]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto Moerbeek [Fri, 31 Jan 2020 05:56:12 +0000 (06:56 +0100)]
Merge pull request #8768 from yantarou/typo_fix
Fix typo in Recursor Performance Guide
Jan Hilberath [Fri, 31 Jan 2020 01:06:16 +0000 (10:06 +0900)]
Fix typo in Recursor Performance Guide
Peter van Dijk [Thu, 30 Jan 2020 15:31:17 +0000 (16:31 +0100)]
Merge pull request #8765 from RobinGeuze/addLmdbSchemaVersionDocumentation
Add some documentation for the LMDB schema version setting
RobinGeuze [Thu, 30 Jan 2020 15:28:41 +0000 (16:28 +0100)]
Apply suggestions from code review
One typo and a better documentation text.
Co-Authored-By: Peter van Dijk <peter.van.dijk@powerdns.com>
Robin Geuze [Thu, 30 Jan 2020 15:15:04 +0000 (16:15 +0100)]
Add some documentation for the LMDB schema version setting
Remi Gacogne [Wed, 29 Jan 2020 19:50:13 +0000 (20:50 +0100)]
Merge pull request #8761 from rgacogne/ddist-dot-refcount-context
dnsdist: Use ref counting for the DoT TLS context
Peter van Dijk [Wed, 29 Jan 2020 18:43:48 +0000 (19:43 +0100)]
Merge pull request #8754 from pieterlexis/remove-algo-5-to-7-upgrade
Remove the algo 5 -> 7 upgrade
Remi Gacogne [Wed, 29 Jan 2020 10:33:01 +0000 (11:33 +0100)]
dnsdist: Use ref counting for the DoT TLS context
Otherwise we can end up with a DNS over TLS connection using a
TLS Session Ticket Encryption Key, OCSP response or even `SSL_CTX`
object after it was released following a reload of the TLS context
(via `reloadAllCertificates()`, for example), triggering a
use-after-free, possibly leading to a crash.
Otto Moerbeek [Wed, 29 Jan 2020 08:40:36 +0000 (09:40 +0100)]
Merge pull request #8756 from omoerbeek/rec-doc-quit-nicely
rec: Document the difference between rec_control quit and quit-nicely.
Otto Moerbeek [Wed, 29 Jan 2020 08:37:00 +0000 (09:37 +0100)]
typo
Co-Authored-By: Matt Nordhoff <mnordhoff@mattnordhoff.com>
Otto Moerbeek [Tue, 28 Jan 2020 14:33:38 +0000 (15:33 +0100)]
Document the difference between rec_control quit and quit-nicely.
Fixes #2267
Peter van Dijk [Tue, 28 Jan 2020 13:56:29 +0000 (14:56 +0100)]
Merge pull request #8732 from pieterlexis/remote-support-getUnfreshSlaveInfos
Remote: Implement getUnfreshSlaveInfos and setFresh
Pieter Lexis [Tue, 28 Jan 2020 13:25:53 +0000 (14:25 +0100)]
Remove the algo 5 -> 7 upgrade
Closes #3267
Peter van Dijk [Tue, 28 Jan 2020 13:21:50 +0000 (14:21 +0100)]
Merge pull request #8177 from RobinGeuze/hiddenDnsKeys
Initial work for adding hidden dnssec keys
Peter van Dijk [Tue, 28 Jan 2020 13:19:24 +0000 (14:19 +0100)]
Merge pull request #8668 from cmouse/apex-dname
ws-auth: Allow DNAME in apex with SOA and NS records
Peter van Dijk [Tue, 28 Jan 2020 13:17:14 +0000 (14:17 +0100)]
Merge pull request #8715 from rgacogne/auth-hashed-key-cache
auth: Use a hashed index instead of an ordered one for the key cache
Robin Geuze [Thu, 8 Aug 2019 18:03:28 +0000 (20:03 +0200)]
Implement published and unpublished dnskeys to allow algorith rollovers.
