]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto Moerbeek [Mon, 21 Jun 2021 15:45:41 +0000 (17:45 +0200)]
Merge pull request #10428 from omoerbeek/rec-tls
Rec: cleanup of outgoing TCP code and DoT to auth or forwarders
Otto Moerbeek [Mon, 21 Jun 2021 14:33:00 +0000 (16:33 +0200)]
move instead of copy data to inMSG
Co-authored-by: Remi Gacogne <github@coredump.fr>
Otto Moerbeek [Mon, 21 Jun 2021 14:31:54 +0000 (16:31 +0200)]
Merge pull request #10515 from omoerbeek/rec-proxyvalues.clear
rec: Clear the current proxy protocol values each iteration
Otto [Mon, 21 Jun 2021 13:14:46 +0000 (15:14 +0200)]
Clear the current proxy protocol values each iteration
Peter van Dijk [Fri, 18 Jun 2021 12:06:09 +0000 (14:06 +0200)]
Merge pull request #9474 from Habbie/lua-newcafromraw
newCAFromRaw(): create ComboAddress from raw 4/16 byte strings
Peter van Dijk [Fri, 18 Jun 2021 11:02:08 +0000 (13:02 +0200)]
Merge pull request #10345 from gregmac/patch-1
Fix documentation around get*DomainMetadata
Peter van Dijk [Wed, 16 Sep 2020 08:21:24 +0000 (10:21 +0200)]
newCAFromRaw(): create ComboAddress from raw 4/16 byte strings, plus test
(code copied from dnsdist)
Otto [Mon, 14 Jun 2021 10:51:53 +0000 (12:51 +0200)]
Basic test for dot-to-auth-names and don't setup auths for DoT tests,
we don't need them.
Otto [Mon, 14 Jun 2021 09:54:05 +0000 (11:54 +0200)]
Maintain a sseparate inPos and inWanted, this should fix partial reads,
make the code more clear and also allow less resizing.
Otto [Wed, 9 Jun 2021 12:43:55 +0000 (14:43 +0200)]
Implement a simple (braindead) mechansim to force DoT the specific auths: a fixed list
of names or suffixes of the special nameservers.
Otto [Wed, 9 Jun 2021 11:10:48 +0000 (13:10 +0200)]
Add very basic DoT regression test
Otto [Wed, 9 Jun 2021 09:44:42 +0000 (11:44 +0200)]
dotOutqueries metrics: docs, Prometheus and SNMP
Otto [Fri, 28 May 2021 08:52:49 +0000 (10:52 +0200)]
Align TCPIOHandlerReadable and Writeable and process some review comments
Otto [Tue, 25 May 2021 12:16:35 +0000 (14:16 +0200)]
Very basic config: enable/disbale forcing of DoT for target port 853
Otto [Tue, 25 May 2021 11:44:03 +0000 (13:44 +0200)]
Log if DoT was requested but not available/compiled in
Otto [Tue, 25 May 2021 10:05:30 +0000 (12:05 +0200)]
Convert timeout values to be specified as a timeval, so sub-second timeout
values can be handled correctly.
Also make sure sdig uses a NB socket, to handle timeouts correctly.
Otto [Fri, 21 May 2021 09:19:05 +0000 (11:19 +0200)]
Start of working DoT to auth/forwarder.
The state engine is a bit strange right now, likely needs rework.
I'm also observing connections that remain in "established state"
while I would expect the handler to be cleaned up and connection
to be closed at that point.
Otto [Wed, 19 May 2021 10:29:38 +0000 (12:29 +0200)]
Handle IOState::NeedWrite/NeedRead by flipping the status
Otto Moerbeek [Tue, 15 Jun 2021 08:31:51 +0000 (10:31 +0200)]
Merge pull request #10494 from omoerbeek/not-formatted-locale
Set LANG=C explicitly, otherwise it may lead to suprises if the user isn't using LANG=C.
