]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Wed, 24 Mar 2021 14:16:44 +0000 (15:16 +0100)]
dnsdist: Clarify the meaning of 'tcpMaxConcurrentConnections'
Remi Gacogne [Wed, 24 Mar 2021 14:15:17 +0000 (15:15 +0100)]
dnsdist: Remove trailing whitespace in the documentation
Remi Gacogne [Wed, 24 Mar 2021 10:27:15 +0000 (11:27 +0100)]
dnsdist: Add regression tests for the number of conns per frontend
Remi Gacogne [Tue, 23 Mar 2021 17:58:54 +0000 (18:58 +0100)]
dnsdist: Add a parameter to limit the number of TCP conns per frontend
Remi Gacogne [Mon, 22 Mar 2021 17:45:01 +0000 (18:45 +0100)]
dnsdist: Add setMaxCachedTCPConnectionsPerDownstream()
Remi Gacogne [Mon, 22 Mar 2021 16:12:46 +0000 (17:12 +0100)]
dnsdist: Add 'max concurrent connections' counters
Otto Moerbeek [Fri, 26 Mar 2021 09:15:45 +0000 (10:15 +0100)]
Merge pull request #10213 from omoerbeek/rec-prep-4.5.0-beta1
Rec: prep for 4.5.0 beta1
Remi Gacogne [Fri, 26 Mar 2021 07:33:19 +0000 (08:33 +0100)]
Merge pull request #10218 from rgacogne/ddist-disable-renego
dnsdist: Disable TLS renegotiation by default
Remi Gacogne [Thu, 25 Mar 2021 18:17:24 +0000 (19:17 +0100)]
dnsdist: Disable client-initiated renegotiation with LibreSSL
Remi Gacogne [Thu, 25 Mar 2021 15:57:44 +0000 (16:57 +0100)]
dnsdist: Disable TLS renegotiation by default
Remi Gacogne [Thu, 25 Mar 2021 09:00:38 +0000 (10:00 +0100)]
Merge pull request #10214 from rgacogne/ddist-certificate-reloading
dnsdist: Unify certificate reloading syntaxes
Remi Gacogne [Wed, 24 Mar 2021 15:38:24 +0000 (16:38 +0100)]
dnsdist: Unify certificate reloading syntaxes
Otto Moerbeek [Wed, 24 Mar 2021 15:28:16 +0000 (16:28 +0100)]
Apply suggestions from code review
Co-authored-by: Remi Gacogne <rgacogne+github@valombre.net>
Otto Moerbeek [Wed, 24 Mar 2021 14:40:30 +0000 (15:40 +0100)]
Merge pull request #10212 from omoerbeek/rec-docs-mt-metrics
rec: A few updates and corrections of docs related to metrics and threads.
Remi Gacogne [Wed, 24 Mar 2021 14:02:34 +0000 (15:02 +0100)]
Merge pull request #10201 from rgacogne/ddist-connect-timeout
dnsdist: Fix the TCP connect timeout, add metrics
Otto [Wed, 24 Mar 2021 13:59:31 +0000 (14:59 +0100)]
Fix typos and incoorporate suggestions.
Otto [Mon, 15 Mar 2021 13:25:57 +0000 (14:25 +0100)]
A few updates and corrections of docs related to metrics and threads.
Remi Gacogne [Wed, 24 Mar 2021 12:45:38 +0000 (13:45 +0100)]
dnsdist: Revert the backend's default TCP read and write timeouts
Remi Gacogne [Wed, 24 Mar 2021 12:37:36 +0000 (13:37 +0100)]
Merge pull request #10204 from rgacogne/ddist-tuning-defaults
dnsdist: Enable sharding by default, greater pipe buffer sizes
Otto [Wed, 24 Mar 2021 11:22:25 +0000 (12:22 +0100)]
Changelog and secpoll
Otto Moerbeek [Wed, 24 Mar 2021 11:17:10 +0000 (12:17 +0100)]
Merge pull request #9995 from omoerbeek/rec-fastopen-connect
Rec and sdig: support tcp fastopen connect
Otto [Tue, 23 Mar 2021 15:10:37 +0000 (16:10 +0100)]
Avoid flooding log on each connect by testing if fast-open-connect succeeds once on startup,
as suggested by @rgacogne.