Peter van Dijk [Tue, 28 Jan 2020 11:17:34 +0000 (12:17 +0100)]
Merge pull request #8749 from Habbie/local-ipv6-one-more-release
allow local-ipv6 until 4.4.0
Otto Moerbeek [Tue, 28 Jan 2020 10:17:24 +0000 (11:17 +0100)]
Merge pull request #8740 from pieterlexis/boost-context-fixes
Update boost.m4
Peter van Dijk [Tue, 28 Jan 2020 09:07:04 +0000 (10:07 +0100)]
Merge pull request #8750 from peterthomassen/patch-2
docs: clarify Zone object description, closes #8748
Peter Thomassen [Tue, 28 Jan 2020 08:48:50 +0000 (09:48 +0100)]
docs: clarify Zone object description, closes #8748
Point out that the `rrsets` is only included at the zone detail endpoint
Peter van Dijk [Mon, 27 Jan 2020 20:25:55 +0000 (21:25 +0100)]
Merge pull request #8745 from Habbie/pdnsutil-dead-code2
pdnsutil: remove dead code
Peter van Dijk [Mon, 27 Jan 2020 20:25:12 +0000 (21:25 +0100)]
Merge pull request #8594 from Habbie/default-publish-cds
auth: add default-publish-{cds|cdnskey} options
Peter van Dijk [Mon, 27 Jan 2020 20:21:43 +0000 (21:21 +0100)]
allow local-ipv6 until 4.4.0
Peter van Dijk [Mon, 27 Jan 2020 12:00:03 +0000 (13:00 +0100)]
auth: add default-publish-cds test
Peter van Dijk [Mon, 27 Jan 2020 13:53:20 +0000 (14:53 +0100)]
Merge pull request #8744 from zeha/lua-mandatory
Make Lua mandatory for Auth
Peter van Dijk [Mon, 27 Jan 2020 11:03:33 +0000 (12:03 +0100)]
Merge pull request #8680 from rgacogne/auth-bindbackend-records-cleanup
auth: Make it clearer that records are never altered, only replaced
Peter van Dijk [Mon, 27 Jan 2020 09:59:16 +0000 (10:59 +0100)]
pdnsutil: remove dead code
Peter van Dijk [Mon, 27 Jan 2020 09:40:33 +0000 (10:40 +0100)]
Merge pull request #8681 from rgacogne/auth-stats-rings-size
auth: Add metrics about the size of our in-memory rings
Peter van Dijk [Mon, 27 Jan 2020 08:29:01 +0000 (09:29 +0100)]
auth circleci: build with lua2backend and LUA records
Chris Hofstaedtler [Sat, 25 Jan 2020 22:45:45 +0000 (23:45 +0100)]
Update docs
Chris Hofstaedtler [Sat, 25 Jan 2020 22:34:14 +0000 (23:34 +0100)]
Make Lua mandatory for Auth
Peter van Dijk [Fri, 24 Jan 2020 14:48:55 +0000 (15:48 +0100)]
Merge pull request #8659 from rgacogne/auth-dnsseckeeper-clear-static
auth: Make DNSSECKeeper::clear{All,}Caches() static
Peter van Dijk [Fri, 24 Jan 2020 14:46:56 +0000 (15:46 +0100)]
Merge pull request #8628 from mind04/pdns-place
auth: make sure get() is always returning the default value for d_place
Peter van Dijk [Fri, 24 Jan 2020 12:46:08 +0000 (13:46 +0100)]
Merge pull request #8627 from zeha/psql-no-prep
gpgsqlbackend: Avoid actually prepared statements
Pieter Lexis [Fri, 24 Jan 2020 07:43:05 +0000 (08:43 +0100)]
Merge pull request #8735 from Habbie/doc-dnssec-ttls
auth dnssec docs: some notes on TTL usage
Peter van Dijk [Thu, 23 Jan 2020 23:05:52 +0000 (00:05 +0100)]
Merge pull request #8474 from omoerbeek/auth-fix-logging-no-cache
auth: Fix auth logging if no packet cache; from Habbie
Peter van Dijk [Thu, 23 Jan 2020 22:36:28 +0000 (23:36 +0100)]
Merge pull request #8713 from rgacogne/auth-strict-caches-size
auth: Enforce a strict maximum size for the packet and records caches
Pieter Lexis [Wed, 22 Jan 2020 15:03:59 +0000 (16:03 +0100)]
Update boost.m4
This detects boost::context on boost version 1.61 through 1.65 correctly
Remi Gacogne [Wed, 22 Jan 2020 14:59:13 +0000 (15:59 +0100)]
Merge pull request #8733 from rgacogne/ddist-openssl-init
dnsdist: Load an openssl configuration file, if any, during startup
Peter van Dijk [Wed, 22 Jan 2020 12:19:22 +0000 (13:19 +0100)]
auth dnssec docs: some notes on TTL usage
Remi Gacogne [Wed, 22 Jan 2020 12:10:21 +0000 (13:10 +0100)]
dnsdist: LibreSSL introduced automatic thread-specific callbacks
Otto Moerbeek [Wed, 22 Jan 2020 10:29:11 +0000 (11:29 +0100)]
Merge pull request #8729 from omoerbeek/rec-build-dnstap-debian
rec: Explicitly enable dnstap for debian-stretch and buster
Remi Gacogne [Tue, 21 Jan 2020 14:00:01 +0000 (15:00 +0100)]
dnsdist: Load an openssl configuration file, if any, during startup
This way dnsdist will load the default OpenSSL configuration, or a
custom one specified via the OPENSSL_CONF environment variable.