Peter van Dijk [Mon, 14 Jun 2021 14:43:37 +0000 (16:43 +0200)]
Merge pull request #10393 from jsoref/faq-deleted-zones-do-not-propagate
Correct faq entry to talk about zones
Remi Gacogne [Mon, 14 Jun 2021 14:34:12 +0000 (16:34 +0200)]
Merge pull request #10414 from 42wim/multipleip
Support multiple ip addresses for dnsdist-resolver lua script
Otto [Mon, 14 Jun 2021 13:12:01 +0000 (15:12 +0200)]
Set LANG=C explicitly, otherwise it may lead to suprises if the user isn't using LANG=C.
Peter van Dijk [Mon, 14 Jun 2021 12:39:18 +0000 (14:39 +0200)]
Merge pull request #10493 from Habbie/gh-secpoll-mask
in secpoll testing, do not start the auth
Otto Moerbeek [Mon, 14 Jun 2021 11:35:23 +0000 (13:35 +0200)]
Merge pull request #10483 from omoerbeek/log-qtype-qclass
Implement log methods for QType and QClass
Peter van Dijk [Mon, 14 Jun 2021 11:33:56 +0000 (13:33 +0200)]
in secpoll testing, do not start the auth
Remi Gacogne [Mon, 14 Jun 2021 10:18:48 +0000 (12:18 +0200)]
Merge pull request #10492 from rgacogne/fix-qtype-getname-speedtest
speedtest: Fix QType::getName() renamed to QType::toString()
Peter van Dijk [Sun, 13 Jun 2021 16:22:19 +0000 (18:22 +0200)]
update default in docs, thanks @ncartron
Remi Gacogne [Sat, 12 Jun 2021 15:43:15 +0000 (17:43 +0200)]
speedtest: Fix QType::getName() renamed to QType::toString()
Remi Gacogne [Sat, 12 Jun 2021 09:20:48 +0000 (11:20 +0200)]
Merge pull request #10441 from rgacogne/ddist-memory-client-mode
dnsdist: Skip some memory allocations in client mode
Remi Gacogne [Fri, 11 Jun 2021 14:11:09 +0000 (16:11 +0200)]
dnsdist: Remove a default param in the definition of DownstreamState's ctor
Peter van Dijk [Wed, 9 Jun 2021 09:29:41 +0000 (11:29 +0200)]
Merge pull request #10486 from Habbie/auth-4.5.0-beta1-docs-secpoll
auth-4.5.0-beta1: docs+secpoll
Peter van Dijk [Wed, 9 Jun 2021 08:50:25 +0000 (10:50 +0200)]
auth-4.5.0-beta1: docs+secpoll
Otto Moerbeek [Wed, 9 Jun 2021 08:16:30 +0000 (10:16 +0200)]
Merge pull request #10481 from omoerbeek/rec-prep-4.5.2
Rec: Prep for 4.4.4 and 4.5.2
Otto [Fri, 16 Apr 2021 13:30:15 +0000 (15:30 +0200)]
Reformat
Otto [Mon, 12 Apr 2021 09:51:36 +0000 (11:51 +0200)]
Implement log methods for QType and QClass
Otto Moerbeek [Tue, 8 Jun 2021 08:07:08 +0000 (10:07 +0200)]
Merge pull request #10467 from omoerbeek/rec-openbsd-kqueue
Switch OpenBSD to kqueue mplexer
Otto [Tue, 8 Jun 2021 08:00:22 +0000 (10:00 +0200)]
Merge branch 'rec-prep-4.4.4' into rec-prep-4.5.2
Otto [Mon, 7 Jun 2021 07:39:20 +0000 (09:39 +0200)]
Mention correct version now that this is backported.
Otto [Mon, 7 Jun 2021 12:08:11 +0000 (14:08 +0200)]
Prep for 4.5.2, no secpoll change yet since it will conflict with the rec-4.4.4 one.
