]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Fri, 2 Jul 2021 09:48:14 +0000 (11:48 +0200)]
rec: Add a unit test checking that DNSSEC validation is done for AA=0 answers
Remi Gacogne [Fri, 2 Jul 2021 08:30:43 +0000 (10:30 +0200)]
rec: Work around clueless servers sending AA=0 answers
Peter van Dijk [Thu, 1 Jul 2021 12:14:18 +0000 (14:14 +0200)]
Merge pull request #10535 from RobinGeuze/fixUeberBackendAddCacheBug
auth: make UeberBackend::addCache pick the correct ttl
Peter van Dijk [Thu, 1 Jul 2021 12:11:23 +0000 (14:11 +0200)]
Merge pull request #10530 from ZaphodB/ZaphodB-patch-1
docs: query-local-address6 has been removed in #10251 as well
Remi Gacogne [Thu, 1 Jul 2021 07:51:44 +0000 (09:51 +0200)]
Merge pull request #10544 from rgacogne/ddist-carbon-tests-slow
dnsdist: Add some leeway for the carbon data to reach the test receiver
Remi Gacogne [Thu, 1 Jul 2021 07:50:55 +0000 (09:50 +0200)]
Merge pull request #10547 from rgacogne/ddist-test-nostale-ttl
dnsdist: Use a 2s TTL in testCacheNoStale to prevent failures
Remi Gacogne [Wed, 30 Jun 2021 16:41:01 +0000 (18:41 +0200)]
dnsdist: Use a 2s TTL in testCacheNoStale to prevent failures
With the previous 1s TTL, the entry was only valid for the current
second, but we might have been very near the end of that second
already when inserting. With a 2s TTL (which was apparently intended
anyway) we have a full second before the entry expires.
Peter van Dijk [Wed, 30 Jun 2021 14:32:01 +0000 (16:32 +0200)]
Merge pull request #10528 from Habbie/auth-upgrade-4.2-api-rectify
auth 4.2 upgrade docs: note default-api-rectify change
Otto Moerbeek [Wed, 30 Jun 2021 13:37:04 +0000 (15:37 +0200)]
Merge pull request #10122 from omoerbeek/rec-cumulative-histograms
Rec: cumulative and Prometheus friendly histograms
Remi Gacogne [Wed, 30 Jun 2021 12:48:29 +0000 (14:48 +0200)]
dnsdist: Add some leeway for the carbon data to reach the test receiver
It seems to fail quite frequently these days, and that gives us two
whole more seconds before timing out, which hopefully should be
enough in most cases.
Otto [Wed, 30 Jun 2021 09:41:10 +0000 (11:41 +0200)]
Typo fix
Otto [Wed, 30 Jun 2021 08:14:11 +0000 (10:14 +0200)]
Mention the cumul stats are Prometheus-only by default
Otto [Tue, 29 Jun 2021 09:03:27 +0000 (11:03 +0200)]
Disable cumul stats by default except for API plus some other
assorted review comments.
Otto Moerbeek [Tue, 29 Jun 2021 08:46:37 +0000 (10:46 +0200)]
Apply suggestions from code review
Co-authored-by: Remi Gacogne <github@coredump.fr>
Otto [Tue, 29 Jun 2021 08:29:54 +0000 (10:29 +0200)]
For Prometheus output, ad HELP and TYPE
Otto [Tue, 29 Jun 2021 07:10:04 +0000 (09:10 +0200)]
Docs
Otto [Wed, 16 Jun 2021 07:27:01 +0000 (09:27 +0200)]
rename cumulative counters to be better aligned with existing names
Otto [Tue, 8 Jun 2021 11:45:33 +0000 (13:45 +0200)]
Use %g for formatting. It strips trailing zeroes (unlike %f) and will switch to
scientific notation for very small or large values. Also correct units for
sum and count.
Otto [Tue, 8 Jun 2021 10:34:24 +0000 (12:34 +0200)]
Align with Prometheus way of doing things and simplify
template a bit.
Otto [Tue, 8 Jun 2021 08:35:40 +0000 (10:35 +0200)]
Finish rebase
Otto [Fri, 26 Feb 2021 09:44:01 +0000 (10:44 +0100)]
Use 1-2-5 histogram buckets and count packet cache hits.
