]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Wed, 10 Jun 2020 15:18:58 +0000 (17:18 +0200)]
Merge pull request #9211 from rgacogne/ddist-doh-non-blocking
dnsdist: Use non-blocking pipes to pass DoH queries/responses around
Remi Gacogne [Wed, 10 Jun 2020 08:48:10 +0000 (10:48 +0200)]
dnsdist: Log at verbose level when we couldn't write to the pipe
Otto Moerbeek [Wed, 10 Jun 2020 05:45:04 +0000 (07:45 +0200)]
Merge pull request #9214 from omoerbeek/rec-docs-warnins
rec: fix doc generation warnings in recursor.
Otto Moerbeek [Wed, 10 Jun 2020 05:44:52 +0000 (07:44 +0200)]
Merge pull request #9203 from omoerbeek/rec-gettag-answer-rpz
Rec: rpz policy should override gettag_ffi answer by default
Otto Moerbeek [Wed, 10 Jun 2020 05:41:39 +0000 (07:41 +0200)]
Merge pull request #9216 from rgacogne/rec-scan-cname-loop-ref
rec: Don't copy the records when scanning for CNAME loops
Peter van Dijk [Tue, 9 Jun 2020 18:15:39 +0000 (20:15 +0200)]
Merge pull request #9190 from zeha/psql-prep
gpgsql: Reintroduce prepared statements
Peter van Dijk [Tue, 9 Jun 2020 18:02:51 +0000 (20:02 +0200)]
Merge pull request #9189 from zeha/query-logging
gpgsqlbackend: add parameters to query logging
Peter van Dijk [Tue, 9 Jun 2020 17:49:24 +0000 (19:49 +0200)]
Merge pull request #9187 from zeha/systemd-syslog-instances
Set SyslogIdentifier for multiple instances
Peter van Dijk [Tue, 9 Jun 2020 17:44:25 +0000 (19:44 +0200)]
Merge pull request #9183 from zeha/api-rectify-slave
API: Allow rectifying Slave zones
Remi Gacogne [Tue, 9 Jun 2020 15:19:09 +0000 (17:19 +0200)]
rec: Don't copy the records when scanning for CNAME loops
Otto Moerbeek [Tue, 9 Jun 2020 12:11:25 +0000 (14:11 +0200)]
Fix doc generation warnings in recursor.
Fixes #9167.
Otto Moerbeek [Tue, 9 Jun 2020 11:31:48 +0000 (13:31 +0200)]
Merge pull request #9213 from omoerbeek/dnsdist-stringview-ambiguous
Do not use `using namespace std;`
Remi Gacogne [Tue, 9 Jun 2020 11:19:12 +0000 (13:19 +0200)]
dnsdist: Chck that we don't write more than PIPE_BUF at once on pipes
Otto Moerbeek [Tue, 9 Jun 2020 11:18:58 +0000 (13:18 +0200)]
Do not use using namespace std; it causes ambiguity if
both std::string_view and boost::string_view are in scope
Otto Moerbeek [Tue, 9 Jun 2020 10:07:45 +0000 (12:07 +0200)]
Merge pull request #9202 from omoerbeek/rec-cname-loop
rec: more sophisticated cname loop detection.
Peter van Dijk [Tue, 9 Jun 2020 09:18:11 +0000 (11:18 +0200)]
Merge pull request #9212 from Habbie/generate-repo-files-master
add master support to generate-repo-files.sh
Peter van Dijk [Fri, 5 Jun 2020 15:33:56 +0000 (17:33 +0200)]
add master support to generate-repo-files.sh
Otto Moerbeek [Tue, 9 Jun 2020 08:22:58 +0000 (10:22 +0200)]
Do not process passthru in a special way. RPZ hit always takes
precedence unless overridesGettag is set to false.
Otto Moerbeek [Tue, 9 Jun 2020 06:29:13 +0000 (08:29 +0200)]
Merge pull request #9205 from rgacogne/rec-rrsig-ttl
rec: Limit the TTL of RRSIG records as well
Otto Moerbeek [Tue, 9 Jun 2020 06:27:36 +0000 (08:27 +0200)]
Merge pull request #9207 from neheb/string
use std::string_view when available
Remi Gacogne [Mon, 8 Jun 2020 14:45:03 +0000 (16:45 +0200)]
dnsdist: Update the tests for the new 'doh-*-pipe-full' metrics
Remi Gacogne [Mon, 8 Jun 2020 14:28:42 +0000 (16:28 +0200)]
dnsdist: Use non-blocking pipes to pass DoH queries/responses around
This commit makes the internal sockets non-blocking so we don't freeze if
they ever fill up, and log errors/increment metrics instead.
