket()
Peter van Dijk [Mon, 9 Jan 2023 17:42:40 +0000 (18:42 +0100)]
Merge pull request #12367 from jsoref/pdns_control-ccounts-comma
Add missing comma to pdns_control ccounts
Remi Gacogne [Mon, 9 Jan 2023 14:19:59 +0000 (15:19 +0100)]
spell-checker: Allow EACA (from the PGP public keys in the docs)
Fred Morcos [Tue, 11 Oct 2022 11:32:15 +0000 (13:32 +0200)]
Formatting of various files like ipcipher and opensslsigners
Fred Morcos [Mon, 5 Dec 2022 09:04:06 +0000 (10:04 +0100)]
Relax clang-tidy regarding magic numbers
Fred Morcos [Mon, 5 Dec 2022 09:03:49 +0000 (10:03 +0100)]
Add _build dir to docs/.gitignore
Otto Moerbeek [Mon, 9 Jan 2023 12:19:28 +0000 (13:19 +0100)]
Name recursor threads consistently with a "rec/" prefix.
Use thread names without capitals, as they look a bit ugly otherwise.
Threads started by libfstrm are not named, as they are created internally by the lib.
Partly supsersedes #11138
Remi Gacogne [Mon, 9 Jan 2023 11:17:44 +0000 (12:17 +0100)]
Merge pull request #12397 from rgacogne/fix-cachecleaner
cachecleaner: Add cmath, needed for std::ceil and std::round
Otto Moerbeek [Mon, 9 Jan 2023 09:22:19 +0000 (10:22 +0100)]
Introduce a thread-safe version of stringerror()
It turns out we already have the code, so call it.