Peter van Dijk [Fri, 23 May 2025 14:50:05 +0000 (16:50 +0200)]
Introduce ZoneName::toStringFull to emit variant names...
...and use it for error report in ws-auth.
the size of this commit shows that perhaps we should have
ZoneName::toString() emit the variant. This commit will not
be folded into a previous one, so that it is easy to revert
and rework later.
The packet cache data buckets are now set up in an unordered map
addressed by the view name.
Doing this also makes sure that, if the network configuration of a view
changes, the cache contents are still valid as long as there is no
change in the zones found in that view.
Peter van Dijk [Thu, 24 Apr 2025 13:16:52 +0000 (15:16 +0200)]
Support for views on AXFR.
Note that this causes somewhat important plumbing changes, getSOA will now
take an optional zone ID, which callers should provide if they know it, in
order to save a possible expensive getDomainInfo call.
Peter van Dijk [Mon, 7 Apr 2025 13:25:39 +0000 (15:25 +0200)]
Introduce a Bind-style Views feature.
Add interfaces to the zone cache to get the view name from the
originating network address, and to retrieve the appropriate
variant name to use to update a ZoneName when necessary.
Remi Gacogne [Tue, 20 May 2025 08:09:09 +0000 (10:09 +0200)]
dnsdist: Fix one potential issue spotted by Coverity
As spotted by Coverity, one function called from a destructor could
in theory throw an exception which is not caught from within the
destructor, which would lead to a termination of the program.
At a quick glance it seems quite impossible to happen in practice
with the current code, but let's fix it nevertheless.
Remi Gacogne [Tue, 13 May 2025 13:50:21 +0000 (15:50 +0200)]
dnsdist: Fix a crash when TCP queries and responses keep coming
It happens when we keep finding queries waiting for us on the incoming
TCP socket from the client, and responses waiting for us on the TCP
socket to the backend after forwarding a new query. This is quite
unlikely but not impossible to happen, as reported by Renaud Allard
(many thanks for taking the time to investigate the issue!).
Remi Gacogne [Thu, 15 May 2025 10:13:09 +0000 (12:13 +0200)]
build-and-test-all: Build DNSdist on Ubicloud runners when needed
GH actions provides us with a 16 GB runner on public repositories,
but only 7 GB on private ones. Unfortunately our current workflow
assumes that we can get away with 4 concurrent jobs when building
DNSdist, which is true when we have 16 GB available but not with
7 GB.
So this commit switches to Ubicloud runners (standard 4, 4 vCPU,
16 GB) for repositories defining the `REPOSITORY_USE_UBICLOUD`
variable to 1. These runners are also significantly faster than the
GH actions ones.
Remi Gacogne [Mon, 19 May 2025 09:45:59 +0000 (11:45 +0200)]
dnsdist: Fix our `meson` build not reaching a stable state
Before this commit calling `meson build` a second time right after building
triggered a re-generation of the `dnsdist-configuration-yaml-items-generated.cc`
file because `meson` wants it to be present in the build directory,
but we also want to generate it in the source directory so that it
can be included in the repository.
The current solution is a bit dirty, but our options are limited
because some files are only generated when YAML support is available,
because they require Rust, and we need them to be in the dist tarball.
Otto suggested that we could generate them only when building the dist
tarball, I'll look into it in a bit.
Remi Gacogne [Thu, 15 May 2025 08:11:23 +0000 (10:11 +0200)]
dnsdist: Fix backend discovery regression test on GH action (again)
Apparently IPv6 is very flaky on GH actions these days, and I see
this test failing again and again because DNSdist cannot reliably
reach the servers over IPv6. IPv4 is fine from GH actions, v4 and
v6 are fine locally, so let's not fail in that case.
Remi Gacogne [Wed, 7 May 2025 08:52:56 +0000 (10:52 +0200)]
dnsdist: Only set the proxy protocol payload size when actually added
I can think of two cases where we got this wrong:
- the query was initially assigned to a backend using the proxy protocol
payload, then later restarted and assigned to a backend not using it.
The proxy protocol payload size was then kept from the first assignment.
- we failed to actually prepend the proxy protocol payload but the payload
size was updated.
Both cases could cause a corrupted payload to be sent, or an exception to
be raised if the size of the proxy protocol payload was larger than the
size of the initial query.
Remi Gacogne [Wed, 7 May 2025 14:18:25 +0000 (16:18 +0200)]
dnsdist: Gracefully handle missing v6 in backend discovery test
This test has been randomly failing on GH actions lately, and it looks
like it is because we sometimes do not get the IPv6 addresses when
resolving `dns.quad9.net` via the system resolver.
Remi Gacogne [Mon, 5 May 2025 15:03:06 +0000 (17:03 +0200)]
dnsdist: Improve scalability of custom metrics
This commit improves the scalability of custom metrics by:
- being optimistic about the existence of a given metric (including labels):
since most of the time a given metric, even with labels, will be increased
more than once, we can take read-only lock and only fallback to taking a
write lock if we actually have to add a new entry. This is especially
useful when using custom metrics with per-thread Lua, since there is no
global lock involved in this case.
- optimizing the "no label" case, since the Lua FFI interface does not
use anyway: skip the creation (and destruction) of an empty labels
map whenever possible, return an empty string early when combining
empty labels.
It already yields a noticeable improvement when a single thread is used,
but really shines when several threads are processing queries simultaneously.
Remi Gacogne [Mon, 5 May 2025 08:42:20 +0000 (10:42 +0200)]
Fix building with GCC 15.1: missing `cstdint` include
GCC 15.1 complains about a missing `cstdint` include when building
`DNSdist`:
```
In file included from ../doh3.hh:29,
from ../doh3.cc:23:
../noinitvector.hh:67:35: error: ‘uint8_t’ was not declared in this scope
67 | using PacketBuffer = NoInitVector<uint8_t>;
| ^~~~~~~
../noinitvector.hh:7:1: note: ‘uint8_t’ is defined in header ‘<cstdint>’; this is probably fixable by adding ‘#include <cstdint>’
6 | #include <vector>
+++ |+#include <cstdint>
7 |
../noinitvector.hh:67:42: error: template argument 1 is invalid
67 | using PacketBuffer = NoInitVector<uint8_t>;
| ^
In file included from ../dnsdist-idstate.hh:27,
from ../doh3.hh:48:
../dnscrypt.hh:247:20: error: ‘PacketBuffer’ has not been declared
247 | void parsePacket(PacketBuffer& packet, bool tcp, time_t now);
| ^~~~~~~~~~~~
../dnscrypt.hh:248:31: error: ‘PacketBuffer’ has not been declared
248 | void getDecrypted(bool tcp, PacketBuffer& packet);
| ^~~~~~~~~~~~
../dnscrypt.hh:249:43: error: ‘PacketBuffer’ has not been declared
249 | void getCertificateResponse(time_t now, PacketBuffer& response) const;
| ^~~~~~~~~~~~
../dnscrypt.hh:250:23: err
```
projects / thirdparty / pdns.git / log
