]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Fri, 22 Nov 2019 09:26:28 +0000 (10:26 +0100)]
Merge pull request #8538 from rgacogne/ddist-reduce-sholder-copies
Use move semantics when updating the content of the StateHolder
Remi Gacogne [Fri, 22 Nov 2019 09:26:12 +0000 (10:26 +0100)]
Merge pull request #8555 from krombel/doc_doh-over-http
[DOC dnsdist] Extend guide for DoH over HTTP
Peter van Dijk [Thu, 21 Nov 2019 09:07:32 +0000 (10:07 +0100)]
Merge pull request #8301 from Habbie/luasynth-db-state
auth: on luaSynth exception, drain db output. Fixes #8299
Remi Gacogne [Wed, 20 Nov 2019 16:36:48 +0000 (17:36 +0100)]
Merge pull request #8557 from rgacogne/ddist-140-changelog-secpoll
dnsdist: ChangeLog and secpoll update for dnsdist 1.4.0
Peter van Dijk [Wed, 20 Nov 2019 14:14:10 +0000 (15:14 +0100)]
Merge pull request #8536 from Habbie/fix-lmdb-backend
Fix lmdb backend
Peter van Dijk [Wed, 20 Nov 2019 14:01:58 +0000 (15:01 +0100)]
Otto Moerbeek [Wed, 20 Nov 2019 13:44:35 +0000 (14:44 +0100)]
Merge pull request #8560 from omoerbeek/rec-dup-error-handling
rec: check return value of dup() and avoid fd leak if if fdopen() fails
Otto Moerbeek [Wed, 20 Nov 2019 13:25:28 +0000 (14:25 +0100)]
Merge pull request #8559 from omoerbeek/rec-thread-startup-race
Avoid startup race by setting the state of a tread before starting it.
Peter van Dijk [Wed, 20 Nov 2019 13:20:31 +0000 (14:20 +0100)]
Peter van Dijk [Wed, 20 Nov 2019 13:18:34 +0000 (14:18 +0100)]
Peter van Dijk [Wed, 20 Nov 2019 13:11:01 +0000 (14:11 +0100)]
Peter van Dijk [Wed, 20 Nov 2019 13:08:42 +0000 (14:08 +0100)]
Otto Moerbeek [Wed, 20 Nov 2019 12:58:34 +0000 (13:58 +0100)]
Merge pull request #8561 from omoerbeek/rec-qname-min-not-experimental
QName Minimization is no longer experimental
Otto Moerbeek [Wed, 20 Nov 2019 12:53:01 +0000 (13:53 +0100)]
We have reasons to believe that QName Minimization is no longer experimental.
Otto Moerbeek [Wed, 20 Nov 2019 12:39:09 +0000 (13:39 +0100)]
Check return value of dup() and avoid fd leak if if fdopen() fails.
Otto Moerbeek [Wed, 20 Nov 2019 11:26:14 +0000 (12:26 +0100)]
Avoid startup race by setting the state of a tread before starting it.
Remi Gacogne [Wed, 20 Nov 2019 10:32:58 +0000 (11:32 +0100)]
dnsdist: ChangeLog and secpoll update for dnsdist 1.4.0
Krombel [Tue, 19 Nov 2019 14:56:49 +0000 (15:56 +0100)]
dnsdist: Add DoH behind reverse proxy (and http) to guide
Krombel [Tue, 19 Nov 2019 14:56:39 +0000 (15:56 +0100)]
dnsdist: Fix formatting on DoH guide
Otto Moerbeek [Tue, 19 Nov 2019 10:54:49 +0000 (11:54 +0100)]
Merge pull request #8525 from omoerbeek/rec-prune-failed-servers
Rec: Purge map of failed auths periodically by keeping a last changed timestamp.
Remi Gacogne [Tue, 19 Nov 2019 10:36:45 +0000 (11:36 +0100)]
Merge pull request #8540 from rgacogne/doh-guide
dnsdist: Add a DoH guide to the documentation.