It allows loading an engine or configuration various options supported
by OpenSSL.
This requires OpenSSL >= 1.1.0.
Peter van Dijk [Tue, 21 Jan 2020 13:52:21 +0000 (14:52 +0100)]
Merge pull request #8331 from mind04/pdns-lmdb-cleanup
auth: lmdb-backend, remove duplicate code and some unused variables
Pieter Lexis [Mon, 20 Jan 2020 14:27:44 +0000 (15:27 +0100)]
Remote: Implement getUnfreshSlaveInfos and setFresh
Otto Moerbeek [Tue, 21 Jan 2020 10:10:39 +0000 (11:10 +0100)]
Merge pull request #8723 from rgacogne/rec-optout-unit-tests
rec: Add unit tests for the NSEC3 Opt-Out case
Otto Moerbeek [Tue, 21 Jan 2020 10:09:55 +0000 (11:09 +0100)]
Merge pull request #8718 from rgacogne/rec-fix-pb-source-port
Make ComboAddress::setPort() update the current object
Remi Gacogne [Tue, 21 Jan 2020 09:53:15 +0000 (10:53 +0100)]
rec: Bow to formatting gods
Remi Gacogne [Tue, 21 Jan 2020 09:25:40 +0000 (10:25 +0100)]
Fix braces formatting in pdns/recursordist/test-syncres_cc.cc
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Otto Moerbeek [Tue, 21 Jan 2020 09:13:03 +0000 (10:13 +0100)]
- Explcitly enable dnstap for debian-stretch and buster
- Fix inconsistent ref to stretch vs buster in ubuntu-bionic
Remi Gacogne [Mon, 20 Jan 2020 18:24:13 +0000 (19:24 +0100)]
rec: Add unit tests for the NSEC3 Opt-Out case
An Opt-Out NSEC3 only proves that there is no delegation, so we
should not consider a DS NODATA or a NXDOMAIN proved by that RR
secure but insecure.
This was fixed in
18c8faae6c67f734583c5c881d0d083d3253b49e and this
commit adds a few unit tests to cover the fix.
Otto Moerbeek [Mon, 20 Jan 2020 15:23:07 +0000 (16:23 +0100)]
Merge pull request #8720 from omoerbeek/dnsdist-fstrm-elpel8
dnsdist: EPEL 8 now has libfstrm-devel
Remi Gacogne [Mon, 20 Jan 2020 15:22:29 +0000 (16:22 +0100)]
Merge pull request #8556 from rgacogne/dnsdist-spoof-flags
dnsdist: Support setting the value of AA, AD and RA when self-generating answers
Otto Moerbeek [Mon, 20 Jan 2020 15:06:06 +0000 (16:06 +0100)]
EPEL 8 now has libfstrm-devel
Otto Moerbeek [Mon, 20 Jan 2020 14:37:44 +0000 (15:37 +0100)]
Merge pull request #8719 from omoerbeek/rec-fstrm-el8
rec: EPEL 8 now has libfstrm-devel
Otto Moerbeek [Mon, 20 Jan 2020 14:09:48 +0000 (15:09 +0100)]
Explicit--enable-dnstap, as suggested by lieter.
Otto Moerbeek [Mon, 20 Jan 2020 14:12:01 +0000 (15:12 +0100)]
Merge pull request #8688 from omoerbeek/rec-socketdir-message
rec: Give an explcit messsage if something is wrong with socket-dir
Otto Moerbeek [Mon, 20 Jan 2020 13:42:16 +0000 (14:42 +0100)]
Better function name as suggested by rgacogne.