Peter van Dijk [Mon, 7 Jun 2021 10:39:35 +0000 (12:39 +0200)]
Merge pull request #10437 from Habbie/ldap-docs-master-yes
auth ldap: note that master mode -is- supported
Otto [Mon, 7 Jun 2021 08:24:07 +0000 (10:24 +0200)]
Prep for rec-4.4.4
Remi Gacogne [Mon, 7 Jun 2021 08:43:39 +0000 (10:43 +0200)]
Merge pull request #10469 from Habbie/dnsdist-no-dnsdist-table
dnsdist: remove dnsdist.* lookup fallback
Peter van Dijk [Sun, 6 Jun 2021 18:32:30 +0000 (20:32 +0200)]
Merge pull request #10463 from Habbie/lua-forward-reverse
auth LUA: add filterForward function, to limit the scope of createForward[6]
Peter van Dijk [Tue, 1 Jun 2021 13:54:02 +0000 (15:54 +0200)]
add filterForward function, plus initialiser helper in newNMG
Peter van Dijk [Mon, 31 May 2021 15:15:14 +0000 (17:15 +0200)]
auth LUA testing: test the exception feature
Peter van Dijk [Mon, 31 May 2021 10:51:18 +0000 (12:51 +0200)]
expand LUA createForward/Reverse testing
Peter van Dijk [Mon, 31 May 2021 14:46:22 +0000 (16:46 +0200)]
authtests.py: fix rcode comparison and reporting
Peter van Dijk [Fri, 28 May 2021 21:14:21 +0000 (23:14 +0200)]
rename suffix to format
Peter van Dijk [Sun, 6 Jun 2021 15:03:21 +0000 (17:03 +0200)]
Merge pull request #10470 from mind04/pdns-auth-py
auth: disable zone-cache for the regression.auth-py tests
Kees Monshouwer [Sun, 6 Jun 2021 11:01:12 +0000 (13:01 +0200)]
auth: fix the nobackend tests
Kees Monshouwer [Sat, 5 Jun 2021 23:33:03 +0000 (01:33 +0200)]
auth: disable zone-cache for the regression.auth-py tests
Peter van Dijk [Sat, 5 Jun 2021 16:57:56 +0000 (18:57 +0200)]
dnsdist: remove dnsdist.* lookup fallback
Otto Moerbeek [Fri, 4 Jun 2021 14:34:49 +0000 (16:34 +0200)]
Merge pull request #10426 from omoerbeek/rec-refresh-ns-and-addr-fix
rec: When refreshing, do not consider root almost expired
Otto [Fri, 4 Jun 2021 14:02:35 +0000 (16:02 +0200)]
Switch OpenBSD to kqueue mplexer; untested
Otto Moerbeek [Fri, 4 Jun 2021 12:58:50 +0000 (14:58 +0200)]
make ttl value's origin clear
Co-authored-by: Remi Gacogne <github@coredump.fr>
Otto [Fri, 4 Jun 2021 11:27:44 +0000 (13:27 +0200)]
Add testcase for "almost expired".
Peter van Dijk [Thu, 3 Jun 2021 20:36:55 +0000 (22:36 +0200)]
Merge pull request #10450 from pieterlexis/modernize-ax_check_sign
Update AX_CHECK_SIGN for autoconf 2.71
Peter van Dijk [Thu, 3 Jun 2021 18:57:41 +0000 (20:57 +0200)]
Merge pull request #10454 from mind04/pdns-tiny-getalldomains
auth: add/fix getAllDomains()
Peter van Dijk [Thu, 3 Jun 2021 14:57:29 +0000 (16:57 +0200)]
Merge pull request #10466 from tuxis-ie/fix_issue_10465
Update documentation to reflect changes in default-soa-content.
Peter van Dijk [Thu, 3 Jun 2021 14:57:18 +0000 (16:57 +0200)]
add markup
Peter van Dijk [Thu, 3 Jun 2021 14:51:19 +0000 (16:51 +0200)]
Merge pull request #10461 from mind04/pdns-createdomain
auth: simplify createDomain()
Peter van Dijk [Thu, 3 Jun 2021 13:46:31 +0000 (15:46 +0200)]
Merge pull request #10452 from cmouse/doc-unknown-rr
docs: Document unknown record type in supported types
Kees Monshouwer [Thu, 3 Jun 2021 06:44:38 +0000 (08:44 +0200)]
auth: document and check backend zone-cache capability
Mark Schouten [Thu, 3 Jun 2021 11:59:37 +0000 (13:59 +0200)]
Update with @Habbie's suggestions
Mark Schouten [Thu, 3 Jun 2021 10:32:06 +0000 (12:32 +0200)]
Update documentation to reflect changes in default-soa-content.