Plus a few corrections in docs.
Otto [Mon, 15 Mar 2021 11:08:54 +0000 (12:08 +0100)]
change in writenWithTimeout should not be needed anymore as sdig now
uses tcpiohandler with blocking sockets
Otto [Wed, 3 Mar 2021 12:51:45 +0000 (13:51 +0100)]
As suggested by @rgacogne and verified by myself v6 actually does have TFO.
Otto [Wed, 3 Mar 2021 12:36:43 +0000 (13:36 +0100)]
Zap unused leftover var after rebase
Otto [Tue, 26 Jan 2021 09:26:07 +0000 (10:26 +0100)]
My initial diagnosis of google causing disable of TFO was wrong,
other NS caused the observed behaviour.
Otto [Fri, 22 Jan 2021 13:57:06 +0000 (14:57 +0100)]
Upgrade guide note
Otto [Fri, 22 Jan 2021 12:39:30 +0000 (13:39 +0100)]
Spelling execptions
Otto Moerbeek [Fri, 22 Jan 2021 12:36:26 +0000 (13:36 +0100)]
rfc ref
Co-authored-by: Pieter Lexis <pieter@plexis.eu>
Otto [Fri, 22 Jan 2021 12:28:53 +0000 (13:28 +0100)]
Settings docs plus some background info.
Otto [Fri, 22 Jan 2021 11:34:03 +0000 (12:34 +0100)]
Use separate settings for tcp-fast-open (passive) and tcp-fast-open-connect (active)
Also warn if things cannot work due to kernel settings and go back to
async connect() now that OpenBSD handles that properly.
Otto [Fri, 22 Jan 2021 11:25:42 +0000 (12:25 +0100)]
Warn if fastopen-connect is requested but could not be enabled and adapt
sdig to work using tcp using a socket in non-blocking mode.
A fix was needed in the write logic for OpenBSD: We need to call
writenWithTimeout(), since OpenBSD does not allow to write to a
non-blocking socket that isn't connected yet. Additionally
writenWithTimeout() need to take into account that ENOTCONN can be
returned in that case.
Otto [Wed, 20 Jan 2021 12:28:02 +0000 (13:28 +0100)]
Use a timeout with tcp connect to we get the EINPROGRESS handling.
Otto Moerbeek [Wed, 20 Jan 2021 10:04:50 +0000 (11:04 +0100)]
sdig now works with fastopen
Otto [Tue, 19 Jan 2021 15:48:43 +0000 (16:48 +0100)]
Start supporting fastopen for outgoing TCP connections.
Otto [Wed, 24 Mar 2021 09:57:03 +0000 (10:57 +0100)]
update EOL statement
Otto Moerbeek [Wed, 24 Mar 2021 09:17:11 +0000 (10:17 +0100)]
Merge pull request #10210 from omoerbeek/rec-fix-skip-v6-test
rec: Setup env properly to skip v6 test.
Otto [Wed, 24 Mar 2021 09:11:33 +0000 (10:11 +0100)]
Mention padding in upgrade guide
Otto [Wed, 24 Mar 2021 08:01:27 +0000 (09:01 +0100)]
Setup env properly to skip v6 test.
CicleCI docs indeed suggest the environment setting under docker do not apply
to the jobs steps.
Remi Gacogne [Tue, 23 Mar 2021 15:37:42 +0000 (16:37 +0100)]
Merge pull request #10208 from rgacogne/ddist-doh-id
dnsdist: Fix the handling of DoH queries with a non-zero ID
Otto Moerbeek [Tue, 23 Mar 2021 14:43:01 +0000 (15:43 +0100)]
Merge pull request #8918 from rgacogne/rec-edns-padding-plus-tests
rec: Implement EDNS0 padding (rfc7830) for outgoing responses
Remi Gacogne [Tue, 23 Mar 2021 14:22:09 +0000 (15:22 +0100)]
dnsdist: Fix the handling of DoH queries with a non-zero ID
rfc8484 states that clients "SHOULD use a DNS ID of 0 in every DNS
request", not MUST, so it does indeed happen.