Otto [Fri, 26 Feb 2021 09:43:21 +0000 (10:43 +0100)]
Simple way to get a repeated 1-2-5 sequence of histograms
Otto [Tue, 23 Feb 2021 14:46:38 +0000 (15:46 +0100)]
Cumulative Prometheus style histograms
Robin Geuze [Tue, 29 Jun 2021 12:57:30 +0000 (14:57 +0200)]
Completely remove lowering the TTL, just use d_cache_ttl
Robin Geuze [Tue, 29 Jun 2021 12:37:31 +0000 (14:37 +0200)]
Fix it so addCache actually picks the minimal ttl rather than the last one < d_cache_ttl
Remi Gacogne [Tue, 29 Jun 2021 09:04:34 +0000 (11:04 +0200)]
Merge pull request #10503 from rgacogne/ddist-coverage
dnsdist: Exit nicely to get coverage reports when COVERAGE is defined
Remi Gacogne [Tue, 29 Jun 2021 09:03:47 +0000 (11:03 +0200)]
Merge pull request #10508 from hhoffstaette/no-stale-metrics
dnsdist: Do not report latency metrics of down upstream servers
Remi Gacogne [Tue, 29 Jun 2021 09:02:31 +0000 (11:02 +0200)]
Merge pull request #10532 from rgacogne/ddist-lua-spoof-multi-raw
dnsdist: Add FFI functions to spoof multiple raw values
Remi Gacogne [Mon, 28 Jun 2021 12:20:34 +0000 (14:20 +0200)]
Merge pull request #10531 from rgacogne/ddist-greater-ttl-neg-tests
dnsdist: Increase the TTL of test answers to prevent spurious failures
Remi Gacogne [Mon, 28 Jun 2021 09:07:25 +0000 (11:07 +0200)]
dnsdist: Fix invalid method references in the documentation
Remi Gacogne [Mon, 28 Jun 2021 09:06:27 +0000 (11:06 +0200)]
dnsdist: Document that DNSQuestion.spoof exists to spoof multiple values
Remi Gacogne [Mon, 28 Jun 2021 08:59:43 +0000 (10:59 +0200)]
dnsdist: Add FFI functions to spoof multiple raw values
Remi Gacogne [Mon, 28 Jun 2021 08:07:16 +0000 (10:07 +0200)]
dnsdist: Increase the TTL of test answers to prevent spurious failures
The value of the TTL for negative answers was capped to 1s, which means
that the answer will only be present in the cache for the current second.
If the test starts at the end of a second in unix time, there is a real
risk that the entry is no longer usable when we try to fetch it from the
cache. Increase the TTL to 2s instead to reduce that risk.
Peter van Dijk [Mon, 28 Jun 2021 06:49:32 +0000 (08:49 +0200)]
Merge pull request #10365 from jsoref/spell-check
Upgrade check-spelling to v0.0.18
Josh Soref [Sun, 27 Jun 2021 23:28:48 +0000 (19:28 -0400)]
Upgrade check-spelling to v0.0.18
Josh Soref [Thu, 6 May 2021 15:59:41 +0000 (11:59 -0400)]
spelling: axfr
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Holger Hoffstätte [Sat, 26 Jun 2021 16:16:42 +0000 (18:16 +0200)]
Dnsdist: Reset latency of an upstream server when it is marked down
Stefan Schmidt [Fri, 25 Jun 2021 16:05:31 +0000 (18:05 +0200)]
oops missed that one
Stefan Schmidt [Fri, 25 Jun 2021 15:16:08 +0000 (17:16 +0200)]
docs: query-local-address6 has been removed in #10251 as well
Otto Moerbeek [Fri, 25 Jun 2021 12:51:58 +0000 (14:51 +0200)]
Merge pull request #10160 from chbruyand/structured-logging
rec: Structured logging
Peter van Dijk [Fri, 25 Jun 2021 11:06:46 +0000 (13:06 +0200)]
auth 4.2 upgrade docs: note default-api-rectify change
aerique [Fri, 25 Jun 2021 09:02:26 +0000 (11:02 +0200)]
Merge pull request #10526 from Habbie/auth-4.5.0-rc1-secpoll-docs
auth-4.5.0-rc1: secpoll&docs
Peter van Dijk [Fri, 25 Jun 2021 07:37:53 +0000 (09:37 +0200)]
auth-4.5.0-rc1: secpoll&docs
Remi Gacogne [Fri, 25 Jun 2021 07:03:18 +0000 (09:03 +0200)]
Merge pull request #10489 from slowr/ixfr-axfr-aware
dnsdist: Make DNSDist XFR aware when transfer is finished
Peter van Dijk [Thu, 24 Jun 2021 13:21:09 +0000 (15:21 +0200)]
Merge pull request #10488 from chbruyand/qtype-to-string-fix
auth: fix compilation issue
Peter van Dijk [Thu, 24 Jun 2021 13:16:17 +0000 (15:16 +0200)]
Merge pull request #10522 from Habbie/auth-svcb-fixes
auth SVCB fixes: avoid a crash; don't chase chains outside of zones
Peter van Dijk [Thu, 24 Jun 2021 12:07:52 +0000 (14:07 +0200)]
Only perform AdditionalServiceProcessing for aliasform records.