It also replaces the socket pairs by pipes, since the default buffer
size for sockets seems to allow only ~278 pending queries which might
be reached given how libh2o batches events. On Linux, a pipe gives us
8192 pending queries by default due to the lower overhead, and it
can easily be incremented to 131072 pending queries by setting the
pipe size to
1048576 . This commits adds a new setting to do just
that.
Otto Moerbeek [Mon, 8 Jun 2020 11:11:12 +0000 (13:11 +0200)]
Docs added
Remi Gacogne [Mon, 8 Jun 2020 07:57:55 +0000 (09:57 +0200)]
Merge pull request #9204 from rgacogne/rec-doc-gettag-ffi
rec: Better document the gettag hook and its FFI counterpart
Peter van Dijk [Sun, 7 Jun 2020 18:30:30 +0000 (20:30 +0200)]
Merge pull request #9182 from supervacuus/auth-metrics-endpoint
Implemented prometheus metrics-endpoint for auth
Rosen Penev [Sat, 6 Jun 2020 18:33:55 +0000 (11:33 -0700)]
use std::string_view when available
There's a standard C++ macro to check for its existence.
libstdc++ from GCC makes it available under C++17 and up. libcxx from
LLVM makes it available everywhere.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Mischan Toosarani-Hausberger [Fri, 5 Jun 2020 21:17:21 +0000 (23:17 +0200)]
auth: Declare ring-size metrics as gauges
ring-buffer size metrics are affected in three ways:
* incremented and saturated as items are added
* set to zero, when the ring-buffer is reset
* decremented when the ring-buffer is resized to a smaller capacity
that cannot hold the number of items currently stored
The latter qualifies ring-buffer size metrics as gauges.
Mischan Toosarani-Hausberger [Thu, 4 Jun 2020 17:26:05 +0000 (19:26 +0200)]
auth: Declare ring-capacity metrics as gauges.
Mischan Toosarani-Hausberger [Tue, 2 Jun 2020 18:40:03 +0000 (20:40 +0200)]
auth: Change StatType for some metrics from counter to gauge
"packetcache-size" and "query-cache-size" are both decremented and
incremented and thus clearly gauges.
"security-status" is an ordered category and thus also qualifies as a
gauge.
Mischan Toosarani-Hausberger [Mon, 1 Jun 2020 20:26:51 +0000 (22:26 +0200)]
Implemented prometheus metrics-endpoint for auth
Peter van Dijk [Fri, 5 Jun 2020 13:54:03 +0000 (15:54 +0200)]
Merge pull request #9163 from zeha/fix-7795
Optimize IXFR-to-AXFR fallback path
Peter van Dijk [Fri, 5 Jun 2020 13:45:31 +0000 (15:45 +0200)]
Merge pull request #9040 from Habbie/auth-readme
auth README: some fixes; remove manual doc build instructions
Peter van Dijk [Fri, 5 Jun 2020 13:43:57 +0000 (15:43 +0200)]
Merge pull request #9180 from Habbie/4.2-changes-8497
auth: add #8497 to changelog
Remi Gacogne [Fri, 5 Jun 2020 13:14:35 +0000 (15:14 +0200)]
rec: Limit the TTL of RRSIG records as well
Remi Gacogne [Fri, 5 Jun 2020 12:40:38 +0000 (14:40 +0200)]
rec: Better document the gettag hook and its FFI counterpart
Otto Moerbeek [Fri, 5 Jun 2020 10:37:47 +0000 (12:37 +0200)]
Add a flag to the RPZ indicating if it should override the answer from gettag.
Defaults to true.
Otto Moerbeek [Fri, 5 Jun 2020 09:51:18 +0000 (11:51 +0200)]
First stab at solving the issue when gettag_ffi sets an answer but
we also have an RPZ hit.
Otto Moerbeek [Fri, 5 Jun 2020 08:37:28 +0000 (10:37 +0200)]
Add/modify tests. Also re-check for the cache case. It *is* a bit
unsettling that case causes an ImmediateServFailException, but I do
not like to touch the general flow right now. That would be required
to make the CNAME cache case more similar to the non-cached case.