Otto Moerbeek [Tue, 19 Nov 2019 09:03:17 +0000 (10:03 +0100)]
Avoid looking up an entry twice by using a ref.
Remi Gacogne [Tue, 19 Nov 2019 08:40:23 +0000 (09:40 +0100)]
dnsdist: Const-correctness for addAction() parameters
Otto Moerbeek [Mon, 18 Nov 2019 14:35:05 +0000 (15:35 +0100)]
Merge pull request #8532 from phonedph1/qnamecnt
rec: qname-minimization metrics
phonedph1 [Mon, 18 Nov 2019 14:26:15 +0000 (14:26 +0000)]
Point to correct reference
Peter van Dijk [Mon, 18 Nov 2019 12:03:12 +0000 (13:03 +0100)]
Merge pull request #8225 from smellyspice/ttl-fix-take2
timestamp TTL limiting to fix Issue #7439 - Take 2
Peter van Dijk [Mon, 18 Nov 2019 10:45:59 +0000 (11:45 +0100)]
Merge pull request #4628 from zeha/api-list-no-dnssec
API: do not return dnssec info in domain list
Remi Gacogne [Mon, 18 Nov 2019 10:16:48 +0000 (11:16 +0100)]
dnsdist: Fix a typo in the DoH guide
Remi Gacogne [Mon, 18 Nov 2019 09:13:08 +0000 (10:13 +0100)]
rec: Prevent copies when updating the State Holder
Remi Gacogne [Mon, 18 Nov 2019 09:12:46 +0000 (10:12 +0100)]
dnsdist: Prevent copies when updating the State Holder
Remi Gacogne [Mon, 18 Nov 2019 09:11:58 +0000 (10:11 +0100)]
Use move semantics when updating the content of the StateHolder
Peter van Dijk [Fri, 15 Nov 2019 15:50:42 +0000 (16:50 +0100)]
dnsdist: adjust lmdb usage for shared_ptr
Peter van Dijk [Fri, 15 Nov 2019 14:29:51 +0000 (15:29 +0100)]
auth api: after a db lookup, always finish the get cycle
Remi Gacogne [Fri, 15 Nov 2019 13:54:35 +0000 (14:54 +0100)]
Merge pull request #8524 from rgacogne/ddist-lowercase-dynblocksmt
dnsdist: Lowercase the name blocked by a SMT dynamic block
Peter van Dijk [Fri, 15 Nov 2019 13:02:30 +0000 (14:02 +0100)]
lmdbbackend: use nested transaction in list() when possible/needed
Peter van Dijk [Fri, 15 Nov 2019 12:01:24 +0000 (13:01 +0100)]
pdnsutil add/replace record: do not end transaction before we are done with it
Peter van Dijk [Fri, 15 Nov 2019 12:01:01 +0000 (13:01 +0100)]
lmdbbackend: use nested transaction in lookup() when possible/needed
phonedph1 [Thu, 14 Nov 2019 16:21:41 +0000 (16:21 +0000)]
consistent spelling
phonedph1 [Thu, 14 Nov 2019 15:54:01 +0000 (15:54 +0000)]
qname metrics
Pieter Lexis [Thu, 14 Nov 2019 11:37:20 +0000 (12:37 +0100)]
LMDB: Update lmdb-safe and make the backend compile
This updates lmdb-safe to
https://github.com/ahupowerdns/lmdb-safe/pull/6 at
7ce9a821412480c699ce73e85d8bbafa2a9535e5
Remi Gacogne [Thu, 14 Nov 2019 08:16:42 +0000 (09:16 +0100)]
Merge pull request #8531 from phonedph1/patch-18
dnsdist: Update dnsdist-console.cc
phonedph1 [Wed, 13 Nov 2019 21:38:58 +0000 (14:38 -0700)]
Update dnsdist-console.cc
Otto Moerbeek [Wed, 13 Nov 2019 14:03:42 +0000 (15:03 +0100)]
Merge pull request #8521 from omoerbeek/rec-quit-nicely-8347-retry
rec: Make threads run until asked to stop.