Co-authored-by: Kees Monshouwer <mind04@monshouwer.org>
Peter van Dijk [Wed, 23 Jun 2021 11:00:22 +0000 (13:00 +0200)]
auth SVCB additional processing: do not chase chains outside of zone
fixes #10521
Pieter Lexis [Thu, 24 Jun 2021 09:28:22 +0000 (11:28 +0200)]
Merge pull request #10523 from rudybroersma/patch-1
Update slavecommunicator.cc
Rudy Broersma [Thu, 24 Jun 2021 08:20:49 +0000 (10:20 +0200)]
Update slavecommunicator.cc
Very teeny tiny fix for a missing space in a log line:
Domain 'exsilia.net' is fresh, but RRSIGs differ on master2a01:1b0:7999:402::29, so DNSSEC is stale, serial is
2021051001
into:
Domain 'exsilia.net' is fresh, but RRSIGs differ on master 2a01:1b0:7999:402::29, so DNSSEC is stale, serial is
2021051001
Otto Moerbeek [Wed, 23 Jun 2021 12:36:49 +0000 (14:36 +0200)]
Merge pull request #10518 from rgacogne/rec-ds-missing-soa
rec: Make sure that we pass the SOA along the NSEC(3) proof for DS queries
Otto Moerbeek [Wed, 23 Jun 2021 11:21:43 +0000 (13:21 +0200)]
Merge pull request #10506 from omoerbeek/gitignore-no-symlink
newer git does not like .gitignore to be a symlink
Peter van Dijk [Wed, 23 Jun 2021 11:05:31 +0000 (13:05 +0200)]
Merge pull request #10507 from Habbie/auth-no-pubsuffix
auth: remove pubsuffix
Peter van Dijk [Wed, 23 Jun 2021 10:42:20 +0000 (12:42 +0200)]
auth SVCB additional processing: delay inserts to avoid invalidating iterator
Remi Gacogne [Wed, 23 Jun 2021 09:25:15 +0000 (11:25 +0200)]
rec: Check that we get the SOA on a direct query for a non-existing DS
In a regression test this time.
Remi Gacogne [Wed, 23 Jun 2021 08:54:05 +0000 (10:54 +0200)]
rec: Check that we get the SOA on a direct query for a non-existing DS
Peter van Dijk [Fri, 18 Jun 2021 13:50:29 +0000 (15:50 +0200)]
auth: remove pubsuffix
Remi Gacogne [Tue, 22 Jun 2021 16:04:54 +0000 (18:04 +0200)]
rec: Make sure that we pass the SOA along the NSEC(3) proof for DS queries
If the client is requesting a DS that does not exist, we need to
provide the SOA (+RRSIGs) along with the NSEC(3) proof (+RRSIGs)
and we might not have it if we picked up the proof from a delegation,
in which case we need to keep on to do the actual DS query.
It used to work before 4.5.0 because the zone cuts determination
code was requesting the DS records before doing any resolution, so we
would get the denial and the SOA at the very beginning and not replace
it on a delegation because we knew the zone was Insecure at that point.
Note that we still want to use the "no SOA denial" for internal zone
cuts computation since we don't care about the SOA at that point,
and that saves quite some outgoing queries.