Peter van Dijk [Fri, 5 Jun 2020 09:08:21 +0000 (11:08 +0200)]
Merge pull request #8943 from pieterlexis/remote-commit-false
Remote Backend: Throw DBException in functions that allow it
Peter van Dijk [Fri, 5 Jun 2020 08:34:28 +0000 (10:34 +0200)]
Merge pull request #8995 from kpfleming/local-port-docs
Clarify local-address documentation
Peter van Dijk [Fri, 5 Jun 2020 08:25:54 +0000 (10:25 +0200)]
Merge pull request #9178 from franklouwers/master
Clarify allow-axfr-ips behaviour in combination with TSIG
Otto Moerbeek [Fri, 5 Jun 2020 08:19:08 +0000 (10:19 +0200)]
Use seperate function to test for loop; empty result vector on loop
detection (like other resolvers I tested do).
Otto Moerbeek [Wed, 3 Jun 2020 14:31:57 +0000 (16:31 +0200)]
More sophisticated cname loop detection.
Remi Gacogne [Fri, 5 Jun 2020 07:28:53 +0000 (09:28 +0200)]
Merge pull request #9151 from rgacogne/rec-root-ds
rec: Fix the handling of DS queries for the root
Remi Gacogne [Fri, 5 Jun 2020 07:27:48 +0000 (09:27 +0200)]
rec: Remove trailing whitespace in a comment
Otto Moerbeek [Wed, 3 Jun 2020 13:38:21 +0000 (15:38 +0200)]
Merge pull request #9194 from omoerbeek/rec-cname-self-referral
rec: If a CNAME target is found in the cache, check if it's equal to qname and ServFail if so.
Chris Hofstaedtler [Wed, 3 Jun 2020 11:40:17 +0000 (13:40 +0200)]
spgsql: tidy up
Otto Moerbeek [Wed, 3 Jun 2020 10:58:51 +0000 (12:58 +0200)]
Merge pull request #9192 from omoerbeek/rec-depth-incr
rec: Correct depth increments.
Otto Moerbeek [Wed, 3 Jun 2020 10:15:46 +0000 (12:15 +0200)]
If a CNAME target is found in the cache, check if it's equal
to qname and ServFail if so.
Fixes the easy case of #9153. Longer chains with self-refs remain an issue.
Otto Moerbeek [Wed, 3 Jun 2020 07:07:56 +0000 (09:07 +0200)]
Correct depth increments.
With the introduction of qname minimization, a function
doResolveNoQNameMinimization() was introduced. This function is
called by doResolve() with depth incremented. Due to the recursive
nature of the resursor algortihm (Nomen est Omen) we end up
incrementing the depth too much. This prompted a review of the other
places depth was incremented, and I believe it should only be done
when calling doResolve(). Especially the case "+ 2" in the getAddrs()
call looks strange to me, as the doResolve() calls in getAddrs()
already call doResolve() with depth + 1.
This fixes #9184 and likely other cases of deep recursion caused
by long CNAME chains.
Chris Hofstaedtler [Tue, 2 Jun 2020 18:40:29 +0000 (20:40 +0200)]
gpgsql: Reintroduce prepared statements
And a toggle.
Chris Hofstaedtler [Tue, 2 Jun 2020 17:27:24 +0000 (19:27 +0200)]
gpgsqlbackend: add parameters to query logging
Addresses #5292 (for postgres only).
Chris Hofstaedtler [Tue, 2 Jun 2020 16:45:52 +0000 (18:45 +0200)]
API: forbid rectify for presigned zones, only
Frank Louwers [Tue, 2 Jun 2020 12:55:06 +0000 (14:55 +0200)]
Update docs/tsig.rst
Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Remi Gacogne [Tue, 2 Jun 2020 12:54:09 +0000 (14:54 +0200)]
Merge pull request #9142 from rgacogne/rec-defer-nod-lookup
rec: Defer the NOD lookup until after the response has been sent
Remi Gacogne [Tue, 2 Jun 2020 12:53:18 +0000 (14:53 +0200)]
Merge pull request #9172 from rgacogne/rec-rpz-several-ixfr-deltas
rec: Fix RPZ removals when an update has several deltas
Remi Gacogne [Tue, 2 Jun 2020 11:51:11 +0000 (13:51 +0200)]
Merge pull request #9127 from rgacogne/fix-gethostname-no-hostnamemax
Fix compilation on systems that do not define HOST_NAME_MAX
Remi Gacogne [Tue, 2 Jun 2020 10:24:34 +0000 (12:24 +0200)]
Fix compilation on systems that do not define HOST_NAME_MAX
On FreeBSD at least, HOST_NAME_MAX is not defined and we need to
use sysconf() to get the value at runtime instead.
