]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Fri, 31 Jul 2020 12:57:00 +0000 (14:57 +0200)]
Merge pull request #9273 from rgacogne/ddist-server-latency-bindings
dnsdist: Add Lua bindings to get a server's latency
Otto Moerbeek [Fri, 31 Jul 2020 10:12:49 +0000 (12:12 +0200)]
Merge pull request #9196 from pieterlexis/qla-only-v6
rec: Disable outgoing v4 when QLA has no v4 addresses
Otto Moerbeek [Fri, 31 Jul 2020 09:13:05 +0000 (11:13 +0200)]
Tidy declaration of new exitCode field
Remi Gacogne [Fri, 31 Jul 2020 08:43:20 +0000 (10:43 +0200)]
Merge pull request #9366 from rgacogne/dnsdist-doh-response-map
dnsdist: Better documentation for HTTP responses map
Otto Moerbeek [Fri, 31 Jul 2020 07:28:47 +0000 (09:28 +0200)]
Merge pull request #9362 from omoerbeek/rec-bulk-more-threads
Rec: run test with more threads and skip the last (repeated) test
Remi Gacogne [Thu, 30 Jul 2020 15:23:59 +0000 (17:23 +0200)]
dnsdist: Better documentation for HTTP responses map
Including the fact that in 1.5.0 the paths should be listed in the
list of path passed to `addDOHLocal` to be able to match a response
rule.
Remi Gacogne [Thu, 30 Jul 2020 12:30:06 +0000 (14:30 +0200)]
Merge pull request #9365 from rgacogne/ddist-fix-invalid-char-changelog
dnsdist: Fix weird UTF-8 character in the ChangeLog
Remi Gacogne [Thu, 30 Jul 2020 12:29:06 +0000 (14:29 +0200)]
dnsdist: Fix weird UTF-8 character in the ChangeLog
Remi Gacogne [Thu, 30 Jul 2020 12:15:59 +0000 (14:15 +0200)]
Merge pull request #9358 from rgacogne/ddist150-secpoll-changelog
dnsdist: Update ChangeLog and secpoll for the 1.5.0 release
Remi Gacogne [Thu, 30 Jul 2020 08:34:43 +0000 (10:34 +0200)]
dnsdist: Fix the release date of dnsdist 1.5.0
Remi Gacogne [Wed, 29 Jul 2020 12:16:39 +0000 (14:16 +0200)]
Merge pull request #9360 from rgacogne/ddist-prevent-backends-copy
dnsdist: Prevent a copy of a pool's backends when selecting a server
Otto Moerbeek [Wed, 29 Jul 2020 12:03:34 +0000 (14:03 +0200)]
Half a million as biggest test for now to prevent buildbot timeouts
Otto Moerbeek [Wed, 29 Jul 2020 09:22:06 +0000 (11:22 +0200)]
Default to more (m)threads for bulk and fix a typo in test-recursor-bulk
Remi Gacogne [Wed, 29 Jul 2020 07:38:38 +0000 (09:38 +0200)]
dnsdist: Prevent a copy of a pool's backends when selecting a server
Remi Gacogne [Wed, 29 Jul 2020 07:00:16 +0000 (09:00 +0200)]
Whitelist part of the name of a contributor..