Peter van Dijk [Mon, 21 Jun 2021 19:17:09 +0000 (21:17 +0200)]
Merge pull request #10512 from Habbie/pdnsutil-add-autoprimary-error
pdnsutil add-autoprimary: print error when exiting with 1
Peter van Dijk [Mon, 21 Jun 2021 19:16:55 +0000 (21:16 +0200)]
Merge pull request #10509 from Habbie/pdnsuil-create-zone-soa-parse-error
pdnsutil create-zone: better error if default-soa-content is broken
Peter van Dijk [Mon, 21 Jun 2021 19:16:40 +0000 (21:16 +0200)]
Merge pull request #10373 from Habbie/pdnsutil-add-zone-key-ksk
auth pdnsutil add-zone-key: clarify zsk default
Peter van Dijk [Mon, 21 Jun 2021 16:44:19 +0000 (18:44 +0200)]
Merge pull request #10511 from Habbie/svcb-parse-error-truncate
SVCB: on parse error, throw instead of truncate
Peter van Dijk [Mon, 21 Jun 2021 16:43:14 +0000 (18:43 +0200)]
Merge pull request #10513 from Habbie/pdnsutil-edit-zone-reask
pdnsutil edit-zone: correctly reask inc-serial question
Peter van Dijk [Mon, 21 Jun 2021 16:42:26 +0000 (18:42 +0200)]
Merge pull request #10514 from Habbie/auth-2136-cds-cdnskey
auth 2136: allow placing DNSKEY/CDS/CDNSKEY regardless of direct-dnskey setting
Peter van Dijk [Mon, 21 Jun 2021 15:59:49 +0000 (17:59 +0200)]
Merge pull request #10510 from pieterlexis/SVCB-fixes-45
SVCB: Fix auto hints removing non-auto hints
Otto Moerbeek [Mon, 21 Jun 2021 15:45:41 +0000 (17:45 +0200)]
Merge pull request #10428 from omoerbeek/rec-tls
Rec: cleanup of outgoing TCP code and DoT to auth or forwarders
Holger Hoffstätte [Mon, 21 Jun 2021 15:01:11 +0000 (17:01 +0200)]
Dnsdist: Do not report latency metrics of down upstream servers
Peter van Dijk [Mon, 21 Jun 2021 14:54:16 +0000 (16:54 +0200)]
auth: correctly respect direct-dnskey when putting DNSKEY/CDS/CDNSKEY in NSEC(3) bitmaps. Thanks @mind04. Fixes #10516
Otto Moerbeek [Mon, 21 Jun 2021 14:33:00 +0000 (16:33 +0200)]
move instead of copy data to inMSG
Co-authored-by: Remi Gacogne <github@coredump.fr>
Otto Moerbeek [Mon, 21 Jun 2021 14:31:54 +0000 (16:31 +0200)]
Merge pull request #10515 from omoerbeek/rec-proxyvalues.clear
rec: Clear the current proxy protocol values each iteration
Otto [Mon, 21 Jun 2021 13:14:46 +0000 (15:14 +0200)]
Clear the current proxy protocol values each iteration
Peter van Dijk [Mon, 21 Jun 2021 11:55:10 +0000 (13:55 +0200)]
auth 2136: allow placing DNSKEY/CDS/CDNSKEY regardless of direct-dnskey setting. Fixes #10321
Peter van Dijk [Mon, 21 Jun 2021 11:40:02 +0000 (13:40 +0200)]
pdnsutil edit-zone: correctly reask inc-serial question. Fixes #10328
Peter van Dijk [Mon, 21 Jun 2021 11:30:06 +0000 (13:30 +0200)]
pdnsutil add-zone-key: clarify ZSK default
Peter van Dijk [Mon, 21 Jun 2021 10:38:10 +0000 (12:38 +0200)]
pdnsutil add-autoprimary: print error when exiting with 1. Fixes #10435.