Otto Moerbeek [Wed, 13 Nov 2019 13:55:14 +0000 (14:55 +0100)]
Explicitly initialize RecursorControlChannel::stop
Otto Moerbeek [Wed, 13 Nov 2019 09:11:58 +0000 (10:11 +0100)]
ednsmap might be cleared while yielding; so reassign pointer.
Switch away from a ref to a pointer because of above and use modern
init for EDNSStatus.
Remi Gacogne [Wed, 13 Nov 2019 08:02:40 +0000 (09:02 +0100)]
Merge pull request #8522 from rgacogne/ddist-statnode-noerrors-drops
dnsdist: Add bindings for the noerrors and drops members of StatNode
Remi Gacogne [Wed, 13 Nov 2019 08:00:30 +0000 (09:00 +0100)]
Merge pull request #8526 from rgacogne/ddist-prefer-server-order
dnsdist: Prefer the cipher suite from the server by default (DoH, DoT)
Otto Moerbeek [Tue, 12 Nov 2019 16:00:44 +0000 (17:00 +0100)]
If modeSetAt is zero, we never updated the entry and it can go.
Otto Moerbeek [Tue, 12 Nov 2019 15:42:10 +0000 (16:42 +0100)]
Also purge t_sstorage.ednsstatus and include edns size in the periodic report.
Remi Gacogne [Tue, 12 Nov 2019 13:24:30 +0000 (14:24 +0100)]
dnsdist: Prefer the cipher suite from the server by default (DoH, DoT)
This setting should only be set when all ciphers offered by the server
are considered secure, and our default suite still has a few options
offered for compatibility reasons, which might not be as secure as
other alternatives.
Apparently this also causes issue for some clients, even though it
should not matter.
Otto Moerbeek [Tue, 12 Nov 2019 13:09:57 +0000 (14:09 +0100)]
man page bits
Otto Moerbeek [Tue, 12 Nov 2019 12:31:28 +0000 (13:31 +0100)]
Purge map of failed auths periodically by keeping a last changed timestamp.
SyncRes thread local storage includes a map of failed auths which was
only cleaned if a specific IP was contacted again and that contact
succeeded. Persistent failing auths or auths that are never tried
again remained in the map.
While here add code to dump the failed servers map. Might (partially?)
solve #7771.
Remi Gacogne [Tue, 12 Nov 2019 11:19:50 +0000 (12:19 +0100)]
dnsdist: Lowercase the name blocked by a SMT dynamic block
This does not change the existing behavior since we are doing a
case-insensitive comparison but it's nicer when generating metrics
about the dynamic block rules.
Remi Gacogne [Tue, 12 Nov 2019 08:34:16 +0000 (09:34 +0100)]
dnsdist: Add bindings for the noerrors and drops members of StatNode
Remi Gacogne [Tue, 12 Nov 2019 08:33:26 +0000 (09:33 +0100)]
dnsdist: Correctly account actively discovered timeouts in StatNode
Otto Moerbeek [Mon, 11 Nov 2019 13:19:41 +0000 (13:19 +0000)]
Cleanup some global resources.
With this (on a short run):
==13452== HEAP SUMMARY:
==13452== in use at exit: 0 bytes in 0 blocks
==13452== total heap usage: 54,657 allocs, 54,657 frees, 14,008,997 bytes allocated
Otto Moerbeek [Mon, 11 Nov 2019 11:34:56 +0000 (12:34 +0100)]
Make threads run until asked to stop.
This is safer since the atexit handler is not ran while threads are
still active. Also, when using valgrind we get more clean leak reports.
Retry if the accidentally merged #8518 that was reverted.