The issue was introduced in
341d2553b74c579df9d9843959f3ca6f5c3dc954
when we moved to a safer PacketBuffer.
Otto Moerbeek [Tue, 23 Mar 2021 11:48:02 +0000 (12:48 +0100)]
Merge pull request #10057 from rgacogne/rec-no-zone-cut-computation
rec: Get rid of early zone cut computation
Otto Moerbeek [Mon, 22 Mar 2021 20:12:58 +0000 (21:12 +0100)]
Merge pull request #10182 from omoerbeek/rec-better-prime
rec: Insert hints as non-auth into cache
Otto [Mon, 22 Mar 2021 19:01:00 +0000 (20:01 +0100)]
Reformat
Peter van Dijk [Mon, 22 Mar 2021 18:59:02 +0000 (19:59 +0100)]
Merge pull request #10164 from Habbie/amazon-linux-extras-epel
amazonlinux-2 packaging improvements
Peter van Dijk [Mon, 22 Mar 2021 14:17:38 +0000 (15:17 +0100)]
Merge pull request #10200 from Habbie/sdig-dumpluaraw
dig, pdnsutil: add dnsdist spoofAction string generators
Remi Gacogne [Mon, 22 Mar 2021 13:49:19 +0000 (14:49 +0100)]
dnsdist: Fix tests with an invalid entries / shards ratio
Remi Gacogne [Mon, 22 Mar 2021 13:48:13 +0000 (14:48 +0100)]
dnsdist: Check that we have more cache entries than shards
Peter van Dijk [Mon, 22 Mar 2021 13:07:39 +0000 (14:07 +0100)]
Merge pull request #10195 from omoerbeek/rec-prep-4.3.7
rec: changelog and secpoll for rec 4.3.7
Peter van Dijk [Mon, 22 Mar 2021 12:24:24 +0000 (13:24 +0100)]
fix typo
Peter van Dijk [Mon, 22 Mar 2021 12:21:15 +0000 (13:21 +0100)]
fix formatting after merge of #10099
Remi Gacogne [Mon, 22 Mar 2021 11:04:52 +0000 (12:04 +0100)]
dnsdist: Enable sharding by default, greater pipe buffer sizes
The sharding code has seen a lot of traffic by now and can safely be
enabled by default, since it provides much better performance (less
contention).
Determining the optimal size of pipe buffers on all systems is hard,
but let's use a better default on Linux where we know it works well.
Also increase the number of queued TCP/DoT connections now that the
buffer is big enough.
Peter van Dijk [Mon, 22 Mar 2021 10:29:10 +0000 (11:29 +0100)]
Merge pull request #10099 from RobinGeuze/lmdbTransactionErrors
Check if transaction is active in LMDB
Peter van Dijk [Mon, 22 Mar 2021 10:27:08 +0000 (11:27 +0100)]
Merge pull request #10129 from Habbie/auth-docs-10127
auth upgrade docs: note removal of do-ipv6-additional-processing
Peter van Dijk [Mon, 22 Mar 2021 10:24:00 +0000 (11:24 +0100)]
Merge pull request #10175 from jsoref/patterns
spelling: ignore hex strings that are 8+ chars long
Peter van Dijk [Fri, 19 Mar 2021 14:47:54 +0000 (15:47 +0100)]
sdig, pdnsutil: add dnsdist spoofAction string generators
Peter van Dijk [Fri, 19 Mar 2021 19:20:19 +0000 (20:20 +0100)]
Merge pull request #10202 from kaistian/docs-fix
docs: Changed to correct zone in sqlite backend example
Kai Stian Olstad [Fri, 19 Mar 2021 19:16:30 +0000 (20:16 +0100)]
docs: Changed to correct zone in sqlite backend example
Remi Gacogne [Fri, 19 Mar 2021 15:14:56 +0000 (16:14 +0100)]
dnsdist: Fix the TCP connect timeout, add metrics
Remi Gacogne [Fri, 19 Mar 2021 16:45:17 +0000 (17:45 +0100)]
Merge pull request #10156 from rgacogne/ddist-conn-reuse
dnsdist: Improve TCP connection reuse, add metrics
Otto Moerbeek [Fri, 19 Mar 2021 15:39:20 +0000 (16:39 +0100)]
Apply suggestions from code review
Co-authored-by: Remi Gacogne <rgacogne+github@valombre.net>
Otto [Fri, 19 Mar 2021 15:33:06 +0000 (16:33 +0100)]
Add a unit test and also make the test priming correspond to the new real priming.