Peter van Dijk [Mon, 21 Jun 2021 10:18:04 +0000 (12:18 +0200)]
SVCB: on parse error, throw instead of truncate. Fixes #10442
Peter van Dijk [Sat, 19 Jun 2021 11:33:55 +0000 (13:33 +0200)]
pdnsutil create-zone: better error if default-soa-content is broken
Pieter Lexis [Fri, 18 Jun 2021 14:58:59 +0000 (16:58 +0200)]
SVCB: Fix auto hints removing non-auto hints
Closes #10258
Otto [Fri, 18 Jun 2021 12:18:25 +0000 (14:18 +0200)]
Also adapt make-ext-symlinks.py script
Peter van Dijk [Fri, 18 Jun 2021 12:06:09 +0000 (14:06 +0200)]
Merge pull request #9474 from Habbie/lua-newcafromraw
newCAFromRaw(): create ComboAddress from raw 4/16 byte strings
Otto [Fri, 18 Jun 2021 11:53:36 +0000 (13:53 +0200)]
newer git does not like .gitignore to be a symlink
Peter van Dijk [Fri, 18 Jun 2021 11:02:08 +0000 (13:02 +0200)]
Merge pull request #10345 from gregmac/patch-1
Fix documentation around get*DomainMetadata
Peter van Dijk [Wed, 16 Sep 2020 08:21:24 +0000 (10:21 +0200)]
newCAFromRaw(): create ComboAddress from raw 4/16 byte strings, plus test
(code copied from dnsdist)
Charles-Henri Bruyand [Fri, 18 Jun 2021 09:46:09 +0000 (11:46 +0200)]
move error's content and fix typos
Otto [Mon, 14 Jun 2021 10:51:53 +0000 (12:51 +0200)]
Basic test for dot-to-auth-names and don't setup auths for DoT tests,
we don't need them.
Otto [Mon, 14 Jun 2021 09:54:05 +0000 (11:54 +0200)]
Maintain a sseparate inPos and inWanted, this should fix partial reads,
make the code more clear and also allow less resizing.
Otto [Wed, 9 Jun 2021 12:43:55 +0000 (14:43 +0200)]
Implement a simple (braindead) mechansim to force DoT the specific auths: a fixed list
of names or suffixes of the special nameservers.
Otto [Wed, 9 Jun 2021 11:10:48 +0000 (13:10 +0200)]
Add very basic DoT regression test
Otto [Wed, 9 Jun 2021 09:44:42 +0000 (11:44 +0200)]
dotOutqueries metrics: docs, Prometheus and SNMP
Otto [Fri, 28 May 2021 08:52:49 +0000 (10:52 +0200)]
Align TCPIOHandlerReadable and Writeable and process some review comments
Otto [Tue, 25 May 2021 12:16:35 +0000 (14:16 +0200)]
Very basic config: enable/disbale forcing of DoT for target port 853
Otto [Tue, 25 May 2021 11:44:03 +0000 (13:44 +0200)]
Log if DoT was requested but not available/compiled in
Otto [Tue, 25 May 2021 10:05:30 +0000 (12:05 +0200)]
Convert timeout values to be specified as a timeval, so sub-second timeout
values can be handled correctly.
Also make sure sdig uses a NB socket, to handle timeouts correctly.
Otto [Fri, 21 May 2021 09:19:05 +0000 (11:19 +0200)]
Start of working DoT to auth/forwarder.
The state engine is a bit strange right now, likely needs rework.
I'm also observing connections that remain in "established state"
while I would expect the handler to be cleaned up and connection
to be closed at that point.
Otto [Wed, 19 May 2021 10:29:38 +0000 (12:29 +0200)]
Handle IOState::NeedWrite/NeedRead by flipping the status
Remi Gacogne [Thu, 17 Jun 2021 10:21:15 +0000 (12:21 +0200)]
dnsdist: Exit nicely to get coverage reports when COVERAGE is defined
Otto Moerbeek [Tue, 15 Jun 2021 08:31:51 +0000 (10:31 +0200)]
Merge pull request #10494 from omoerbeek/not-formatted-locale
Set LANG=C explicitly, otherwise it may lead to suprises if the user isn't using LANG=C.
Peter van Dijk [Mon, 14 Jun 2021 14:43:37 +0000 (16:43 +0200)]
Merge pull request #10393 from jsoref/faq-deleted-zones-do-not-propagate
Correct faq entry to talk about zones
Remi Gacogne [Mon, 14 Jun 2021 14:34:12 +0000 (16:34 +0200)]
Merge pull request #10414 from 42wim/multipleip
Support multiple ip addresses for dnsdist-resolver lua script
Otto [Mon, 14 Jun 2021 13:12:01 +0000 (15:12 +0200)]
Set LANG=C explicitly, otherwise it may lead to suprises if the user isn't using LANG=C.