Otto Moerbeek [Mon, 11 Nov 2019 11:24:57 +0000 (12:24 +0100)]
Merge pull request #8520 from omoerbeek/rec-8020-docs-fix-retry
rec: markup fix
Otto Moerbeek [Mon, 11 Nov 2019 11:22:01 +0000 (12:22 +0100)]
Markup fix
Otto Moerbeek [Mon, 11 Nov 2019 11:19:33 +0000 (12:19 +0100)]
Merge pull request #8519 from PowerDNS/revert-8518-rec-8020-docs-fix
Revert "Rec 8020 docs fix"
Otto Moerbeek [Mon, 11 Nov 2019 11:18:02 +0000 (12:18 +0100)]
Revert "Rec 8020 docs fix"
Otto Moerbeek [Mon, 11 Nov 2019 11:17:42 +0000 (12:17 +0100)]
Merge pull request #8518 from omoerbeek/rec-8020-docs-fix
Rec 8020 docs fix
Otto Moerbeek [Mon, 11 Nov 2019 11:04:43 +0000 (12:04 +0100)]
Fix markup
Pieter Lexis [Mon, 11 Nov 2019 09:51:10 +0000 (10:51 +0100)]
Merge pull request #8425 from Habbie/pdnsutil-ed448
pdnsutil: correctly report ed* algo availability
Pieter Lexis [Mon, 11 Nov 2019 09:50:49 +0000 (10:50 +0100)]
Merge pull request #8436 from mind04/pdns-remove-lua
auth: remove lua backend
Pieter Lexis [Mon, 11 Nov 2019 09:50:13 +0000 (10:50 +0100)]
Merge pull request #8440 from cmouse/shadow
Fix -WShadow warnings
Pieter Lexis [Mon, 11 Nov 2019 09:49:24 +0000 (10:49 +0100)]
Merge pull request #8477 from omoerbeek/rec-enable-qname-min
rec: enable qname minimization
Otto Moerbeek [Fri, 8 Nov 2019 14:58:36 +0000 (15:58 +0100)]
Join the worker thread in the unthreaded case as well, there is actually 1 thread plus
the main thread in that case.
Otto Moerbeek [Fri, 8 Nov 2019 14:38:18 +0000 (15:38 +0100)]
sig_atomic_t is defined in signal.h
Otto Moerbeek [Fri, 8 Nov 2019 13:34:39 +0000 (14:34 +0100)]
Make threads run until asked to stop.
This is safer since the atexit handler is not ran while threads are
still active. Also, when using valgrind we get more clean leak reports.
Otto Moerbeek [Tue, 5 Nov 2019 09:04:33 +0000 (10:04 +0100)]
Typos in comments
Otto Moerbeek [Mon, 28 Oct 2019 13:54:00 +0000 (14:54 +0100)]
Enable qname minimization by default.
To be able to do that, make sure that qnames that are forwarded or
in and authzone are handled without QM. Also, some tests are dependent
on specific queries or responses, disable QM for them.
Otto Moerbeek [Fri, 8 Nov 2019 06:56:07 +0000 (07:56 +0100)]
Merge pull request #8511 from omoerbeek/rec-8020-dnssec
Rec: do RFC 8020 only if cache entry is dnssec validated
Otto Moerbeek [Wed, 6 Nov 2019 14:38:13 +0000 (15:38 +0100)]
Zap unsued code in test
Otto Moerbeek [Wed, 6 Nov 2019 13:19:12 +0000 (14:19 +0100)]
Doc tweaks
Otto Moerbeek [Wed, 6 Nov 2019 09:48:48 +0000 (10:48 +0100)]
Test case for 8020 with dnssec enabled
Otto Moerbeek [Wed, 6 Nov 2019 10:21:35 +0000 (11:21 +0100)]
Merge pull request #8510 from omoerbeek/rec-rootnszones-mthread-safe
rec: Avoid mthread race when using the set of rootNSZones.
Otto Moerbeek [Wed, 6 Nov 2019 10:15:30 +0000 (11:15 +0100)]
Avoid mthread race when using the set of rootNSZones.
Remi Gacogne [Tue, 5 Nov 2019 20:15:51 +0000 (21:15 +0100)]
Merge pull request #8509 from zeha/typos
Fix typo: settting to setting
Chris Hofstaedtler [Tue, 5 Nov 2019 20:13:56 +0000 (21:13 +0100)]
Fix typo: settting to setting
Found by Debians lintian.