Remi Gacogne [Fri, 19 Mar 2021 14:13:08 +0000 (15:13 +0100)]
Merge pull request #10184 from rgacogne/ddist-tcp-listen-overflows
dnsdist: Add a metric for TCP listen queue full events
Otto [Fri, 19 Mar 2021 10:21:09 +0000 (11:21 +0100)]
Prep for rec 4.3.7
Otto Moerbeek [Thu, 18 Mar 2021 20:25:57 +0000 (21:25 +0100)]
Merge pull request #10185 from omoerbeek/rec-ageing-pc
rec: make sure we take the right minimum for the PC TTL data.
Peter van Dijk [Tue, 2 Mar 2021 08:52:17 +0000 (09:52 +0100)]
auth upgrade docs: note removal of do-ipv6-additional-processing
closes #10127
Peter van Dijk [Thu, 18 Mar 2021 14:49:08 +0000 (15:49 +0100)]
amazonlinux-2: do not build ixfrdist
Otto [Wed, 17 Mar 2021 15:00:16 +0000 (16:00 +0100)]
Make sure we take the right minimum for the PC TTL data in the SERVFAIL case.
Also add safety belt to the ageing code to not wrap TTLs,
adjust one dnsdist test for ageDNSPacket no longer underflowing, and
stop dnsdist from relying on ageDNSPacket wrapping around.
Peter van Dijk [Thu, 18 Mar 2021 11:28:50 +0000 (12:28 +0100)]
Merge pull request #10186 from mind04/pdns-lmdb-coverity
auth: fix coverity CID
1450843
Peter van Dijk [Thu, 18 Mar 2021 11:25:33 +0000 (12:25 +0100)]
Merge pull request #10187 from Habbie/circleci-upstream-docker-images
circleci: use upstream docker images instead of the circleci forks
Kees Monshouwer [Wed, 17 Mar 2021 22:10:33 +0000 (23:10 +0100)]
auth: fix coverity CID
1450843
Peter van Dijk [Thu, 18 Mar 2021 08:19:33 +0000 (09:19 +0100)]
circleci: use upstream docker images instead of the circleci forks
Remi Gacogne [Wed, 17 Mar 2021 10:19:27 +0000 (11:19 +0100)]
dnsdist: Add a metric for TCP listen queue full events
Otto [Wed, 17 Mar 2021 10:01:55 +0000 (11:01 +0100)]
Do not log error in unit test, it is expected now
Otto [Wed, 17 Mar 2021 09:39:01 +0000 (10:39 +0100)]
Insert hints as non-auth into cache, so info received from the net is
recorded in the cache.
Also make sure the root NS refresh happens more often if max-cache-ttl is low.
This is needed as the records no longer maintain the 1000 hours TTL.
In the existing setup, a reprime (with potential outdated info) was done at that
point in time since all root-server address records would expire at the same
time.
Lastly, fix a infinite (caught by depth check) recursion in getBestNSFromCache().
Fixes #10177.