Otto Moerbeek [Mon, 20 Jan 2020 13:04:34 +0000 (14:04 +0100)]
EPEL 8 now has libfstrm-devel
Pieter Lexis [Mon, 20 Jan 2020 12:38:42 +0000 (13:38 +0100)]
Merge pull request #8701 from pieterlexis/remote-support-also-notify
remote: Support ::alsoNotifies
Remi Gacogne [Mon, 20 Jan 2020 11:05:03 +0000 (12:05 +0100)]
Make ComboAddress::setPort() update the current object
Instead of creating a new one.
Remi Gacogne [Tue, 19 Nov 2019 14:18:19 +0000 (15:18 +0100)]
dnsdist: Update tests now that more actions default to RA=RD
Remi Gacogne [Tue, 19 Nov 2019 10:49:25 +0000 (11:49 +0100)]
dnsdist: Add response flags to ERCodeAction, HTTPStatusAction and RCodeAction
Remi Gacogne [Mon, 18 Nov 2019 16:37:07 +0000 (17:37 +0100)]
dnsdist: Add Lua bindings for the AA, AD and RA flags
Remi Gacogne [Mon, 18 Nov 2019 16:31:18 +0000 (17:31 +0100)]
dnsdist: Test setting the value of AA, AD and RA when spoofing
Remi Gacogne [Mon, 18 Nov 2019 16:14:04 +0000 (17:14 +0100)]
dnsdist: Support setting the value of AA, AD and RA when spoofing
Remi Gacogne [Mon, 20 Jan 2020 09:13:46 +0000 (10:13 +0100)]
Merge pull request #8705 from rgacogne/rec-rpz-order
rec: Fix precedence order for RPZ policies rules
Remi Gacogne [Mon, 20 Jan 2020 09:12:40 +0000 (10:12 +0100)]
Merge pull request #8657 from rgacogne/ddist-backend-uuid
dnsdist: Allow retrieving and deleting a backend via its UUID
Remi Gacogne [Mon, 20 Jan 2020 09:11:25 +0000 (10:11 +0100)]
Merge pull request #8491 from rgacogne/ddist-parallel-checks
dnsdist: Implement parallel health checks
Remi Gacogne [Mon, 20 Jan 2020 09:10:09 +0000 (10:10 +0100)]
Merge pull request #8456 from rgacogne/ddist-config-check-test
dnsdist: Separate the check-config and client modes
Remi Gacogne [Mon, 20 Jan 2020 09:09:04 +0000 (10:09 +0100)]
Merge pull request #8274 from rgacogne/dnsdist-rcode-ratio
dnsdist: Implement dynamic blocking on ratio of rcode/total responses
Remi Gacogne [Fri, 17 Jan 2020 15:45:42 +0000 (16:45 +0100)]
auth: Use a hashed index instead of an ordered one for the key cache
Remi Gacogne [Fri, 17 Jan 2020 14:36:45 +0000 (15:36 +0100)]
rec: Apply Otto's suggestion to distinguish which exact policy matched
Remi Gacogne [Fri, 17 Jan 2020 14:30:20 +0000 (15:30 +0100)]
rec: Remove now useless references to '-2' for RPZ hits
Remi Gacogne [Fri, 17 Jan 2020 13:56:27 +0000 (14:56 +0100)]
auth: Enforce a strict maximum size for the packet and records caches
Before this change, both the query and packet caches in the authoritative
server can exceed their maximum size by a lot, until the next cleaning
cycle.
This is particularly nasty since the current cleaning algorithm will
never remove entries from the cache until they expire, as opposed to
what we do in the recursor, for example, where we nuke the least-recently
used entries, even if they are still valid, when the cache is full.
This commit changes that by removing the least recently inserted or
updated entry from the cache after inserting a new one when the cache
is full, thus enforcing the maximum size more strictly.
Note that this is really the least recently inserted/updated and not
the least recently used one, as is done in the recursor. Having a
proper LRU in the auth would require acquering a write lock for a
simple lookup, instead of a potentially concurrent read-lock at the
moment. We might want to consider changing that at some point, as
a LRU might be fairer and the lock contention might be very small
since the caches are sharded.