Remi Gacogne [Wed, 29 Jul 2020 06:58:36 +0000 (08:58 +0200)]
Merge pull request #9356 from rgacogne/ddist-check-cache-ptr
dnsdist: Handle calling PacketCache methods on a nil object
Remi Gacogne [Wed, 29 Jul 2020 06:57:20 +0000 (08:57 +0200)]
Merge pull request #9359 from Habbie/mysql-both-typo
auth tests gmysql2: fix env var name typo
Peter van Dijk [Tue, 28 Jul 2020 21:37:11 +0000 (23:37 +0200)]
auth tests gmysql2: fix env var name typo
Remi Gacogne [Tue, 28 Jul 2020 13:15:11 +0000 (15:15 +0200)]
dnsdist: Update ChangeLog and secpoll for the 1.5.0 release
Remi Gacogne [Tue, 28 Jul 2020 12:45:11 +0000 (14:45 +0200)]
Merge pull request #9355 from rgacogne/ddist-proxy-protocol-large
dnsdist: Improve reporting of possible overflow via large Proxy Protocol values
Remi Gacogne [Tue, 28 Jul 2020 12:41:38 +0000 (14:41 +0200)]
dnsdist: Handle calling PacketCache methods on a nil object
Remi Gacogne [Tue, 28 Jul 2020 09:12:27 +0000 (11:12 +0200)]
dnsdist: Improve reporting of possible overflow via large Proxy Protocol values
Remi Gacogne [Tue, 28 Jul 2020 09:05:27 +0000 (11:05 +0200)]
Merge pull request #9354 from PowerDNS/dependabot/bundler/modules/remotebackend/json-2.3.0
build(deps): bump json from 1.8.5 to 2.3.0 in /modules/remotebackend
Remi Gacogne [Tue, 28 Jul 2020 09:05:06 +0000 (11:05 +0200)]
Merge pull request #9353 from PowerDNS/dependabot/bundler/modules/remotebackend/regression-tests/json-2.3.0
build(deps): bump json from 1.8.2 to 2.3.0 in /modules/remotebackend/regression-tests
Remi Gacogne [Tue, 28 Jul 2020 07:40:24 +0000 (09:40 +0200)]
Merge pull request #9343 from cmouse/hostname-fix
misc.cc: Resize hostname to final size in getCarbonHostname()
Remi Gacogne [Tue, 28 Jul 2020 07:37:21 +0000 (09:37 +0200)]
Merge pull request #9344 from rgacogne/ddist-fix-doh-sni
dnsdist: Fix compilation with h2o_socket_get_ssl_server_name
Remi Gacogne [Tue, 28 Jul 2020 07:37:05 +0000 (09:37 +0200)]
Merge pull request #9346 from omoerbeek/dnsdist-openbsd-clang-std
dnsdist: Fix compilation on OpenBSD/amd64
dependabot[bot] [Tue, 28 Jul 2020 04:11:38 +0000 (04:11 +0000)]
build(deps): bump json from 1.8.5 to 2.3.0 in /modules/remotebackend
Bumps [json](https://github.com/flori/json) from 1.8.5 to 2.3.0.
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v1.8.5...v2.3.0)
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Tue, 28 Jul 2020 04:02:10 +0000 (04:02 +0000)]
build(deps): bump json in /modules/remotebackend/regression-tests
Bumps [json](https://github.com/flori/json) from 1.8.2 to 2.3.0.
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v1.8.2...v2.3.0)
Signed-off-by: dependabot[bot] <support@github.com>
Aki Tuomi [Tue, 21 Jul 2020 19:04:56 +0000 (22:04 +0300)]
test-misc_hh: Add test for getCarbonHostname
Aki Tuomi [Sun, 19 Jul 2020 15:06:14 +0000 (18:06 +0300)]
misc.cc: Resize hostname to final size in getCarbonHostname()
In
5c21b47fbc35ddcb8d939eb8541c6c3bad1080a8 we change how
hostname is allocated. We allocate getMaxHostNameSize for string,
then give the raw buffer for gethostname function, but forget to
resize the string into actual result length, causing the carbon
output to include trailing NUL bytes after hostname.
Otto Moerbeek [Mon, 20 Jul 2020 07:56:15 +0000 (09:56 +0200)]
Fix compilation on OpenBSD/amd64
The readline lib on OpenBSD redefines __attribute__ to empty if __STRICT_ANSI__...
Otto Moerbeek [Mon, 20 Jul 2020 18:08:02 +0000 (20:08 +0200)]
Merge pull request #9348 from omoerbeek/solaris-name-clashes
Avoid name clashes on Solaris derived systems.
Otto Moerbeek [Mon, 20 Jul 2020 14:13:29 +0000 (16:13 +0200)]
Avoid name clashes on Solaris derived systems.
Fixes #9279
Otto Moerbeek [Mon, 20 Jul 2020 09:25:27 +0000 (11:25 +0200)]
Merge pull request #9342 from omoerbeek/rec-prep-4.4.0-alpha2
rec: prep for rec-4.4.0-alpha2
Otto Moerbeek [Fri, 17 Jul 2020 10:34:30 +0000 (12:34 +0200)]
Prep for rec 4.4.0-alpha2
Remi Gacogne [Sun, 19 Jul 2020 21:28:02 +0000 (23:28 +0200)]
dnsdist: Fix compilation with h2o_socket_get_ssl_server_name
aerique [Fri, 17 Jul 2020 09:00:24 +0000 (11:00 +0200)]
Create Ubuntu Focal Dockerfile for rec-43+.
aerique [Fri, 17 Jul 2020 09:00:03 +0000 (11:00 +0200)]
Only add `--nobest` for CentOS 8.