Remi Gacogne [Wed, 17 Mar 2021 08:06:00 +0000 (09:06 +0100)]
Merge pull request #10181 from rgacogne/ddist-doc-typos2
dnsdist: Fix a few typos in the docs, document that setTCPUseSinglePipe should not be used anymore
Otto Moerbeek [Tue, 16 Mar 2021 16:59:29 +0000 (17:59 +0100)]
Merge pull request #10178 from omoerbeek/rec-root-ns-poison
rec: Don't pick up random root NS records from AUTHORITY sections
Remi Gacogne [Tue, 16 Mar 2021 16:32:11 +0000 (17:32 +0100)]
Merge pull request #10179 from rgacogne/ddist-tls-release-buffers
dnsdist: Set OpenSSL to release buffers when idle, saves 35 kB per connection
Remi Gacogne [Tue, 16 Mar 2021 16:29:27 +0000 (17:29 +0100)]
dnsdist: Fix formatting issue in the TLS sessions management guide
Remi Gacogne [Tue, 16 Mar 2021 16:22:49 +0000 (17:22 +0100)]
dnsdist: Document that setTCPUseSinglePipe should not be used anymore
Peter van Dijk [Tue, 16 Mar 2021 15:50:33 +0000 (16:50 +0100)]
Merge pull request #10107 from mind04/pdns-lmdb-disabled
auth: implement disabled in LMDB backend
Otto [Tue, 16 Mar 2021 13:22:43 +0000 (14:22 +0100)]
Formatting
Otto [Tue, 16 Mar 2021 13:21:47 +0000 (14:21 +0100)]
Fix indent
Otto [Tue, 16 Mar 2021 12:22:42 +0000 (13:22 +0100)]
Clarify comments
Remi Gacogne [Tue, 16 Mar 2021 10:24:08 +0000 (11:24 +0100)]
dnsdist: Set OpenSSL to release buffers when idle, saves 35 kB per connection
Otto [Mon, 15 Mar 2021 16:11:37 +0000 (17:11 +0100)]
Don't pick up random root NS records from AUTHORITY sections
Peter van Dijk [Mon, 15 Mar 2021 08:09:25 +0000 (09:09 +0100)]
Merge pull request #10155 from pieterlexis/alias-nsec-bitmap
ALIAS: Ensure A and AAAA are in the NSEC bitmap
Peter van Dijk [Mon, 15 Mar 2021 08:06:51 +0000 (09:06 +0100)]
Merge pull request #10172 from Habbie/csync-init
CSYNCRecordContent: init member variables
Peter van Dijk [Mon, 15 Mar 2021 08:03:34 +0000 (09:03 +0100)]
Merge pull request #10169 from Habbie/check-secpoll
check secpoll syntax
Josh Soref [Sun, 14 Mar 2021 12:32:26 +0000 (08:32 -0400)]
spelling: ignore hex strings
* that are 8+ chars long
* from github urls
* from commit refs
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Pieter Lexis [Sun, 14 Mar 2021 12:36:04 +0000 (13:36 +0100)]
Merge pull request #10174 from rubenk/spelling
Spelling
Pieter Lexis [Sun, 14 Mar 2021 12:23:09 +0000 (13:23 +0100)]
Merge pull request #10126 from peterthomassen/patch-2
Improve description of dname-processing
Pieter Lexis [Sun, 14 Mar 2021 12:22:56 +0000 (13:22 +0100)]
Merge pull request #10145 from mnordhoff/patch-8
docs: ecswho is a Netmask, not a ComboAddress
Pieter Lexis [Sun, 14 Mar 2021 12:22:37 +0000 (13:22 +0100)]
Merge pull request #10141 from pieterlexis/sd-better-runtimedir
Fix configure issue with systemd runtime dir detection
Pieter Lexis [Tue, 9 Mar 2021 15:46:30 +0000 (16:46 +0100)]
ALIAS: Ensure A and AAAA are in the NSEC bitmap
This ensures that NODATA responses from names with an ALIAS record don't
blank out A/AAAA on resolvers using aggressive NSEC caching.
Closes #6667
Ruben Kerkhof [Sun, 14 Mar 2021 11:03:59 +0000 (12:03 +0100)]
Whitespace and interpunction
Ruben Kerkhof [Sun, 14 Mar 2021 11:02:48 +0000 (12:02 +0100)]
More spelling
Ruben Kerkhof [Sun, 14 Mar 2021 11:01:07 +0000 (12:01 +0100)]
Spelling
Peter van Dijk [Fri, 12 Mar 2021 18:58:31 +0000 (19:58 +0100)]
Merge pull request #10168 from jsoref/spelling
Spelling