Pieter Lexis [Tue, 14 Jan 2020 15:58:59 +0000 (16:58 +0100)]
remote: add ALSO-NOTIFY unit test
Otto Moerbeek [Thu, 16 Jan 2020 10:01:59 +0000 (11:01 +0100)]
Merge pull request #8700 from omoerbeek/rec-prep-4.3.0-beta2
rec: Prepare for recursor 4.3.0-beta2 release
Remi Gacogne [Thu, 16 Jan 2020 08:50:14 +0000 (09:50 +0100)]
Merge pull request #8708 from pieterlexis/dnsdist-doc-syntax-fix
dnsdist: Fix a versionchanged in the docs
Pieter Lexis [Thu, 16 Jan 2020 08:33:11 +0000 (09:33 +0100)]
dnsdist: Fix a versionchanged in the docs
Remi Gacogne [Wed, 15 Jan 2020 14:43:03 +0000 (15:43 +0100)]
rec: Add regression tests for RPZ ordering precedence rules
Remi Gacogne [Wed, 15 Jan 2020 13:38:45 +0000 (14:38 +0100)]
rec: Export the filtering policy type to Lua
Remi Gacogne [Wed, 15 Jan 2020 13:28:25 +0000 (14:28 +0100)]
rec: Only the first filtering policy should match
Subsequent ones should not be applied.
Also make sure that NSDNAME and NSIP triggers really stop the
processing of the query, instead of just causing the current NS to
be skipped.
Aki Tuomi [Mon, 6 Jan 2020 18:43:15 +0000 (20:43 +0200)]
regression-tests.api: Add future test for nothing under DNAME
Aki Tuomi [Mon, 6 Jan 2020 16:00:09 +0000 (18:00 +0200)]
regression-tests.api: Update tests
Aki Tuomi [Mon, 6 Jan 2020 17:54:37 +0000 (19:54 +0200)]
ws-auth: Check DNAME records correctly
Closes #8641
Otto Moerbeek [Wed, 15 Jan 2020 11:50:10 +0000 (12:50 +0100)]
Merge pull request #8694 from omoerbeek/rec-fix-cxx14-warning
Fix ./syncres.hh:228:20: warning: initialized lambda captures are a C++14 extension
Otto Moerbeek [Wed, 15 Jan 2020 09:23:43 +0000 (10:23 +0100)]
Add PR 8704
Remi Gacogne [Wed, 15 Jan 2020 08:59:54 +0000 (09:59 +0100)]
Merge pull request #8702 from rgacogne/ddist-protobuf-ports
Add the source and destination ports to the protobuf msg
Otto Moerbeek [Wed, 15 Jan 2020 07:57:45 +0000 (08:57 +0100)]
secpoll
Remi Gacogne [Tue, 14 Jan 2020 15:26:23 +0000 (16:26 +0100)]
rec: Fix the evaluation order for filtering policies (RPZ)
Since
272e9a0034e8c5ea29d1ab7d24630424f178e926 we scanned all policies
for an exact match before looking for wildcard matches. It brokes
the promise that filtering policies are evaluated in the order they
are defined.
Pieter Lexis [Tue, 14 Jan 2020 13:59:23 +0000 (14:59 +0100)]
remote: Support ::alsoNotifies
Remi Gacogne [Tue, 14 Jan 2020 09:13:46 +0000 (10:13 +0100)]
Handle source and destination ports in the sample protobuf logger
Remi Gacogne [Tue, 14 Jan 2020 09:12:57 +0000 (10:12 +0100)]
rec: Add the source port to protobuf messages for incoming queries
Otto Moerbeek [Tue, 14 Jan 2020 10:14:59 +0000 (11:14 +0100)]
Prepare for recursor 4.3.0-beta2 release
Remi Gacogne [Tue, 14 Jan 2020 09:12:18 +0000 (10:12 +0100)]
dnsdist: Add the source and destination ports to the protobuf msg
Otto Moerbeek [Mon, 13 Jan 2020 08:48:12 +0000 (09:48 +0100)]
Fix ./syncres.hh:228:20: warning: initialized lambda captures are a C++14 extension
Remi Gacogne [Mon, 13 Jan 2020 08:39:48 +0000 (09:39 +0100)]
Merge pull request #8690 from horazont/feature/docs-typos
Fix various minor typos in the docs
Otto Moerbeek [Mon, 13 Jan 2020 07:01:40 +0000 (08:01 +0100)]
Merge pull request #8665 from rgacogne/rec-nsec3-optout-ad
rec: An Opt-Out NSEC3 RR only proves that there is no secure delegation
Jonas Schäfer [Sun, 12 Jan 2020 09:59:49 +0000 (10:59 +0100)]
Improve checkFunction example for downstreams guide
The check function was defined, but not used, making the example
slightly confusing as to how to use it correctly.