Otto Moerbeek [Tue, 5 Nov 2019 13:03:19 +0000 (14:03 +0100)]
Even for HardenNXD::Yes we don't want to believe Bogus NXDOMAINs.
Otto Moerbeek [Tue, 5 Nov 2019 13:02:44 +0000 (14:02 +0100)]
Updated docs for nothing-below-nxdomain
Otto Moerbeek [Mon, 4 Nov 2019 15:57:29 +0000 (16:57 +0100)]
Less aggressive 8020: by default only cut at NXDOMAIN if the entry is Secure.
We might want to explicitly validate Inderminate records if needed.
That code is not written yet.
Peter van Dijk [Tue, 5 Nov 2019 11:50:49 +0000 (12:50 +0100)]
Merge pull request #8289 from Habbie/pdnsutil-increase-serial-inception-epoch
pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH, bump as if it is EPOCH
Peter van Dijk [Tue, 5 Nov 2019 11:35:19 +0000 (12:35 +0100)]
Merge pull request #8235 from Habbie/dyn-dup-ptr
rfc2136, pdnsutil: somewhat improve duplicate record handling
Peter van Dijk [Tue, 5 Nov 2019 09:37:07 +0000 (10:37 +0100)]
don't apply /zones dnssec=false test to recursor
Peter van Dijk [Tue, 5 Nov 2019 09:32:48 +0000 (10:32 +0100)]
add test for dnssec=false
Peter van Dijk [Tue, 5 Nov 2019 09:23:12 +0000 (10:23 +0100)]
document /zones dnssec parameter
Chris Hofstaedtler [Sun, 13 Oct 2019 19:06:45 +0000 (21:06 +0200)]
Support optional ?dnssec=false flag on listing zones
Defaults to true, so the behaviour is unchanged in 4.x.
Chris Hofstaedtler [Fri, 5 Oct 2018 11:29:29 +0000 (13:29 +0200)]
API: do not return dnssec info in domain list
Remi Gacogne [Tue, 5 Nov 2019 09:07:24 +0000 (10:07 +0100)]
Merge pull request #8492 from rgacogne/max-generate-steps
Add a parameter to limit the number of '$GENERATE' steps
Remi Gacogne [Thu, 31 Oct 2019 09:24:08 +0000 (10:24 +0100)]
rec: Disable '$GENERATE' when loading trust anchors files
Remi Gacogne [Wed, 30 Oct 2019 17:25:42 +0000 (18:25 +0100)]
rec: Enforce max-generate-steps when loading RPZ files
Remi Gacogne [Wed, 30 Oct 2019 17:24:38 +0000 (18:24 +0100)]
auth: Disable '$GENERATE' in comfun, ixfrdist, ixplore
Remi Gacogne [Thu, 31 Oct 2019 09:53:30 +0000 (10:53 +0100)]
auth: Fix compilation of comfun (ambiguous make_unique call)
Remi Gacogne [Wed, 30 Oct 2019 17:24:11 +0000 (18:24 +0100)]
Allow disabling '$GENERATE' in ZoneParserTNG
Remi Gacogne [Fri, 25 Oct 2019 14:35:37 +0000 (16:35 +0200)]
Add a parameter to limit the number of '$GENERATE' steps
Peter van Dijk [Wed, 30 Oct 2019 14:11:58 +0000 (15:11 +0100)]
casemix test: ignore SOA content because it changes every day
Peter van Dijk [Wed, 30 Oct 2019 13:28:42 +0000 (14:28 +0100)]
Merge pull request #8457 from mind04/pdns-api
auth: api: avoid a large number of new database connections
Otto Moerbeek [Wed, 30 Oct 2019 13:09:54 +0000 (14:09 +0100)]
Merge pull request #8418 from pieterlexis/deb-load-keys-from-disk
Deb: Load DNSSEC Keys from disk by default