There are more settings that need replacing.
Remi Gacogne [Thu, 3 Jun 2021 08:44:39 +0000 (10:44 +0200)]
Merge pull request #10460 from rgacogne/rec-referral-from-parent-on-ds
rec: Don't follow referral from the parent to the child for DS queries
Kees Monshouwer [Mon, 31 May 2021 21:25:13 +0000 (23:25 +0200)]
auth: simplify createDomain()
Remi Gacogne [Wed, 2 Jun 2021 14:36:13 +0000 (16:36 +0200)]
Merge pull request #10419 from rgacogne/ddist-fix-edns-notify
dnsdist: Properly handle ECS for queries with ancount or nscount > 0
Remi Gacogne [Wed, 2 Jun 2021 14:29:40 +0000 (16:29 +0200)]
rec: Cleaner way of handling a referral to a child zone for DS queries
Remi Gacogne [Wed, 2 Jun 2021 14:26:14 +0000 (16:26 +0200)]
rec: Also test for the "referral to child on DS query" case in a Secure zone
Otto [Wed, 2 Jun 2021 14:11:44 +0000 (16:11 +0200)]
Better approach: just never consider root records "almost expired".
They will be refreshed by the periodic task anyway.
Remi Gacogne [Wed, 2 Jun 2021 13:02:42 +0000 (15:02 +0200)]
rec: Fix a typo in a comment
Remi Gacogne [Wed, 2 Jun 2021 13:00:32 +0000 (15:00 +0200)]
rec: Add a unit test for the "referral to child on DS query" case
Otto Moerbeek [Wed, 2 Jun 2021 11:28:18 +0000 (13:28 +0200)]
Merge pull request #10445 from rgacogne/rec-typo-edns-prometheus-metric
rec: Fix a typo in the prometheus "edns-ping-mismatches" metric
Peter van Dijk [Wed, 2 Jun 2021 10:15:17 +0000 (12:15 +0200)]
Merge pull request #10459 from Habbie/auth-py-tests
auth-py tests: unbreak, enable in CircleCI
Pieter Lexis [Wed, 26 May 2021 12:24:17 +0000 (14:24 +0200)]
Update AX_CHECK_SIGN for autoconf 2.71
When running autoreconf with ax_check_sign.m4, autoconf 2.71 complains
about the use of `AX_TRY_COMPILE`:
```
libtoolize: copying file 'm4/lt~obsolete.m4'
configure.ac:29: warning: The macro `AC_TRY_COMPILE' is obsolete.
configure.ac:29: You should run autoupdate.
./lib/autoconf/general.m4:2847: AC_TRY_COMPILE is expanded from...
lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
./lib/autoconf/general.m4:2249: AC_CACHE_VAL is expanded from...
./lib/autoconf/general.m4:2270: AC_CACHE_CHECK is expanded from...
m4/ax_check_sign.m4:41: AX_CHECK_SIGN is expanded from...
m4/pdns_check_time_t.m4:1: PDNS_CHECK_TIME_T is expanded from...
configure.ac:29: the top level
```
This updates the macro to use `AC_COMPILE_IFELSE`, which has been present in
autoconf since at least version 2.60, released in 26 Jun 2006 (I did not
check any older releases).
This patch has been [submitted](http://savannah.gnu.org/patch/index.php?10071) [upstream](https://github.com/autoconf-archive/autoconf-archive/pull/225).