Based on a work done by @RvdE to make the recursor compile on
FreeBSD (many thanks!).
Chris Hofstaedtler [Tue, 2 Jun 2020 09:49:32 +0000 (11:49 +0200)]
Set SyslogIdentifier for multiple instances
Fixes #8490.
Chris Hofstaedtler [Tue, 2 Jun 2020 08:57:42 +0000 (10:57 +0200)]
API: Allow rectifying Slave zones
Fixes #9066.
Peter van Dijk [Sun, 31 May 2020 21:46:02 +0000 (23:46 +0200)]
auth: add #8497 to changelog
Frank Louwers [Fri, 29 May 2020 13:37:58 +0000 (15:37 +0200)]
Clarify allow-axfr-ips behaviour in combination with TSIG
Chris Hofstaedtler [Fri, 29 May 2020 12:12:38 +0000 (14:12 +0200)]
Address feedback from #9176
aerique [Thu, 28 May 2020 21:45:34 +0000 (23:45 +0200)]
Merge pull request #9152 from aerique/feature/add-supported-for-unsigned-packages
Make sure we can install unsigned packages.
Remi Gacogne [Thu, 28 May 2020 16:54:20 +0000 (18:54 +0200)]
rec: Add a regression test for the RPZ updates with several deltas
Remi Gacogne [Thu, 28 May 2020 16:15:53 +0000 (18:15 +0200)]
rec: Fix RPZ removals when an update has several deltas
Peter van Dijk [Thu, 28 May 2020 09:33:07 +0000 (11:33 +0200)]
Merge pull request #9160 from Habbie/spelling-only-docs
limit spell checking to docs
Peter van Dijk [Thu, 28 May 2020 08:55:53 +0000 (10:55 +0200)]
Merge pull request #9166 from cmouse/patch-
1590648655
opensslsigners: Add missing 'static' keyword
Remi Gacogne [Thu, 28 May 2020 07:19:39 +0000 (09:19 +0200)]
Merge pull request #9162 from jsoref/clarify-docs
Clarify docs
Aki Tuomi [Thu, 28 May 2020 06:50:04 +0000 (09:50 +0300)]
opensslsigners: Add missing 'static' keyword
openssl_pthreads_locking_callback and openssl_pthreads_id_callback are
local functions, so they need static.
Chris Hofstaedtler [Wed, 27 May 2020 21:20:08 +0000 (23:20 +0200)]
Optimize IXFR-to-AXFR fallback path
Avoid making new backends when we are going to either deny the XFR, or
fall back to AXFR anyway.
This cuts down the number of new backends from four (three for IXFR
pre-checks plus one for AXFR) to one (just the AXFR one).
When replying in IXFR mode, we keep making _one_ new backend, which is
also better than before.
While we now hold the s_plock for a while longer, we only take it once
in doIXFR; before we took it twice -- for TSIG retrieval, which now
re-uses the IXFR backend.
Josh Soref [Wed, 27 May 2020 19:40:50 +0000 (15:40 -0400)]
rewrite pdns-distributes-queries
Peter van Dijk [Wed, 27 May 2020 15:40:41 +0000 (17:40 +0200)]
spellcheck: only run when docs have been changed
Josh Soref [Wed, 27 May 2020 14:48:30 +0000 (10:48 -0400)]
clarify: reuseports behavior re worker threads
Josh Soref [Wed, 27 May 2020 14:41:24 +0000 (10:41 -0400)]
Wishy-washy
Josh Soref [Wed, 27 May 2020 14:24:40 +0000 (10:24 -0400)]
Update recursordist: reuseport
Peter van Dijk [Wed, 27 May 2020 14:04:56 +0000 (16:04 +0200)]
we keep allowing these words so that we can do incidental spellchecks later
Peter van Dijk [Wed, 27 May 2020 13:55:04 +0000 (15:55 +0200)]
remove spelling cron; limit spelling to docs
aerique [Tue, 26 May 2020 07:06:56 +0000 (09:06 +0200)]
Add `--nobest` when installing PDNS software.