Otto Moerbeek [Fri, 17 Jul 2020 08:24:49 +0000 (10:24 +0200)]
Merge pull request #9338 from omoerbeek/rec-prep-
20200717
rec: Prep for upcoming July 17th 2020 release.
Remi Gacogne [Thu, 16 Jul 2020 08:45:48 +0000 (10:45 +0200)]
Merge pull request #9320 from ihsinme/patch-2
Update proxy-protocol.cc
Remi Gacogne [Wed, 15 Jul 2020 07:37:33 +0000 (09:37 +0200)]
Merge pull request #9336 from Habbie/auth-metrics-new-in-4.4
auth docs: note that /metrics is new in 4.4; closes #9325
Otto Moerbeek [Wed, 15 Jul 2020 07:27:07 +0000 (09:27 +0200)]
Add tags and tidy.
Remi Gacogne [Wed, 15 Jul 2020 07:23:28 +0000 (09:23 +0200)]
Merge pull request #9308 from rgacogne/rec-check-zone-key-flag
rec: Check that DNSKEYs have the zone flag set
Otto Moerbeek [Wed, 15 Jul 2020 07:19:46 +0000 (09:19 +0200)]
Merge pull request #9314 from zeha/no-tologstring
Remove redundant toLogString() calls
Peter van Dijk [Tue, 14 Jul 2020 17:34:16 +0000 (19:34 +0200)]
Merge pull request #9339 from phonedph1/patch-22
dnsdist: Update config.rst
phonedph1 [Tue, 14 Jul 2020 17:25:56 +0000 (11:25 -0600)]
Update config.rst
Otto Moerbeek [Tue, 14 Jul 2020 11:45:50 +0000 (13:45 +0200)]
Prep for upcoming July 17th 2020 release.
Peter van Dijk [Tue, 14 Jul 2020 08:56:11 +0000 (10:56 +0200)]
auth docs: note that /metrics is new in 4.4; closes #9325
Peter van Dijk [Mon, 13 Jul 2020 19:10:40 +0000 (21:10 +0200)]
Merge pull request #9315 from zeha/bind-zoneid
bindbackend: fix zoneId in log statement
Peter van Dijk [Mon, 13 Jul 2020 15:41:59 +0000 (17:41 +0200)]
Merge pull request #9280 from zeha/domain-create
auth: immediately fill account, kind, masters on zone create
Remi Gacogne [Wed, 8 Jul 2020 10:24:43 +0000 (12:24 +0200)]
rec: Check that DNSKEYs have the 'zone' flag set, 'revoked' one cleared
Remi Gacogne [Wed, 8 Jul 2020 09:04:47 +0000 (11:04 +0200)]
rec: Check that DNSKEYs have the zone flag set
As required by rfc4034 Section 5.2.
Remi Gacogne [Mon, 13 Jul 2020 13:49:33 +0000 (15:49 +0200)]
Merge pull request #9312 from rgacogne/rec-class-enum-validation-states
rec: Stop cluttering the global namespace with validation states
Otto Moerbeek [Mon, 13 Jul 2020 09:48:36 +0000 (11:48 +0200)]
Merge pull request #9231 from omoerbeek/explicit-cxx-version
Use explicit flag for the specific version of c++ wer'e targeting.
ihsinme [Fri, 10 Jul 2020 13:12:14 +0000 (16:12 +0300)]
Update proxy-protocol.cc
get rid of integer overflow
Remi Gacogne [Fri, 10 Jul 2020 07:36:12 +0000 (09:36 +0200)]
Merge pull request #9316 from zeha/dbnullptr
auth: 0 as nullptr cleanup
Chris Hofstaedtler [Thu, 9 Jul 2020 19:59:28 +0000 (21:59 +0200)]
auth: 0 as nullptr cleanup
Chris Hofstaedtler [Thu, 9 Jul 2020 19:32:43 +0000 (21:32 +0200)]
bindbackend: fix zoneId in log statement
The existing message was confusing me because it showed invalid/not
initialized data.
Chris Hofstaedtler [Thu, 9 Jul 2020 19:12:16 +0000 (21:12 +0200)]
Remove redundant toLogString() calls
Already handled by Logger.
Remi Gacogne [Thu, 9 Jul 2020 11:52:11 +0000 (13:52 +0200)]
rec: Stop cluttering the global namespace with validation states
Also rename the NODATA state to NODENIAL, as the existing name could
easily be confused with NXQTYPE.