Peter van Dijk [Tue, 1 Jun 2021 08:36:56 +0000 (10:36 +0200)]
Merge pull request #10407 from zeha/bullseye
builder-support: add Debian bullseye dockerfiles
Peter van Dijk [Tue, 1 Jun 2021 08:33:27 +0000 (10:33 +0200)]
Merge pull request #10462 from pieterlexis/update-boost-m4
Update boost.m4
Peter van Dijk [Tue, 1 Jun 2021 08:12:42 +0000 (10:12 +0200)]
auth LUA testing: allow 2 seconds for health checking to run
Pieter Lexis [Tue, 1 Jun 2021 07:12:15 +0000 (09:12 +0200)]
Update boost.m4
Remi Gacogne [Mon, 31 May 2021 15:00:18 +0000 (17:00 +0200)]
rec: Don't follow referral from the parent to the child for DS queries
It happens if the server does not know about the DS special case.
Treat the delegation as a unsigned NODATA answer in that case.
For example for sthc.nordlo.cloud we go from the existing:
```
[1] sthc.nordlo.cloud: Resolved 'nordlo.cloud' NS ns2.zetup.se to: 159.253.27.75
[1] sthc.nordlo.cloud: Trying IP 159.253.27.75:53, asking 'sthc.nordlo.cloud|DS'
[1] sthc.nordlo.cloud: Got 3 answers from ns2.zetup.se (159.253.27.75), rcode=0 (No Error), aa=0, in 35ms
[1] sthc.nordlo.cloud: accept answer 'sthc.nordlo.cloud|NS|ns2.loopia.se.' from 'nordlo.cloud' nameservers? ttl=3600, place=2 YES!
[1] sthc.nordlo.cloud: accept answer 'sthc.nordlo.cloud|NS|ns1.loopia.se.' from 'nordlo.cloud' nameservers? ttl=3600, place=2 YES!
[1] sthc.nordlo.cloud: OPT answer '.' from 'nordlo.cloud' nameservers
[1] sthc.nordlo.cloud: determining status after receiving this packet
[1] sthc.nordlo.cloud: got NS record 'sthc.nordlo.cloud' -> 'ns2.loopia.se.'
[1] sthc.nordlo.cloud: got NS record 'sthc.nordlo.cloud' -> 'ns1.loopia.se.'
[1] sthc.nordlo.cloud: status=did not resolve, got 2 NS, looping to them
[1] sthc.nordlo.cloud.: Nameservers: ns1.loopia.se(37.85ms), ns2.loopia.se(38.26ms)
[1] sthc.nordlo.cloud: Trying to resolve NS 'ns1.loopia.se' (1/2)
[1] Nameserver ns1.loopia.se IPs: 93.188.0.20(37.85ms)
[1] sthc.nordlo.cloud: Resolved 'sthc.nordlo.cloud' NS ns1.loopia.se to: 93.188.0.20
[1] sthc.nordlo.cloud: Trying IP 93.188.0.20:53, asking 'sthc.nordlo.cloud|DS'
```
to:
```
[1] sthc.nordlo.cloud: Resolved 'nordlo.cloud' NS ns2.zetup.se to: 159.253.27.75
[1] sthc.nordlo.cloud: Trying IP 159.253.27.75:53, asking 'sthc.nordlo.cloud|DS'
[1] sthc.nordlo.cloud: Got 3 answers from ns2.zetup.se (159.253.27.75), rcode=0 (No Error), aa=0, in 35ms
[1] sthc.nordlo.cloud: accept answer 'sthc.nordlo.cloud|NS|ns2.loopia.se.' from 'nordlo.cloud' nameservers? ttl=3600, place=2 YES!
[1] sthc.nordlo.cloud: accept answer 'sthc.nordlo.cloud|NS|ns1.loopia.se.' from 'nordlo.cloud' nameservers? ttl=3600, place=2 YES!
[1] sthc.nordlo.cloud: OPT answer '.' from 'nordlo.cloud' nameservers
[1] sthc.nordlo.cloud: determining status after receiving this packet
[1] sthc.nordlo.cloud: got NS record 'sthc.nordlo.cloud' -> 'ns2.loopia.se.'