This is for testing in Docker images, we just want them to build.
aerique [Mon, 25 May 2020 15:08:07 +0000 (17:08 +0200)]
Make sure we can install unsigned packages.
Sometimes we need to install unsigned packages from our own ad-hoc repo,
installing `apt-transport-https` makes sure we can do this (at least on
Debian Stretch).
Remi Gacogne [Mon, 25 May 2020 09:33:19 +0000 (11:33 +0200)]
rec: Defer the NOD lookup until after the response has been sent
If the NOD lookup is slow, for example because the destination
authoritative server is down, doing the NOD lookup before the response
has been sent increases the latency a lot.
This commit moves the actual NOD lookup after the response has been
sent, so we can still use the existing mthread (we might actually need
to do a proper DNS resolution to find the target authoritative server)
without keeping the client waiting.
Remi Gacogne [Mon, 25 May 2020 14:17:50 +0000 (16:17 +0200)]
rec: Fix formatting in the "root DS" unit test
Remi Gacogne [Mon, 25 May 2020 14:08:17 +0000 (16:08 +0200)]
Merge pull request #9141 from rgacogne/rec-remove-getquerylocaladdress-stub
rec: Remove unused getQueryLocalAddress stub in the unit tests
Remi Gacogne [Mon, 25 May 2020 14:02:21 +0000 (16:02 +0200)]
rec: Fix the handling of DS queries for the root
Remi Gacogne [Mon, 25 May 2020 12:45:07 +0000 (14:45 +0200)]
Merge pull request #9143 from Habbie/travis-unbreak-trusty
travis: install pdns package from direct download
Peter van Dijk [Mon, 25 May 2020 08:27:01 +0000 (10:27 +0200)]
travis: install pdns package from direct download
Remi Gacogne [Mon, 25 May 2020 09:17:24 +0000 (11:17 +0200)]
rec: Remove unused getQueryLocalAddress stub in the unit tests
The real function moved to the pdns namespace anyway.
Remi Gacogne [Mon, 25 May 2020 07:50:02 +0000 (09:50 +0200)]
Merge pull request #9137 from phonedph1/patch-21
rec: Update syncres.cc
Remi Gacogne [Mon, 25 May 2020 07:49:48 +0000 (09:49 +0200)]
Merge pull request #9138 from PowerDNS/omoerbeek-patch-1
rec: Typos and ref to rec instead of auth in security advisory
Otto Moerbeek [Fri, 22 May 2020 06:44:57 +0000 (08:44 +0200)]
Typos and ref to rec instead of auth
phonedph1 [Thu, 21 May 2020 01:27:01 +0000 (19:27 -0600)]
Update syncres.cc
Otto Moerbeek [Wed, 20 May 2020 08:47:48 +0000 (10:47 +0200)]
Merge pull request #9134 from omoerbeek/secpoll-cleanup
Secpoll cleanup, mark prereleases with vulnerabilities as such.
Otto Moerbeek [Wed, 20 May 2020 07:38:59 +0000 (09:38 +0200)]
Secpoll cleanup, mark prereleases with vulnerabilities as such.
Otto Moerbeek [Wed, 20 May 2020 07:12:32 +0000 (09:12 +0200)]
Merge pull request #9131 from mnordhoff/patch-6
rec: docs: Update the allow-from setting default
Matt Nordhoff [Tue, 19 May 2020 21:56:55 +0000 (21:56 +0000)]
rec: docs: Update the allow-from setting default.
The default is LOCAL_NETS, but the copy of it in the documentation was incomplete.
Remi Gacogne [Tue, 19 May 2020 15:21:26 +0000 (17:21 +0200)]
Merge pull request #9111 from omoerbeek/dnsreplay-loop
Support LOOP link type in dnsreplay
Otto Moerbeek [Tue, 19 May 2020 13:39:17 +0000 (15:39 +0200)]
Merge pull request #9126 from omoerbeek/rec-4.1.16-secpoll
Prepare rec 4.1.16 secpoll update
Otto Moerbeek [Tue, 19 May 2020 12:53:01 +0000 (14:53 +0200)]
Prepare rec 4.1.16 secpoll update
Kevin P. Fleming [Tue, 19 May 2020 11:12:43 +0000 (07:12 -0400)]
Correct spelling error
Kevin P. Fleming [Fri, 3 Apr 2020 10:52:01 +0000 (06:52 -0400)]
Render examples as preformatted text
Signed-off-by: Kevin P. Fleming <kevin@km6g.us>