Remi Gacogne [Wed, 8 Jul 2020 12:10:56 +0000 (14:10 +0200)]
Merge pull request #9188 from rgacogne/rec-refuse-ds-from-child-zone
rec: Refuse DS records received from child zones
Remi Gacogne [Wed, 8 Jul 2020 12:09:43 +0000 (14:09 +0200)]
Merge pull request #9309 from rgacogne/rec-validate-cached-dnskeys-against-ds
rec: Validate cached DNSKEYs against the DSs, not the RRSIGs only
Remi Gacogne [Wed, 8 Jul 2020 08:49:51 +0000 (10:49 +0200)]
Merge pull request #9297 from rgacogne/rec-no-cache-only-getdnskeys
rec: Ignore cache-only for DNSKEYs retrieval
Remi Gacogne [Tue, 7 Jul 2020 14:06:59 +0000 (16:06 +0200)]
Merge pull request #9298 from rgacogne/ddist-changelog-150-rc4
dnsdist: Update the ChangeLog and secpoll zone for 1.5.0-rc4
Remi Gacogne [Tue, 7 Jul 2020 12:22:59 +0000 (14:22 +0200)]
rec: Add a 'skip DS from child zone' unit test
Remi Gacogne [Tue, 2 Jun 2020 15:19:42 +0000 (17:19 +0200)]
rec: Refuse DS records received from child zones
Remi Gacogne [Tue, 7 Jul 2020 08:13:01 +0000 (10:13 +0200)]
dnsdist: Update the release date for dnsdist 1.5.0-rc4
Remi Gacogne [Tue, 7 Jul 2020 07:56:41 +0000 (09:56 +0200)]
rec: Ignore cache-only for DSs retrieval
When the DSs are needed for validation, the initial RD flag should
not prevent us from going to the network.
Otto Moerbeek [Mon, 6 Jul 2020 18:05:57 +0000 (20:05 +0200)]
Merge pull request #9303 from omoerbeek/rec-security-state-logging
rec: use new operator to print states
Otto Moerbeek [Mon, 6 Jul 2020 16:19:41 +0000 (18:19 +0200)]
Merge pull request #9301 from omoerbeek/rec-for-new-rpz
rec: take initial refresh time from loaded zone
Otto Moerbeek [Mon, 6 Jul 2020 16:19:24 +0000 (18:19 +0200)]
Merge pull request #9302 from omoerbeek/rec-openbsd-unsigned-warning
rec: Kill an signed vs unsigned warning on OpenBSD
Otto Moerbeek [Mon, 6 Jul 2020 13:55:53 +0000 (15:55 +0200)]
When no rpz cache is used and no refresh time is specified, use
the refresh time read on the initial load of the zone.
Should fix #9299.
Otto Moerbeek [Mon, 6 Jul 2020 13:04:32 +0000 (15:04 +0200)]
Use new operator to print states
Remi Gacogne [Mon, 6 Jul 2020 13:00:44 +0000 (15:00 +0200)]
rec: Validate cached DNSKEYs against the DSs, not the RRSIGs only
DNSKEYs might be cached in a non-validated state ("Indeterminate")
when the DNSSEC mode is set to "Process" and the initial query did
not ask for validation.
We would then validate the DNSKEY records against the RRSIGs, like
for regular records, but not against the DSs.
Otto Moerbeek [Mon, 6 Jul 2020 13:00:25 +0000 (15:00 +0200)]
Kill an signed vs unsigned warning on OpenBSD
Remi Gacogne [Mon, 6 Jul 2020 12:15:42 +0000 (14:15 +0200)]
Merge pull request #9290 from rgacogne/rec-refuse-qtype-0
rec: Refuse QType 0 right away, based on rfc6895 section 3.1
Remi Gacogne [Mon, 6 Jul 2020 12:02:08 +0000 (14:02 +0200)]
Merge pull request #9292 from rgacogne/rec-servfail-not-bogus-ds-dnskey-failure
rec: A ServFail while retrieving DS/DNSKEY records is just that
Remi Gacogne [Mon, 6 Jul 2020 12:01:55 +0000 (14:01 +0200)]
Merge pull request #9295 from rgacogne/rec-storage-validation-types
rec: Specify a storage type for validation states
Remi Gacogne [Mon, 6 Jul 2020 12:01:10 +0000 (14:01 +0200)]
Merge pull request #9296 from rgacogne/rec-test-invalid-ds-denial
rec: Fix invalid signatures in a test (DS signed by the child zone)
Remi Gacogne [Mon, 6 Jul 2020 09:06:59 +0000 (11:06 +0200)]
dnsdist: Update the ChangeLog and secpoll zone for 1.5.0-rc4
Remi Gacogne [Fri, 3 Jul 2020 14:29:11 +0000 (16:29 +0200)]
rec: Specify a storage type for validation states
Remi Gacogne [Fri, 3 Jul 2020 14:31:01 +0000 (16:31 +0200)]
rec: Fix invalid signatures in a test (DS signed by the child zone)
Remi Gacogne [Fri, 3 Jul 2020 15:29:33 +0000 (17:29 +0200)]
rec: Ignore cache-only for DNSKEYs retrieval
When the DNSKEYs are needed for validation, the initial RD flag
should not prevent us from going to the network.