[1] sthc.nordlo.cloud: got (implicit) negative indication of DS record for 'sthc.nordlo.cloud'
[1] sthc.nordlo.cloud: got NS record 'sthc.nordlo.cloud' -> 'ns1.loopia.se.'
[1] sthc.nordlo.cloud: status=noerror, other types may exist, but we are done (have negative SOA)
[1] : no signatures for sthc.nordlo.cloud, we likely missed a cut between cloud and nordlo.cloud, looking for it
```
Peter van Dijk [Mon, 15 Feb 2021 13:20:15 +0000 (14:20 +0100)]
circleci: test auth-py
Peter van Dijk [Mon, 31 May 2021 13:00:59 +0000 (15:00 +0200)]
auth testing: enable svc-autohints when testing autohints
Peter van Dijk [Wed, 26 May 2021 10:50:14 +0000 (12:50 +0200)]
auth: enable zone cache by default
Kees Monshouwer [Wed, 26 May 2021 21:43:52 +0000 (23:43 +0200)]
auth: test with a variety of zone-cache-refresh-interval flavors
Kees Monshouwer [Wed, 26 May 2021 21:32:12 +0000 (23:32 +0200)]
auth: implement getAllDomains() in geoip backend
Kees Monshouwer [Wed, 26 May 2021 20:30:56 +0000 (22:30 +0200)]
auth: add dns-get-all-domains in lua2 backend script
Kees Monshouwer [Wed, 26 May 2021 18:41:08 +0000 (20:41 +0200)]
auth: fix possibe crash in getAllDomains()
Peter van Dijk [Fri, 28 May 2021 10:30:21 +0000 (12:30 +0200)]
Merge pull request #10455 from Habbie/builder-yum-upgrade
builder rpmbuild: run yum upgrade first
Peter van Dijk [Thu, 27 May 2021 16:04:46 +0000 (18:04 +0200)]
builder rpmbuild: run yum upgrade first
Peter van Dijk [Thu, 27 May 2021 11:19:22 +0000 (13:19 +0200)]
Merge pull request #10434 from pieterlexis/upgrade-local-ipv6
Fix the upgrade guide for local-ipv6 + other doc fixes
Pieter Lexis [Fri, 21 May 2021 13:36:54 +0000 (15:36 +0200)]
Fix SQL highlighting in pgsql docs
Pieter Lexis [Fri, 21 May 2021 13:32:41 +0000 (15:32 +0200)]
Correctly update local-ipv6 deprecation info
Peter van Dijk [Thu, 27 May 2021 08:39:18 +0000 (10:39 +0200)]
Merge pull request #10376 from Habbie/auth-4.5.0-alpha1-docs
changelog and secpoll for auth-4.5.0-alpha1
Peter van Dijk [Thu, 27 May 2021 08:26:56 +0000 (10:26 +0200)]
update release date; mention new zone cache feature
Aki Tuomi [Wed, 26 May 2021 17:37:26 +0000 (20:37 +0300)]
docs: Document unknown record type in supported types
Remi Gacogne [Wed, 26 May 2021 15:41:56 +0000 (17:41 +0200)]
Merge pull request #10398 from dmachard/doc-dnsdist-eol
dnsdist: docs new EOL page
Otto Moerbeek [Wed, 26 May 2021 11:21:11 +0000 (13:21 +0200)]
Merge pull request #10417 from omoerbeek/rec-docs-PolicyEvent.appliedPolicy
rec: Refer to the description in dq.appliedPolicy for PolicyEvent.appliedPolicy
Otto Moerbeek [Wed, 26 May 2021 11:20:53 +0000 (13:20 +0200)]
Merge pull request #10416 from omoerbeek/redundant-checks-updateCacheFromRecords
rec: Remove checks in updateCacheFromRecords that are already done by sanitizeRecords.
Otto Moerbeek [Wed, 26 May 2021 11:20:27 +0000 (13:20 +0200)]
Merge pull request #10396 from omoerbeek/rec-log-levels
Take into account g_quiet when determing loglevel and change a few loglevels