Otto Moerbeek [Fri, 3 Jul 2020 10:52:48 +0000 (12:52 +0200)]
we gained an extra AAAA record in the cache
Otto Moerbeek [Fri, 3 Jul 2020 08:33:29 +0000 (10:33 +0200)]
Tell other threads to stop when a fatal issue occurs.
Theer are more spots where this should be done.
Pieter Lexis [Thu, 11 Jun 2020 08:50:16 +0000 (10:50 +0200)]
tests: detect IPv6
Pieter Lexis [Wed, 10 Jun 2020 12:34:48 +0000 (14:34 +0200)]
qla-v6 outgoing: increase chance of catching errors
Pieter Lexis [Wed, 10 Jun 2020 12:26:55 +0000 (14:26 +0200)]
rec: Clean up QLA
Otto Moerbeek [Wed, 10 Jun 2020 08:40:19 +0000 (10:40 +0200)]
Let the threads returns an error code if someting is wrong
which is picked up by serviceMain as an exit status.
There are a lot more places where the (fatal) error flow could be
improved/made consistent.
Otto Moerbeek [Wed, 10 Jun 2020 08:23:53 +0000 (10:23 +0200)]
Better error handling: return a bool and let caller decide.
Pieter Lexis [Wed, 10 Jun 2020 08:20:06 +0000 (10:20 +0200)]
rec: Fix IPv6-outgoing-only zero-scope ECS test
The recursor uses the outgoing address family to set the ECS address to
a localhost address when a client indicates that it wants no ECS (by
setting the all-zero scope).
Now that we _actually_ do v6-only outgoing when requested by configuration,
we need the regression test auths to listen on v6.
This change to the regression tests makes the ROOT auth listen on
[::1]:53, adds the hints, and for the ECS test, starts an IPv6 ECS
echo responder on [::1]:53000 and uses that address for the
forward-zone.
Otto Moerbeek [Wed, 10 Jun 2020 07:54:20 +0000 (09:54 +0200)]
Check usefullness of root hints.
e.g. if we are running IPv6 only, and only have IPv4 hints
things will not work. Base he decision on presence of A/AAAA
records mentioned as NS.
Pieter Lexis [Thu, 4 Jun 2020 12:44:29 +0000 (14:44 +0200)]
Fix test that used qla
Pieter Lexis [Tue, 2 Jun 2020 12:55:08 +0000 (14:55 +0200)]
rec: Disable outgoing v4 when QLA has no v4 addresses
Otto Moerbeek [Fri, 3 Jul 2020 08:10:01 +0000 (10:10 +0200)]
Merge pull request #9289 from omoerbeek/rec-tcp-error-warnings
rec: common TCP write problems should only be logged if wanted.
Otto Moerbeek [Fri, 3 Jul 2020 08:09:49 +0000 (10:09 +0200)]
Merge pull request #9288 from rgacogne/rec-negcache-dump-authority
rec: Dump the authority records of a negative cache entry as well
Remi Gacogne [Thu, 2 Jul 2020 11:34:11 +0000 (13:34 +0200)]
Merge pull request #9278 from rgacogne/ddist-doh-self-cleanup-vect
dnsdist: Prevent race between the DoH handling threads
Remi Gacogne [Thu, 2 Jul 2020 08:31:31 +0000 (10:31 +0200)]
rec: A ServFail while retrieving DS/DNSKEY records is just that
Before that commit, failing to get the DS or DNSKEY records needed
during validation because of a network issue would trigger a Bogus
DNSSEC validation result because validation could not be performed,
but that should just be a Server Failure instead.
This is especially an issue because the Bogus result would get
inserted into the cache and could stay there for as long as
'max-cache-bogus-ttl' seconds.
Remi Gacogne [Wed, 1 Jul 2020 14:05:56 +0000 (16:05 +0200)]
rec: Refuse QType 0 right away, based on rfc6895 section 3.1